public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Return SSL_AD_DECRYPT_ERROR alert on PSK binder validation failure (RFC 8446)

Browse source 
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25176)
This commit is contained in:
Bhaskar Metiya 2024-08-14 11:34:01 +05:30 committed by Tomas Mraz
parent 8945f406a7
commit 02b8b7b836
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
ssl/statem/extensions.c
View file

@ -1697,7 +1697,7 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
/* HMAC keys can't do EVP_DigestVerify* - use CRYPTO_memcmp instead */
ret = (CRYPTO_memcmp(binderin, binderout, hashsize) == 0);
if (!ret)
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BINDER_DOES_NOT_VERIFY);
SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BINDER_DOES_NOT_VERIFY);
}
err: