Only allow zero length key shares when we know we're doing HRR.

ok inoguchi@ tb@
author: jsing <> 2022-01-04 10:34:16 +0000
committer: jsing <> 2022-01-04 10:34:16 +0000
commit: 5c3d4bb0be60368d72b04cf4d04bd98d27cb2bff (patch)
tree: f10afa7824a94a0fb7a09c2764b443a8f443a1cf /src/lib
parent: 8d571f3c4077432b6c240ea494fcb06f58345352 (diff)
download: openbsd-5c3d4bb0be60368d72b04cf4d04bd98d27cb2bff.tar.gz
openbsd-5c3d4bb0be60368d72b04cf4d04bd98d27cb2bff.tar.bz2
openbsd-5c3d4bb0be60368d72b04cf4d04bd98d27cb2bff.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 3da8ebc46c..c97ade8bdd 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.101 2021/11/01 16:37:17 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.102 2022/01/04 10:34:16 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1558,8 +1558,10 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
                goto err;
        if (CBS_len(cbs) == 0) {
-                /* HRR does not include an actual key share. */
+                /* HRR does not include an actual key share, only the group. */
-                /* XXX - we should know that we are in a HRR... */
+                if (msg_type != SSL_TLSEXT_MSG_HRR)
+                        return 0;
                S3I(s)->hs.tls13.server_group = group;
                return 1;
        }
author	jsing <>	2022-01-04 10:34:16 +0000
committer	jsing <>	2022-01-04 10:34:16 +0000
commit	5c3d4bb0be60368d72b04cf4d04bd98d27cb2bff (patch)
tree	f10afa7824a94a0fb7a09c2764b443a8f443a1cf /src/lib
parent	8d571f3c4077432b6c240ea494fcb06f58345352 (diff)
download	openbsd-5c3d4bb0be60368d72b04cf4d04bd98d27cb2bff.tar.gz openbsd-5c3d4bb0be60368d72b04cf4d04bd98d27cb2bff.tar.bz2 openbsd-5c3d4bb0be60368d72b04cf4d04bd98d27cb2bff.zip