From: Norbert Pocs Date: Fri, 9 May 2025 09:48:17 +0000 (+0200) Subject: statem_srvr.c: Add check for empty ecdhe encoded key X-Git-Tag: openssl-3.6.0-alpha1~764 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=831cbbb5dd4a569b12f3f1ae9a6688ccee8edd24;p=thirdparty%2Fopenssl.git statem_srvr.c: Add check for empty ecdhe encoded key The RFC definition about the errors is very vague. The TLSv1.3 RFC is a bit more specific about decode_error (but if this specific case goes for decode_error or illegal parameter is still debatable): ``` decode_error: A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. This alert is used for errors where the message does not conform to the formal protocol syntax. This alert should never be observed in communication between proper implementations, except when messages were corrupted in the network. ``` Thank you @GeorgePantelakis for reporting this issue! Resolves: #27530 Signed-off-by: Norbert Pocs Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/27594) --- diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index b93a97999de..dceec1a5870 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3140,8 +3140,11 @@ static int tls_process_cke_ecdhe(SSL_CONNECTION *s, PACKET *pkt) * ClientKeyExchange message. */ - /* Get encoded point length */ - if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i) + /* + * Get encoded point length + * empty key should be handled here + */ + if (!PACKET_get_1(pkt, &i) || i == 0 || !PACKET_get_bytes(pkt, &data, i) || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); goto err;