lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

ssl_client.c: Fix key share code guards

Browse Source 
In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
2022-03-17 13:44:33 +01:00
parent df823bf39b
commit 11e1857f5e
3 changed files with 7 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
library/ssl_client.c
View File

@ -434,7 +434,7 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_ECDH_C)
if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
{
ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len );
@ -442,7 +442,11 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
return( ret );
p += output_len;
}
#endif /* MBEDTLS_ECDH_C */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) )
{
ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &output_len );