- if (s->server && s->s3->peer_tmp == NULL) {
- /* No suitable share */
- if (s->hello_retry_request == SSL_HRR_NONE && sent
- && (!s->hit
- || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE)
- != 0)) {
- const uint16_t *pgroups, *clntgroups;
- size_t num_groups, clnt_num_groups, i;
- unsigned int group_id = 0;
-
- /* Check if a shared group exists */
-
- /* Get the clients list of supported groups. */
- tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups);
- tls1_get_supported_groups(s, &pgroups, &num_groups);
-
- /* Find the first group we allow that is also in client's list */
- for (i = 0; i < num_groups; i++) {
- group_id = pgroups[i];
-
- if (check_in_list(s, group_id, clntgroups, clnt_num_groups, 1))
- break;
+ if (s->server) {
+ if (s->s3->peer_tmp != NULL) {
+ /* We have a suitable key_share */
+ if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0
+ && !s->ext.cookieok) {
+ if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {
+ /*
+ * If we are stateless then we wouldn't know about any
+ * previously sent HRR - so how can this be anything other
+ * than 0?
+ */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ s->hello_retry_request = SSL_HRR_PENDING;
+ return 1;