From b3d6d0e7459238947fef62bc2629f8354e997068 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 3 Jun 2022 13:26:13 +0000 Subject: [PATCH] Ensure that a client who sent a PSK extension has also sent a PSK key exchange mode extension, as required by RFC 8446, 4.2.9. ok jsing --- lib/libssl/tls13_server.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 4ac84a808c0..815c394737c 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.96 2022/02/03 16:33:12 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.97 2022/06/03 13:26:13 tb Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -108,10 +108,15 @@ tls13_client_hello_required_extensions(struct tls13_ctx *ctx) */ /* - * If we got no pre_shared_key, then signature_algorithms and - * supported_groups must both be present. + * RFC 8446, 4.2.9: if we got a pre_shared_key, then we also need + * psk_key_exchange_modes. Otherwise, section 9.2 specifies that we + * need both signature_algorithms and supported_groups. */ - if (!tlsext_extension_seen(s, TLSEXT_TYPE_pre_shared_key)) { + if (tlsext_extension_seen(s, TLSEXT_TYPE_pre_shared_key)) { + if (!tlsext_extension_seen(s, + TLSEXT_TYPE_psk_key_exchange_modes)) + return 0; + } else { if (!tlsext_extension_seen(s, TLSEXT_TYPE_signature_algorithms)) return 0; if (!tlsext_extension_seen(s, TLSEXT_TYPE_supported_groups)) -- 2.20.1