Implement ClientKeyExchange writing in PSA-based ECDHE suites - Populate the ECDH private key slot with a fresh private EC key designated for the correct algorithm. - Export the public part of the ECDH private key from PSA and reformat it to suite the format of the ClientKeyExchange message. - Perform the PSA-based ECDH key agreement and store the result as the premaster secret for the connection.

commit: 4a63ed421c514185c377e86c6ecf6978edd33aa0 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Tue Jan 08 11:39:35 2019 +0000
committer: Hanno Becker <hanno.becker@arm.com> Mon Feb 18 16:42:01 2019 +0000
tree: 930538692a0f3334c0dba5248318e4f0a976a941
parent: bb89e2727f532042ef7f3273f4058033851570e8 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f224d5e..962223f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -9367,6 +9367,11 @@
     ssl_buffering_free( ssl );
 #endif
 
+#if defined(MBEDTLS_ECDH_C) &&                  \
+    defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_destroy_key( handshake->ecdh_psa_privkey );
+#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
+
     mbedtls_platform_zeroize( handshake,
                               sizeof( mbedtls_ssl_handshake_params ) );
 }
commit	4a63ed421c514185c377e86c6ecf6978edd33aa0	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Tue Jan 08 11:39:35 2019 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Mon Feb 18 16:42:01 2019 +0000
tree	930538692a0f3334c0dba5248318e4f0a976a941
parent	bb89e2727f532042ef7f3273f4058033851570e8 [diff] [blame]