Do not send an empty supported groups extension

This allows handshake to proceed if the maximum TLS version enabled is <1.3 Fixes #13583 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18213)
author: Tomas Mraz <tomas@openssl.org> 2022-04-29 16:36:36 +0200
committer: Tomas Mraz <tomas@openssl.org> 2022-05-05 14:05:19 +0200
commit: bd164884f258d99ca876f6cdcdf9bd0dcceee6ad (patch)
tree: dcae6d54718756e8dbe48eeee6d2f75ee52457e6
parent: ac2d4cb656b3a796db3dc6f8873e91e67907372d (diff)
2 files changed, 29 insertions, 11 deletions
diff --git a/CHANGES b/CHANGES
index b1d8768898..122d979057 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,20 +9,24 @@
 
  Changes between 1.1.1o and 1.1.1p [xx XXX xxxx]
 
-  *)
+  *) When OpenSSL TLS client is connecting without any supported elliptic
+     curves and TLS-1.3 protocol is disabled the connection will no longer fail
+     if a ciphersuite that does not use a key exchange based on elliptic
+     curves can be negotiated.
+     [Tomáš Mráz]
 
  Changes between 1.1.1n and 1.1.1o [3 May 2022]
 
   *) Fixed a bug in the c_rehash script which was not properly sanitising shell
-    metacharacters to prevent command injection.  This script is distributed by
-    some operating systems in a manner where it is automatically executed.  On
-    such operating systems, an attacker could execute arbitrary commands with the
-    privileges of the script.
-
-    Use of the c_rehash script is considered obsolete and should be replaced
-    by the OpenSSL rehash command line tool.
-    (CVE-2022-1292)
-    [Tomáš Mráz]
+     metacharacters to prevent command injection.  This script is distributed
+     by some operating systems in a manner where it is automatically executed.
+     On such operating systems, an attacker could execute arbitrary commands
+     with the privileges of the script.
+
+     Use of the c_rehash script is considered obsolete and should be replaced
+     by the OpenSSL rehash command line tool.
+     (CVE-2022-1292)
+     [Tomáš Mráz]
 
  Changes between 1.1.1m and 1.1.1n [15 Mar 2022]
 
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 9d38ac23b5..036a9b3c48 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -118,6 +118,8 @@ static int use_ecc(SSL *s)
     int i, end, ret = 0;
     unsigned long alg_k, alg_a;
     STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
+    const uint16_t *pgroups = NULL;
+    size_t num_groups, j;
 
     /* See if we support any ECC ciphersuites */
     if (s->version == SSL3_VERSION)
@@ -139,7 +141,19 @@ static int use_ecc(SSL *s)
     }
 
     sk_SSL_CIPHER_free(cipher_stack);
-    return ret;
+    if (!ret)
+        return 0;
+
+    /* Check we have at least one EC supported group */
+    tls1_get_supported_groups(s, &pgroups, &num_groups);
+    for (j = 0; j < num_groups; j++) {
+        uint16_t ctmp = pgroups[j];
+
+        if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED))
+            return 1;
+    }
+
+    return 0;
 }
 
 EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
author	Tomas Mraz <tomas@openssl.org>	2022-04-29 16:36:36 +0200
committer	Tomas Mraz <tomas@openssl.org>	2022-05-05 14:05:19 +0200
commit	bd164884f258d99ca876f6cdcdf9bd0dcceee6ad (patch)
tree	dcae6d54718756e8dbe48eeee6d2f75ee52457e6
parent	ac2d4cb656b3a796db3dc6f8873e91e67907372d (diff)