TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e8589964134469aa432c9db3a902c2a741d54e64^! / . / library / ssl_tls.c
commite8589964134469aa432c9db3a902c2a741d54e64[log] [tgz]
authorNeil Armstrong <narmstrong@baylibre.com>Fri Feb 25 15:14:29 2022 +0100
committerNeil Armstrong <narmstrong@baylibre.com>Fri Feb 25 15:17:50 2022 +0100
tree39afd55f80cb4970074362c20a93d2686df32953
parent2968d306e49e914cecc5d05840a307d1a60a9c5b [diff] [blame]
Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf()

Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 336f92d..491db9c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -7321,7 +7321,9 @@
             goto end;
         }
 
-        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
+        /* mbedtls_ct_hmac() requires the key to be exportable */
+        psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
+                                              PSA_KEY_USAGE_VERIFY_HASH );
 
         if( ( status = psa_import_key( &attributes,
                                        mac_dec, mac_key_len,