Refine the comment about generating early secrects in post server hello
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index ae51bd3..add9f6c 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1935,11 +1935,14 @@
("Selected key exchange mode: %s",
ssl_tls13_get_kex_mode_str(handshake->key_exchange_mode)));
- /* Start the TLS 1.3 key schedule: Set the PSK and derive early secret.
+ /* Start the TLS 1.3 key scheduling if not already done.
*
- * We do this in case we didn't offer 0-RTT or even we offered 0-RTT but
- * server selected ephemeral mode. In other cases, we could skip generating
- * the early secret.
+ * If we proposed early data then we have already derived an
+ * early secret using the selected PSK and its associated hash.
+ * It means that if the negotiated key exchange mode is psk or
+ * psk_ephemeral, we have already correctly computed the
+ * early secret and thus we do not do it again. In all other
+ * cases we compute it here.
*/
#if defined(MBEDTLS_SSL_EARLY_DATA)
if ((ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) ||