From 8135b84ed2f5a2c2ab032098b0816f1bf1e4f405 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 3 Apr 2025 16:36:24 +0200 Subject: [PATCH] Fixed incorrect usage of key derivation procedures Signed-off-by: Anton Matkin --- library/ssl_tls.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b75c6d4c11..12af239374 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6390,7 +6390,7 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, psa_key_attributes_t shared_key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags(&shared_key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&shared_key_attributes, alg); - psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_PASSWORD); + psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_DERIVE); status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, &shared_key_attributes, &shared_key_id); @@ -6401,13 +6401,13 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, status = psa_key_derivation_input_key(&derivation, PSA_KEY_DERIVATION_INPUT_SECRET, shared_key_id); + psa_destroy_key(shared_key_id); + if (status != PSA_SUCCESS) { psa_key_derivation_abort(&derivation); return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - psa_destroy_key(shared_key_id); - status = psa_key_derivation_output_bytes(&derivation, handshake->premaster, handshake->pmslen);