Skip PMS generation on client if opaque PSK is used

For opaque PSKs, the PSK-to-MS expansion is performed atomatically on the PSA-side.
2024-12-26 07:35:35 +00:00 · 2018-10-23 15:26:40 +01:00 · 2018-10-23 15:26:40 +01:00 · 21e98b4114
parent b7aaf1e641
commit 21e98b4114
1 changed files with 11 additions and 0 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -3165,6 +3165,17 @@ ecdh_calc_secret:
            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
        }

+#if defined(MBEDTLS_USE_PSA_CRYPTO) &&          \
+    defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
+            ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
+            ssl_conf_has_raw_psk( ssl->conf ) == 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) );
+        }
+        else
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+          MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
                        ciphersuite_info->key_exchange ) ) != 0 )
        {