Adjust alert for ECPF without uncompressed point format

According to RFC 8422, we must send an illegal_parameter alert on
receiving an ECPF extension that doesn't include the uncompressed
format, not a decode_error.

Reported via GitHub issue #675.

ok jsing

1 files changed, 4 insertions, 3 deletions

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 2bf7d5a051..bd70733362 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.92 2021/05/16 14:10:43 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.93 2021/06/08 17:22:00 tb Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -359,10 +359,11 @@ tlsext_ecpf_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
         if (CBS_len(cbs) != 0)
                 goto err;
 
-        /* Must contain uncompressed (0) */
+        /* Must contain uncompressed (0) - RFC 8422, section 5.1.2. */
         if (!CBS_contains_zero_byte(&ecpf)) {
                 SSLerror(s, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
-                goto err;
+                *alert = SSL3_AD_ILLEGAL_PARAMETER;
+                return 0;
         }
 
         if (!s->internal->hit) {