Refine the ciphersuite and select id check for early data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2025-01-26 12:35:20 +00:00 · 2023-02-02 08:12:20 +00:00 · 2023-02-02 08:12:20 +00:00 · b58462157e
commit b58462157e
parent 44051f6376
1 changed files with 13 additions and 10 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -1104,15 +1104,6 @@ static int ssl_tls13_parse_server_pre_shared_key_ext(mbedtls_ssl_context *ssl,
    }

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if (ssl->handshake->ciphersuite_info->id !=
-        ssl->session_negotiate->ciphersuite) {
-        MBEDTLS_SSL_DEBUG_MSG(
-            1, ("Invalid ciphersuite for session ticket psk."));
-
-        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                                     MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
-        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
-    }
    if (selected_identity == 0 && ssl_tls13_has_configured_ticket(ssl)) {
        ret = ssl_tls13_ticket_get_psk(ssl, &hash_alg, &psk, &psk_len);
    } else
@ -1909,7 +1900,8 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl)
            goto cleanup;
    }
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if (ssl->handshake->sent_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA) &&
+    if (ssl->handshake->received_extensions &
+        MBEDTLS_SSL_EXT_MASK(EARLY_DATA) &&
        ssl->handshake->selected_identity != 0) {
        /* RFC8446 4.2.11
         * If the server supplies an "early_data" extension, the
@ -1921,6 +1913,17 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl)
                                     MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
    }
+    if (ssl->handshake->received_extensions &
+        MBEDTLS_SSL_EXT_MASK(EARLY_DATA) &&
+        ssl->handshake->ciphersuite_info->id !=
+        ssl->session_negotiate->ciphersuite) {
+        MBEDTLS_SSL_DEBUG_MSG(
+            1, ("Invalid ciphersuite for session ticket psk."));
+
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                     MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+    }
 #endif

    if (!mbedtls_ssl_conf_tls13_check_kex_modes(ssl, handshake->key_exchange_mode)) {