From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Fri, 10 Oct 2025 16:48:52 +0000 (+0800)
Subject: ssl/statem: write 16-bit ECDHE group id in SKE
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=adef53334dc912b119bba1f64be3dba91f95cd63;p=thirdparty%2Fopenssl.git

ssl/statem: write 16-bit ECDHE group id in SKE

tls_construct_server_key_exchange wrote the named group as two u8 bytes with the high byte set to 0. TLS requires a 16-bit NamedGroup. Use WPACKET_put_bytes_u16(curve_id) so ids >= 256 are encoded correctly. No change for groups < 256.

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28835)
---

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 80d09d76e1c..5f6d64662ac 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2767,8 +2767,7 @@ CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s,
          * point itself
          */
         if (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE)
-                || !WPACKET_put_bytes_u8(pkt, 0)
-                || !WPACKET_put_bytes_u8(pkt, curve_id)
+                || !WPACKET_put_bytes_u16(pkt, curve_id)
                 || !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encodedlen)) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
             goto err;