Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-03 10:28:37 +02:00 · 2022-05-03 10:28:37 +02:00 · cd05f0b9e5
commit cd05f0b9e5
parent e952a30d47
3 changed files with 13 additions and 139 deletions
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@ -3983,18 +3983,14 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
            return( MBEDTLS_ERR_SSL_DECODE_ERROR );
        }

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-        /* For opaque PSKs, we perform the PSK-to-MS derivation automatically
-         * and skip the intermediate PMS. */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) );
-#else
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
                        ciphersuite_info->key_exchange ) ) != 0 )
        {
            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
            return( ret );
        }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
    }
    else
 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
@ -4026,18 +4022,14 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
            return( ret );
        }

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-        /* For opaque PSKs, we perform the PSK-to-MS derivation automatically
-         * and skip the intermediate PMS. */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque RSA-PSK" ) );
-#else
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
                        ciphersuite_info->key_exchange ) ) != 0 )
        {
            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
            return( ret );
        }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
    }
    else
 #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
@ -4147,9 +4139,6 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
        MBEDTLS_PUT_UINT16_BE( zlen, psm, 0 );
        psm += zlen_size + zlen;

-        /* In case of opaque psk skip writting psk to pms.
-         * Opaque key will be handled later. */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque ECDHE-PSK" ) );
 #else /* MBEDTLS_USE_PSA_CRYPTO */
        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
        {