From 0b740bc85b4c99a8dfba9247617d35094d0fcbad Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Wed, 18 Jan 2023 17:02:52 +0800
Subject: [PATCH] TLS 1.3: SRV: Check ticket_flags in kex mode determination

When determining the key exchange mode, ticket_flags
should be checked so that the server won't select the
kex mode that is forbidden from session ticket.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 library/ssl_tls13_server.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index ef90f69a2..26ef0f915 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -980,6 +980,16 @@ MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl)
 {
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    if (ssl->handshake->resume) {
+        if (!mbedtls_ssl_session_get_ticket_flags(
+                ssl->session_negotiate,
+                MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK)) {
+            return 0;
+        }
+    }
+#endif
+
     return mbedtls_ssl_conf_tls13_psk_enabled(ssl) &&
            mbedtls_ssl_tls13_psk_enabled(ssl) &&
            ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl);
@@ -993,6 +1003,16 @@ MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
 {
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    if (ssl->handshake->resume) {
+        if (!mbedtls_ssl_session_get_ticket_flags(
+                ssl->session_negotiate,
+                MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL)) {
+            return 0;
+        }
+    }
+#endif
+
     return mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) &&
            mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) &&
            ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl);