tls13: srv: Fix resume flag in case of cancelled PSK

If we prefer ephemeral key exchange mode over
the pure PSK one, make sure the resume flag is
disabled as eventually we are not going to
resume a session even if we aimed to at some
point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_tls13_server.c

@@ -1074,6 +1074,7 @@ static int ssl_tls13_determine_key_exchange_mode(mbedtls_ssl_context *ssl)
         MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral"));
     } else
     if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) {
+        ssl->handshake->resume = 0;
         ssl->handshake->key_exchange_mode =
             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
         MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral"));

tests/opt-testcases/tls13-misc.sh

@@ -535,3 +535,18 @@ run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \
          -s "$( tail -1 $EARLY_DATA_INPUT )"                                \
          -s "200 early data bytes read"                                     \
          -s "106 early data bytes read"
+
+requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
+                             MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
+                             MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
+         "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=1024" \
+         "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \
+         0 \
+         -s "key exchange mode: ephemeral" \
+         -S "key exchange mode: psk" \
+         -s "found matched identity" \
+         -s "EarlyData: rejected, not a session resumption" \
+         -C "EncryptedExtensions: early_data(42) extension exists."