lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-05 19:35:48 +03:00
Code Activity

Only make PSA HMAC key exportable when NULL or CBC & not EtM in build_transforms()

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong
2022-03-18 09:56:57 +01:00
parent 29c0c040fc
commit 8f92bf3a26
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/suites/test_suite_ssl.function
View File

@@ -1374,9 +1374,13 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
md1, maclen, md1, maclen,
&t_out->psa_mac_enc ) == PSA_SUCCESS ); &t_out->psa_mac_enc ) == PSA_SUCCESS );
if( cipher_info->mode == MBEDTLS_MODE_STREAM ||
etm == MBEDTLS_SSL_ETM_DISABLED )
/* mbedtls_ct_hmac() requires the key to be exportable */ /* mbedtls_ct_hmac() requires the key to be exportable */
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT | psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
PSA_KEY_USAGE_VERIFY_HASH ); PSA_KEY_USAGE_VERIFY_HASH );
else
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
CHK( psa_import_key( &attributes, CHK( psa_import_key( &attributes,
md1, maclen, md1, maclen,