diff options
author | Matt Caswell <matt@openssl.org> | 2023-06-09 09:09:06 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2023-06-23 14:39:54 +0100 |
commit | c036f1573e8a6063c2275af9a1ba0ad5b3944f8b (patch) | |
tree | 85e6fbe47da6fa5bf9c6cfd1924b3c40af7df244 /ssl | |
parent | e62155a57ac47c9f3573b2fb745cb5f1c67efbb8 (diff) |
Don't ask for an invalid group in an HRR
If the client sends us a group in a key_share that is in our
supported_groups list but is otherwise not suitable (e.g. not compatible
with TLSv1.3) we reject it. We should not ask for that same group again
in a subsequent HRR.
Fixes #21157
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21163)
(cherry picked from commit 7a949ae5f1799a6629cf6deb44ae0f38455a73dd)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/extensions.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 8c9c16ec21..66c97c01c8 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1392,7 +1392,11 @@ static int final_key_share(SSL *s, unsigned int context, int sent) group_id = pgroups[i]; if (check_in_list(s, group_id, clntgroups, clnt_num_groups, - 1)) + 1) + && tls_group_allowed(s, group_id, + SSL_SECOP_CURVE_SUPPORTED) + && tls_valid_group(s, group_id, TLS1_3_VERSION, + TLS1_3_VERSION, 0, NULL)) break; } |