Simplified key slot deletion

And zeroize key buffer before freeing to avoid keys hanging around on the
heap.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2020-08-05 15:46:33 +02:00
parent 291498600b
commit fd4d69a72e

View file

@ -1204,24 +1204,15 @@ static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
}
else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
if( slot->attr.type == PSA_KEY_TYPE_NONE )
{
/* No key material to clean. */
}
else if( key_type_is_raw_bytes( slot->attr.type ) ||
PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ||
PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
{
/* Data pointer will always be either a valid pointer or NULL in an
* initialized slot, so we can just free it. */
if( slot->data.key.data != NULL )
mbedtls_platform_zeroize( slot->data.key.data, slot->data.key.bytes);
mbedtls_free( slot->data.key.data );
slot->data.key.data = NULL;
slot->data.key.bytes = 0;
}
else
{
/* Shouldn't happen: the key type is not any type that we
* put in. */
return( PSA_ERROR_CORRUPTION_DETECTED );
}
return( PSA_SUCCESS );
}