From 02f5e14073b200ecb6cb0674cc465568c0ccd80c Mon Sep 17 00:00:00 2001
From: Xiaokang Qian <xiaokang.qian@arm.com>
Date: Mon, 6 Feb 2023 10:44:17 +0000
Subject: [PATCH] Combine the alert check of selected_id and ciphercuite

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
---
 library/ssl_tls13_client.c | 23 +++++++++--------------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 8970dd4297..3d6f6266bd 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1909,30 +1909,25 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl)
             goto cleanup;
     }
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if (ssl->handshake->received_extensions &
-        MBEDTLS_SSL_EXT_MASK(EARLY_DATA) &&
-        ssl->handshake->selected_identity != 0) {
+    if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA) &&
+        (handshake->selected_identity != 0 ||
+         handshake->ciphersuite_info->id !=
+         ssl->session_negotiate->ciphersuite)) {
         /* RFC8446 4.2.11
          * If the server supplies an "early_data" extension, the
          * client MUST verify that the server's selected_identity
          * is 0. If any other value is returned, the client MUST
          * abort the handshake with an "illegal_parameter" alert.
+         *
+         * Clients MUST verify that the server selected a cipher suite
+         * indicating a Hash associated with the PSK, If this value are
+         * not consistent, the client MUST abort the handshake with an
+         * "illegal_parameter" alert.
          */
         MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
                                      MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
         return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }
-    if (ssl->handshake->received_extensions &
-        MBEDTLS_SSL_EXT_MASK(EARLY_DATA) &&
-        ssl->handshake->ciphersuite_info->id !=
-        ssl->session_negotiate->ciphersuite) {
-        MBEDTLS_SSL_DEBUG_MSG(
-            1, ("Invalid ciphersuite for session ticket psk."));
-
-        MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                                     MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
-        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
-    }
 #endif
 
     if (!mbedtls_ssl_conf_tls13_check_kex_modes(ssl, handshake->key_exchange_mode)) {