commit 3b056202d3ae23a2a9658bf46a243f46741c33ec
author Ronald Cron <ronald.cron@arm.com> Wed Oct 05 17:20:21 2022 +0200
committer Ronald Cron <ronald.cron@arm.com> Fri Oct 21 14:34:20 2022 +0200
tree 04690abaca80488d417f1268f0a3e08265805ec9
parent 4c7edb2b9bf2ee7792545f1ae557f1a214c2d614

tls13: keys: Do not use `handshake->premaster`

`handshake->premaster` was used to store the
(EC)DHE shared secret but in TLS 1.3 there is
no need to store it in a context.

Futhermore, `handshake->premaster` and more
specifically its sizing is TLS 1.2 specific
thus better to not use it in TLS 1.3.

Allocate a buffer to store the shared secret
instead. Allocation instead of a stack buffer
as the maintenance of the size of such buffer
is harder (new elliptic curve for ECDHE,
support for FFDHE ... ).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_misc.h

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 828937c..8a1834f 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -600,8 +600,6 @@
     size_t ecrs_n;                      /*!< place for saving a length      */
 #endif
 
-    size_t pmslen;                      /*!<  premaster length        */
-
     mbedtls_ssl_ciphersuite_t const *ciphersuite_info;
 
     void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
@@ -853,8 +851,11 @@
     unsigned char randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN +
                             MBEDTLS_SERVER_HELLO_RANDOM_LEN];
                                         /*!<  random bytes            */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
     unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
                                         /*!<  premaster secret        */
+    size_t pmslen;                      /*!<  premaster length        */
+#endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     int extensions_present;             /*!< extension presence; Each bitfield