From a943de7969b995335e1033369a645737f4b63b61 Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Fri, 29 Jul 2022 11:26:08 +0200 Subject: [PATCH] Changes after PR review. - removed additions to REAME.md - changed coding style of conditional PSKKEM announce as requested. --- README.md | 1 - src/tls.c | 14 ++++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index fdeeff878..a1f827e82 100644 --- a/README.md +++ b/README.md @@ -113,7 +113,6 @@ CVE-2020-12966 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb * Add TLS 1.2 ciphersuite ECDHE_PSK_WITH_AES_128_GCM_SHA256 from RFC 8442 * Expand CAAM support with QNX to include i.MX8 boards and add AES-CTR support * Enhanced glitching protection by hardening the TLS encrypt operations -* The TLS Extension for PSK Key Exchange Modes is now always included in a ClientHello (with PSK enabled) to improve inter-op. ## Math and Performance diff --git a/src/tls.c b/src/tls.c index 888cf0e8c..16f54cee7 100644 --- a/src/tls.c +++ b/src/tls.c @@ -11386,16 +11386,18 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) #endif /* !NO_PSK */ #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - #ifndef NO_TLSX_PSKKEM_PLAIN_ANNOUNCE /* Some servers do not generate session tickets unless - * the extension is seen in a non-resume client hello */ - if (1) { - (void)usingPSK; - #else - if (usingPSK) { + * the extension is seen in a non-resume client hello. + * We used to send it only if we were otherwise using PSK. + * Now always send it. Define NO_TLSX_PSKKEM_PLAIN_ANNOUNCE + * to revert to the old behaviour. */ + #ifdef NO_TLSX_PSKKEM_PLAIN_ANNOUNCE + if (usingPSK) #endif + { byte modes; + (void)usingPSK; /* Pre-shared key modes: mandatory extension for resumption. */ modes = 1 << PSK_KE; #if !defined(NO_DH) || defined(HAVE_ECC) || \