diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index ee8cc171d7..a0e9680293 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -107,18 +107,14 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char key[COOKIE_MD_OUTLEN]; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_algorithm_t alg; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 ) - return( ret ); + (void)f_rng; + (void)p_rng; -#if defined(MBEDTLS_USE_PSA_CRYPTO) alg = mbedtls_psa_translate_md( COOKIE_MD ); if( alg == 0 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -128,14 +124,20 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) ); psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); + psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( COOKIE_MD_OUTLEN ) ); - if( ( status = psa_import_key( &attributes, - key, sizeof( key ), - &ctx->psa_hmac ) ) != PSA_SUCCESS ) + if( ( status = psa_generate_key( &attributes, + &ctx->psa_hmac ) ) != PSA_SUCCESS ) { return psa_ssl_status_to_mbedtls( status ); } #else + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char key[COOKIE_MD_OUTLEN]; + + if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 ) + return( ret ); + ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 ); if( ret != 0 ) return( ret ); @@ -143,9 +145,9 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) ); if( ret != 0 ) return( ret ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_platform_zeroize( key, sizeof( key ) ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ return( 0 ); }