commit db5bd7215249290bc7dfded17453ba3f34387891
author David Benjamin <davidben@google.com> Thu Dec 08 18:21:27 2016 -0500
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Dec 14 01:46:34 2016 +0000
tree 1c74cb3dba92702b959131d3150bf481def74921
parent f1050fd79a80f0ed74b735ff83e05868a2b848b4

Move key_share extension check with ECDHE code.

Also fix the error code. It's a missing extension, not an unexpected
one.

Change-Id: I48e48c37e27173f6d7ac5e993779948ead3706f2
Reviewed-on: https://boringssl-review.googlesource.com/12683
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/tls13_client.c

diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c
index b9c3c68..f106c16 100644
--- a/ssl/tls13_client.c
+++ b/ssl/tls13_client.c
@@ -214,13 +214,6 @@
     return ssl_hs_error;
   }
 
-  /* We only support PSK_DHE_KE. */
-  if (!have_key_share) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
-    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
-    return ssl_hs_error;
-  }
-
   alert = SSL_AD_DECODE_ERROR;
   if (have_pre_shared_key) {
     if (ssl->session == NULL) {
@@ -289,6 +282,13 @@
     return ssl_hs_error;
   }
 
+  if (!have_key_share) {
+    /* We do not support psk_ke and thus always require a key share. */
+    OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
+    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
+    return ssl_hs_error;
+  }
+
   /* Resolve ECDHE and incorporate it into the secret. */
   uint8_t *dhe_secret;
   size_t dhe_secret_len;