diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index b504233bd..b4e050241 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -100,6 +100,20 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +/* + * A mutex used to make the PSA subsystem thread safe. + * + * key_slot_mutex protects the registered_readers and + * state variable for all key slots in &global_data.key_slots. + * + * This mutex must be held when any read from or write to a state or + * registered_readers field is performed, i.e. when calling functions: + * psa_key_slot_state_transition(), psa_register_read(), psa_unregister_read(), + * psa_key_slot_has_readers() and psa_wipe_key_slot(). */ +extern mbedtls_threading_mutex_t mbedtls_threading_key_slot_mutex; +#endif + #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 180aecb58..47ace359d 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -30,20 +30,6 @@ typedef struct { psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT]; uint8_t key_slots_initialized; - -#if defined(MBEDTLS_THREADING_C) - /* - * A mutex used to make the PSA subsystem thread safe. - * - * key_slot_mutex protects key_slots[i].registered_readers and - * key_slots[i].state for all valid i. - * - * This mutex must be held when any read from or write to a state or - * registered_readers field is performed, i.e. when calling functions: - * psa_key_slot_state_transition, psa_register_read, psa_unregister_read, - * psa_key_slot_has_readers and psa_wipe_key_slot. */ - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(key_slot_mutex); -#endif } psa_global_data_t; static psa_global_data_t global_data; @@ -147,14 +133,7 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory( psa_status_t psa_initialize_key_slots(void) { -#if defined(MBEDTLS_THREADING_C) - /* Initialize the global key slot mutex. */ - if (!global_data.key_slots_initialized) { - mbedtls_mutex_init(&global_data.key_slot_mutex); - } -#endif - - /* Program startup and psa_wipe_all_key_slots() both + /* Nothing to do: program startup and psa_wipe_all_key_slots() both * guarantee that the key slots are initialized to all-zero, which * means that all the key slots are in a valid, empty state. */ global_data.key_slots_initialized = 1; @@ -171,14 +150,6 @@ void psa_wipe_all_key_slots(void) slot->state = PSA_SLOT_PENDING_DELETION; (void) psa_wipe_key_slot(slot); } - -#if defined(MBEDTLS_THREADING_C) - /* Free the global key slot mutex. */ - if (global_data.key_slots_initialized) { - mbedtls_mutex_free(&global_data.key_slot_mutex); - } -#endif - global_data.key_slots_initialized = 0; } diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index fc46257f2..4c0721d3b 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -85,10 +85,6 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot); /** Initialize the key slot structures. - * If multi-threading is enabled then initialize the key slot mutex. - * This function is not thread-safe, - * if called by competing threads the key slot mutex may be initialized - * more than once. * * \retval #PSA_SUCCESS * Currently this function always succeeds. @@ -96,10 +92,6 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_status_t psa_initialize_key_slots(void); /** Delete all data from key slots in memory. - * If multi-threading is enabled then free the key slot mutex. - * This function is not thread-safe, - * if called by competing threads the key slot mutex may be freed - * more than once. * * This does not affect persistent storage. */ void psa_wipe_all_key_slots(void); @@ -186,7 +178,7 @@ static inline psa_status_t psa_register_read(psa_key_slot_t *slot) * This function decrements the key slot registered reader counter by one. * If the state of the slot is PSA_SLOT_PENDING_DELETION, * and there is only one registered reader (the caller), - * this function will call psa_wipe_slot(). + * this function will call psa_wipe_key_slot(). * If multi-threading is enabled, the caller must hold the * global key slot mutex. * diff --git a/library/threading.c b/library/threading.c index 873b5077b..94404acb8 100644 --- a/library/threading.c +++ b/library/threading.c @@ -148,6 +148,9 @@ void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *), #if defined(THREADING_USE_GMTIME) mbedtls_mutex_init(&mbedtls_threading_gmtime_mutex); #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_mutext_init(&mbedtls_threading_key_slot_mutex); +#endif } /* @@ -161,6 +164,9 @@ void mbedtls_threading_free_alt(void) #if defined(THREADING_USE_GMTIME) mbedtls_mutex_free(&mbedtls_threading_gmtime_mutex); #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_mutex_free(&mbedtls_threading_key_slot_mutex); +#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -176,5 +182,8 @@ mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; #if defined(THREADING_USE_GMTIME) mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) +mbedtls_threading_mutex_t mbedtls_threading_key_slot_mutex MUTEX_INIT; +#endif #endif /* MBEDTLS_THREADING_C */