]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 20a2f3b)
Relax checking of supported-groups/keyshare ordering
authorNeil Horman <nhorman@openssl.org>
Tue, 18 Feb 2025 14:01:40 +0000 (09:01 -0500)
committerTomas Mraz <tomas@openssl.org>
Wed, 19 Feb 2025 16:08:53 +0000 (17:08 +0100)
quic interop testing showed that interop with the mvfst client was
failing, due to detecting mis ordering of supported groups and keyshare
extensions

This is strictly a mvfst problem to fix, but RFC 8446 indicates that we
MAY check the ordering but don't strictly have to.

We've opened an issue with the client to fix this, but in the interests
of client compatibility relax the ordering check so that, instead of
issuing a fatal alert, we just log a trace message indicating the
discrepancy

Fixes openssl/project#1106

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26818)

ssl/statem/extensions_srvr.c patch | blob | blame | history

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index d77b087ebf1281351419297e9542dbee282ca139..5f6c22f4017be19a5dad7e5f9fb91fe8a66cbbdc 100644 (file)
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -685,13 +685,20 @@ static KS_EXTRACTION_RESULT extract_keyshares(SSL_CONNECTION *s, PACKET *key_sha
 
         /*
          * Check if this share is in supported_groups sent from client
-         * and that the key shares are in the same sequence as the supported_groups
+         * RFC 8446 also mandates that clients send keyshares in the same
+         * order as listed in the supported groups extension, but its not
+         * required that the server check that, and some clients violate this
+         * so instead of failing the connection when that occurs, log a trace
+         * message indicating the client discrepancy.
          */
-        if (!check_in_list(s, group_id, clntgroups, clnt_num_groups, 0, &key_share_pos)
-                || key_share_pos < previous_key_share_pos) {
+        if (!check_in_list(s, group_id, clntgroups, clnt_num_groups, 0, &key_share_pos)) {
             SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
             goto failure;
         }
+
+        if (key_share_pos < previous_key_share_pos)
+            OSSL_TRACE1(TLS, "key share group id %d is out of RFC 8446 order\n", group_id);
+
         previous_key_share_pos = key_share_pos;
 
         if (s->s3.group_id != 0) {
Mirror of https://github.com/openssl/openssl.git