[openssl/openssl] 3df6ae: Ensure that the key share group is allowed for our...

Matt Caswell noreply at github.com
Wed Oct 19 08:25:07 UTC 2022


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 3df6aed7826640d944da382f78af5ab87ea790db
      https://github.com/openssl/openssl/commit/3df6aed7826640d944da382f78af5ab87ea790db
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
    M ssl/statem/extensions_clnt.c
    M ssl/statem/extensions_srvr.c

  Log Message:
  -----------
  Ensure that the key share group is allowed for our protocol version

We should never send or accept a key share group that is not in the
supported groups list or a group that isn't suitable for use in TLSv1.3

Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19404)


  Commit: 78d00e05a537495287b979bcad79365d5d9607d4
      https://github.com/openssl/openssl/commit/78d00e05a537495287b979bcad79365d5d9607d4
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
    M test/recipes/70-test_key_share.t

  Log Message:
  -----------
  Add a test for where a client sends a non-TLSv1.3 key share

This should not happen but we should tolerate and send an HRR

Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19404)


  Commit: c861c3ee142ac00d5facd112fd8891e87c50bc7b
      https://github.com/openssl/openssl/commit/c861c3ee142ac00d5facd112fd8891e87c50bc7b
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
    M test/ssl-tests/14-curves.cnf
    M test/ssl-tests/14-curves.cnf.in

  Log Message:
  -----------
  Add a test for TLSv1.3 only client sending a correct key_share

Make sure that a TLSv1.3 only client does not send a TLSv1.3 key_share.

Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19404)


Compare: https://github.com/openssl/openssl/compare/e2b2e6b166b2...c861c3ee142a


More information about the openssl-commits mailing list