From 9a6a49c7cba1f20d2121b6d14b8ede104e79da6a Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 17 Oct 2022 08:52:30 +0200
Subject: [PATCH] tls13: keys: Fail if the group type is not ECDHE or DHE

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/ssl_tls13_keys.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index d8d28f11d..897541bb1 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1304,9 +1304,9 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
             handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
 #endif /* MBEDTLS_ECDH_C */
         }
-        else if( mbedtls_ssl_tls13_named_group_is_dhe( handshake->offered_group_id ) )
+        else
         {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHE not supported." ) );
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Group not supported." ) );
             return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
         }
     }