Projects
Eulaceura:Factory
compat-openssl11
_service:obs_scm:backport-Do-not-send-an-empty-...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:backport-Do-not-send-an-empty-supported-groups-extension.patch of Package compat-openssl11
From bd164884f258d99ca876f6cdcdf9bd0dcceee6ad Mon Sep 17 00:00:00 2001 From: Tomas Mraz <tomas@openssl.org> Date: Fri, 29 Apr 2022 16:36:36 +0200 Subject: [PATCH] Do not send an empty supported groups extension This allows handshake to proceed if the maximum TLS version enabled is <1.3 Fixes #13583 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18213) --- CHANGES | 24 ++++++++++++++---------- ssl/statem/extensions_clnt.c | 16 +++++++++++++++- 2 files changed, 29 insertions(+), 11 deletions(-) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 9d38ac23b5..036a9b3c48 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -118,6 +118,8 @@ static int use_ecc(SSL *s) int i, end, ret = 0; unsigned long alg_k, alg_a; STACK_OF(SSL_CIPHER) *cipher_stack = NULL; + const uint16_t *pgroups = NULL; + size_t num_groups, j; /* See if we support any ECC ciphersuites */ if (s->version == SSL3_VERSION) @@ -139,7 +141,19 @@ static int use_ecc(SSL *s) } sk_SSL_CIPHER_free(cipher_stack); - return ret; + if (!ret) + return 0; + + /* Check we have at least one EC supported group */ + tls1_get_supported_groups(s, &pgroups, &num_groups); + for (j = 0; j < num_groups; j++) { + uint16_t ctmp = pgroups[j]; + + if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) + return 1; + } + + return 0; } EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, -- 2.17.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2