diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 5d20532e8b..943923f5db 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -133,8 +133,9 @@ static psa_status_t psa_search_key_in_slots(
if( status == PSA_SUCCESS )
{
- *p_slot = slot;
- psa_increment_key_slot_access_count( slot );
+ status = psa_increment_key_slot_access_count( slot );
+ if( status == PSA_SUCCESS )
+ *p_slot = slot;
}
return( status );
@@ -208,10 +209,13 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
if( selected_slot != NULL )
{
+ status = psa_increment_key_slot_access_count( selected_slot );
+ if( status != PSA_SUCCESS )
+ goto error;
+
*volatile_key_id = PSA_KEY_ID_VOLATILE_MIN +
( (psa_key_id_t)( selected_slot - global_data.key_slots ) );
*p_slot = selected_slot;
- psa_increment_key_slot_access_count( selected_slot );
return( PSA_SUCCESS );
}
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 75ce0ac6cf..db5acba3bb 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -137,10 +137,21 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
* This function increments the slot access counter by one.
*
* \param[in] slot The key slot.
+ *
+ * \retval #PSA_SUCCESS
+ The access count was incremented.
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * The access count already reached its maximum value and was not
+ * increased.
*/
-static inline void psa_increment_key_slot_access_count( psa_key_slot_t *slot )
+static inline psa_status_t psa_increment_key_slot_access_count( psa_key_slot_t *slot )
{
+ if( slot->access_count >= SIZE_MAX )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+
slot->access_count++;
+
+ return( PSA_SUCCESS );
}
/** Decrement slot access counter.