commit 4755e6bda47e8722ade10b0a86d1e94e89c312f1
author Ryan Everett <ryan.everett@arm.com> Fri Jan 12 16:35:59 2024 +0000
committer Ryan Everett <ryan.everett@arm.com> Mon Jan 15 11:20:35 2024 +0000
tree f8162653b15b83563543892c0b69b2b2be5f1af1
parent 6a9c14b918da52d614fcff92df382b03aa366ff9

Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION

psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.

Remove the state changing calls that are no longer necessary.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>

library/psa_crypto_slot_management.c

diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index ef76dcb..e7ea8ef 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -189,10 +189,6 @@
         (unused_persistent_key_slot != NULL)) {
         selected_slot = unused_persistent_key_slot;
         psa_register_read(selected_slot);
-        /* If the state is not changed then psa_wipe_key_slot
-         * will report an error. */
-        psa_key_slot_state_transition(selected_slot, PSA_SLOT_FULL,
-                                      PSA_SLOT_PENDING_DELETION);
         status = psa_wipe_key_slot(selected_slot);
         if (status != PSA_SUCCESS) {
             goto error;
@@ -394,12 +390,6 @@
 #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
 
     if (status != PSA_SUCCESS) {
-        /* Prepare the key slot to be wiped, and then wipe it.
-         * Don't overwrite status as a BAD_STATE error here
-         * can be reported in the psa_wipe_key_slot call. */
-        (*p_slot)->registered_readers = 1;
-        psa_key_slot_state_transition((*p_slot), PSA_SLOT_FILLING,
-                                      PSA_SLOT_PENDING_DELETION);
         psa_wipe_key_slot(*p_slot);
 
         if (status == PSA_ERROR_DOES_NOT_EXIST) {
@@ -544,13 +534,10 @@
         return status;
     }
     if (slot->registered_readers == 1) {
-        status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL,
-                                               PSA_SLOT_PENDING_DELETION);
-        if (status != PSA_SUCCESS) {
-            return status;
-        }
+        return psa_wipe_key_slot(slot);
+    } else {
+        return psa_unregister_read(slot);
     }
-    return psa_unregister_read(slot);
 }
 
 psa_status_t psa_purge_key(mbedtls_svc_key_id_t key)
@@ -565,10 +552,10 @@
 
     if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) &&
         (slot->registered_readers == 1)) {
-        psa_key_slot_state_transition(slot, PSA_SLOT_FULL,
-                                      PSA_SLOT_PENDING_DELETION);
+        return psa_wipe_key_slot(slot);
+    } else {
+        return psa_unregister_read(slot);
     }
-    return psa_unregister_read(slot);
 }
 
 void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)