commit 19b80f8151c861138461e5ea31841d15d968f5c4
author Przemek Stekiel <przemyslaw.stekiel@mobica.com> Thu Apr 14 08:29:31 2022 +0200
committer Przemek Stekiel <przemyslaw.stekiel@mobica.com> Fri Apr 22 14:52:28 2022 +0200
tree d02ce15cba823949dd31ca7ce259d32587174348
parent 51a1f36be082c5f24ac6859d4cf38dfae0d0ec1e

Enable support for psa opaque ECDHE-PSK key exchange on the client side

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

programs/ssl/ssl_client2.c

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 66cf622..5ab13be 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1406,11 +1406,13 @@
 #if defined (MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
         if( opt.psk_opaque != 0 )
         {
-            /* Ensure that the chosen ciphersuite is PSK-only or rsa-psk; we must know
-             * the ciphersuite in advance to set the correct policy for the
+            /* Ensure that the chosen ciphersuite is PSK-only, rsa-psk
+               or ecdhe-psk; we must know the ciphersuite in
+               advance to set the correct policy for the
              * PSK key slot. This limitation might go away in the future. */
             if( ( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK &&
-                  ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK ) ||
+                  ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK &&
+                  ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) ||
                 opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
             {
                 mbedtls_printf( "opaque PSKs are only supported in conjunction \