Ensure that the key share group is allowed for our protocol version

We should never send or accept a key share group that is not in the supported groups list or a group that isn't suitable for use in TLSv1.3 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19317)
author: Matt Caswell <matt@openssl.org> 2022-09-30 14:21:50 +0100
committer: Matt Caswell <matt@openssl.org> 2022-10-12 15:55:58 +0100
commit: 247b8e52527ed4facd9ff07cdef0df819193c0c3 (patch)
tree: 7dc5711c86a6b4b1cbeb25cd218010b0ac0625ab /ssl/statem/extensions_srvr.c
parent: f78c51995e35889d39cb0bdadcbfa3e144bd8a29 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 6a488a8737..c743d43c3d 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -655,7 +655,14 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt,
         }
 
         /* Check if this share is for a group we can use */
-        if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)) {
+        if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)
+                || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)
+                   /*
+                    * We tolerate but ignore a group id that we don't think is
+                    * suitable for TLSv1.3
+                    */
+                || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION,
+                                    0, NULL)) {
             /* Share not suitable */
             continue;
         }
author	Matt Caswell <matt@openssl.org>	2022-09-30 14:21:50 +0100
committer	Matt Caswell <matt@openssl.org>	2022-10-12 15:55:58 +0100
commit	247b8e52527ed4facd9ff07cdef0df819193c0c3 (patch)
tree	7dc5711c86a6b4b1cbeb25cd218010b0ac0625ab /ssl/statem/extensions_srvr.c
parent	f78c51995e35889d39cb0bdadcbfa3e144bd8a29 (diff)