feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

TLS 1.3 HRR KeyShare: Improve comments

Browse Source 
HelloRetryRequest has the key exchange group it wants to use.
A KeyShare for that group must not have been in the ClientHello.
This commit is contained in:
Sean Parkinson
2025-02-04 10:16:27 +10:00
parent eb15a1213c
commit 92491e6368
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/tls.c
View File

@@ -9270,13 +9270,15 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length,
if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E))
#endif #endif
{ {
/* Check the selected group was supported by ClientHello extensions. */ /* Check the selected group was supported by ClientHello extensions.
*/
if (!TLSX_SupportedGroups_Find(ssl, group, ssl->extensions)) { if (!TLSX_SupportedGroups_Find(ssl, group, ssl->extensions)) {
WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA);
return BAD_KEY_SHARE_DATA; return BAD_KEY_SHARE_DATA;
} }
/* Check if the group was sent. */ /* Make sure KeyShare for server requested group was not sent in
* ClientHello. */
if (TLSX_KeyShare_Find(ssl, group)) { if (TLSX_KeyShare_Find(ssl, group)) {
WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA);
return BAD_KEY_SHARE_DATA; return BAD_KEY_SHARE_DATA;