From 744577a429d3815169a590f5ca7d7b0118c99e9f Mon Sep 17 00:00:00 2001
From: Yanray Wang <yanray.wang@arm.com>
Date: Fri, 1 Dec 2023 22:33:59 +0800
Subject: [PATCH] tls13: early_data: cli: check a PSK has been selected in EE

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
---
 library/ssl_tls13_client.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 4273f38c0b..1e1223e7ee 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -2187,12 +2187,14 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
          * check here that the additional constraints on the handshake
          * parameters, when early data are exchanged, are met,
          * namely:
+         * - a PSK has been selected for the handshake
          * - the selected PSK for the handshake was the first one proposed
          *   by the client.
          * - the selected ciphersuite for the handshake is the ciphersuite
          *   associated with the selected PSK.
          */
-        if (handshake->selected_identity != 0 ||
+        if ((!mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) ||
+            handshake->selected_identity != 0 ||
             handshake->ciphersuite_info->id !=
             ssl->session_negotiate->ciphersuite) {