From 02b8b7b83698d1c7ddfef274f16c039c8cca7988 Mon Sep 17 00:00:00 2001
From: Bhaskar Metiya <bhaskarmetiya@gmail.com>
Date: Wed, 14 Aug 2024 11:34:01 +0530
Subject: [PATCH] Return SSL_AD_DECRYPT_ERROR alert on PSK binder validation
 failure (RFC 8446)

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25176)
---
 ssl/statem/extensions.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 554190221fa..837ac739c33 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1697,7 +1697,7 @@ int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md,
         /* HMAC keys can't do EVP_DigestVerify* - use CRYPTO_memcmp instead */
         ret = (CRYPTO_memcmp(binderin, binderout, hashsize) == 0);
         if (!ret)
-            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BINDER_DOES_NOT_VERIFY);
+            SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BINDER_DOES_NOT_VERIFY);
     }
 
  err:
-- 
2.47.2