lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Forbid creating a read-only key

Browse Source 
The persistence level PSA_KEY_PERSISTENCE_READ_ONLY can now only be used
as intended, for keys that cannot be modified through normal use of the API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2021-04-21 21:23:40 +02:00
parent ad2ddfe874
commit 87bc91c13b
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
library/psa_crypto_slot_management.c
View File

@ -455,7 +455,10 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime )
{
/* Persistent keys require storage support */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
return( PSA_SUCCESS );
if( PSA_KEY_LIFETIME_IS_READ_ONLY( lifetime ) )
return( PSA_ERROR_INVALID_ARGUMENT );
else
return( PSA_SUCCESS );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */