Fix policy validity check on key creation.
Add a non-regression test.
This commit is contained in:
parent
6edfa293c2
commit
3825e14e65
2 changed files with 7 additions and 4 deletions
|
@ -1469,10 +1469,6 @@ static psa_status_t psa_start_key_creation(
|
|||
return( status );
|
||||
}
|
||||
|
||||
status = psa_check_key_slot_policy( slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
/* Refuse to create overly large keys.
|
||||
* Note that this doesn't trigger on import if the attributes don't
|
||||
* explicitly specify a size (so psa_get_key_bits returns 0), so
|
||||
|
@ -1487,6 +1483,10 @@ static psa_status_t psa_start_key_creation(
|
|||
|
||||
slot->attr = attributes->core;
|
||||
|
||||
status = psa_check_key_slot_policy( slot );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
/* For a key in a secure element, we need to do three things:
|
||||
* create the key file in internal storage, create the
|
||||
|
|
|
@ -52,6 +52,9 @@ invalid_handle:1
|
|||
PSA invalid handle (largest plausible handle)
|
||||
invalid_handle:-1
|
||||
|
||||
PSA import: bad usage flag
|
||||
import_with_policy:PSA_KEY_TYPE_RAW_DATA:0x40000000:0:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA import: invalid type (0)
|
||||
import_with_policy:PSA_KEY_TYPE_NONE:0:0:PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
|
|
Loading…
Reference in a new issue