TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 5ac6fa7aaec44913d6cceaa99e8fcbf472ebf33d^! / . / library
commit5ac6fa7aaec44913d6cceaa99e8fcbf472ebf33d[log] [tgz]
authorRyan Everett <ryan.everett@arm.com>Wed Feb 14 17:11:36 2024 +0000
committerRyan Everett <ryan.everett@arm.com>Thu Feb 22 10:27:52 2024 +0000
treec12f32ff8125d1d3a51bf845cdb8cbd7adfce996
parentc0053cc4999a8265736ad5df24afd03ac13f042c [diff]
Make multi-part key derivation operations thread-safe

One can input a key using a key identifier through the two changed functions.
Inputted keys are copied into the operation object.
Any material inputted in byte form is separate to the key slot system.
Outputting a key is threadsafe as per the key loading work.
The verification API is yet to be implemented.

Simultaneous API calls on the same operation object are not thread-safe.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c51bb8d..b7c891e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -7061,7 +7061,7 @@
                                                slot->key.data,
                                                slot->key.bytes);
 
-    unlock_status = psa_unregister_read(slot);
+    unlock_status = psa_unregister_read_under_mutex(slot);
 
     return (status == PSA_SUCCESS) ? unlock_status : status;
 }
@@ -7218,7 +7218,7 @@
         }
     }
 
-    unlock_status = psa_unregister_read(slot);
+    unlock_status = psa_unregister_read_under_mutex(slot);
 
     return (status == PSA_SUCCESS) ? unlock_status : status;
 }