diff options
author | Matt Caswell <matt@openssl.org> | 2022-09-30 14:21:50 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2022-10-12 15:55:58 +0100 |
commit | 247b8e52527ed4facd9ff07cdef0df819193c0c3 (patch) | |
tree | 7dc5711c86a6b4b1cbeb25cd218010b0ac0625ab /ssl/statem/extensions_srvr.c | |
parent | f78c51995e35889d39cb0bdadcbfa3e144bd8a29 (diff) |
Ensure that the key share group is allowed for our protocol version
We should never send or accept a key share group that is not in the
supported groups list or a group that isn't suitable for use in TLSv1.3
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19317)
Diffstat (limited to 'ssl/statem/extensions_srvr.c')
-rw-r--r-- | ssl/statem/extensions_srvr.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 6a488a8737..c743d43c3d 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -655,7 +655,14 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, } /* Check if this share is for a group we can use */ - if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)) { + if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1) + || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) + /* + * We tolerate but ignore a group id that we don't think is + * suitable for TLSv1.3 + */ + || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, + 0, NULL)) { /* Share not suitable */ continue; } |