From e609a4565f9ededc5c982175c297bb08058f767c Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 23 Jun 2023 15:45:14 +0100 Subject: [PATCH] Fix supported_groups handing in TLSv1.2 In TLSv1.2 we should not attempt to use a supported_group value that is intended for use with TLSv1.3 - even if both the server and the client support it, e.g. the ffdhe groups are supported by OpenSSL for TLSv1.3 but not for TLSv1.2. Fixes #21081 Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/21274) --- ssl/t1_lib.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 576c7a3271e55..b4b13a164331c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -923,6 +923,7 @@ uint16_t tls1_shared_group(SSL_CONNECTION *s, int nmatch) const uint16_t *pref, *supp; size_t num_pref, num_supp, i; int k; + SSL_CTX *ctx = SSL_CONNECTION_GET_CTX(s); /* Can't do anything on client side */ if (s->server == 0) @@ -959,10 +960,29 @@ uint16_t tls1_shared_group(SSL_CONNECTION *s, int nmatch) for (k = 0, i = 0; i < num_pref; i++) { uint16_t id = pref[i]; + const TLS_GROUP_INFO *inf; if (!tls1_in_list(id, supp, num_supp) || !tls_group_allowed(s, id, SSL_SECOP_CURVE_SHARED)) continue; + inf = tls1_group_id_lookup(ctx, id); + if (!ossl_assert(inf != NULL)) + return 0; + if (SSL_CONNECTION_IS_DTLS(s)) { + if (inf->maxdtls == -1) + continue; + if ((inf->mindtls != 0 && DTLS_VERSION_LT(s->version, inf->mindtls)) + || (inf->maxdtls != 0 + && DTLS_VERSION_GT(s->version, inf->maxdtls))) + continue; + } else { + if (inf->maxtls == -1) + continue; + if ((inf->mintls != 0 && s->version < inf->mintls) + || (inf->maxtls != 0 && s->version > inf->maxtls)) + continue; + } + if (nmatch == k) return id; k++;