TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / fbb1eef5b2529bc3e7a4ca6d101c6739facd046f^! / .
commitfbb1eef5b2529bc3e7a4ca6d101c6739facd046f[log] [tgz]
authorValerio Setti <valerio.setti@nordicsemi.no>Fri Mar 01 07:29:15 2024 +0100
committerValerio Setti <valerio.setti@nordicsemi.no>Fri Mar 01 07:29:15 2024 +0100
tree58f25ca8b1df3c2ffb426a23c98edf3966950c5c
parent8f77d888d4ef9bcac3499a73e143230a93a56e39 [diff]
pk: change guard for mbedtls_pk_can_do_ext() to CRYPTO_CLIENT

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 89f53fa..34345db 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h

@@ -454,7 +454,7 @@
  */
 int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type);
 
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 /**
  * \brief           Tell if context can do the operation given by PSA algorithm
  *
@@ -465,7 +465,7 @@
  *                  PSA_ALG_RSA_PKCS1V15_CRYPT,
  *                  PSA_ALG_ECDSA(hash),
  *                  PSA_ALG_ECDH, where hash is a specific hash.
- * \param usage  PSA usage flag to check against, must be composed of:
+ * \param usage     PSA usage flag to check against, must be composed of:
  *                  PSA_KEY_USAGE_SIGN_HASH
  *                  PSA_KEY_USAGE_DECRYPT
  *                  PSA_KEY_USAGE_DERIVE.
@@ -484,7 +484,7 @@
  */
 int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
                           psa_key_usage_t usage);
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 /**

diff --git a/library/pk.c b/library/pk.c
index 0a8214a..9cf5ad6 100644
--- a/library/pk.c
+++ b/library/pk.c

@@ -322,14 +322,7 @@
     }
 
     psa_algorithm_t key_alg = psa_get_key_algorithm(&attributes);
-    /* Key's enrollment is available only when MBEDTLS_PSA_CRYPTO_CLIENT is
-     * defined, i.e. when the Mbed TLS implementation of PSA Crypto is being used.
-     * Even though we don't officially support using other implementations of PSA
-     * Crypto with TLS and X.509 (yet), we're still trying to simplify the life of
-     * people who would like to try it before it's officially supported. */
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
     psa_algorithm_t key_alg2 = psa_get_key_enrollment_algorithm(&attributes);
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
     key_usage = psa_get_key_usage_flags(&attributes);
     psa_reset_key_attributes(&attributes);
 
@@ -347,11 +340,9 @@
     if (alg == key_alg) {
         return 1;
     }
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
     if (alg == key_alg2) {
         return 1;
     }
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
 
     /*
      * If key_alg [or key_alg2] is a hash-and-sign with a wildcard for the hash,