From: cx <1249843194@qq.com>
Date: Wed, 21 Aug 2024 18:13:01 +0000 (+0800)
Subject: Return SSL_AD_UNEXPECTED_MESSAGE alert when receiving any other change_cipher_spec... 
X-Git-Tag: openssl-3.4.0-alpha1~48
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c07a34e18b098b77ce7ecb14273b7c75f59b5871;p=thirdparty%2Fopenssl.git

Return SSL_AD_UNEXPECTED_MESSAGE alert when receiving any other change_cipher_spec value(RFC 8446)
Fixes: #25086

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25257)
---

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 0c2414f76e1..6f985180482 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -744,7 +744,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
          * CCS messages must be exactly 1 byte long, containing the value 0x01
          */
         if (thisrr->length != 1 || thisrr->data[0] != 0x01) {
-            RLAYERfatal(rl, SSL_AD_ILLEGAL_PARAMETER,
+            RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE,
                         SSL_R_INVALID_CCS_MESSAGE);
             return OSSL_RECORD_RETURN_FATAL;
         }