Refine the ciphersuite and select id check for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index add9f6c..5f89cad 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1104,15 +1104,6 @@
}
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- if (ssl->handshake->ciphersuite_info->id !=
- ssl->session_negotiate->ciphersuite) {
- MBEDTLS_SSL_DEBUG_MSG(
- 1, ("Invalid ciphersuite for session ticket psk."));
-
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
- }
if (selected_identity == 0 && ssl_tls13_has_configured_ticket(ssl)) {
ret = ssl_tls13_ticket_get_psk(ssl, &hash_alg, &psk, &psk_len);
} else
@@ -1909,7 +1900,8 @@
goto cleanup;
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (ssl->handshake->sent_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA) &&
+ if (ssl->handshake->received_extensions &
+ MBEDTLS_SSL_EXT_MASK(EARLY_DATA) &&
ssl->handshake->selected_identity != 0) {
/* RFC8446 4.2.11
* If the server supplies an "early_data" extension, the
@@ -1921,6 +1913,17 @@
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
+ if (ssl->handshake->received_extensions &
+ MBEDTLS_SSL_EXT_MASK(EARLY_DATA) &&
+ ssl->handshake->ciphersuite_info->id !=
+ ssl->session_negotiate->ciphersuite) {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("Invalid ciphersuite for session ticket psk."));
+
+ MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+ }
#endif
if (!mbedtls_ssl_conf_tls13_check_kex_modes(ssl, handshake->key_exchange_mode)) {