Provide a key_share extension finaliser This mops up various edge cases with key_shares and makes sure we still generate the handshake secret if we haven't been provided with one but we have a PSK. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)

commit: f4bbb37c4c95ea8cdb4b3470098a1b5d7d1977ed [log] [tgz]
author: Matt Caswell <matt@openssl.org> Wed Jan 18 11:31:37 2017 +0000
committer: Matt Caswell <matt@openssl.org> Mon Jan 30 10:18:20 2017 +0000
tree: 92ec8b6c8c0c59507b74ecb90834701b1a1bf7f9
parent: 4ff65f77b62df12ad75ec232b38627c5fe131041 [diff] [blame]
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 8ee2928..1e10a10 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c

@@ -523,7 +523,7 @@
     int group_nid, found = 0;
     unsigned int curve_flags;
 
-    if (s->hit)
+    if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0)
         return 1;
 
     /* Sanity check */
commit	f4bbb37c4c95ea8cdb4b3470098a1b5d7d1977ed	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Wed Jan 18 11:31:37 2017 +0000
committer	Matt Caswell <matt@openssl.org>	Mon Jan 30 10:18:20 2017 +0000
tree	92ec8b6c8c0c59507b74ecb90834701b1a1bf7f9
parent	4ff65f77b62df12ad75ec232b38627c5fe131041 [diff] [blame]