TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 54b900827b76143a1ba58039c9c78eac8e843133^! / . / library
commit54b900827b76143a1ba58039c9c78eac8e843133[log] [tgz]
authorRonald Cron <ronald.cron@arm.com>Thu Oct 29 15:26:43 2020 +0100
committerRonald Cron <ronald.cron@arm.com>Tue Nov 10 18:19:59 2020 +0100
treec211a6a8493f8034e16e23886c44136f19741b18
parent65f38a3c2e5c22d7f8a008914dc90141f17b6336 [diff]
psa: Forbid creation/registration of keys in vendor range

The identifier of keys created/registred should be in
the application range.

This is by spec for key creation.
This may change for registered key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e45c52e..2c4878d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -1779,8 +1779,7 @@
     psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
     mbedtls_svc_key_id_t key = psa_get_key_id( attributes );
 
-    status = psa_validate_key_location( psa_get_key_lifetime( attributes ),
-                                        p_drv );
+    status = psa_validate_key_location( lifetime, p_drv );
     if( status != PSA_SUCCESS )
         return( status );
 
@@ -1795,10 +1794,7 @@
     }
     else
     {
-        status = psa_validate_key_id(
-            psa_get_key_id( attributes ),
-            psa_key_lifetime_is_external( lifetime ), 0 );
-
+        status = psa_validate_key_id( psa_get_key_id( attributes ), 0, 0 );
         if( status != PSA_SUCCESS )
             return( status );
     }