From ae22babf8bdea2114406126690f18e894db04147 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Tue, 1 Nov 2022 10:29:10 +1000
Subject: [PATCH] PKCS#11: compile time check in finding keys

When WC_PKCS11_FIND_WITH_ID_ONLY defined, don't add key class and
type to attributes of search for by Id.
---
 wolfcrypt/src/wc_pkcs11.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wolfcrypt/src/wc_pkcs11.c b/wolfcrypt/src/wc_pkcs11.c
index e0a04b5e5..e5b06375a 100644
--- a/wolfcrypt/src/wc_pkcs11.c
+++ b/wolfcrypt/src/wc_pkcs11.c
@@ -1464,8 +1464,10 @@ static int Pkcs11FindKeyById(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass,
     int             ret = 0;
     CK_ULONG        count;
     CK_ATTRIBUTE    keyTemplate[] = {
+#ifndef WC_PKCS11_FIND_WITH_ID_ONLY
         { CKA_CLASS,           &keyClass, sizeof(keyClass) },
         { CKA_KEY_TYPE,        &keyType,  sizeof(keyType)  },
+#endif
         { CKA_ID,              id,        (CK_ULONG)idLen  }
     };
     CK_ULONG        keyTmplCnt = sizeof(keyTemplate) / sizeof(*keyTemplate);