tls: use already existing symbols to size the buffer for XXDḦ peer key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index a53ea03..9574881 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -1774,19 +1774,9 @@
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
- /* When FFDH is enabled, the array handshake->xxdh_psa_peer_key size takes into account
- the sizes of the FFDH keys which are at least 2048 bits.
- The size of the array is thus greater than 256 bytes which is greater than any
- possible value of ecpoint_len (type uint8_t) and the check below can be skipped.*/
-#if !defined(PSA_WANT_ALG_FFDH)
- if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) {
- return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
- }
-#else
- MBEDTLS_STATIC_ASSERT(sizeof(handshake->xxdh_psa_peerkey) >= UINT8_MAX,
- "peer key buffer too small");
-#endif
-
+ /* xxdh_psa_peerkey is sized after maximum supported FFDH public key.
+ * PSA_VENDOR_FFDH_MAX_KEY_BITS is always larger than EC public key, so
+ * we can skip the buffer size check before the memcpy-ing data into it. */
memcpy(handshake->xxdh_psa_peerkey, *p, ecpoint_len);
handshake->xxdh_psa_peerkey_len = ecpoint_len;
*p += ecpoint_len;