From 13ab81d5ac5f2c69b05b18cca6515cb253826841 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 22 Jul 2022 23:17:11 +0800
Subject: [PATCH] Add handshake failure in pre_shared_key withou psk_kex_modes

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_server.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 74471970ad..dcefbceb9e 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1262,6 +1262,14 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
 
             case MBEDTLS_TLS_EXT_PRE_SHARED_KEY:
                 MBEDTLS_SSL_DEBUG_MSG( 3, ( "found pre_shared_key extension" ) );
+                if( ( ssl->handshake->extensions_present &
+                      MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES ) == 0 )
+                {
+                    MBEDTLS_SSL_PEND_FATAL_ALERT(
+                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                        MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                    return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+                }
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
                 /* Delay processing of the PSK identity once we have
                  * found out which algorithms to use. We keep a pointer