Improve descriptions that mention handles and fix incorrect mention of psa_create_key
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 5f80b13..22dea8f 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -539,9 +539,10 @@
* @{
*/
-/** Get a handle to an existing persistent key.
+/** Open a handle to an existing persistent key.
*
- * Get a handle to a key which was previously created with psa_create_key().
+ * Open a handle to a key which was previously created with
+ * psa_make_key_persistent() when setting its attributes.
*
* Implementations may provide additional keys that can be opened with
* psa_open_key(). Such keys have a key identifier in the vendor range,
@@ -669,8 +670,7 @@
*
* This function destroys a key from both volatile
* memory and, if applicable, non-volatile storage. Implementations shall
- * make a best effort to ensure that any previous content of the handle is
- * unrecoverable.
+ * make a best effort to ensure that that the key material cannot be recovered.
*
* This function also erases any metadata such as policies and frees all
* resources associated with the key.
@@ -678,7 +678,7 @@
* \param handle Handle to the key to erase.
*
* \retval #PSA_SUCCESS
- * The handle's content, if any, has been erased.
+ * The key material has been erased.
* \retval #PSA_ERROR_NOT_PERMITTED
* The handle holds content and cannot be erased because it is
* read-only, either due to a policy or due to physical restrictions.
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index d5c62de..83a6505 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -107,7 +107,11 @@
* Implementations shall not return this error code to indicate
* that a key either exists or not,
* but shall instead return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
- * as applicable. */
+ * as applicable.
+ *
+ * Implementations shall not return this error code to indicate that a
+ * key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
+ * instead. */
#define PSA_ERROR_BAD_STATE ((psa_status_t)-137)
/** The parameters passed to the function are invalid.
@@ -115,12 +119,7 @@
* Implementations may return this error any time a parameter or
* combination of parameters are recognized as invalid.
*
- * Implementations shall not return this error code to indicate
- * that a key either exists or not,
- * but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
- * as applicable.
- *
- * Implementation shall not return this error code to indicate that a
+ * Implementations shall not return this error code to indicate that a
* key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
* instead.
*/