diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 603be8970e..e38e2e3469 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -277,25 +277,6 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group( } #endif /* MBEDTLS_ECP_C */ -/* This function takes a buffer holding an ECPoint structure - * (as contained in a TLS ServerKeyExchange message for ECDHE - * exchanges) and converts it into a format that the PSA key - * agreement API understands. - */ -static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src, - size_t srclen, - unsigned char *dst, - size_t dstlen, - size_t *olen ) -{ - if( srclen > dstlen ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); - - memcpy( dst, src, srclen ); - *olen = srclen; - return( 0 ); -} - /* Translations for PK layer */ static inline int mbedtls_psa_err_translate_pk( psa_status_t status ) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 40b87dda69..1ce9183765 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2398,24 +2398,18 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); handshake->ecdh_bits = (uint16_t) ecdh_bits; - /* - * Put peer's ECDH public key in the format understood by PSA. - */ - + /* Keep a copy of the peer's public key */ ecpoint_len = *(*p)++; if( (size_t)( end - *p ) < ecpoint_len ) return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - if( mbedtls_psa_tls_ecpoint_to_psa_ec( - *p, ecpoint_len, - handshake->ecdh_psa_peerkey, - sizeof( handshake->ecdh_psa_peerkey ), - &handshake->ecdh_psa_peerkey_len ) != 0 ) - { - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } + if( ecpoint_len > sizeof( handshake->ecdh_psa_peerkey ) ) + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + memcpy( handshake->ecdh_psa_peerkey, *p, ecpoint_len ); + handshake->ecdh_psa_peerkey_len = ecpoint_len; *p += ecpoint_len; + return( 0 ); } #endif /* MBEDTLS_USE_PSA_CRYPTO &&