lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

TLS 1.3: Move PSA ECDH private key destroy to dedicated function

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
2022-03-15 10:19:18 +01:00
parent 8540cf66ac
commit 5b98ac9c64
2 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
library/ssl_tls13_client.c
View File

@ -231,13 +231,26 @@ static int ssl_tls13_parse_alpn_ext( mbedtls_ssl_context *ssl,
static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl ) static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl )
{ {
uint16_t group_id = ssl->handshake->offered_group_id; uint16_t group_id = ssl->handshake->offered_group_id;
if( group_id == 0 ) if( group_id == 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
#if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_C)
if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) ) if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) )
{ {
mbedtls_ecdh_free( &ssl->handshake->ecdh_ctx ); int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Destroy generated private key. */
status = psa_destroy_key( ssl->handshake->ecdh_psa_privkey );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
return( ret );
}
ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( 0 ); return( 0 );
} }
else else

13
library/ssl_tls13_generic.c
View File

@ -1519,7 +1519,6 @@ int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
size_t hash_len; size_t hash_len;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
uint16_t cipher_suite = ssl->session_negotiate->ciphersuite; uint16_t cipher_suite = ssl->session_negotiate->ciphersuite;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite ); ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Reset SSL session for HRR" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "Reset SSL session for HRR" ) );
@ -1574,18 +1573,6 @@ int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl )
ssl->handshake->update_checksum( ssl, hash_transcript, hash_len ); ssl->handshake->update_checksum( ssl, hash_transcript, hash_len );
#endif /* MBEDTLS_SHA256_C || MBEDTLS_SHA384_C */ #endif /* MBEDTLS_SHA256_C || MBEDTLS_SHA384_C */
/* Destroy generated private key. */
status = psa_destroy_key( ssl->handshake->ecdh_psa_privkey );
if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
return( ret );
}
ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( ret ); return( ret );
} }