Change cipher suite alert for 0 length cipher_suites

From RFC 8446: Note: TLS defines two generic alerts (see Section 6) to use upon failure to parse a message. Peers which receive a message which cannot be parsed according to the syntax (e.g., have a length extending beyond the message boundary or contain an out-of-range length) MUST terminate the connection with a "decode_error" alert. Peers which receive a message which is syntactically correct but semantically invalid (e.g., a DHE share of p - 1, or an invalid enum) MUST terminate the connection with an "illegal_parameter" alert. A zero length cipher suite list I think is considered out of range, and so we should return "decode_error" rather than "illegal_parameter" Fixes #25309 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26781) (cherry picked from commit 2ce46ad8ce)
2025-02-16 08:35:38 -05:00 · 2025-02-16 08:35:38 -05:00 · a98b476c08
parent a04a5fe8a1
commit a98b476c08
1 changed files with 1 additions and 1 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -6833,7 +6833,7 @@ int ssl_cache_cipherlist(SSL_CONNECTION *s, PACKET *cipher_suites, int sslv2form
    n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;

    if (PACKET_remaining(cipher_suites) == 0) {
-        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED);
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_NO_CIPHERS_SPECIFIED);
        return 0;
    }