Safe-guard `ssl_conf_remove_psk()` for simultaneous raw-opaque PSKs The code maintains the invariant that raw and opaque PSKs are never configured simultaneously, so strictly speaking `ssl_conf_remove_psk()` need not consider clearing the raw PSK if it has already cleared an opaque one - and previously, it didn't. However, it doesn't come at any cost to keep this check as a safe-guard to future unforeseen situations where opaque and raw PSKs _are_ both present.

commit: a63ac3f149060cb3a57ea8da7502e747642a1132 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Mon Nov 05 12:47:16 2018 +0000
committer: Hanno Becker <hanno.becker@arm.com> Wed Nov 21 21:12:58 2018 +0000
tree: d989c872ce41e74f8bc216967782ea6b9f89d28a
parent: f9ed7d5f76b0ea9bdd61d05a31fd52963eab6c44 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8f3d203..6fa2e3a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -7426,7 +7426,11 @@
          * user's responsibility. */
         conf->psk_opaque = 0;
     }
-    else
+    /* This and the following branch should never
+     * be taken simultaenously as we maintain the
+     * invariant that raw and opaque PSKs are never
+     * configured simultaneously. As a safeguard,
+     * though, `else` is omitted here. */
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
     if( conf->psk != NULL )
     {
commit	a63ac3f149060cb3a57ea8da7502e747642a1132	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Mon Nov 05 12:47:16 2018 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Wed Nov 21 21:12:58 2018 +0000
tree	d989c872ce41e74f8bc216967782ea6b9f89d28a
parent	f9ed7d5f76b0ea9bdd61d05a31fd52963eab6c44 [diff] [blame]