Ensure that we specify the correct group when creating a HelloRetryRequest. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2025-10-16 14:42:21 +0000
committer	jsing <>	2025-10-16 14:42:21 +0000
commit	07ac085cccf13625ee0512126e736b8da8ed0dad (patch)
tree	8cd9f82e2b82fe6cd09d3184bc6a6b3931c35c1d /src/lib/libcrypto/mlkem/mlkem_internal.c
parent	f690640165ccfa300db43b4a8e0d48a2ac660993 (diff)
download	openbsd-master.tar.gz openbsd-master.tar.bz2 openbsd-master.zip

Ensure that we specify the correct group when creating a HelloRetryRequest.HEAD master

When processing the client supported groups and key shares extensions, the group selection is currently based on client preference. However, when building a HRR the preferred group is identified by calling tls1_get_supported_group(). If SSL_OP_CIPHER_SERVER_PREFERENCE is enabled, group selection will be based on server instead of client preference. This in turn can result in the server sending a HRR for a group that the client has already provided a key share for, violating the RFC. Avoid this issue by storing the client preferred group when processing the key share extension, then using this group when creating the HRR. Thanks to dzwdz for identifying and reporting the issue. ok beck@ tb@

Diffstat (limited to 'src/lib/libcrypto/mlkem/mlkem_internal.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: