From e80243f4649a7a44f100ecb0836ff7dab34ab401 Mon Sep 17 00:00:00 2001 From: beck Date: Tue, 9 Jul 2024 12:27:27 +0000 Subject: [PATCH] Fix TLS key share check to not fire when using < TLS 1.3 The check was being too aggressive and was catching us when the extension was being sent by a client which supports tls 1.3 but the server was capped at TLS 1.2. This moves the check after the max version check, so we won't error out if we do not support TLS 1.3 Reported by obsd@bartula.de ok tb@ --- lib/libssl/ssl_tlsext.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index d0d67598d4c..08bf5593ecd 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.153 2024/06/26 03:41:10 tb Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.154 2024/07/09 12:27:27 beck Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -1573,6 +1573,10 @@ tlsext_keyshare_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange)) return 0; + /* Ignore this client share if we're using earlier than TLSv1.3 */ + if (s->s3->hs.our_max_tls_version < TLS1_3_VERSION) + continue; + /* * Ensure the client share group was sent in supported groups, * and was sent in the same order as supported groups. The @@ -1590,12 +1594,7 @@ tlsext_keyshare_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; } - /* - * Ignore this client share if we're using earlier than TLSv1.3 - * or we've already selected a key share. - */ - if (s->s3->hs.our_max_tls_version < TLS1_3_VERSION) - continue; + /* Ignore this client share if we have already selected a key share */ if (s->s3->hs.key_share != NULL) continue; -- 2.20.1