yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

psa_destroy_se_key: explain why the error is NOT_PERMITTED

Browse source
This commit is contained in:
Gilles Peskine 2019-07-25 14:13:24 +02:00
parent 0c3ae1f0b4
commit 340b127ed1
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
library/psa_crypto_se.c
View file

@ -223,6 +223,14 @@ psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
{ {
psa_status_t status; psa_status_t status;
psa_status_t storage_status; psa_status_t storage_status;
/* Normally a missing method would mean that the action is not
* supported. But psa_destroy_key() is not supposed to return
* PSA_ERROR_NOT_SUPPORTED: if you can create a key, you should
* be able to destroy it. The only use case for a driver that
* does not have a way to destroy keys at all is if the keys are
* locked in a read-only state: we can use the keys but not
* destroy them. Hence, if the driver doesn't support destroying
* keys, it's really a lack of permission. */
if( driver->methods->key_management == NULL || if( driver->methods->key_management == NULL ||
driver->methods->key_management->p_destroy == NULL ) driver->methods->key_management->p_destroy == NULL )
return( PSA_ERROR_NOT_PERMITTED ); return( PSA_ERROR_NOT_PERMITTED );