mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-19 00:40:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use PSA for private key generation and public key export only for ECDHE keys

Browse Source 
This should be cleaned when server-side static ECDH (1.2) support is added (#5320).

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2022-03-14 12:05:27 +01:00
parent a21af3da00
commit fc91a1f030
1 changed files with 93 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
library/ssl_srv.c
View File

@ -3108,6 +3108,10 @@ curve_matching_done:
} }
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
// Handle only ECDHE keys using PSA crypto.
if ( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
{
psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t key_attributes; psa_key_attributes_t key_attributes;
mbedtls_ssl_handshake_params *handshake = ssl->handshake; mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@ -3188,6 +3192,19 @@ curve_matching_done:
/* Determine full message length. */ /* Determine full message length. */
len += header_size; len += header_size;
}
else
{
if( ( ret = mbedtls_ecdh_make_params(
&ssl->handshake->ecdh_ctx, &len,
ssl->out_msg + ssl->out_msglen,
MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
return( ret );
}
}
#else #else
if( ( ret = mbedtls_ecdh_make_params( if( ( ret = mbedtls_ecdh_make_params(
&ssl->handshake->ecdh_ctx, &len, &ssl->handshake->ecdh_ctx, &len,