Share the hash check code between ticket and external psk
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 65a56b3..24da112 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1107,29 +1107,10 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if (selected_identity == 0 && ssl_tls13_has_configured_ticket(ssl)) {
ret = ssl_tls13_ticket_get_psk(ssl, &hash_alg, &psk, &psk_len);
- if (mbedtls_psa_translate_md(ssl->handshake->ciphersuite_info->mac)
- != hash_alg) {
- MBEDTLS_SSL_DEBUG_MSG(
- 1, ("Invalid ciphersuite for ticket psk."));
-
- MBEDTLS_SSL_PEND_FATAL_ALERT(
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
- }
} else
#endif
if (mbedtls_ssl_conf_has_static_psk(ssl->conf)) {
ret = ssl_tls13_psk_get_psk(ssl, &hash_alg, &psk, &psk_len);
- if (mbedtls_psa_translate_md(ssl->handshake->ciphersuite_info->mac)
- != hash_alg) {
- MBEDTLS_SSL_DEBUG_MSG(
- 1, ("Invalid ciphersuite for external psk."));
-
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
- }
} else {
MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
@@ -1138,6 +1119,16 @@
return ret;
}
+ if (mbedtls_psa_translate_md(ssl->handshake->ciphersuite_info->mac)
+ != hash_alg) {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("Invalid ciphersuite for external psk."));
+
+ MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+ }
+
ret = mbedtls_ssl_set_hs_psk(ssl, psk, psk_len);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret);