Only applies if we're not doing psk.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3436)
# define SSL_R_MISSING_RSA_SIGNING_CERT 170
# define SSL_R_MISSING_SIGALGS_EXTENSION 112
# define SSL_R_MISSING_SRP_PARAM 358
+# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209
# define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311
# define SSL_R_NOT_ON_RECORD_BOUNDARY 182
{ERR_REASON(SSL_R_MISSING_SIGALGS_EXTENSION),
"missing sigalgs extension"},
{ERR_REASON(SSL_R_MISSING_SRP_PARAM), "can't find SRP server param"},
+ {ERR_REASON(SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION),
+ "missing supported groups extension"},
{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"},
{ERR_REASON(SSL_R_NOT_ON_RECORD_BOUNDARY), "not on record boundary"},
if (!s->hit
|| (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) {
/* Nothing left we can do - just fail */
- *al = SSL_AD_HANDSHAKE_FAILURE;
+ if (!sent)
+ *al = SSL_AD_MISSING_EXTENSION;
+ else
+ *al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_FINAL_KEY_SHARE, SSL_R_NO_SUITABLE_KEY_SHARE);
return 0;
}
return 0;
}
- /*
- * Get the clients list of supported curves.
- * TODO(TLS1.3): We should validate that we actually received
- * supported_groups!
- */
+ /* Get the clients list of supported curves. */
if (!tls1_get_curvelist(s, 1, &clntcurves, &clnt_num_curves)) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return 0;
}
+ if (clnt_num_curves == 0) {
+ /*
+ * This can only happen if the supported_groups extension was not sent,
+ * because we verify that the length is non-zero when we process that
+ * extension.
+ */
+ *al = SSL_AD_MISSING_EXTENSION;
+ SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+ SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION);
+ return 0;
+ }
while (PACKET_remaining(&key_share_list) > 0) {
if (!PACKET_get_net_2(&key_share_list, &group_id)
projects / oweals / openssl.git / commitdiff