Reject invalid FFDHE and ECDHE key shares with SSL_AD_ILLEGAL_PARAMETER alert

This changes the alert according to RFC 8446. Fixes: #25402 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25547)
author: cx <1249843194@qq.com> 2024-09-26 05:27:14 +0200
committer: Tomas Mraz <tomas@openssl.org> 2025-01-02 14:12:54 +0100
commit: 0f6caf740977fa25d0f05cd3c48a656efbd9a79e (patch)
tree: 51cdd64e6d5d0415a4b54e626b94913de69e7964 /ssl
parent: Fix potential memory leak in BIO_get_accept_socket() (diff)
download: openssl-0f6caf740977fa25d0f05cd3c48a656efbd9a79e.tar.xz
openssl-0f6caf740977fa25d0f05cd3c48a656efbd9a79e.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index c6abfd3319..3d1cb90018 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3087,7 +3087,7 @@ static int tls_process_cke_dhe(SSL_CONNECTION *s, PACKET *pkt)
     }
 
     if (EVP_PKEY_set1_encoded_public_key(ckey, data, i) <= 0) {
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
         goto err;
     }
 
@@ -3141,7 +3141,7 @@ static int tls_process_cke_ecdhe(SSL_CONNECTION *s, PACKET *pkt)
         }
 
         if (EVP_PKEY_set1_encoded_public_key(ckey, data, i) <= 0) {
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB);
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
             goto err;
         }
     }
author	cx <1249843194@qq.com>	2024-09-26 05:27:14 +0200
committer	Tomas Mraz <tomas@openssl.org>	2025-01-02 14:12:54 +0100
commit	0f6caf740977fa25d0f05cd3c48a656efbd9a79e (patch)
tree	51cdd64e6d5d0415a4b54e626b94913de69e7964 /ssl
parent	Fix potential memory leak in BIO_get_accept_socket() (diff)
download	openssl-0f6caf740977fa25d0f05cd3c48a656efbd9a79e.tar.xz openssl-0f6caf740977fa25d0f05cd3c48a656efbd9a79e.zip