wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

TLS 1.3 HRR KeyShare: Improve comments

Browse Source 
HelloRetryRequest has the key exchange group it wants to use.
A KeyShare for that group must not have been in the ClientHello.
This commit is contained in:
Sean Parkinson
2025-02-04 10:16:27 +10:00
parent eb15a1213c
commit 92491e6368
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/tls.c
View File

@@ -9270,13 +9270,15 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length,
if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E))
#endif
{
/* Check the selected group was supported by ClientHello extensions. */
/* Check the selected group was supported by ClientHello extensions.
*/
if (!TLSX_SupportedGroups_Find(ssl, group, ssl->extensions)) {
WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA);
return BAD_KEY_SHARE_DATA;
}
/* Check if the group was sent. */
/* Make sure KeyShare for server requested group was not sent in
* ClientHello. */
if (TLSX_KeyShare_Find(ssl, group)) {
WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA);
return BAD_KEY_SHARE_DATA;