commit 2b01dc30cb00c7a680edec039237a0d0d4b1a761
author XiaokangQian <xiaokang.qian@arm.com> Fri Jan 21 02:53:13 2022 +0000
committer XiaokangQian <xiaokang.qian@arm.com> Wed Jan 26 10:53:15 2022 +0000
tree a812928587c58e2d5d482bed7f3f72316acc67d8
parent 355e09ae9d416bf242e7a3b4727535d7928beb81

Add hrr no change check and allign mbedtls_ssl_session_reset_msg_layer

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>

library/ssl_tls13_client.c

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 6546c77..609db03 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -905,6 +905,21 @@
                                     MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
                 return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
             }
+            /*
+             * Clients must abort the handshake with an "illegal_parameter"
+             * alert if the HelloRetryRequest would not result in any change
+             * in the ClientHello.
+             * In a PSK only key exchange that what we expect.
+             */
+            if( ! mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1,
+                            ( "Unexpected HRR in pure PSK key exchange." ) );
+                MBEDTLS_SSL_PEND_FATAL_ALERT(
+                            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+                            MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+                return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+            }
 
             ssl->handshake->hello_retry_request_count++;