From f810dc2a017b0e95f755740cb37c8884345c4de7 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 9 Feb 2026 17:14:24 +0100 Subject: [PATCH] Add check for KeyShare in ServerHello Fixes ZD21171 --- src/tls.c | 2 ++ src/tls13.c | 3 ++- tests/api.c | 2 +- wolfssl/internal.h | 1 + 4 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/tls.c b/src/tls.c index 843d16f461a..ed77e23def1 100644 --- a/src/tls.c +++ b/src/tls.c @@ -10094,6 +10094,8 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, if (length < OPAQUE16_LEN) return BUFFER_ERROR; + ssl->options.shSentKeyShare = 1; + /* The data is the named group the server wants to use. */ ato16(input, &group); diff --git a/src/tls13.c b/src/tls13.c index b9e06896f9e..76a88820800 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -5559,7 +5559,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) ssl->options.pskNegotiated == 0 && #endif - ssl->session->namedGroup == 0) { + (ssl->session->namedGroup == 0 || + ssl->options.shSentKeyShare == 0)) { return EXT_MISSING; } diff --git a/tests/api.c b/tests/api.c index 7083040296f..70aa17676c5 100644 --- a/tests/api.c +++ b/tests/api.c @@ -28906,7 +28906,7 @@ static int test_TLSX_CA_NAMES_bad_extension(void) ExpectIntEQ(wolfSSL_connect(ssl_c), -1); #ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS - ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(OUT_OF_ORDER_E)); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(EXT_MISSING)); #else ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(BUFFER_ERROR)); #endif diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 5eca832149a..82073421fa5 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -5107,6 +5107,7 @@ struct Options { word16 hrrSentCookie:1; /* HRR sent with cookie */ #endif word16 hrrSentKeyShare:1; /* HRR sent with key share */ + word16 shSentKeyShare:1; /* SH sent with key share */ #endif word16 returnOnGoodCh:1; word16 disableRead:1;