mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 20:11:06 +00:00
psa: Do not reset a key slot under access
When psa_close/destroy/purge_key is called, do not reset a key slot containing the description of a persistent key if it is currently accessed. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
ddd3d05803
commit
f291111007
|
@ -1344,10 +1344,30 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
|
||||||
if( mbedtls_svc_key_id_is_null( key ) )
|
if( mbedtls_svc_key_id_is_null( key ) )
|
||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Get the description of the key in a key slot. In case of a permanent
|
||||||
|
* key, this will load the key description from persistent memory if not
|
||||||
|
* done yet. We cannot avoid this loading as without it we don't know if
|
||||||
|
* the key is operated by an SE or not and this information is needed by
|
||||||
|
* the current implementation.
|
||||||
|
*/
|
||||||
status = psa_get_key_slot( key, &slot );
|
status = psa_get_key_slot( key, &slot );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If the key slot containing the key description is under access by the
|
||||||
|
* library (apart from the present access), the key cannot be destroyed
|
||||||
|
* yet. For the time being, just return in error. Eventually (to be
|
||||||
|
* implemented), the key should be destroyed when all accesses have
|
||||||
|
* stopped.
|
||||||
|
*/
|
||||||
|
if( slot->access_count > 1 )
|
||||||
|
{
|
||||||
|
psa_decrement_key_slot_access_count( slot );
|
||||||
|
return( PSA_ERROR_GENERIC_ERROR );
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
driver = psa_get_se_driver_entry( slot->attr.lifetime );
|
driver = psa_get_se_driver_entry( slot->attr.lifetime );
|
||||||
if( driver != NULL )
|
if( driver != NULL )
|
||||||
|
|
|
@ -382,7 +382,10 @@ psa_status_t psa_close_key( psa_key_handle_t handle )
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
|
|
||||||
|
if( slot->access_count <= 1 )
|
||||||
return( psa_wipe_key_slot( slot ) );
|
return( psa_wipe_key_slot( slot ) );
|
||||||
|
else
|
||||||
|
return( psa_decrement_key_slot_access_count( slot ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_status_t psa_purge_key( mbedtls_svc_key_id_t key )
|
psa_status_t psa_purge_key( mbedtls_svc_key_id_t key )
|
||||||
|
@ -394,10 +397,11 @@ psa_status_t psa_purge_key( mbedtls_svc_key_id_t key )
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
|
|
||||||
if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
|
if( ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) &&
|
||||||
return( psa_decrement_key_slot_access_count( slot ) );
|
( slot->access_count <= 1 ) )
|
||||||
|
|
||||||
return( psa_wipe_key_slot( slot ) );
|
return( psa_wipe_key_slot( slot ) );
|
||||||
|
else
|
||||||
|
return( psa_decrement_key_slot_access_count( slot ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )
|
void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )
|
||||||
|
|
Loading…
Reference in a new issue