yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix policy validity check on key creation.

Browse source 
Add a non-regression test.
This commit is contained in:
Gilles Peskine 2019-07-31 15:54:33 +02:00
parent 6edfa293c2
commit 3825e14e65
2 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
library/psa_crypto.c
View file

@ -1469,10 +1469,6 @@ static psa_status_t psa_start_key_creation(
return( status ); return( status );
} }
status = psa_check_key_slot_policy( slot );
if( status != PSA_SUCCESS )
return( status );
/* Refuse to create overly large keys. /* Refuse to create overly large keys.
* Note that this doesn't trigger on import if the attributes don't * Note that this doesn't trigger on import if the attributes don't
* explicitly specify a size (so psa_get_key_bits returns 0), so * explicitly specify a size (so psa_get_key_bits returns 0), so
@ -1487,6 +1483,10 @@ static psa_status_t psa_start_key_creation(
slot->attr = attributes->core; slot->attr = attributes->core;
status = psa_check_key_slot_policy( slot );
if( status != PSA_SUCCESS )
return( status );
#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* For a key in a secure element, we need to do three things: /* For a key in a secure element, we need to do three things:
* create the key file in internal storage, create the * create the key file in internal storage, create the

3
tests/suites/test_suite_psa_crypto.data
View file

@ -52,6 +52,9 @@ invalid_handle:1
PSA invalid handle (largest plausible handle) PSA invalid handle (largest plausible handle)
invalid_handle:-1 invalid_handle:-1
PSA import: bad usage flag
import_with_policy:PSA_KEY_TYPE_RAW_DATA:0x40000000:0:PSA_ERROR_INVALID_ARGUMENT
PSA import: invalid type (0) PSA import: invalid type (0)
import_with_policy:PSA_KEY_TYPE_NONE:0:0:PSA_ERROR_NOT_SUPPORTED import_with_policy:PSA_KEY_TYPE_NONE:0:0:PSA_ERROR_NOT_SUPPORTED