From 3bcef083354f3b359567158e20a80b345fa6e0c4 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 23 Mar 2022 18:16:54 +0100 Subject: [PATCH] Update comments in ECHDE-PSK part of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong --- library/ssl_tls12_server.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 5ab800c5d1..34dbcbcad8 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -4074,7 +4074,12 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) handshake->ecdh_psa_peerkey_len = ecpoint_len; p += ecpoint_len; - /* The ECDH secret is the premaster secret used for key derivation. */ + /* As RFC 5489 section 2, the premaster secret is formed as follows: + * - a uint16 containing the length (in octets) of the ECDH computation + * - the octet string produced by the ECDH computation + * - a uint16 containing the length (in octets) of the PSK + * - the PSK itself + */ unsigned char *psm = ssl->handshake->premaster; unsigned char *psm_end = psm + sizeof( ssl->handshake->premaster ); size_t zlen = 0; @@ -4094,6 +4099,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( status != PSA_SUCCESS || destruction_status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + /* Write the ECDH computation length before the ECDH computation */ MBEDTLS_PUT_UINT16_BE( zlen, psm, 0 ); psm += 2 + zlen; @@ -4114,12 +4120,14 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } + /* Write the PSK length as uint16 */ MBEDTLS_PUT_UINT16_BE( psk_len, psm, 0 ); psm += 2; if( psm_end < psm || (size_t)( psm_end - psm ) < psk_len ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + /* Write the PSK itself */ memcpy( psm, psk, psk_len ); psm += psk_len;