public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reject invalid FFDHE and ECDHE key shares with SSL_AD_ILLEGAL_PARAMETER alert

Browse source 
This changes the alert according to RFC 8446.

Fixes: #25402

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25547)

(cherry picked from commit 0f6caf7409)
This commit is contained in:
cx 2024-09-26 11:27:14 +08:00 committed by Tomas Mraz
parent 609bc44f14
commit 1812c0269c
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ssl/statem/statem_srvr.c
View file

@ -3083,7 +3083,7 @@ static int tls_process_cke_dhe(SSL_CONNECTION *s, PACKET *pkt)
}
if (!EVP_PKEY_set1_encoded_public_key(ckey, data, i)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
goto err;
}
@ -3137,7 +3137,7 @@ static int tls_process_cke_ecdhe(SSL_CONNECTION *s, PACKET *pkt)
}
if (EVP_PKEY_set1_encoded_public_key(ckey, data, i) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
goto err;
}
}