CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2020/05/23 02:47:19
Modified files:
lib/libssl : ssl_tlsext.c tls13_server.c
Log message:
Do not assume that server_group != 0 or tlsext_supportedgroups != NULL
implies that we're dealing with a HRR in the extension handling code.
Explicitly check that we're in this situation by inspecting the flag in
the handshake context. Add missing error checks and send the appropriate
alerts. The hrr flag needs to be unset after parsing the client hello
retry to avoid breaking the server hello handling. All this is far from
ideal, but better than nothing.
The correct fix would likely be to make the message type available
but that would need to be part of a more extensive rearchitecture of
the extension handling.
Discussed at length with jsing
