1 files changed, 8 insertions, 12 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 4cc406526d..71955d9295 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.104 2022/01/05 17:10:02 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.105 2022/01/06 18:23:56 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1510,11 +1510,10 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
                        continue;
                /* Decode and store the selected key share. */
-                S3I(s)->hs.key_share = tls_key_share_new(group);
+                if ((S3I(s)->hs.key_share = tls_key_share_new(group)) == NULL)
-                if (S3I(s)->hs.key_share == NULL)
                        goto err;
                if (!tls_key_share_peer_public(S3I(s)->hs.key_share,
-                    group, &key_exchange))
+                    &key_exchange, NULL))
                        goto err;
        }
@@ -1568,7 +1567,7 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        /* Unpack server share. */
        if (!CBS_get_u16(cbs, &group))
-                goto err;
+                return 0;
        if (CBS_len(cbs) == 0) {
                /* HRR does not include an actual key share, only the group. */
@@ -1584,16 +1583,13 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        if (S3I(s)->hs.key_share == NULL)
                return 0;
+        if (tls_key_share_group(S3I(s)->hs.key_share) != group)
+                return 0;
        if (!tls_key_share_peer_public(S3I(s)->hs.key_share,
-            group, &key_exchange))
+            &key_exchange, NULL))
-                goto err;
+                return 0;
        return 1;
- err:
-        *alert = SSL_AD_DECODE_ERROR;
-        return 0;
 }
 /*

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 4cc406526d..71955d9295 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.104 2022/01/05 17:10:02 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.105 2022/01/06 18:23:56 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1510,11 +1510,10 @@ tlsext_keyshare_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert)
1510	continue;	1510	continue;
1511		1511
1512	/* Decode and store the selected key share. */	1512	/* Decode and store the selected key share. */
1513	S3I(s)->hs.key_share = tls_key_share_new(group);	1513	if ((S3I(s)->hs.key_share = tls_key_share_new(group)) == NULL)
1514	if (S3I(s)->hs.key_share == NULL)
1515	goto err;	1514	goto err;
1516	if (!tls_key_share_peer_public(S3I(s)->hs.key_share,	1515	if (!tls_key_share_peer_public(S3I(s)->hs.key_share,
1517	group, &key_exchange))	1516	&key_exchange, NULL))
1518	goto err;	1517	goto err;
1519	}	1518	}
1520		1519
@@ -1568,7 +1567,7 @@ tlsext_keyshare_client_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert)
1568		1567
1569	/* Unpack server share. */	1568	/* Unpack server share. */
1570	if (!CBS_get_u16(cbs, &group))	1569	if (!CBS_get_u16(cbs, &group))
1571	goto err;	1570	return 0;
1572		1571
1573	if (CBS_len(cbs) == 0) {	1572	if (CBS_len(cbs) == 0) {
1574	/* HRR does not include an actual key share, only the group. */	1573	/* HRR does not include an actual key share, only the group. */
@@ -1584,16 +1583,13 @@ tlsext_keyshare_client_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert)
1584		1583
1585	if (S3I(s)->hs.key_share == NULL)	1584	if (S3I(s)->hs.key_share == NULL)
1586	return 0;	1585	return 0;
1587		1586	if (tls_key_share_group(S3I(s)->hs.key_share) != group)
		1587	return 0;
1588	if (!tls_key_share_peer_public(S3I(s)->hs.key_share,	1588	if (!tls_key_share_peer_public(S3I(s)->hs.key_share,
1589	group, &key_exchange))	1589	&key_exchange, NULL))
1590	goto err;	1590	return 0;
1591		1591
1592	return 1;	1592	return 1;
1593
1594	err:
1595	*alert = SSL_AD_DECODE_ERROR;
1596	return 0;
1597	}	1593	}
1598		1594
1599	/*	1595	/*