From b399b08df74031948b0d256bbd40120dedb7b153 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 18 Jul 2019 11:01:43 +1000 Subject: [PATCH] Fix for TLS 1.3 to always send Key Share Even if resuming or using PSK and not performing DHE key exchange, send key share extension in case full handshake is required. --- src/tls.c | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/src/tls.c b/src/tls.c index 955fe98bc..287bd6cda 100644 --- a/src/tls.c +++ b/src/tls.c @@ -9803,18 +9803,6 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength) TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH)); #endif } - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - if (IsAtLeastTLSv1_3(ssl->version) && ssl->options.noPskDheKe) { - #if !defined(NO_PSK) - if (ssl->options.havePSK) - TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); - #endif - #if defined(HAVE_SESSION_TICKET) - if (ssl->options.resuming) - TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); - #endif - } - #endif #endif #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) @@ -9903,18 +9891,6 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset) TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH)); #endif } - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - if (IsAtLeastTLSv1_3(ssl->version) && ssl->options.noPskDheKe) { - #if !defined(NO_PSK) - if (ssl->options.havePSK) - TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); - #endif - #if defined(HAVE_SESSION_TICKET) - if (ssl->options.resuming) - TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); - #endif - } - #endif #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) /* Must write Pre-shared Key extension at the end in TLS v1.3. * Must not write out Pre-shared Key extension in earlier versions of