Send alert on CKE error.

author Dr. Stephen Henson <steve@openssl.org>

Tue, 19 Jul 2016 15:53:26 +0000 (16:53 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 19 Jul 2016 23:03:43 +0000 (00:03 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 19 Jul 2016 15:53:26 +0000 (16:53 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 19 Jul 2016 23:03:43 +0000 (00:03 +0100)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c

index b5cfc4f2209dcb2dbe56ab062eccdb39210321d4..07a80f91470f9520b5ca9bca1f193ece8f1069d5 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2355,16 +2355,12 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al)
           */
  
          /* Get encoded point length */
-        if (!PACKET_get_1(pkt, &i)) {
+        if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i)
+            || PACKET_remaining(pkt) != 0) {
              *al = SSL_AD_DECODE_ERROR;
              SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, SSL_R_LENGTH_MISMATCH);
              goto err;
          }
-        if (!PACKET_get_bytes(pkt, &data, i)
-                || PACKET_remaining(pkt) != 0) {
-            SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB);
-            goto err;
-        }
          ckey = EVP_PKEY_new();
          if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
              SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EVP_LIB);
@@ -2372,6 +2368,7 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al)
          }
          if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i,
                             NULL) == 0) {
+            *al = SSL_AD_HANDSHAKE_FAILURE;
              SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB);
              goto err;
          }
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 19 Jul 2016 15:53:26 +0000 (16:53 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 19 Jul 2016 23:03:43 +0000 (00:03 +0100)