aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/ssl/statem/extensions_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/ssl/statem/extensions_clnt.c')
-rw-r--r--crypto/openssl/ssl/statem/extensions_clnt.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/crypto/openssl/ssl/statem/extensions_clnt.c b/crypto/openssl/ssl/statem/extensions_clnt.c
index baa7c47b3cd9..d958373875a3 100644
--- a/crypto/openssl/ssl/statem/extensions_clnt.c
+++ b/crypto/openssl/ssl/statem/extensions_clnt.c
@@ -745,6 +745,7 @@ EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt,
/* SSLfatal() already called */
return EXT_RETURN_FAIL;
}
+ valid_keyshare++;
} else {
if (s->ext.supportedgroups == NULL) /* use default */
add_only_one = 1;
@@ -766,13 +767,18 @@ EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt,
/* SSLfatal() already called */
return EXT_RETURN_FAIL;
}
+ valid_keyshare++;
if (add_only_one)
break;
-
- valid_keyshare++;
}
}
+ if (valid_keyshare == 0) {
+ /* No key shares were allowed */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_KEY_SHARE);
+ return EXT_RETURN_FAIL;
+ }
+
if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-05 02:43:08 +0000