WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add RFC link to help understand constraints

pull/5910/head
Juliusz Sosinowicz 2023-02-21 14:17:19 +01:00
parent f2032e8744
commit 06749144d5
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/dtls.c
View File

@ -693,8 +693,10 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
cs.cipherSuite0 = pskInfo.cipherSuite0;
cs.cipherSuite = pskInfo.cipherSuite;
if (haveSG && !haveKS) {
WOLFSSL_MSG("Client didn't send KeyShare or Supported Groups.");
/* https://datatracker.ietf.org/doc/html/rfc8446#section-9.2 */
if (haveSG ^ haveKS) {
WOLFSSL_MSG("Client needs to send both or none of KeyShare and "
"SupportedGroups");
ERROR_OUT(INCOMPLETE_DATA, dtls13_cleanup);
}
@ -711,9 +713,10 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
else
#endif
{
/* https://datatracker.ietf.org/doc/html/rfc8446#section-9.2 */
if (!haveKS || !haveSA || !haveSG) {
WOLFSSL_MSG("Client didn't send KeyShare or SigAlgs or "
"Supported Groups.");
"SupportedGroups.");
ERROR_OUT(INCOMPLETE_DATA, dtls13_cleanup);
}
ret = MatchSuite_ex(ssl, &suites, &cs, parsedExts);