Merge pull request #7407 from mrdeep1/key_share

Handle PSK-Only negotiation with key_share not being sent in Server Hello
wolfSSL · Apr 22, 2024 · e1b66ca · e1b66ca
2 parents cfe645c + 7b22681
commit e1b66ca
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/tls.c b/src/tls.c
@@ -14925,6 +14925,12 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
     else if (!isRequest && ssl->options.haveEMS && !pendingEMS)
         ssl->options.haveEMS = 0;
 #endif
+#if defined(WOLFSSL_TLS13) && !defined(NO_PSK)
+    if (IsAtLeastTLSv1_3(ssl->version) && msgType == server_hello &&
+        IS_OFF(seenType, TLSX_ToSemaphore(TLSX_KEY_SHARE))) {
+        ssl->options.noPskDheKe = 1;
+    }
+#endif
 
     if (ret == 0)
         ret = SNI_VERIFY_PARSE(ssl, isRequest);