TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 3cdcac564721f3ab0283e7f341d0be26696e3c52^! / . / library
commit3cdcac564721f3ab0283e7f341d0be26696e3c52[log] [tgz]
authorRonald Cron <ronald.cron@arm.com>Tue Dec 05 17:43:02 2023 +0100
committerRonald Cron <ronald.cron@arm.com>Fri Mar 08 08:43:41 2024 +0100
tree6ac49abca81e9978c8448cc006959594ab887768
parent6e31127f08908101f8ed750a62a0cc6786c7c8ba [diff]
tls13: srv: Fix return value

Fix the value returned by
ssl_tls13_offered_psks_check_identity_match_ticket()
when there is no ticket parser function defined
or no time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 6fcf8a2..f23ba76 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c

@@ -123,7 +123,7 @@
 
     /* Ticket parser is not configured, Skip */
     if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) {
-        return 0;
+        return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
     }
 
     /* We create a copy of the encrypted ticket since the ticket parsing
@@ -171,7 +171,6 @@
      *
      * We regard the ticket with incompatible key exchange modes as not match.
      */
-    ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
     MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
 
     key_exchanges = 0;
@@ -186,11 +185,12 @@
 
     if (key_exchanges == 0) {
         MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
+        ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
         goto exit;
     }
 
-    ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
 #if defined(MBEDTLS_HAVE_TIME)
+    ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
     now = mbedtls_ms_time();
 
     if (now < session->ticket_creation_time) {
@@ -244,7 +244,6 @@
     }
 
     ret = 0;
-
 #endif /* MBEDTLS_HAVE_TIME */
 
 exit: