fix various issues
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c0703a2..74dd40b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1693,9 +1693,9 @@
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t key_attributes = psa_key_attributes_init();
- psa_status_t status;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_algorithm_t alg = PSA_ALG_ANY_HASH;
- mbedtls_svc_key_id_t key;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( psk == NULL || ssl->handshake == NULL )
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index c5ec5bf..01e956f 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1065,13 +1065,18 @@
}
hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac );
-
- ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len );
- if( ret != 0 && psk != NULL )
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_export_handshake_psk", ret );
- return( ret );
+ ret = mbedtls_ssl_tls13_export_handshake_psk( ssl, &psk, &psk_len );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_export_handshake_psk",
+ ret );
+ return( ret );
+ }
}
+#endif
ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, psk, psk_len,
handshake->tls13_master_secrets.early );
@@ -1596,18 +1601,24 @@
if( status != PSA_SUCCESS )
{
mbedtls_free( (void *)*psk );
+ *psk = NULL;
return( psa_ssl_status_to_mbedtls( status ) );
}
+ return( 0 );
#else
*psk = ssl->handshake->psk;
*psk_len = ssl->handshake->psk_len;
+ if( *psk == NULL )
+ return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+ return( 0 );
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#else /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
((void) ssl);
*psk = NULL;
*psk_len = 0;
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
#endif /* !MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
- return( 0 );
+
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index d26fcc8..d0193e4 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1860,9 +1860,9 @@
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
else if( strcmp( q, "all" ) == 0 )
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
- /* `psk_or_ephemeral` exists in theory and is not recommend in practise.
+ /* `psk_or_ephemeral` exists in theory and is not recommended in practice.
* In server side, if needed extensions are received, psk or ephemeral
- * mode will be set. Add this mode only for test purpose to improve
+ * mode will be set. Add this mode only for test purposes to improve
* test coverage.
*/
else if( strcmp( q, "psk_or_ephemeral" ) == 0 )