From d0890211287d80b06f8851bfc3c80498fb4ed2f5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 24 Jun 2019 14:34:43 +0200 Subject: [PATCH] Unregister drivers on library deinitialization --- library/psa_crypto.c | 4 ++++ library/psa_crypto_se.c | 7 +++++++ library/psa_crypto_se.h | 8 ++++++++ 3 files changed, 19 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b3be2617b..7e2007129 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -32,6 +32,7 @@ #include "psa_crypto_core.h" #include "psa_crypto_invasive.h" +#include "psa_crypto_se.h" #include "psa_crypto_slot_management.h" /* Include internal declarations that are useful for implementing persistently * stored keys. */ @@ -5211,6 +5212,9 @@ void mbedtls_psa_crypto_free( void ) * In particular, this sets all state indicator to the value * indicating "uninitialized". */ mbedtls_platform_zeroize( &global_data, sizeof( global_data ) ); + /* Unregister all secure element drivers, so that we restart from + * a pristine state. */ + psa_unregister_all_se_drivers( ); } psa_status_t psa_crypto_init( void ) diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index 33d0da894..32142eb9a 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -27,6 +27,8 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) +#include + #include "psa_crypto_se.h" typedef struct @@ -69,4 +71,9 @@ psa_status_t psa_register_se_driver( return( PSA_SUCCESS ); } +void psa_unregister_all_se_drivers( void ) +{ + memset( driver_table, 0, sizeof( driver_table ) ); +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index 1085f488d..e99bd2576 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -34,4 +34,12 @@ /** The maximum number of registered secure element driver lifetimes. */ #define PSA_MAX_SE_DRIVERS 4 +/** Unregister all secure element drivers. + * + * \warning Do not call this function while the library is in the initialized + * state. This function is only intended to be called at the end + * of mbedtls_psa_crypto_free(). + */ +void psa_unregister_all_se_drivers( void ); + #endif /* PSA_CRYPTO_SE_H */