From 5ac6fa7aaec44913d6cceaa99e8fcbf472ebf33d Mon Sep 17 00:00:00 2001
From: Ryan Everett <ryan.everett@arm.com>
Date: Wed, 14 Feb 2024 17:11:36 +0000
Subject: [PATCH] Make multi-part key derivation operations thread-safe

One can input a key using a key identifier through the two changed functions.
Inputted keys are copied into the operation object.
Any material inputted in byte form is separate to the key slot system.
Outputting a key is threadsafe as per the key loading work.
The verification API is yet to be implemented.

Simultaneous API calls on the same operation object are not thread-safe.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
---
 library/psa_crypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c51bb8dad..b7c891eb7 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -7061,7 +7061,7 @@ psa_status_t psa_key_derivation_input_key(
                                                slot->key.data,
                                                slot->key.bytes);
 
-    unlock_status = psa_unregister_read(slot);
+    unlock_status = psa_unregister_read_under_mutex(slot);
 
     return (status == PSA_SUCCESS) ? unlock_status : status;
 }
@@ -7218,7 +7218,7 @@ psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *op
         }
     }
 
-    unlock_status = psa_unregister_read(slot);
+    unlock_status = psa_unregister_read_under_mutex(slot);
 
     return (status == PSA_SUCCESS) ? unlock_status : status;
 }