Send alert for bad DH CKE

author Dr. Stephen Henson <steve@openssl.org>

Fri, 22 Jul 2016 15:02:07 +0000 (16:02 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 22 Jul 2016 15:02:07 +0000 (16:02 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 22 Jul 2016 15:02:07 +0000 (16:02 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 22 Jul 2016 15:02:07 +0000 (16:02 +0100)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index 803afd8fa4f82223a94943b87eff0d14ec03caad..c95d6102fa4f3ecbd44305de44ae3963ffaf4517 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2325,7 +2325,8 @@ int ssl3_get_client_key_exchange(SSL *s)
              if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
                  SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                         SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-                goto err;
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                goto f_err;
              } else {
                  p -= 2;
                  i = (int)n;
@@ -2378,9 +2379,10 @@ int ssl3_get_client_key_exchange(SSL *s)
          i = DH_compute_key(p, pub, dh_srvr);
  
          if (i <= 0) {
+            al = SSL_AD_HANDSHAKE_FAILURE;
              SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
              BN_clear_free(pub);
-            goto err;
+            goto f_err;
          }
  
          DH_free(s->s3->tmp.dh);
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 22 Jul 2016 15:02:07 +0000 (16:02 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 22 Jul 2016 15:02:07 +0000 (16:02 +0100)