diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index dad23c490..dbe3bba7a 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -182,6 +182,29 @@ exit: psa_free_persistent_key_data( key_data, key_data_length ); return( status ); } + +/** Check whether a key identifier is acceptable. + * + * For backward compatibility, key identifiers that were valid in a + * past released version must remain valid, unless a migration path + * is provided. + * + * \param key_id The key identifier to check. + * + * \return 1 if \p key_id is acceptable, otherwise 0. + */ +static int psa_is_key_id_valid( psa_key_id_t key_id ) +{ + /* Reject id=0 because by general library conventions, 0 is an invalid + * value wherever possible. */ + if( key_id == 0 ) + return( 0 ); + /* Reject high values because the file names are reserved for the + * library's internal use. */ + if( key_id >= PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) + return( 0 ); + return( 1 ); +} #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ /** Declare a slot as persistent and load it from storage. @@ -209,13 +232,7 @@ static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle, psa_key_slot_t *slot; psa_status_t status; - /* Reject id=0 because by general library conventions, 0 is an invalid - * value wherever possible. */ - if( id == 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); - /* Reject high values because the file names are reserved for the - * library's internal use. */ - if( id >= PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) + if( ! psa_is_key_id_valid( id ) ) return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_get_key_slot( handle, &slot );