Return SSL_AD_DECRYPT_ERROR alert on PSK binder validation failure (RFC 8446)

author Bhaskar Metiya <bhaskarmetiya@gmail.com>

Wed, 14 Aug 2024 06:04:01 +0000 (11:34 +0530)

committer Tomas Mraz <tomas@openssl.org>

Thu, 15 Aug 2024 09:21:24 +0000 (11:21 +0200)
author Bhaskar Metiya <bhaskarmetiya@gmail.com>
Wed, 14 Aug 2024 06:04:01 +0000 (11:34 +0530)
committer Tomas Mraz <tomas@openssl.org>
Thu, 15 Aug 2024 09:21:24 +0000 (11:21 +0200)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c

index 554190221faada0c0e00fb0691cd4c07920807b7..837ac739c33e937146035fac18958c37e18d8c17 100644 (file)
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1697,7 +1697,7 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
          /* HMAC keys can't do EVP_DigestVerify* - use CRYPTO_memcmp instead */
          ret = (CRYPTO_memcmp(binderin, binderout, hashsize) == 0);
          if (!ret)
-            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BINDER_DOES_NOT_VERIFY);
+            SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BINDER_DOES_NOT_VERIFY);
      }
  
   err:
author	Bhaskar Metiya <bhaskarmetiya@gmail.com>
	Wed, 14 Aug 2024 06:04:01 +0000 (11:34 +0530)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 15 Aug 2024 09:21:24 +0000 (11:21 +0200)