Always require reset after psa_get_key_attributes

There was a guarantee that psa_get_key_attributes() does not require a subsequent psa_reset_key_attributes() to free resources as long as the key was created with attributes having this property. This requirement was hard to pin down because if a key is created with default parameters, there are cases where it is difficult to ensure that the domain parameters will be reported without allocating memory. So remove this guarantee. Now the only case psa_reset_key_attributes() is not required is if the attribute structure has only been modified with certain specific setters.
2025-03-22 18:15:14 +00:00 · 2019-04-28 11:32:30 +02:00 · 2019-04-28 11:32:30 +02:00 · 06af0cd4a3
parent e56e878207
commit 06af0cd4a3
1 changed files with 1 additions and 2 deletions
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@ -151,13 +151,12 @@ psa_status_t psa_crypto_init(void);
 * - psa_set_key_usage_flags()
 * - psa_set_key_algorithm()
 * - psa_reset_key_attributes()
- * - psa_get_key_attributes() on a key which has been created with
- *   attribute structure that itself did not contain auxiliary resources
 *
 * If the attribute structure has been modified with other functions,
 * you must free auxiliary resources by calling psa_reset_key_attributes().
 * The following functions may create auxiliary resouces:
 * - psa_set_key_domain_parameters()
+ * - psa_get_key_attributes()
 */
 typedef struct psa_key_attributes_s psa_key_attributes_t;