Commit 593c79ba8e for openssl.org

commit 593c79ba8e470c1a91b0c06183fe92878d2ade98
Author: Matt Caswell <matt@openssl.foundation>
Date:   Tue Apr 28 09:56:20 2026 +0100

    According to RFC8446 there must always be one identity in the list

    We were silently accepting a list with zero identities. Technically this
    is a syntax error so we should fail with a decode_error in this case.

    Fixes #31006

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Sun May  3 15:19:27 2026
    (Merged from https://github.com/openssl/openssl/pull/31010)

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 033c0140dc..b91be0a52f 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1340,6 +1340,11 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
         SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
         return 0;
     }
+    /* There must always be at least one identity in the list */
+    if (PACKET_remaining(&identities) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
+        goto err;
+    }

     s->ext.ticket_expected = 0;
     for (id = 0; PACKET_remaining(&identities) != 0 && id < MAX_PRE_SHARED_KEYS; id++) {