diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 5128a41535..17f98ca979 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -925,23 +925,17 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_key_set const *traffic_keys, mbedtls_ssl_context *ssl /* DEBUG ONLY */) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - int ret; - mbedtls_cipher_info_t const *cipher_info; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ const mbedtls_ssl_ciphersuite_t *ciphersuite_info; unsigned char const *key_enc; unsigned char const *iv_enc; unsigned char const *key_dec; unsigned char const *iv_dec; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t key_type; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; size_t key_bits; psa_status_t status = PSA_SUCCESS; -#endif #if !defined(MBEDTLS_DEBUG_C) ssl = NULL; /* make sure we don't use it except for those cases */ @@ -955,29 +949,6 @@ int mbedtls_ssl_tls13_populate_transform( return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher); - if (cipher_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found", - ciphersuite_info->cipher)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* - * Setup cipher contexts in target transform - */ - if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc, - cipher_info)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); - return ret; - } - - if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec, - cipher_info)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_SRV_C) if (endpoint == MBEDTLS_SSL_IS_SERVER) { @@ -1003,21 +974,6 @@ int mbedtls_ssl_tls13_populate_transform( memcpy(transform->iv_enc, iv_enc, traffic_keys->iv_len); memcpy(transform->iv_dec, iv_dec, traffic_keys->iv_len); -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, - key_enc, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_ENCRYPT)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); - return ret; - } - - if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, - key_dec, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_DECRYPT)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * Setup other fields in SSL transform @@ -1041,7 +997,6 @@ int mbedtls_ssl_tls13_populate_transform( transform->minlen = transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* * Setup psa keys and alg */ @@ -1082,7 +1037,6 @@ int mbedtls_ssl_tls13_populate_transform( return PSA_TO_MBEDTLS_ERR(status); } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ return 0; } @@ -1839,7 +1793,6 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, unsigned char **psk, size_t *psk_len) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1869,14 +1822,6 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, return PSA_TO_MBEDTLS_ERR(status); } return 0; -#else - *psk = ssl->handshake->psk; - *psk_len = ssl->handshake->psk_len; - if (*psk == NULL) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - return 0; -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index ab27c94efc..7273eb9392 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -435,9 +435,7 @@ static int ssl_tls13_offered_psks_check_binder_match( psk, psk_len, psk_type, transcript, server_computed_binder); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_free((void *) psk); -#endif if (ret != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("PSK binder calculation failed.")); return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; @@ -739,11 +737,7 @@ static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, *olen = 0; int not_using_psk = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)); -#else - not_using_psk = (ssl->handshake->psk == NULL); -#endif if (not_using_psk) { /* We shouldn't have called this extension writer unless we've * chosen to use a PSK. */ @@ -1078,7 +1072,6 @@ static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ss #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg) { switch (sig_alg) { @@ -1104,7 +1097,6 @@ static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg) return PSA_ALG_NONE; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * Pick best ( private key, certificate chain ) pair based on the signature @@ -1139,9 +1131,7 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) for (key_cert = key_cert_list; key_cert != NULL; key_cert = key_cert->next) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t psa_alg = PSA_ALG_NONE; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_SSL_DEBUG_CRT(3, "certificate (chain) candidate", key_cert->cert); @@ -1165,17 +1155,13 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) "check signature algorithm %s [%04x]", mbedtls_ssl_sig_alg_to_str(*sig_alg), *sig_alg)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg(*sig_alg); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, &key_cert->cert->pk) -#if defined(MBEDTLS_USE_PSA_CRYPTO) && psa_alg != PSA_ALG_NONE && mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg, PSA_KEY_USAGE_SIGN_HASH) == 1 -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ) { ssl->handshake->key_cert = key_cert; MBEDTLS_SSL_DEBUG_MSG(3,