diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-07-19 16:53:26 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-07-20 00:03:43 +0100 |
commit | fb9339827bfba3e70719d245e905a22101010678 (patch) | |
tree | 2b8e8c4bb7eee206644af20d84520e6fb998050a /ssl | |
parent | 2a5f907edf6887ddccaec22607f82e8577c36091 (diff) |
Send alert on CKE error.
RT#4610
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem_srvr.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index b5cfc4f220..07a80f9147 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2355,16 +2355,12 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al) */ /* Get encoded point length */ - if (!PACKET_get_1(pkt, &i)) { + if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i) + || PACKET_remaining(pkt) != 0) { *al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, SSL_R_LENGTH_MISMATCH); goto err; } - if (!PACKET_get_bytes(pkt, &data, i) - || PACKET_remaining(pkt) != 0) { - SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB); - goto err; - } ckey = EVP_PKEY_new(); if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) { SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EVP_LIB); @@ -2372,6 +2368,7 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al) } if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i, NULL) == 0) { + *al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB); goto err; } |