Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 73504a6..9de5239 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -952,10 +952,10 @@
mbedtls_svc_key_id_t psa_mac_enc; /*!< MAC (encryption) */
mbedtls_svc_key_id_t psa_mac_dec; /*!< MAC (decryption) */
psa_algorithm_t psa_mac_alg; /*!< psa MAC algorithm */
-#endif
-
+#else
mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int encrypt_then_mac; /*!< flag for EtM activation */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 7445cb5..b8809fb 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5755,9 +5755,10 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key( transform->psa_mac_enc );
psa_destroy_key( transform->psa_mac_dec );
-#endif
+#else
mbedtls_md_free( &transform->md_ctx_enc );
mbedtls_md_free( &transform->md_ctx_dec );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif
mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 60795e0..336f92d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -613,10 +613,11 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
transform->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
-#endif
+#else
mbedtls_md_init( &transform->md_ctx_enc );
mbedtls_md_init( &transform->md_ctx_dec );
#endif
+#endif
}
void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
@@ -7174,6 +7175,7 @@
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ||
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
{
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
/* Initialize HMAC contexts */
if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
@@ -7181,6 +7183,7 @@
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
goto end;
}
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
/* Get MAC length */
mac_key_len = mbedtls_md_get_size( md_info );
@@ -7328,13 +7331,14 @@
MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_mac_key", ret );
goto end;
}
-#endif
+#else
ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
if( ret != 0 )
goto end;
ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
if( ret != 0 )
goto end;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */