]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 60a4290)
s3_lib.c: Handle weak x keys as illegal_parameter alert
authorNorbert Pocs <norbertp@openssl.org>
Sun, 11 May 2025 15:36:05 +0000 (17:36 +0200)
committerTomas Mraz <tomas@openssl.org>
Thu, 15 May 2025 08:49:05 +0000 (10:49 +0200)
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27597)

(cherry picked from commit 5da4ea10be8cf8ca66dff95c9997966f21c82029)

ssl/s3_lib.c patch | blob | blame | history

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 22095fbf2329eefec9988126b0022de26b9214f5..e6177950c9234792cd7c1e1c99e6c6e0b3668aa6 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -5036,7 +5036,10 @@ int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gense
     }
 
     if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+        /*
+         * the public key was probably a weak key
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
         goto err;
     }
 
Mirror of https://github.com/openssl/openssl.git