Send alert on CKE error.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 19 Jul 2016 15:53:26 +0000 (16:53 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 19 Jul 2016 23:03:43 +0000 (00:03 +0100)
RT#4610

Reviewed-by: Rich Salz <rsalz@openssl.org>
ssl/statem/statem_srvr.c

index b5cfc4f..07a80f9 100644 (file)
@@ -2355,16 +2355,12 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al)
          */
 
         /* Get encoded point length */
-        if (!PACKET_get_1(pkt, &i)) {
+        if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i)
+            || PACKET_remaining(pkt) != 0) {
             *al = SSL_AD_DECODE_ERROR;
             SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, SSL_R_LENGTH_MISMATCH);
             goto err;
         }
-        if (!PACKET_get_bytes(pkt, &data, i)
-                || PACKET_remaining(pkt) != 0) {
-            SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB);
-            goto err;
-        }
         ckey = EVP_PKEY_new();
         if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
             SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EVP_LIB);
@@ -2372,6 +2368,7 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al)
         }
         if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i,
                            NULL) == 0) {
+            *al = SSL_AD_HANDSHAKE_FAILURE;
             SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB);
             goto err;
         }