From 2d70393a18dc5114557488b463ae366b851b4e88 Mon Sep 17 00:00:00 2001 From: beck <> Date: Tue, 9 Jul 2024 12:27:27 +0000 Subject: Fix TLS key share check to not fire when using < TLS 1.3 The check was being too aggressive and was catching us when the extension was being sent by a client which supports tls 1.3 but the server was capped at TLS 1.2. This moves the check after the max version check, so we won't error out if we do not support TLS 1.3 Reported by obsd@bartula.de ok tb@ --- src/lib/libssl/ssl_tlsext.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index d0d67598d4..08bf5593ec 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.153 2024/06/26 03:41:10 tb Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.154 2024/07/09 12:27:27 beck Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -1573,6 +1573,10 @@ tlsext_keyshare_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange)) return 0; + /* Ignore this client share if we're using earlier than TLSv1.3 */ + if (s->s3->hs.our_max_tls_version < TLS1_3_VERSION) + continue; + /* * Ensure the client share group was sent in supported groups, * and was sent in the same order as supported groups. The @@ -1590,12 +1594,7 @@ tlsext_keyshare_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; } - /* - * Ignore this client share if we're using earlier than TLSv1.3 - * or we've already selected a key share. - */ - if (s->s3->hs.our_max_tls_version < TLS1_3_VERSION) - continue; + /* Ignore this client share if we have already selected a key share */ if (s->s3->hs.key_share != NULL) continue; -- cgit v1.2.3-55-g6feb