From ba120bb22882f3dd08ae34c8c8fac9535c42a67a Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Wed, 30 Mar 2022 22:09:48 +0200
Subject: [PATCH] ssl_tls13_client.c: Fix ciphersuite final validation

As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/ssl_tls13_client.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 77c79409c..34805021e 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1083,12 +1083,13 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
 
     ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
     /*
-     * Check whether this ciphersuite is supported and offered.
+     * Check whether this ciphersuite is valid and offered.
      * Via the force_ciphersuite version we may have instructed the client
      * to use a different ciphersuite.
      */
-    if( ciphersuite_info == NULL ||
-        ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) == 0 )
+    if( ( mbedtls_ssl_validate_ciphersuite(
+            ssl, ciphersuite_info, ssl->minor_ver, ssl->minor_ver ) != 0 ) ||
+        !ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
     {
         fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
     }