From bd164884f258d99ca876f6cdcdf9bd0dcceee6ad Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 29 Apr 2022 16:36:36 +0200 Subject: Do not send an empty supported groups extension This allows handshake to proceed if the maximum TLS version enabled is <1.3 Fixes #13583 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18213) --- CHANGES | 24 ++++++++++++++---------- ssl/statem/extensions_clnt.c | 16 +++++++++++++++- 2 files changed, 29 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index b1d8768898..122d979057 100644 --- a/CHANGES +++ b/CHANGES @@ -9,20 +9,24 @@ Changes between 1.1.1o and 1.1.1p [xx XXX xxxx] - *) + *) When OpenSSL TLS client is connecting without any supported elliptic + curves and TLS-1.3 protocol is disabled the connection will no longer fail + if a ciphersuite that does not use a key exchange based on elliptic + curves can be negotiated. + [Tomáš Mráz] Changes between 1.1.1n and 1.1.1o [3 May 2022] *) Fixed a bug in the c_rehash script which was not properly sanitising shell - metacharacters to prevent command injection. This script is distributed by - some operating systems in a manner where it is automatically executed. On - such operating systems, an attacker could execute arbitrary commands with the - privileges of the script. - - Use of the c_rehash script is considered obsolete and should be replaced - by the OpenSSL rehash command line tool. - (CVE-2022-1292) - [Tomáš Mráz] + metacharacters to prevent command injection. This script is distributed + by some operating systems in a manner where it is automatically executed. + On such operating systems, an attacker could execute arbitrary commands + with the privileges of the script. + + Use of the c_rehash script is considered obsolete and should be replaced + by the OpenSSL rehash command line tool. + (CVE-2022-1292) + [Tomáš Mráz] Changes between 1.1.1m and 1.1.1n [15 Mar 2022] diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 9d38ac23b5..036a9b3c48 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -118,6 +118,8 @@ static int use_ecc(SSL *s) int i, end, ret = 0; unsigned long alg_k, alg_a; STACK_OF(SSL_CIPHER) *cipher_stack = NULL; + const uint16_t *pgroups = NULL; + size_t num_groups, j; /* See if we support any ECC ciphersuites */ if (s->version == SSL3_VERSION) @@ -139,7 +141,19 @@ static int use_ecc(SSL *s) } sk_SSL_CIPHER_free(cipher_stack); - return ret; + if (!ret) + return 0; + + /* Check we have at least one EC supported group */ + tls1_get_supported_groups(s, &pgroups, &num_groups); + for (j = 0; j < num_groups; j++) { + uint16_t ctmp = pgroups[j]; + + if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) + return 1; + } + + return 0; } EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, -- cgit v1.2.3