diff options
author | Tomas Mraz <tomas@openssl.org> | 2022-04-29 16:36:36 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-05-05 14:05:19 +0200 |
commit | bd164884f258d99ca876f6cdcdf9bd0dcceee6ad (patch) | |
tree | dcae6d54718756e8dbe48eeee6d2f75ee52457e6 | |
parent | ac2d4cb656b3a796db3dc6f8873e91e67907372d (diff) |
Do not send an empty supported groups extension
This allows handshake to proceed if the maximum TLS version enabled is <1.3
Fixes #13583
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
-rw-r--r-- | CHANGES | 24 | ||||
-rw-r--r-- | ssl/statem/extensions_clnt.c | 16 |
2 files changed, 29 insertions, 11 deletions
@@ -9,20 +9,24 @@ Changes between 1.1.1o and 1.1.1p [xx XXX xxxx] - *) + *) When OpenSSL TLS client is connecting without any supported elliptic + curves and TLS-1.3 protocol is disabled the connection will no longer fail + if a ciphersuite that does not use a key exchange based on elliptic + curves can be negotiated. + [Tomáš Mráz] Changes between 1.1.1n and 1.1.1o [3 May 2022] *) Fixed a bug in the c_rehash script which was not properly sanitising shell - metacharacters to prevent command injection. This script is distributed by - some operating systems in a manner where it is automatically executed. On - such operating systems, an attacker could execute arbitrary commands with the - privileges of the script. - - Use of the c_rehash script is considered obsolete and should be replaced - by the OpenSSL rehash command line tool. - (CVE-2022-1292) - [Tomáš Mráz] + metacharacters to prevent command injection. This script is distributed + by some operating systems in a manner where it is automatically executed. + On such operating systems, an attacker could execute arbitrary commands + with the privileges of the script. + + Use of the c_rehash script is considered obsolete and should be replaced + by the OpenSSL rehash command line tool. + (CVE-2022-1292) + [Tomáš Mráz] Changes between 1.1.1m and 1.1.1n [15 Mar 2022] diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 9d38ac23b5..036a9b3c48 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -118,6 +118,8 @@ static int use_ecc(SSL *s) int i, end, ret = 0; unsigned long alg_k, alg_a; STACK_OF(SSL_CIPHER) *cipher_stack = NULL; + const uint16_t *pgroups = NULL; + size_t num_groups, j; /* See if we support any ECC ciphersuites */ if (s->version == SSL3_VERSION) @@ -139,7 +141,19 @@ static int use_ecc(SSL *s) } sk_SSL_CIPHER_free(cipher_stack); - return ret; + if (!ret) + return 0; + + /* Check we have at least one EC supported group */ + tls1_get_supported_groups(s, &pgroups, &num_groups); + for (j = 0; j < num_groups; j++) { + uint16_t ctmp = pgroups[j]; + + if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) + return 1; + } + + return 0; } EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, |