mbedtls_pk_get_psa_attributes: force enrollment algorithm off

This avoids a possible gotcha when if the application code reuses an
existing attribute structure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-01-18 14:14:24 +01:00
parent 0b17255da1
commit 1f97e73114

View file

@ -397,6 +397,12 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY;
psa_set_key_usage_flags(attributes, usage);
#if defined(MBEDTLS_PSA_CRYPTO_C)
/* Assume that we have all Mbed TLS attributes. When
* MBEDTLS_PSA_CRYPTO_CLIENT is enabled but not MBEDTLS_PSA_CRYPTO_C,
* we only assume standard PSA functions. */
psa_set_key_enrollment_algorithm(attributes, PSA_ALG_NONE);
#endif
return 0;
}