Add handshake failure in pre_shared_key withou psk_kex_modes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

commit: 13ab81d5ac5f2c69b05b18cca6515cb253826841 [log] [tgz]
author: Jerry Yu <jerry.h.yu@arm.com> Fri Jul 22 23:17:11 2022 +0800
committer: Jerry Yu <jerry.h.yu@arm.com> Fri Jul 22 23:17:11 2022 +0800
tree: b5f0cace7926108bd670cc7d880802741f1ee059
parent: 6f1db3fc921373ff4e0147b1fc6acf285aecc2e9 [diff] [blame]
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 7447197..dcefbce 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c

@@ -1262,6 +1262,14 @@
 
             case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
                 MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) );
+                if( ( ssl->handshake->extensions_present &
+                      MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) == 0 )
+                {
+                    MBEDTLS_SSL_PEND_FATAL_ALERT(
+                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                        MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                    return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                }
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
                 /* Delay processing of the PSK identity once we have
                  * found out which algorithms to use. We keep a pointer
commit	13ab81d5ac5f2c69b05b18cca6515cb253826841	[log] [tgz]
author	Jerry Yu <jerry.h.yu@arm.com>	Fri Jul 22 23:17:11 2022 +0800
committer	Jerry Yu <jerry.h.yu@arm.com>	Fri Jul 22 23:17:11 2022 +0800
tree	b5f0cace7926108bd670cc7d880802741f1ee059
parent	6f1db3fc921373ff4e0147b1fc6acf285aecc2e9 [diff] [blame]