Adjust alert for ECPF without uncompressed point format

According to RFC 8422, we must send an illegal_parameter alert on
receiving an ECPF extension that doesn't include the uncompressed
format, not a decode_error.

Reported via GitHub issue #675.

ok jsing

diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index 2bf7d5a..bd70733 100644 (file)
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.92 2021/05/16 14:10:43 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.93 2021/06/08 17:22:00 tb Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -359,10 +359,11 @@ tlsext_ecpf_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        if (CBS_len(cbs) != 0)
                goto err;
 
-       /* Must contain uncompressed (0) */
+       /* Must contain uncompressed (0) - RFC 8422, section 5.1.2. */
        if (!CBS_contains_zero_byte(&ecpf)) {
                SSLerror(s, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
-               goto err;
+               *alert = SSL3_AD_ILLEGAL_PARAMETER;
+               return 0;
        }
 
        if (!s->internal->hit) {