cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improve descriptions that mention handles and fix incorrect mention of psa_create_key

Browse Source
This commit is contained in:
Adrian L. Shaw 2019-05-15 11:36:13 +01:00 committed by Gilles Peskine
parent 67e1c7ac80
commit d56456cbe8
2 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
include/psa/crypto.h
View File

@ -539,9 +539,10 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes);
* @{
*/
/** Get a handle to an existing persistent key.
/** Open a handle to an existing persistent key.
*
* Get a handle to a key which was previously created with psa_create_key().
* Open a handle to a key which was previously created with
* psa_make_key_persistent() when setting its attributes.
*
* Implementations may provide additional keys that can be opened with
* psa_open_key(). Such keys have a key identifier in the vendor range,
@ -669,8 +670,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
*
* This function destroys a key from both volatile
* memory and, if applicable, non-volatile storage. Implementations shall
* make a best effort to ensure that any previous content of the handle is
* unrecoverable.
* make a best effort to ensure that that the key material cannot be recovered.
*
* This function also erases any metadata such as policies and frees all
* resources associated with the key.
@ -678,7 +678,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
* \param handle Handle to the key to erase.
*
* \retval #PSA_SUCCESS
* The handle's content, if any, has been erased.
* The key material has been erased.
* \retval #PSA_ERROR_NOT_PERMITTED
* The handle holds content and cannot be erased because it is
* read-only, either due to a policy or due to physical restrictions.

13
include/psa/crypto_values.h
View File

@ -107,7 +107,11 @@
* Implementations shall not return this error code to indicate
* that a key either exists or not,
* but shall instead return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
* as applicable. */
* as applicable.
*
* Implementations shall not return this error code to indicate that a
* key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
* instead. */
#define PSA_ERROR_BAD_STATE ((psa_status_t)-137)
/** The parameters passed to the function are invalid.
@ -115,12 +119,7 @@
* Implementations may return this error any time a parameter or
* combination of parameters are recognized as invalid.
*
* Implementations shall not return this error code to indicate
* that a key either exists or not,
* but shall return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
* as applicable.
*
* Implementation shall not return this error code to indicate that a
* Implementations shall not return this error code to indicate that a
* key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
* instead.
*/