From 013f5474cfc639412d787246b5af45a971e0493e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Aug 2019 15:42:14 +0200 Subject: [PATCH] Fix erasure of external flags This didn't break anything now, but would have broken things once we start to add internal flags. --- library/psa_crypto.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9f7b5cbc0..5742f627d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1560,8 +1560,11 @@ static psa_status_t psa_start_key_creation( slot->attr = attributes->core; /* Erase external-only flags from the internal copy. To access - * external-only flags, query `attributes`. */ - slot->attr.flags |= ~MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY; + * external-only flags, query `attributes`. Thanks to the check + * in psa_validate_key_attributes(), this leaves the dual-use + * flags and any internal flag that psa_internal_allocate_key_slot() + * may have set. */ + slot->attr.flags &= ~MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* For a key in a secure element, we need to do three things: