@@ -5048,7 +5048,7 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input,
50485048{
50495049 word16 offset;
50505050 word16 name;
5051- int ret;
5051+ int ret = 0 ;
50525052 TLSX* extension;
50535053
50545054 if(!isRequest && !IsAtLeastTLSv1_3(ssl->version)) {
@@ -5078,9 +5078,9 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input,
50785078 /* If it is BAD_FUNC_ARG then it is a group we do not support, but
50795079 * that is fine. */
50805080 if (ret != WOLFSSL_SUCCESS &&
5081- ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
5082- return ret ;
5083- }
5081+ ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
5082+ break ;
5083+ ret = 0;
50845084 }
50855085 }
50865086 else {
@@ -5098,20 +5098,25 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input,
50985098 TLSX_SupportedCurve_New(&commonCurves, name, ssl->heap) :
50995099 TLSX_SupportedCurve_Append(commonCurves, name, ssl->heap);
51005100 if (ret != 0)
5101- return ret ;
5101+ break ;
51025102 }
51035103 }
51045104 /* If no common curves return error. In TLS 1.3 we can still try to save
51055105 * this by using HRR. */
5106- if (commonCurves == NULL && !IsAtLeastTLSv1_3(ssl->version))
5107- return ECC_CURVE_ERROR;
5108- /* Now swap out the curves in the extension */
5109- TLSX_SupportedCurve_FreeAll((SupportedCurve*)extension->data,
5110- ssl->heap);
5111- extension->data = commonCurves;
5106+ if (ret == 0 && commonCurves == NULL &&
5107+ !IsAtLeastTLSv1_3(ssl->version))
5108+ ret = ECC_CURVE_ERROR;
5109+ if (ret == 0) {
5110+ /* Now swap out the curves in the extension */
5111+ TLSX_SupportedCurve_FreeAll((SupportedCurve*)extension->data,
5112+ ssl->heap);
5113+ extension->data = commonCurves;
5114+ commonCurves = NULL;
5115+ }
5116+ TLSX_SupportedCurve_FreeAll(commonCurves, ssl->heap);
51125117 }
51135118
5114- return 0 ;
5119+ return ret ;
51155120}
51165121#endif
51175122
0 commit comments