From 00fd34ef18049deaa5f6befc942ad51aaa87cd98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 12 Feb 2026 10:07:57 +0100
Subject: [PATCH] PK: return helpful error on API misuse
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This makes test_suite_pk pass again, but beyond that I think it's the
right thing to do.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 library/pk.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/library/pk.c b/library/pk.c
index e33a497b17..c580c44a1b 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -967,6 +967,13 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id,
     if (exp_key == NULL) {
         return MBEDTLS_ERR_PK_ALLOC_FAILED;
     }
+#else
+    /* In case we're passed non-ECC key (API misuse), return a sensible error
+     * now. Otherwise we might get BUFFER_TOO_SMALL when exporting below, which
+     * is unlikely to be helpful to the user as the buffer is internal. */
+    if (!PSA_KEY_TYPE_IS_ECC(key_type)) {
+        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
 #endif
 
     if (public_only) {