TLSEXT_TYPE_supported_groups,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
NULL, tls_parse_ctos_supported_groups, NULL,
- NULL /* TODO(TLS1.3): Need to add this */,
+ tls_construct_stoc_supported_groups,
tls_construct_ctos_supported_groups, NULL
},
#else
*/
for (thisexd = ext_defs, i = 0; i < OSSL_NELEM(ext_defs);
i++, thisexd++) {
- if (thisexd->init != NULL && (thisexd->context & context) != 0 &&
- extension_is_relevant(s, thisexd->context, context) &&
- !thisexd->init(s, context)) {
+ if (thisexd->init != NULL && (thisexd->context & context) != 0
+ && extension_is_relevant(s, thisexd->context, context)
+ && !thisexd->init(s, context)) {
*al = SSL_AD_INTERNAL_ERROR;
goto err;
}
*/
for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs);
i++, thisexd++) {
- if (thisexd->final != NULL && (thisexd->context & context) != 0 &&
- !thisexd->final(s, context, exts[i].present, al))
+ if (thisexd->final != NULL && (thisexd->context & context) != 0
+ && !thisexd->final(s, context, exts[i].present, al))
return 0;
}
}
if (!SSL_IS_TLS13(s))
return 1;
+ /* Nothing to do for key_share in an HRR */
+ if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0)
+ return 1;
+
/*
* If
* we are a client
if (!s->hit
|| (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) {
/* Nothing left we can do - just fail */
- *al = SSL_AD_HANDSHAKE_FAILURE;
+ if (!sent)
+ *al = SSL_AD_MISSING_EXTENSION;
+ else
+ *al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_FINAL_KEY_SHARE, SSL_R_NO_SUITABLE_KEY_SHARE);
return 0;
}
EVP_MD_CTX *mctx = NULL;
unsigned char hash[EVP_MAX_MD_SIZE], binderkey[EVP_MAX_MD_SIZE];
unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE];
- const char resumption_label[] = "resumption psk binder key";
+ const char resumption_label[] = "res binder";
size_t bindersize, hashsize = EVP_MD_size(md);
int ret = -1;