Send alert for bad DH CKE

author Dr. Stephen Henson <steve@openssl.org>

Fri, 22 Jul 2016 14:55:38 +0000 (15:55 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 22 Jul 2016 14:55:38 +0000 (15:55 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 22 Jul 2016 14:55:38 +0000 (15:55 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 22 Jul 2016 14:55:38 +0000 (15:55 +0100)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c

index e56d79121d4f8bcb2505ad2d3e680e4fb9bafcfd..b7f2a0fe2d3c34877896ffa8aba6686f3b3a851b 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2269,17 +2269,12 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int *al)
      EVP_PKEY *ckey = NULL;
      int ret = 0;
  
-    if (!PACKET_get_net_2(pkt, &i)) {
+    if (!PACKET_get_net_2(pkt, &i) || PACKET_remaining(pkt) != i) {
          *al = SSL_AD_HANDSHAKE_FAILURE;
          SSLerr(SSL_F_TLS_PROCESS_CKE_DHE,
                 SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
          goto err;
      }
-    if (PACKET_remaining(pkt) != i) {
-        SSLerr(SSL_F_TLS_PROCESS_CKE_DHE,
-               SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-        goto err;
-    }
      skey = s->s3->tmp.pkey;
      if (skey == NULL) {
          *al = SSL_AD_HANDSHAKE_FAILURE;
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 22 Jul 2016 14:55:38 +0000 (15:55 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 22 Jul 2016 14:55:38 +0000 (15:55 +0100)