Enable support for psa opaque DHE-PSK key exchange on the server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel
parent
b293aaa61b
commit
cb322eac6b
2 changed files with 0 additions and 21 deletions
|
|
@ -4083,12 +4083,6 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* Opaque PSKs are currently only supported for PSK-only. */
|
||||
if( ssl_use_opaque_psk( ssl ) == 1 )
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
#endif
|
||||
|
||||
if( p != end )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
|
||||
|
|
|
|||
|
|
@ -2207,21 +2207,6 @@ int main( int argc, char *argv[] )
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
|
||||
{
|
||||
/* Ensure that the chosen ciphersuite is PSK-only; we must know
|
||||
* the ciphersuite in advance to set the correct policy for the
|
||||
* PSK key slot. This limitation might go away in the future. */
|
||||
if( ( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK &&
|
||||
ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK &&
|
||||
ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) ||
|
||||
opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
mbedtls_printf( "opaque PSKs are only supported in conjunction \
|
||||
with forcing TLS 1.2 and a PSK-only, RSA-PSK, ECDHE-PSK \
|
||||
ciphersuites through the 'force_ciphersuite' option.\n" );
|
||||
ret = 2;
|
||||
goto usage;
|
||||
}
|
||||
|
||||
/* Determine KDF algorithm the opaque PSK will be used in. */
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
|
||||
|
|
|
|||
Loading…
Reference in a new issue