-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error handling in TLS is incorrect or missing #553
Comments
I'm not sure that this is a oqs provider bug. I would consider it as oqs provider bug if the provider caught an error and didn't add it to the error stack, otherwise it looks like an OpenSSL issue. I'm also sure that wrong alert is definitely an OpenSSL issue because alerts are thrown at OpenSSL level |
Alt least the lack of encapsulation key checks is in liboqs, and will need to be handled in oqsprovider: open-quantum-safe/liboqs#1951 |
@beldmit oh, and I suspect that OpenSSL knows how to reject the hybrid point encoding, I suspect it's just not configured by oqsprovider to do it |
@tomato42 could you please also duplicate this issue to OpenSSL? |
@beldmit done |
Describe the bug
When malformed key shares are sent to the server, the server doesn't abort the connection or aborts it with wrong alerts
To Reproduce
reproducer
OpenSSL output
tlsfuzzer output
Expected behavior
illegal_parameter
alertillegal_parameter
alerthybrid
point formatScreenshots
n/a
Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: