Fix policy validity check on key creation. Add a non-regression test.

commit: 3825e14e65186b26709876dc389d6630a192664e [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Wed Jul 31 15:54:33 2019 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Wed Jul 31 16:54:38 2019 +0200
tree: f04b46cc4d87d07129a99d9a7b4ccc3fef655a32
parent: 6edfa293c2b638a19a0b10a360ae5c1a1431a3c1 [diff] [blame]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index f1ddb14..258caad 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -1469,10 +1469,6 @@
             return( status );
     }
 
-    status = psa_check_key_slot_policy( slot );
-    if( status != PSA_SUCCESS )
-        return( status );
-
     /* Refuse to create overly large keys.
      * Note that this doesn't trigger on import if the attributes don't
      * explicitly specify a size (so psa_get_key_bits returns 0), so
@@ -1487,6 +1483,10 @@
 
     slot->attr = attributes->core;
 
+    status = psa_check_key_slot_policy( slot );
+    if( status != PSA_SUCCESS )
+        return( status );
+
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
     /* For a key in a secure element, we need to do three things:
      * create the key file in internal storage, create the
commit	3825e14e65186b26709876dc389d6630a192664e	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Jul 31 15:54:33 2019 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Jul 31 16:54:38 2019 +0200
tree	f04b46cc4d87d07129a99d9a7b4ccc3fef655a32
parent	6edfa293c2b638a19a0b10a360ae5c1a1431a3c1 [diff] [blame]