Rm dead !USE_PSA code: ssl_tls.c (part 1)
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls.c
framework/scripts/code_style.py --fix library/ssl_tls.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 56fdb1e..82ff2cc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -27,18 +27,15 @@
#include <string.h>
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
#include "md_psa.h"
#include "psa_util_internal.h"
#include "psa/crypto.h"
-#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#include "mbedtls/oid.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Define local translating functions to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
@@ -48,7 +45,6 @@
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
-#endif
#if defined(MBEDTLS_TEST_HOOKS)
static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args;
@@ -831,16 +827,11 @@
{
#if defined(PSA_WANT_ALG_SHA_256) || \
defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
-#else
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#endif
#else /* SHA-256 or SHA-384 */
((void) ssl);
#endif /* SHA-256 or SHA-384 */
#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha256_psa);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
@@ -849,23 +840,8 @@
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
}
-#else
- mbedtls_md_free(&ssl->handshake->fin_sha256);
- mbedtls_md_init(&ssl->handshake->fin_sha256);
- ret = mbedtls_md_setup(&ssl->handshake->fin_sha256,
- mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
- 0);
- if (ret != 0) {
- return ret;
- }
- ret = mbedtls_md_starts(&ssl->handshake->fin_sha256);
- if (ret != 0) {
- return ret;
- }
-#endif
#endif
#if defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
@@ -874,19 +850,6 @@
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
}
-#else
- mbedtls_md_free(&ssl->handshake->fin_sha384);
- mbedtls_md_init(&ssl->handshake->fin_sha384);
- ret = mbedtls_md_setup(&ssl->handshake->fin_sha384,
- mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0);
- if (ret != 0) {
- return ret;
- }
- ret = mbedtls_md_starts(&ssl->handshake->fin_sha384);
- if (ret != 0) {
- return ret;
- }
-#endif
#endif
return 0;
}
@@ -896,41 +859,23 @@
{
#if defined(PSA_WANT_ALG_SHA_256) || \
defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
-#else
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#endif
#else /* SHA-256 or SHA-384 */
((void) ssl);
(void) buf;
(void) len;
#endif /* SHA-256 or SHA-384 */
#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
}
-#else
- ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
- if (ret != 0) {
- return ret;
- }
-#endif
#endif
#if defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
if (status != PSA_SUCCESS) {
return mbedtls_md_error_from_psa(status);
}
-#else
- ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
- if (ret != 0) {
- return ret;
- }
-#endif
#endif
return 0;
}
@@ -939,12 +884,8 @@
static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
return mbedtls_md_error_from_psa(psa_hash_update(
&ssl->handshake->fin_sha256_psa, buf, len));
-#else
- return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
-#endif
}
#endif
@@ -952,12 +893,8 @@
static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
return mbedtls_md_error_from_psa(psa_hash_update(
&ssl->handshake->fin_sha384_psa, buf, len));
-#else
- return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
-#endif
}
#endif
@@ -966,18 +903,10 @@
memset(handshake, 0, sizeof(mbedtls_ssl_handshake_params));
#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha256_psa = psa_hash_operation_init();
-#else
- mbedtls_md_init(&handshake->fin_sha256);
-#endif
#endif
#if defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha384_psa = psa_hash_operation_init();
-#else
- mbedtls_md_init(&handshake->fin_sha384);
-#endif
#endif
handshake->update_checksum = ssl_update_checksum_start;
@@ -990,12 +919,8 @@
mbedtls_ecdh_init(&handshake->ecdh_ctx);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->psa_pake_ctx = psa_pake_operation_init();
handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT;
-#else
- mbedtls_ecjpake_init(&handshake->ecjpake_ctx);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_CLI_C)
handshake->ecjpake_cache = NULL;
handshake->ecjpake_cache_len = 0;
@@ -1020,22 +945,12 @@
{
memset(transform, 0, sizeof(mbedtls_ssl_transform));
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->psa_key_enc = MBEDTLS_SVC_KEY_ID_INIT;
transform->psa_key_dec = MBEDTLS_SVC_KEY_ID_INIT;
-#else
- mbedtls_cipher_init(&transform->cipher_ctx_enc);
- mbedtls_cipher_init(&transform->cipher_ctx_dec);
-#endif
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
transform->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
-#else
- mbedtls_md_init(&transform->md_ctx_enc);
- mbedtls_md_init(&transform->md_ctx_dec);
-#endif
#endif
}
@@ -1903,7 +1818,6 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
@@ -2019,35 +1933,6 @@
return 0;
}
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
- const unsigned char *pw,
- size_t pw_len)
-{
- mbedtls_ecjpake_role role;
-
- if (ssl->handshake == NULL || ssl->conf == NULL) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- /* Empty password is not valid */
- if ((pw == NULL) || (pw_len == 0)) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
- role = MBEDTLS_ECJPAKE_SERVER;
- } else {
- role = MBEDTLS_ECJPAKE_CLIENT;
- }
-
- return mbedtls_ecjpake_setup(&ssl->handshake->ecjpake_ctx,
- role,
- MBEDTLS_MD_SHA256,
- MBEDTLS_ECP_DP_SECP256R1,
- pw, pw_len);
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
@@ -2058,11 +1943,9 @@
return 0;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
return 1;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (conf->psk != NULL && conf->psk_len != 0) {
return 1;
@@ -2074,13 +1957,11 @@
static void ssl_conf_remove_psk(mbedtls_ssl_config *conf)
{
/* Remove reference to existing PSK, if any. */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
/* The maintenance of the PSK key slot is the
* user's responsibility. */
conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (conf->psk != NULL) {
mbedtls_zeroize_and_free(conf->psk, conf->psk_len);
conf->psk = NULL;
@@ -2162,7 +2043,6 @@
static void ssl_remove_psk(mbedtls_ssl_context *ssl)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
/* The maintenance of the external PSK key slot is the
* user's responsibility. */
@@ -2172,25 +2052,15 @@
}
ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
}
-#else
- if (ssl->handshake->psk != NULL) {
- mbedtls_zeroize_and_free(ssl->handshake->psk,
- ssl->handshake->psk_len);
- ssl->handshake->psk_len = 0;
- ssl->handshake->psk = NULL;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
const unsigned char *psk, size_t psk_len)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t key_attributes = psa_key_attributes_init();
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_algorithm_t alg = PSA_ALG_NONE;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (psk == NULL || ssl->handshake == NULL) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -2202,7 +2072,6 @@
ssl_remove_psk(ssl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) {
if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
@@ -2233,19 +2102,8 @@
/* Allow calling psa_destroy_key() on psk remove */
ssl->handshake->psk_opaque_is_internal = 1;
return mbedtls_ssl_set_hs_psk_opaque(ssl, key);
-#else
- if ((ssl->handshake->psk = mbedtls_calloc(1, psk_len)) == NULL) {
- return MBEDTLS_ERR_SSL_ALLOC_FAILED;
- }
-
- ssl->handshake->psk_len = psk_len;
- memcpy(ssl->handshake->psk, psk, ssl->handshake->psk_len);
-
- return 0;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf,
mbedtls_svc_key_id_t psk,
const unsigned char *psk_identity,
@@ -2286,7 +2144,6 @@
ssl->handshake->psk_opaque = psk;
return 0;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SRV_C)
void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf,
@@ -2301,7 +2158,6 @@
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
psa_algorithm_t alg)
{
@@ -2316,30 +2172,6 @@
return MBEDTLS_SSL_MODE_STREAM;
}
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-
-static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode(
- mbedtls_cipher_mode_t mode)
-{
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- if (mode == MBEDTLS_MODE_CBC) {
- return MBEDTLS_SSL_MODE_CBC;
- }
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
-
-#if defined(MBEDTLS_GCM_C) || \
- defined(MBEDTLS_CCM_C) || \
- defined(MBEDTLS_CHACHAPOLY_C)
- if (mode == MBEDTLS_MODE_GCM ||
- mode == MBEDTLS_MODE_CCM ||
- mode == MBEDTLS_MODE_CHACHAPOLY) {
- return MBEDTLS_SSL_MODE_AEAD;
- }
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
-
- return MBEDTLS_SSL_MODE_STREAM;
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
static mbedtls_ssl_mode_t mbedtls_ssl_get_actual_mode(
mbedtls_ssl_mode_t base_mode,
@@ -2360,11 +2192,7 @@
const mbedtls_ssl_transform *transform)
{
mbedtls_ssl_mode_t base_mode = mbedtls_ssl_get_base_mode(
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->psa_alg
-#else
- mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)
-#endif
);
int encrypt_then_mac = 0;
@@ -2382,7 +2210,6 @@
{
mbedtls_ssl_mode_t base_mode = MBEDTLS_SSL_MODE_STREAM;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
psa_algorithm_t alg;
psa_key_type_t type;
@@ -2392,15 +2219,6 @@
if (status == PSA_SUCCESS) {
base_mode = mbedtls_ssl_get_base_mode(alg);
}
-#else
- const mbedtls_cipher_info_t *cipher =
- mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) suite->cipher);
- if (cipher != NULL) {
- base_mode =
- mbedtls_ssl_get_base_mode(
- mbedtls_cipher_info_get_mode(cipher));
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if !defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
int encrypt_then_mac = 0;
@@ -2408,7 +2226,6 @@
return mbedtls_ssl_get_actual_mode(base_mode, encrypt_then_mac);
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
const mbedtls_error_pair_t psa_to_ssl_errors[] =
{
@@ -2617,7 +2434,6 @@
return PSA_SUCCESS;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf,
@@ -4719,18 +4535,10 @@
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&handshake->fin_sha256_psa);
-#else
- mbedtls_md_free(&handshake->fin_sha256);
-#endif
#endif
#if defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&handshake->fin_sha384_psa);
-#else
- mbedtls_md_free(&handshake->fin_sha384);
-#endif
#endif
#if defined(MBEDTLS_DHM_C)
@@ -4742,7 +4550,6 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_pake_abort(&handshake->psa_pake_ctx);
/*
* Opaque keys are not stored in the handshake's data and it's the user
@@ -4753,9 +4560,6 @@
psa_destroy_key(handshake->psa_pake_password);
}
handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT;
-#else
- mbedtls_ecjpake_free(&handshake->ecjpake_ctx);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_CLI_C)
mbedtls_free(handshake->ecjpake_cache);
handshake->ecjpake_cache = NULL;
@@ -4771,7 +4575,6 @@
#endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
/* The maintenance of the external PSK key slot is the
* user's responsibility. */
@@ -4781,11 +4584,6 @@
}
ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
}
-#else
- if (handshake->psk != NULL) {
- mbedtls_zeroize_and_free(handshake->psk, handshake->psk_len);
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
@@ -5967,11 +5765,9 @@
#endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) {
conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (conf->psk != NULL) {
mbedtls_zeroize_and_free(conf->psk, conf->psk_len);
conf->psk = NULL;
@@ -6272,7 +6068,6 @@
}
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md,
unsigned char *dst,
@@ -6319,116 +6114,6 @@
#endif
return PSA_TO_MBEDTLS_ERR(status);
}
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(PSA_WANT_ALG_SHA_384)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl,
- unsigned char *dst,
- size_t dst_len,
- size_t *olen)
-{
- int ret;
- mbedtls_md_context_t sha384;
-
- if (dst_len < 48) {
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
-
- mbedtls_md_init(&sha384);
- ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384);
- if (ret != 0) {
- goto exit;
- }
-
- if ((ret = mbedtls_md_finish(&sha384, dst)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret);
- goto exit;
- }
-
- *olen = 48;
-
-exit:
-
- mbedtls_md_free(&sha384);
- return ret;
-}
-#endif /* PSA_WANT_ALG_SHA_384 */
-
-#if defined(PSA_WANT_ALG_SHA_256)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_handshake_transcript_sha256(mbedtls_ssl_context *ssl,
- unsigned char *dst,
- size_t dst_len,
- size_t *olen)
-{
- int ret;
- mbedtls_md_context_t sha256;
-
- if (dst_len < 32) {
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
-
- mbedtls_md_init(&sha256);
- ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256);
- if (ret != 0) {
- goto exit;
- }
-
- if ((ret = mbedtls_md_finish(&sha256, dst)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret);
- goto exit;
- }
-
- *olen = 32;
-
-exit:
-
- mbedtls_md_free(&sha256);
- return ret;
-}
-#endif /* PSA_WANT_ALG_SHA_256 */
-
-int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
- const mbedtls_md_type_t md,
- unsigned char *dst,
- size_t dst_len,
- size_t *olen)
-{
- switch (md) {
-
-#if defined(PSA_WANT_ALG_SHA_384)
- case MBEDTLS_MD_SHA384:
- return ssl_get_handshake_transcript_sha384(ssl, dst, dst_len, olen);
-#endif /* PSA_WANT_ALG_SHA_384*/
-
-#if defined(PSA_WANT_ALG_SHA_256)
- case MBEDTLS_MD_SHA256:
- return ssl_get_handshake_transcript_sha256(ssl, dst, dst_len, olen);
-#endif /* PSA_WANT_ALG_SHA_256*/
-
- default:
-#if !defined(PSA_WANT_ALG_SHA_384) && \
- !defined(PSA_WANT_ALG_SHA_256)
- (void) ssl;
- (void) dst;
- (void) dst_len;
- (void) olen;
-#endif
- break;
- }
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-}
-
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/* mbedtls_ssl_parse_sig_alg_ext()
@@ -6537,7 +6222,6 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
static psa_status_t setup_psa_key_derivation(psa_key_derivation_operation_t *derivation,
mbedtls_svc_key_id_t key,
@@ -6680,116 +6364,6 @@
return 0;
}
#endif /* PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384 */
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_MD_C) && \
- (defined(PSA_WANT_ALG_SHA_256) || \
- defined(PSA_WANT_ALG_SHA_384))
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int tls_prf_generic(mbedtls_md_type_t md_type,
- const unsigned char *secret, size_t slen,
- const char *label,
- const unsigned char *random, size_t rlen,
- unsigned char *dstbuf, size_t dlen)
-{
- size_t nb;
- size_t i, j, k, md_len;
- unsigned char *tmp;
- size_t tmp_len = 0;
- unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
- const mbedtls_md_info_t *md_info;
- mbedtls_md_context_t md_ctx;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
- mbedtls_md_init(&md_ctx);
-
- if ((md_info = mbedtls_md_info_from_type(md_type)) == NULL) {
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
-
- md_len = mbedtls_md_get_size(md_info);
-
- tmp_len = md_len + strlen(label) + rlen;
- tmp = mbedtls_calloc(1, tmp_len);
- if (tmp == NULL) {
- ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
- goto exit;
- }
-
- nb = strlen(label);
- memcpy(tmp + md_len, label, nb);
- memcpy(tmp + md_len + nb, random, rlen);
- nb += rlen;
-
- /*
- * Compute P_<hash>(secret, label + random)[0..dlen]
- */
- if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) {
- goto exit;
- }
-
- ret = mbedtls_md_hmac_starts(&md_ctx, secret, slen);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_hmac_update(&md_ctx, tmp + md_len, nb);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_hmac_finish(&md_ctx, tmp);
- if (ret != 0) {
- goto exit;
- }
-
- for (i = 0; i < dlen; i += md_len) {
- ret = mbedtls_md_hmac_reset(&md_ctx);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len + nb);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_hmac_finish(&md_ctx, h_i);
- if (ret != 0) {
- goto exit;
- }
-
- ret = mbedtls_md_hmac_reset(&md_ctx);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_hmac_finish(&md_ctx, tmp);
- if (ret != 0) {
- goto exit;
- }
-
- k = (i + md_len > dlen) ? dlen % md_len : md_len;
-
- for (j = 0; j < k; j++) {
- dstbuf[i + j] = h_i[j];
- }
- }
-
-exit:
- mbedtls_md_free(&md_ctx);
-
- if (tmp != NULL) {
- mbedtls_platform_zeroize(tmp, tmp_len);
- }
-
- mbedtls_platform_zeroize(h_i, sizeof(h_i));
-
- mbedtls_free(tmp);
-
- return ret;
-}
-#endif /* MBEDTLS_MD_C && ( PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384 ) */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(PSA_WANT_ALG_SHA_256)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -7139,7 +6713,6 @@
return 0;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int ssl_calc_verify_tls_psa(const mbedtls_ssl_context *ssl,
const psa_hash_operation_t *hs_op,
size_t buffer_size,
@@ -7170,59 +6743,14 @@
psa_hash_abort(&cloned_op);
return mbedtls_md_error_from_psa(status);
}
-#else
-static int ssl_calc_verify_tls_legacy(const mbedtls_ssl_context *ssl,
- const mbedtls_md_context_t *hs_ctx,
- unsigned char *hash,
- size_t *hlen)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md_context_t cloned_ctx;
-
- mbedtls_md_init(&cloned_ctx);
-
-#if !defined(MBEDTLS_DEBUG_C)
- (void) ssl;
-#endif
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify"));
-
- ret = mbedtls_md_setup(&cloned_ctx, mbedtls_md_info_from_ctx(hs_ctx), 0);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_clone(&cloned_ctx, hs_ctx);
- if (ret != 0) {
- goto exit;
- }
-
- ret = mbedtls_md_finish(&cloned_ctx, hash);
- if (ret != 0) {
- goto exit;
- }
-
- *hlen = mbedtls_md_get_size(mbedtls_md_info_from_ctx(hs_ctx));
-
- MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
- MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
-
-exit:
- mbedtls_md_free(&cloned_ctx);
- return ret;
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(PSA_WANT_ALG_SHA_256)
int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl,
unsigned char *hash,
size_t *hlen)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha256_psa, 32,
hash, hlen);
-#else
- return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha256,
- hash, hlen);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* PSA_WANT_ALG_SHA_256 */
@@ -7231,13 +6759,8 @@
unsigned char *hash,
size_t *hlen)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha384_psa, 48,
hash, hlen);
-#else
- return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha384,
- hash, hlen);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* PSA_WANT_ALG_SHA_384 */
@@ -7953,17 +7476,10 @@
{
unsigned int len = 12;
const char *sender;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
psa_hash_operation_t *hs_op = ctx;
psa_hash_operation_t cloned_op = PSA_HASH_OPERATION_INIT;
size_t hash_size;
-#else
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_md_context_t *hs_ctx = ctx;
- mbedtls_md_context_t cloned_ctx;
- mbedtls_md_init(&cloned_ctx);
-#endif
mbedtls_ssl_session *session = ssl->session_negotiate;
if (!session) {
@@ -7974,7 +7490,6 @@
? "client finished"
: "server finished";
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls"));
status = psa_hash_clone(hs_op, &cloned_op);
@@ -7987,23 +7502,6 @@
goto exit;
}
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, hlen);
-#else
- MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls"));
-
- ret = mbedtls_md_setup(&cloned_ctx, mbedtls_md_info_from_ctx(hs_ctx), 0);
- if (ret != 0) {
- goto exit;
- }
- ret = mbedtls_md_clone(&cloned_ctx, hs_ctx);
- if (ret != 0) {
- goto exit;
- }
-
- ret = mbedtls_md_finish(&cloned_ctx, padbuf);
- if (ret != 0) {
- goto exit;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_BUF(4, "finished output", padbuf, hlen);
@@ -8022,13 +7520,8 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
exit:
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&cloned_op);
return mbedtls_md_error_from_psa(status);
-#else
- mbedtls_md_free(&cloned_ctx);
- return ret;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#if defined(PSA_WANT_ALG_SHA_256)
@@ -8037,11 +7530,7 @@
{
unsigned char padbuf[32];
return ssl_calc_finished_tls_generic(ssl,
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
&ssl->handshake->fin_sha256_psa,
-#else
- &ssl->handshake->fin_sha256,
-#endif
padbuf, sizeof(padbuf),
buf, from);
}
@@ -8054,11 +7543,7 @@
{
unsigned char padbuf[48];
return ssl_calc_finished_tls_generic(ssl,
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
&ssl->handshake->fin_sha384_psa,
-#else
- &ssl->handshake->fin_sha384,
-#endif
padbuf, sizeof(padbuf),
buf, from);
}
@@ -8436,19 +7921,13 @@
size_t keylen;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
mbedtls_ssl_mode_t ssl_mode;
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- const mbedtls_cipher_info_t *cipher_info;
- const mbedtls_md_info_t *md_info;
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
psa_algorithm_t mac_alg = 0;
size_t key_bits;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-#endif
/*
* Some data just needs copying into the structure
@@ -8491,7 +7970,6 @@
ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher,
transform->taglen,
&alg,
@@ -8501,30 +7979,13 @@
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", ret);
goto end;
}
-#else
- cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) ciphersuite_info->cipher);
- if (cipher_info == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found",
- ciphersuite_info->cipher));
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mac_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
if (mac_alg == 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found",
(unsigned) ciphersuite_info->mac));
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
-#else
- md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
- if (md_info == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md info for %u not found",
- (unsigned) ciphersuite_info->mac));
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* Copy own and peer's CID if the use of the CID
@@ -8564,11 +8025,7 @@
* Determine the appropriate key, IV and MAC length.
*/
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
keylen = PSA_BITS_TO_BYTES(key_bits);
-#else
- keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
-#endif
#if defined(MBEDTLS_SSL_HAVE_AEAD)
if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) {
@@ -8588,12 +8045,7 @@
transform->ivlen = 12;
int is_chachapoly = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
is_chachapoly = (key_type == PSA_KEY_TYPE_CHACHA20);
-#else
- is_chachapoly = (mbedtls_cipher_info_get_mode(cipher_info)
- == MBEDTLS_MODE_CHACHAPOLY);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (is_chachapoly) {
transform->fixed_ivlen = 12;
@@ -8610,34 +8062,14 @@
if (ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
ssl_mode == MBEDTLS_SSL_MODE_CBC ||
ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type);
-#else
- size_t block_size = mbedtls_cipher_info_get_block_size(cipher_info);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Get MAC length */
mac_key_len = PSA_HASH_LENGTH(mac_alg);
-#else
- /* Initialize HMAC contexts */
- if ((ret = mbedtls_md_setup(&transform->md_ctx_enc, md_info, 1)) != 0 ||
- (ret = mbedtls_md_setup(&transform->md_ctx_dec, md_info, 1)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret);
- goto end;
- }
-
- /* Get MAC length */
- mac_key_len = mbedtls_md_get_size(md_info);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
transform->maclen = mac_key_len;
/* IV length */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->ivlen = PSA_CIPHER_IV_LENGTH(key_type, alg);
-#else
- transform->ivlen = mbedtls_cipher_info_get_iv_size(cipher_info);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Minimum length */
if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) {
@@ -8730,7 +8162,6 @@
tls_prf_get_type(tls_prf));
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->psa_alg = alg;
if (alg != MBEDTLS_SSL_NULL_CIPHER) {
@@ -8759,55 +8190,11 @@
goto end;
}
}
-#else
- if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc,
- cipher_info)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
- goto end;
- }
-
- if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec,
- cipher_info)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
- goto end;
- }
-
- if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, key1,
- (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
- MBEDTLS_ENCRYPT)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
- goto end;
- }
-
- if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, key2,
- (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
- MBEDTLS_DECRYPT)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
- goto end;
- }
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if (mbedtls_cipher_info_get_mode(cipher_info) == MBEDTLS_MODE_CBC) {
- if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_enc,
- MBEDTLS_PADDING_NONE)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret);
- goto end;
- }
-
- if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_dec,
- MBEDTLS_PADDING_NONE)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret);
- goto end;
- }
- }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
/* For HMAC-based ciphersuites, initialize the HMAC transforms.
For AEAD-based ciphersuites, there is nothing to do here. */
if (mac_key_len != 0) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->psa_mac_alg = PSA_ALG_HMAC(mac_alg);
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
@@ -8842,16 +8229,6 @@
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret);
goto end;
}
-#else
- ret = mbedtls_md_hmac_starts(&transform->md_ctx_enc, mac_enc, mac_key_len);
- if (ret != 0) {
- goto end;
- }
- ret = mbedtls_md_hmac_starts(&transform->md_ctx_dec, mac_dec, mac_key_len);
- if (ret != 0) {
- goto end;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
@@ -8950,7 +8327,6 @@
}
#endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
unsigned char *hash, size_t *hashlen,
unsigned char *data, size_t data_len,
@@ -9005,61 +8381,6 @@
return 0;
}
-#else
-
-int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl,
- unsigned char *hash, size_t *hashlen,
- unsigned char *data, size_t data_len,
- mbedtls_md_type_t md_alg)
-{
- int ret = 0;
- mbedtls_md_context_t ctx;
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg);
- *hashlen = mbedtls_md_get_size(md_info);
-
- MBEDTLS_SSL_DEBUG_MSG(3, ("Perform mbedtls-based computation of digest of ServerKeyExchange"));
-
- mbedtls_md_init(&ctx);
-
- /*
- * digitally-signed struct {
- * opaque client_random[32];
- * opaque server_random[32];
- * ServerDHParams params;
- * };
- */
- if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret);
- goto exit;
- }
- if ((ret = mbedtls_md_starts(&ctx)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_starts", ret);
- goto exit;
- }
- if ((ret = mbedtls_md_update(&ctx, ssl->handshake->randbytes, 64)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret);
- goto exit;
- }
- if ((ret = mbedtls_md_update(&ctx, data, data_len)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret);
- goto exit;
- }
- if ((ret = mbedtls_md_finish(&ctx, hash)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret);
- goto exit;
- }
-
-exit:
- mbedtls_md_free(&ctx);
-
- if (ret != 0) {
- mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
- }
-
- return ret;
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -9090,7 +8411,6 @@
}
if (sig_alg == sig_alg_received) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) {
psa_algorithm_t psa_hash_alg =
mbedtls_md_psa_alg_from_type(md_alg);
@@ -9110,7 +8430,6 @@
continue;
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
return hash_alg_received;
}
@@ -9142,14 +8461,8 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_CLI_C)
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
- ssl->handshake->psa_pake_ctx_is_ok != 1)
-#else
- if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
- mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0)
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- {
+ ssl->handshake->psa_pake_ctx_is_ok != 1) {
return -1;
}
#endif