diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 691fa62db..775ab9b35 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1764,9 +1764,11 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_DECODE_ERROR; } +#if !defined(PSA_WANT_ALG_FFDH) if (ecpoint_len > sizeof(handshake->ecdh_psa_peerkey)) { return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } +#endif memcpy(handshake->ecdh_psa_peerkey, *p, ecpoint_len); handshake->ecdh_psa_peerkey_len = ecpoint_len; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 3b8710e41..3f2aa44da 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3901,11 +3901,13 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_DECODE_ERROR; } +#if !defined(PSA_WANT_ALG_FFDH) if (ecpoint_len > sizeof(handshake->ecdh_psa_peerkey)) { psa_destroy_key(handshake->ecdh_psa_privkey); handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } +#endif memcpy(handshake->ecdh_psa_peerkey, p, ecpoint_len); handshake->ecdh_psa_peerkey_len = ecpoint_len;