diff options
| author | Gilles Peskine <gilles.peskine@arm.com> | 2024-05-30 17:24:33 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-30 17:24:33 +0000 |
| commit | 8c60b16188d6a73b02fee09a298cd36488328c51 (patch) | |
| tree | 99298abbdb962326687d64a5114eca0e583e59a3 /library | |
| parent | c15544e217070ce7c751f5f7bc141f5e4b68cff9 (diff) | |
| parent | c6d2df8a67c23e9e6b22cdae0d5cb7f458f1e85f (diff) | |
| download | mbedtls-8c60b16188d6a73b02fee09a298cd36488328c51.zip mbedtls-8c60b16188d6a73b02fee09a298cd36488328c51.tar.gz mbedtls-8c60b16188d6a73b02fee09a298cd36488328c51.tar.bz2 | |
Merge pull request #8643 from gilles-peskine-arm/tls12_server-pk_opaque-dead_code
Guard configuration-specific code in ssl_tls12_server.c
Diffstat (limited to 'library')
| -rw-r--r-- | library/ssl_tls12_server.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index b49a8ae..b5b975f 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2631,13 +2631,8 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes); - if (pk_type == MBEDTLS_PK_OPAQUE) { - /* Opaque key is created by the user (externally from Mbed TLS) - * so we assume it already has the right algorithm and flags - * set. Just copy its ID as reference. */ - ssl->handshake->xxdh_psa_privkey = pk->priv_id; - ssl->handshake->xxdh_psa_privkey_is_external = 1; - } else { +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + if (pk_type != MBEDTLS_PK_OPAQUE) { /* PK_ECKEY[_DH] and PK_ECDSA instead as parsed from the PK * module and only have ECDSA capabilities. Since we need * them for ECDH later, we export and then re-import them with @@ -2665,10 +2660,20 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) /* Set this key as owned by the TLS library: it will be its duty * to clear it exit. */ ssl->handshake->xxdh_psa_privkey_is_external = 0; + + ret = 0; + break; } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + /* Opaque key is created by the user (externally from Mbed TLS) + * so we assume it already has the right algorithm and flags + * set. Just copy its ID as reference. */ + ssl->handshake->xxdh_psa_privkey = pk->priv_id; + ssl->handshake->xxdh_psa_privkey_is_external = 1; ret = 0; break; + #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: |