Assert that the key ID range for volatile keys is large enough

Signed-off-by: Gilles Peskine <[email protected]>
Mbed-TLS · Aug 7, 2024 · 18f659b · 18f659b
1 parent f16263e
commit 18f659b
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
@@ -64,6 +64,10 @@ typedef struct {
 
 static psa_global_data_t global_data;
 
+MBEDTLS_STATIC_ASSERT(ARRAY_LENGTH(global_data.key_slots) <=
+                      PSA_KEY_ID_VOLATILE_MAX - PSA_KEY_ID_VOLATILE_MIN + 1,
+                      "The volatile key range is larger than the key slot array");
+
 int psa_is_valid_key_id(mbedtls_svc_key_id_t key, int vendor_ok)
 {
     psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key);