mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use correct alerts for some cert comp errors

Browse Source 
Fixes #25471

Signed-off-by: Todd Short <todd.short@me.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25845)
This commit is contained in:
Todd Short 2024-10-31 14:33:45 -04:00 committed by Tomas Mraz
parent 357e27342e
commit a590a7e3bc
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ssl/statem/statem_lib.c
View File

@ -2859,7 +2859,7 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc,
}
}
if (!found) {
SSLfatal(sc, SSL_AD_BAD_CERTIFICATE, SSL_R_BAD_COMPRESSION_ALGORITHM);
SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_COMPRESSION_ALGORITHM);
goto err;
}
}
@ -2884,9 +2884,17 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc,
if ((comp = COMP_CTX_new(method)) == NULL
|| !PACKET_get_net_3_len(pkt, &expected_length)
|| !PACKET_get_net_3_len(pkt, &comp_length)
|| PACKET_remaining(pkt) != comp_length
|| !BUF_MEM_grow(buf, expected_length)
|| !PACKET_get_net_3_len(pkt, &comp_length)) {
SSLfatal(sc, SSL_AD_BAD_CERTIFICATE, SSL_R_BAD_DECOMPRESSION);
goto err;
}
if (PACKET_remaining(pkt) != comp_length || comp_length == 0) {
SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_DECOMPRESSION);
goto err;
}
if (!BUF_MEM_grow(buf, expected_length)
|| !PACKET_buf_init(tmppkt, (unsigned char *)buf->data, expected_length)
|| COMP_expand_block(comp, (unsigned char *)buf->data, expected_length,
(unsigned char*)PACKET_data(pkt), comp_length) != (int)expected_length) {