openbsd/src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2026-06-18 07:13:36 +02:00
Code Activity

tlsext: add XXX to consider refusing anything but uncompressed point format

Browse Source 
ok jsing kenjiro
This commit is contained in:
tb
2026-06-08 12:05:25 +00:00
parent 64dbfdfff7
commit a49f2cdc5c
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/libssl/ssl_tlsext.c
+3 -1
View File
@@ -1,4 +1,4 @@
/* $OpenBSD: ssl_tlsext.c,v 1.161 2026/06/06 08:45:41 tb Exp $ */
/* $OpenBSD: ssl_tlsext.c,v 1.162 2026/06/08 12:05:25 tb Exp $ */
/*
* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -386,6 +386,8 @@ tlsext_ecpf_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
if (CBS_len(&ecpf) == 0)
return 0;
/* XXX - tighten this to reject anything but uncompressed format? */
/* Must contain uncompressed (0) - RFC 8422, section 5.1.2. */
if (!CBS_contains_zero_byte(&ecpf)) {
SSLerror(s, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);