commit b6fdc12d94d7527c3018492ab838cbcda81ba346
author Matt Caswell <matt@openssl.org> Thu May 11 10:55:54 2017 +0100
committer Matt Caswell <matt@openssl.org> Thu May 11 13:13:04 2017 +0100
tree b076afe967ca664d0e631d18126585e445a13b1c
parent fc4c15faa462c1a4cbf002f214f6503e629e7a20

Send a missing_extension alert if key_share/supported groups not present

Only applies if we're not doing psk.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3436)

ssl/statem/extensions_srvr.c

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 0daf7d4..f85477c 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -524,16 +524,23 @@
         return 0;
     }
 
-    /*
-     * Get the clients list of supported curves.
-     * TODO(TLS1.3): We should validate that we actually received
-     * supported_groups!
-     */
+    /* Get the clients list of supported curves. */
     if (!tls1_get_curvelist(s, 1, &clntcurves, &clnt_num_curves)) {
         *al = SSL_AD_INTERNAL_ERROR;
         SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR);
         return 0;
     }
+    if (clnt_num_curves == 0) {
+        /*
+         * This can only happen if the supported_groups extension was not sent,
+         * because we verify that the length is non-zero when we process that
+         * extension.
+         */
+        *al = SSL_AD_MISSING_EXTENSION;
+        SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+               SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION);
+        return 0;
+    }
 
     while (PACKET_remaining(&key_share_list) > 0) {
         if (!PACKET_get_net_2(&key_share_list, &group_id)