From e6487fe3c25a20a1ae87ea6211f4118a86684cdd Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 6 Dec 2022 09:30:29 +0800 Subject: [PATCH] guard tls13_kex_modes related function calls with macro Handshake parameter field, tls13_kex_mode is only valid when MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED is set. So, any functions / calls should be guarded by this macros. Signed-off-by: Pengyu Lv --- library/ssl_tls13_server.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 4ebd679aea..fc89a44a43 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2569,14 +2569,16 @@ static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) mbedtls_ssl_tls13_handshake_wrapup(ssl); #if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* Sent NewSessionTicket message only when client supports PSK */ - if (mbedtls_ssl_tls13_some_psk_enabled(ssl)) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); + if (!mbedtls_ssl_tls13_some_psk_enabled(ssl)) { + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); } else #endif - { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); - } + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); +#else + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); +#endif return 0; } @@ -2630,8 +2632,10 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, /* Set ticket_flags depends on the advertised psk key exchange mode */ mbedtls_ssl_tls13_session_clear_ticket_flags(session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) mbedtls_ssl_tls13_session_set_ticket_flags(session, ssl->handshake->tls13_kex_modes); +#endif MBEDTLS_SSL_DEBUG_TICKET_FLAGS(4, session->ticket_flags); /* Generate ticket_age_add */