Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not return PSA_ERROR_DOES_NOT_EXIST for a non-existing key #4162

Closed
gilles-peskine-arm opened this issue Feb 22, 2021 · 0 comments · Fixed by #4198
Closed

Do not return PSA_ERROR_DOES_NOT_EXIST for a non-existing key #4162

gilles-peskine-arm opened this issue Feb 22, 2021 · 0 comments · Fixed by #4198
Assignees
@daverodgman
Labels
bug size-m Estimated task size: medium (~1w)

Comments

@gilles-peskine-arm
Copy link
Contributor

gilles-peskine-arm commented Feb 22, 2021
edited
Loading

As of version 1.0.0, PSA Crypto API functions return PSA_ERROR_INVALID_HANDLE to indicate that a key identifier that should exist does not exist, no matter the reason (potentially valid identifier that does not exist now, or permanently invalid value). Mbed TLS still returns PSA_ERROR_DOES_NOT_EXIST in some cases, including psa_destroy_key and key operations. We should return PSA_ERROR_INVALID_HANDLE instead.

PSA_ERROR_DOES_NOT_EXIST can still be returned:

  • By psa_open_key.
  • By psa_its_xxx and internal storage functions.
  • Potentially by driver interface functions.

The goal of this task is to change code that returns PSA_ERROR_DOES_NOT_EXIST, but should not, to return PSA_ERROR_INVALID_HANDLE instead, and update tests and documentation accordingly.
@gilles-peskine-arm gilles-peskine-arm added bug PSA compliance size-m Estimated task size: medium (~1w) labels Feb 22, 2021
@gilles-peskine-arm gilles-peskine-arm mentioned this issue Feb 22, 2021
Closed
8 tasks
@gilles-peskine-arm gilles-peskine-arm changed the title psa_destroy_key must not return PSA_ERROR_DOES_NOT_EXIST Do not return PSA_ERROR_DOES_NOT_EXIST for a non-existing key Feb 23, 2021
@daverodgman daverodgman self-assigned this Mar 2, 2021
@daverodgman daverodgman mentioned this issue Mar 2, 2021
Closed
maulik-arm added a commit to maulik-arm/mbedtls that referenced this issue Mar 4, 2021
@maulik-arm
Fixes issue Mbed-TLS#4162, correct return type for
3ee50a2 
non-existing key.
maulik-arm added a commit to maulik-arm/mbedtls that referenced this issue Mar 4, 2021
@maulik-arm
Fixes issue Mbed-TLS#4162, correct return type for
70b4301 
non-existing key.

Signed-off-by: Maulik  Patel <[email protected]>
@bensze01 bensze01 linked a pull request Mar 5, 2021 that will close this issue
PSA Update return code for non-existing key in various key operations #4198
Merged
@bensze01 bensze01 mentioned this issue Mar 5, 2021
Merged
maulik-arm added a commit to maulik-arm/mbedtls that referenced this issue Mar 15, 2021
@maulik-arm
Fixes issue Mbed-TLS#4162, correct return type for
5a903ad 
non-existing key.

Signed-off-by: Maulik  Patel <[email protected]>
@gilles-peskine-arm gilles-peskine-arm mentioned this issue Jun 3, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@daverodgman daverodgman

Labels
bug size-m Estimated task size: medium (~1w)
Projects
None yet
Milestone
No milestone
3 participants
@daverodgman @gilles-peskine-arm @bensze01