From 8d2bde77a1d3e17de9b286b658ddf694358a63dd Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 4 Sep 2020 13:06:39 +0200 Subject: [PATCH] Make sure software fallback isn't tried on opaque keys Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 03326f70b..77e63045a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3664,7 +3664,8 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, signature, signature_size, signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED ) + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) goto exit; /* If the operation was not supported by any accelerator, try fallback. */ @@ -3766,7 +3767,8 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, hash_length, signature, signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED ) + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) return status; #if defined(MBEDTLS_RSA_C)