Forbid creating a read-only key
The persistence level PSA_KEY_PERSISTENCE_READ_ONLY can now only be used as intended, for keys that cannot be modified through normal use of the API. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
ad2ddfe874
commit
87bc91c13b
2 changed files with 8 additions and 1 deletions
4
ChangeLog.d/psa-read-only-keys.txt
Normal file
4
ChangeLog.d/psa-read-only-keys.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
Features
|
||||
* The PSA API no longer allows the creation of keys with a read-only lifetime.
|
||||
The persistence level PSA_KEY_PERSISTENCE_READ_ONLY can now only be used
|
||||
as intended, for keys that cannot be modified through normal use of the API.
|
|
@ -455,7 +455,10 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime )
|
|||
{
|
||||
/* Persistent keys require storage support */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
return( PSA_SUCCESS );
|
||||
if( PSA_KEY_LIFETIME_IS_READ_ONLY( lifetime ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
else
|
||||
return( PSA_SUCCESS );
|
||||
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
||||
|
|
Loading…
Reference in a new issue