From 2c44daf0bc2204500e6ead57f799964f352b617a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 10 May 2021 12:53:30 +0200
Subject: [PATCH] Add restriction on output_key alg for password hash
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 include/psa/crypto.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 1780f9821..6fee2b467 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -3619,6 +3619,10 @@ psa_status_t psa_key_derivation_output_bytes(
  * on the derived key based on the attributes and strength of the secret key.
  *
  * \param[in] attributes    The attributes for the new key.
+ *                          If the key type to be created is
+ *                          #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in
+ *                          the policy must be the same as in the current
+ *                          operation.
  * \param[in,out] operation The key derivation operation object to read from.
  * \param[out] key          On success, an identifier for the newly created
  *                          key. For persistent keys, this is the key