Share the hash check code between ticket and external psk

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-07 02:08:56 +00:00 · 2023-02-07 02:08:56 +00:00 · eb31cbc791
commit eb31cbc791
parent 4ef8ba2938
1 changed files with 10 additions and 19 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -1107,29 +1107,10 @@ static int ssl_tls13_parse_server_pre_shared_key_ext(mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
    if (selected_identity == 0 && ssl_tls13_has_configured_ticket(ssl)) {
        ret = ssl_tls13_ticket_get_psk(ssl, &hash_alg, &psk, &psk_len);
-        if (mbedtls_psa_translate_md(ssl->handshake->ciphersuite_info->mac)
-            != hash_alg) {
-            MBEDTLS_SSL_DEBUG_MSG(
-                1, ("Invalid ciphersuite for ticket psk."));
-
-            MBEDTLS_SSL_PEND_FATAL_ALERT(
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
-            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
-        }
    } else
 #endif
    if (mbedtls_ssl_conf_has_static_psk(ssl->conf)) {
        ret = ssl_tls13_psk_get_psk(ssl, &hash_alg, &psk, &psk_len);
-        if (mbedtls_psa_translate_md(ssl->handshake->ciphersuite_info->mac)
-            != hash_alg) {
-            MBEDTLS_SSL_DEBUG_MSG(
-                1, ("Invalid ciphersuite for external psk."));
-
-            MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                                         MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
-            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
-        }
    } else {
        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
@ -1138,6 +1119,16 @@ static int ssl_tls13_parse_server_pre_shared_key_ext(mbedtls_ssl_context *ssl,
        return ret;
    }

+    if (mbedtls_psa_translate_md(ssl->handshake->ciphersuite_info->mac)
+        != hash_alg) {
+        MBEDTLS_SSL_DEBUG_MSG(
+            1, ("Invalid ciphersuite for external psk."));
+
+        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                                     MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+    }
+
    ret = mbedtls_ssl_set_hs_psk(ssl, psk, psk_len);
    if (ret != 0) {
        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret);