mbedtls_pk_get_psa_attributes: force enrollment algorithm off
This avoids a possible gotcha when if the application code reuses an existing attribute structure. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
0b17255da1
commit
1f97e73114
1 changed files with 6 additions and 0 deletions
|
@ -397,6 +397,12 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
|
|||
|
||||
usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY;
|
||||
psa_set_key_usage_flags(attributes, usage);
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
/* Assume that we have all Mbed TLS attributes. When
|
||||
* MBEDTLS_PSA_CRYPTO_CLIENT is enabled but not MBEDTLS_PSA_CRYPTO_C,
|
||||
* we only assume standard PSA functions. */
|
||||
psa_set_key_enrollment_algorithm(attributes, PSA_ALG_NONE);
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue