commit a81282ce30bbbb6d64bd08383a9e54b5459c0250
author Gilles Peskine <Gilles.Peskine@arm.com> Mon Jun 10 15:41:38 2024 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Fri Aug 09 13:54:19 2024 +0200
tree 1db6260f30fc357699a5152a07646f7665c10bc4
parent e8199f574c2a1360a11fa4d6c71d0f1b14a285df

Microoptimizations when MBEDTLS_PSA_KEY_STORE_DYNAMIC is disabled

Compensate some of the code size increase from implementing dynamic key slots.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/psa_crypto_slot_management.c

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index eef65dc..5b4539c 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -424,16 +424,24 @@
 #endif  /* MBEDTLS_PSA_KEY_STORE_DYNAMIC */
         for (size_t slot_idx = 0; slot_idx < key_slice_length(slice_idx); slot_idx++) {
             psa_key_slot_t *slot = get_key_slot(slice_idx, slot_idx);
+#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC)
+            /* When MBEDTLS_PSA_KEY_STORE_DYNAMIC is disabled, calling
+             * psa_wipe_key_slot() on an unused slot is useless, but it
+             * happens to work (because we flip the state to PENDING_DELETION).
+             *
+             * When MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled,
+             * psa_wipe_key_slot() needs to have a valid slice_index
+             * field, but that value might not be correct in a
+             * free slot, so we must not call it.
+             *
+             * Bypass the call to psa_wipe_key_slot() if the slot is empty,
+             * but only if MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, to save
+             * a few bytes of code size otherwise.
+             */
             if (slot->state == PSA_SLOT_EMPTY) {
-                /* Don't call psa_wipe_key_slot() on an already-empty slot.
-                 * It rejects that case anyway, though we bypass it by setting
-                 * the slot state to PENDING_DELETION.
-                 * Also, when MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled,
-                 * psa_wipe_key_slot() needs to have a valid slice_index
-                 * field, but that value might not be correct in a
-                 * free slot. */
                 continue;
             }
+#endif
             slot->var.occupied.registered_readers = 1;
             slot->state = PSA_SLOT_PENDING_DELETION;
             (void) psa_wipe_key_slot(slot);
@@ -560,12 +568,11 @@
         goto error;
     }
 
-    if (volatile_key_id != NULL) {
-        *volatile_key_id = 0;
 #if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC)
+    if (volatile_key_id != NULL) {
         return psa_allocate_volatile_key_slot(volatile_key_id, p_slot);
-#endif /* MBEDTLS_PSA_KEY_STORE_DYNAMIC */
     }
+#endif /* MBEDTLS_PSA_KEY_STORE_DYNAMIC */
 
     /* With a dynamic key store, allocate an entry in the cache slice,
      * applicable only to non-volatile keys that get cached in RAM.