From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Sat, 11 Oct 2025 12:01:18 +0000 (+0800)
Subject: ssl: use BAD_KEY_SHARE for invalid key share encoding
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6945c416bb86c85079840789a2e09102818e57b3;p=thirdparty%2Fopenssl.git

ssl: use BAD_KEY_SHARE for invalid key share encoding

Replace BAD_ECPOINT with BAD_KEY_SHARE in tls_accept_ksgroup so alerts
are correct for non EC groups too.

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28876)
---

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 0dc418a8cbb..4e89c963ddc 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -2008,7 +2008,7 @@ int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt,
 
         if (tls13_set_encoded_pub_key(skey, PACKET_data(&encoded_pt),
                                       PACKET_remaining(&encoded_pt)) <= 0) {
-            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT);
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
             EVP_PKEY_free(skey);
             return 0;
         }
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 09f653d03d4..c616ee0c977 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -638,7 +638,7 @@ static int tls_accept_ksgroup(SSL_CONNECTION *s, uint16_t ksgroup, PACKET *encod
     if (tls13_set_encoded_pub_key(s->s3.peer_tmp,
                                   PACKET_data(encoded_pubkey),
                                   PACKET_remaining(encoded_pubkey)) <= 0) {
-        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT);
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
         return 0;
     }
     return 1;