mbedtls_pk_get_psa_attributes: force enrollment algorithm off
This avoids a possible gotcha when if the application code reuses an
existing attribute structure.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/pk.c b/library/pk.c
index bde561a..706d5d3 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -397,6 +397,12 @@
 
     usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY;
     psa_set_key_usage_flags(attributes, usage);
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+    /* Assume that we have all Mbed TLS attributes. When
+     * MBEDTLS_PSA_CRYPTO_CLIENT is enabled but not MBEDTLS_PSA_CRYPTO_C,
+     * we only assume standard PSA functions. */
+    psa_set_key_enrollment_algorithm(attributes, PSA_ALG_NONE);
+#endif
 
     return 0;
 }