From 3cdcac564721f3ab0283e7f341d0be26696e3c52 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 5 Dec 2023 17:43:02 +0100
Subject: [PATCH] tls13: srv: Fix return value

Fix the value returned by
ssl_tls13_offered_psks_check_identity_match_ticket()
when there is no ticket parser function defined
or no time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/ssl_tls13_server.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 6fcf8a23cd..f23ba767e9 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -123,7 +123,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
 
     /* Ticket parser is not configured, Skip */
     if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) {
-        return 0;
+        return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
     }
 
     /* We create a copy of the encrypted ticket since the ticket parsing
@@ -171,7 +171,6 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
      *
      * We regard the ticket with incompatible key exchange modes as not match.
      */
-    ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
     MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
 
     key_exchanges = 0;
@@ -186,11 +185,12 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
 
     if (key_exchanges == 0) {
         MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
+        ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
         goto exit;
     }
 
-    ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
 #if defined(MBEDTLS_HAVE_TIME)
+    ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
     now = mbedtls_ms_time();
 
     if (now < session->ticket_creation_time) {
@@ -244,7 +244,6 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
     }
 
     ret = 0;
-
 #endif /* MBEDTLS_HAVE_TIME */
 
 exit: