Ensure unexpected messages are handled consistently (5abeaf35) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

ssl/statem/statem_clnt.c

+5 −5

Original line number	Diff line number	Diff line
		@@ -179,9 +179,6 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt)
		}

		/* No valid transition found */
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
		SSLerr(SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION,
		SSL_R_UNEXPECTED_MESSAGE);
		return 0;
		}

		@@ -203,8 +200,11 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
		* Note that after a ClientHello we don't know what version we are going
		* to negotiate yet, so we don't take this branch until later
		*/
		if (s->method->version == TLS1_3_VERSION)
		return ossl_statem_client13_read_transition(s, mt);
		if (s->method->version == TLS1_3_VERSION) {
		if (!ossl_statem_client13_read_transition(s, mt))
		goto err;
		return 1;
		}

		switch (st->hand_state) {
		default:

+6 −2

Original line number	Diff line number	Diff line
		@@ -150,8 +150,11 @@ int ossl_statem_server_read_transition(SSL *s, int mt)
		{
		OSSL_STATEM *st = &s->statem;

		if (s->method->version == TLS1_3_VERSION)
		return ossl_statem_server13_read_transition(s, mt);
		if (s->method->version == TLS1_3_VERSION) {
		if (!ossl_statem_server13_read_transition(s, mt))
		goto err;
		return 1;
		}

		switch (st->hand_state) {
		default:
		@@ -284,6 +287,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt)
		break;
		}

		err:
		/* No valid transition found */
		ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE);
		SSLerr(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE);