[openssl/openssl] 247b8e: Ensure that the key share group is allowed for our...

Matt Caswell noreply at github.com
Wed Oct 12 15:11:38 UTC 2022 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 247b8e52527ed4facd9ff07cdef0df819193c0c3
      https://github.com/openssl/openssl/commit/247b8e52527ed4facd9ff07cdef0df819193c0c3
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-12 (Wed, 12 Oct 2022)

  Changed paths:
    M ssl/statem/extensions_clnt.c
    M ssl/statem/extensions_srvr.c

  Log Message:
  -----------
  Ensure that the key share group is allowed for our protocol version

We should never send or accept a key share group that is not in the
supported groups list or a group that isn't suitable for use in TLSv1.3

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19317)


  Commit: 04719b208992750ffe2b9232c62ca9179185f3e5
      https://github.com/openssl/openssl/commit/04719b208992750ffe2b9232c62ca9179185f3e5
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-12 (Wed, 12 Oct 2022)

  Changed paths:
    M test/recipes/70-test_key_share.t

  Log Message:
  -----------
  Add a test for where a client sends a non-TLSv1.3 key share

This should not happen but we should tolerate and send an HRR

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19317)


  Commit: 7b141d4934ab1254d65fd1859ca1c6eff1113b50
      https://github.com/openssl/openssl/commit/7b141d4934ab1254d65fd1859ca1c6eff1113b50
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-12 (Wed, 12 Oct 2022)

  Changed paths:
    M test/ssl-tests/14-curves.cnf
    M test/ssl-tests/14-curves.cnf.in

  Log Message:
  -----------
  Add a test for TLSv1.3 only client sending a correct key_share

Make sure that a TLSv1.3 only client does not send a TLSv1.3 key_share.

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19317)


Compare: https://github.com/openssl/openssl/compare/f78c51995e35...7b141d4934ab

More information about the openssl-commits mailing list