fix various issues
- wrong typo in comments - replace psk null check with key_exchange_mode check - set psk NULL when error return in export hs psk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
parent
6cf6b47b5c
commit
5d01c05d93
3 changed files with 21 additions and 10 deletions
|
@ -1693,9 +1693,9 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_key_attributes_t key_attributes = psa_key_attributes_init();
|
||||
psa_status_t status;
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_algorithm_t alg = PSA_ALG_ANY_HASH;
|
||||
mbedtls_svc_key_id_t key;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if( psk == NULL || ssl->handshake == NULL )
|
||||
|
|
|
@ -1065,13 +1065,18 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac );
|
||||
|
||||
ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len );
|
||||
if( ret != 0 && psk != NULL )
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_export_handshake_psk", ret );
|
||||
return( ret );
|
||||
ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_export_handshake_psk",
|
||||
ret );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, psk, psk_len,
|
||||
handshake->tls13_master_secrets.early );
|
||||
|
@ -1596,18 +1601,24 @@ int mbedtls_ssl_tls13_export_handshake_psk( mbedtls_ssl_context *ssl,
|
|||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
mbedtls_free( (void *)*psk );
|
||||
*psk = NULL;
|
||||
return( psa_ssl_status_to_mbedtls( status ) );
|
||||
}
|
||||
return( 0 );
|
||||
#else
|
||||
*psk = ssl->handshake->psk;
|
||||
*psk_len = ssl->handshake->psk_len;
|
||||
if( *psk == NULL )
|
||||
return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
|
||||
return( 0 );
|
||||
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
|
||||
#else /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
((void) ssl);
|
||||
*psk = NULL;
|
||||
*psk_len = 0;
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
#endif /* !MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
return( 0 );
|
||||
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
|
|
@ -1860,9 +1860,9 @@ int main( int argc, char *argv[] )
|
|||
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
|
||||
else if( strcmp( q, "all" ) == 0 )
|
||||
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
|
||||
/* `psk_or_ephemeral` exists in theory and is not recommend in practise.
|
||||
/* `psk_or_ephemeral` exists in theory and is not recommended in practice.
|
||||
* In server side, if needed extensions are received, psk or ephemeral
|
||||
* mode will be set. Add this mode only for test purpose to improve
|
||||
* mode will be set. Add this mode only for test purposes to improve
|
||||
* test coverage.
|
||||
*/
|
||||
else if( strcmp( q, "psk_or_ephemeral" ) == 0 )
|
||||
|
|
Loading…
Reference in a new issue