Send alert on CKE error.

author Dr. Stephen Henson <steve@openssl.org>

Tue, 19 Jul 2016 16:20:58 +0000 (17:20 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 19 Jul 2016 16:20:58 +0000 (17:20 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 19 Jul 2016 16:20:58 +0000 (17:20 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 19 Jul 2016 16:20:58 +0000 (17:20 +0100)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index 299f85b2fb57621fda82c8d9936ad7e0b8eb8f0e..803afd8fa4f82223a94943b87eff0d14ec03caad 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2678,12 +2678,14 @@ int ssl3_get_client_key_exchange(SSL *s)
              i = *p;
              p += 1;
              if (n != 1 + i) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                goto err;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+                al = SSL_AD_DECODE_ERROR;
+                goto f_err;
              }
              if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) {
                  SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                goto err;
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                goto f_err;
              }
              /*
               * p is pointing to somewhere in the buffer currently, so set it
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 19 Jul 2016 16:20:58 +0000 (17:20 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 19 Jul 2016 16:20:58 +0000 (17:20 +0100)