mbedtls_pk_get_psa_attributes: force enrollment algorithm off This avoids a possible gotcha when if the application code reuses an existing attribute structure. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 1f97e73114a37bab4655100890680592cdba8204 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Jan 18 14:14:24 2024 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Tue Jan 23 20:09:38 2024 +0100
tree: 55652937f403146043143cad175fc6e0b2ec049e
parent: 0b17255da123b0b8717534d25c1c1adcb9ba5cab [diff]
diff --git a/library/pk.c b/library/pk.c
index bde561a..706d5d3 100644
--- a/library/pk.c
+++ b/library/pk.c

@@ -397,6 +397,12 @@
 
     usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY;
     psa_set_key_usage_flags(attributes, usage);
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+    /* Assume that we have all Mbed TLS attributes. When
+     * MBEDTLS_PSA_CRYPTO_CLIENT is enabled but not MBEDTLS_PSA_CRYPTO_C,
+     * we only assume standard PSA functions. */
+    psa_set_key_enrollment_algorithm(attributes, PSA_ALG_NONE);
+#endif
 
     return 0;
 }
commit	1f97e73114a37bab4655100890680592cdba8204	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Jan 18 14:14:24 2024 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Jan 23 20:09:38 2024 +0100
tree	55652937f403146043143cad175fc6e0b2ec049e
parent	0b17255da123b0b8717534d25c1c1adcb9ba5cab [diff]