Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong
These error codes are only returned if the program has been tampered with,
so they should be CORRUPTION_DETECTED.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index fd1928a..fe10ee0 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -415,9 +415,7 @@
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
- * results in this error code. Or,
- * this call was operating on a key slot and found the slot in
- * an invalid state for the operation.
+ * results in this error code.
*/
psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
@@ -557,9 +555,7 @@
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
- * results in this error code. Or,
- * this call was operating on a key slot and found the slot in
- * an invalid state for the operation.
+ * results in this error code.
*/
psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key);
diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h
index bfc0016..f896fae 100644
--- a/include/psa/crypto_compat.h
+++ b/include/psa/crypto_compat.h
@@ -142,9 +142,7 @@
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
- * results in this error code. Or,
- * this call was operating on a key slot and found the slot in
- * an invalid state for the operation.
+ * results in this error code.
*/
psa_status_t psa_close_key(psa_key_handle_t handle);
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 1f64500..2a8183e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1718,7 +1718,6 @@
* \retval #PSA_ERROR_DATA_INVALID \emptydescription
* \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_BAD_STATE \emptydescription
*
* \return If this function fails, the key slot is an invalid state.
* You must call psa_fail_key_creation() to wipe and free the slot.
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index f11df9f..376337e 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -56,7 +56,7 @@
* The state variable is used to help determine whether library functions
* which operate on the slot succeed. For example, psa_finish_key_creation,
* which transfers the state of a slot from PSA_SLOT_FILLING to
- * PSA_SLOT_FULL, must fail with error code PSA_ERROR_BAD_STATE
+ * PSA_SLOT_FULL, must fail with error code PSA_ERROR_CORRUPTION_DETECTED
* if the state of the slot is not PSA_SLOT_FILLING.
*
* Library functions which traverse the array of key slots only consider
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index e7ea8ef..3accacf 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -417,7 +417,7 @@
}
if ((slot->state != PSA_SLOT_FULL) &&
(slot->state != PSA_SLOT_PENDING_DELETION)) {
- return PSA_ERROR_BAD_STATE;
+ return PSA_ERROR_CORRUPTION_DETECTED;
}
/* If we are the last reader and the slot is marked for deletion,
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 9b8e891..0b0d7b3 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -68,9 +68,7 @@
* description of the key identified by \p key.
* The key slot counter has been incremented.
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been initialized. Or,
- * this call was operating on a key slot and found the slot in
- * an invalid state for the operation.
+ * The library has not been initialized.
* \retval #PSA_ERROR_INVALID_HANDLE
* \p key is not a valid key identifier.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@@ -114,7 +112,8 @@
* \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* There were no free key slots.
- * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_BAD_STATE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* This function attempted to operate on a key slot which was in an
* unexpected state.
*/
@@ -133,7 +132,7 @@
*
* \retval #PSA_SUCCESS
The key slot's state variable is new_state.
- * \retval #PSA_ERROR_BAD_STATE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
* The slot's state was not expected_state.
*/
static inline psa_status_t psa_key_slot_state_transition(
@@ -141,7 +140,7 @@
psa_key_slot_state_t new_state)
{
if (slot->state != expected_state) {
- return PSA_ERROR_BAD_STATE;
+ return PSA_ERROR_CORRUPTION_DETECTED;
}
slot->state = new_state;
return PSA_SUCCESS;
@@ -157,16 +156,12 @@
The key slot registered reader counter was incremented.
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* The reader counter already reached its maximum value and was not
- * increased.
- * \retval #PSA_ERROR_BAD_STATE
- * The slot's state was not PSA_SLOT_FULL.
+ * increased, or the slot's state was not PSA_SLOT_FULL.
*/
static inline psa_status_t psa_register_read(psa_key_slot_t *slot)
{
- if (slot->state != PSA_SLOT_FULL) {
- return PSA_ERROR_BAD_STATE;
- }
- if (slot->registered_readers >= SIZE_MAX) {
+ if ((slot->state != PSA_SLOT_FULL) ||
+ (slot->registered_readers >= SIZE_MAX)) {
return PSA_ERROR_CORRUPTION_DETECTED;
}
slot->registered_readers++;
@@ -190,11 +185,11 @@
* \p slot is NULL or the key slot reader counter has been
* decremented (and potentially wiped) successfully.
* \retval #PSA_ERROR_CORRUPTION_DETECTED
- * registered_readers was equal to 0.
- * \retval #PSA_ERROR_BAD_STATE
* The slot's state was neither PSA_SLOT_FULL nor
- * PSA_SLOT_PENDING_DELETION, or a wipe was attempted and
- * the slot's state was not PSA_SLOT_PENDING_DELETION.
+ * PSA_SLOT_PENDING_DELETION.
+ * Or a wipe was attempted and the slot's state was not
+ * PSA_SLOT_PENDING_DELETION.
+ * Or registered_readers was equal to 0.
*/
psa_status_t psa_unregister_read(psa_key_slot_t *slot);