Refine the comment about generating early secrects in post server hello
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
This commit is contained in:
Xiaokang Qian
parent
bd0ab06d50
commit
7892b6caad
1 changed files with 7 additions and 4 deletions
|
|
@ -1935,11 +1935,14 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl)
|
||||||
("Selected key exchange mode: %s",
|
("Selected key exchange mode: %s",
|
||||||
ssl_tls13_get_kex_mode_str(handshake->key_exchange_mode)));
|
ssl_tls13_get_kex_mode_str(handshake->key_exchange_mode)));
|
||||||
|
|
||||||
/* Start the TLS 1.3 key schedule: Set the PSK and derive early secret.
|
/* Start the TLS 1.3 key scheduling if not already done.
|
||||||
*
|
*
|
||||||
* We do this in case we didn't offer 0-RTT or even we offered 0-RTT but
|
* If we proposed early data then we have already derived an
|
||||||
* server selected ephemeral mode. In other cases, we could skip generating
|
* early secret using the selected PSK and its associated hash.
|
||||||
* the early secret.
|
* It means that if the negotiated key exchange mode is psk or
|
||||||
|
* psk_ephemeral, we have already correctly computed the
|
||||||
|
* early secret and thus we do not do it again. In all other
|
||||||
|
* cases we compute it here.
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||||
if ((ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) ||
|
if ((ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) ||
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue