Remove duplicate wipe call in psa_destroy_key

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-07 23:27:54 +02:00 · 2021-06-07 23:27:54 +02:00 · f9a046ecb5
commit f9a046ecb5
parent 91466c8d3f
1 changed files with 5 additions and 8 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -1057,11 +1057,10 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
        /* Refuse the destruction of a read-only key (which may or may not work
         * if we attempt it, depending on whether the key is merely read-only
         * by policy or actually physically read-only).
-         * Just do the best we can, which is to wipe the copy in memory. */
-        status = psa_wipe_key_slot( slot );
-        if( status != PSA_SUCCESS )
-            return( status );
-        return( PSA_ERROR_NOT_PERMITTED );
+         * Just do the best we can, which is to wipe the copy in memory
+         * (done in this function's cleanup code). */
+        overall_status = PSA_ERROR_NOT_PERMITTED;
+        goto exit;
    }

 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@ -1125,12 +1124,10 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
    }
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */

-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
 exit:
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
    status = psa_wipe_key_slot( slot );
    /* Prioritize CORRUPTION_DETECTED from wiping over a storage error */
-    if( overall_status == PSA_SUCCESS )
+    if( status != PSA_SUCCESS )
        overall_status = status;
    return( overall_status );
 }