Improve PSA error return code
psa_key_derivation_output_key: prioritize BAD_STATE over NOT_PERMITTED If psa_key_derivation_output_key() is called on an operation which hasn't been set up or which has been aborted, return PSA_ERROR_BAD_STATE. Only return PSA_ERROR_NOT_PERMITTED if the operation state is ok for psa_key_derivation_input_bytes() or psa_key_derivation_output_bytes() but not ok to output a key. Ideally psa_key_derivation_output_key() would return PSA_ERROR_NOT_PERMITTED only when psa_key_derivation_output_bytes() is possible, but this is clumsier to implement. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
parent
bb41a88f2e
commit
d69da6c3c3
1 changed files with 3 additions and 0 deletions
|
@ -4763,6 +4763,9 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
|
|||
if( psa_get_key_bits( attributes ) == 0 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
if( operation->alg == PSA_ALG_NONE )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
|
||||
if( ! operation->can_output_key )
|
||||
return( PSA_ERROR_NOT_PERMITTED );
|
||||
|
||||
|
|
Loading…
Reference in a new issue