Don't do the final key_share checks if we are in an HRR

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3414)
2025-01-30 14:01:55 +08:00 · 2017-05-08 16:51:47 +01:00 · 2017-05-08 16:51:47 +01:00 · 07d447a6fc
commit 07d447a6fc
parent ad448b21f8
1 changed files with 4 additions and 0 deletions
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@ -1058,6 +1058,10 @@ static int final_key_share(SSL *s, unsigned int context, int sent, int *al)
    if (!SSL_IS_TLS13(s))
        return 1;

+    /* Nothing to do for key_share in an HRR */
+    if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0)
+        return 1;
+
    /*
     * If
     *     we are a client