From: Matt Caswell <matt@openssl.org>
Date: Fri, 15 Aug 2025 15:43:49 +0000 (+0100)
Subject: Fail immediately if we have no key shares to send
X-Git-Tag: openssl-3.5.3~60
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=610cc1e7ad1b5723c757fb48e540be8c08f86ba8;p=thirdparty%2Fopenssl.git

Fail immediately if we have no key shares to send

If we are configured in such a way that we have no valid key shares to
send in the ClientHello we should immediately abort the connection.

Fixes #28281

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28283)

(cherry picked from commit 47b0f172aa60a0faa3428cc739e3efd71f756aa7)
---

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index baa7c47b3cd..d958373875a 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -745,6 +745,7 @@ EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt,
             /* SSLfatal() already called */
             return EXT_RETURN_FAIL;
         }
+        valid_keyshare++;
     } else {
         if (s->ext.supportedgroups == NULL) /* use default */
             add_only_one = 1;
@@ -766,13 +767,18 @@ EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt,
                 /* SSLfatal() already called */
                 return EXT_RETURN_FAIL;
             }
+            valid_keyshare++;
             if (add_only_one)
                 break;
-
-            valid_keyshare++;
         }
     }
 
+    if (valid_keyshare == 0) {
+        /* No key shares were allowed */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_KEY_SHARE);
+        return EXT_RETURN_FAIL;
+    }
+
     if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         return EXT_RETURN_FAIL;