Send alert on CKE error.

RT#4610 Reviewed-by: N Rich Salz <rsalz@openssl.org>

Send alert on CKE error.
RT#4610 Reviewed-by: N Rich Salz <rsalz@openssl.org>
fb933982 · Dr. Stephen Henson · 2a5f907e · fb933982
隐藏空白更改
内联并排

Showing with 3 addition and 6 deletion

ssl/statem/statem_srvr.c ssl/statem/statem_srvr.c +3 -6

未找到文件。
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2355,16 +2355,12 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al)
         */

        /* Get encoded point length */
-        if (!PACKET_get_1(pkt, &i)) {
+        if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i)
+            || PACKET_remaining(pkt) != 0) {
            *al = SSL_AD_DECODE_ERROR;
            SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, SSL_R_LENGTH_MISMATCH);
            goto err;
        }
-        if (!PACKET_get_bytes(pkt, &data, i)
-                || PACKET_remaining(pkt) != 0) {
-            SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB);
-            goto err;
-        }
        ckey = EVP_PKEY_new();
        if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
            SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EVP_LIB);
@@ -2372,6 +2368,7 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al)
        }
        if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i,
                           NULL) == 0) {
+            *al = SSL_AD_HANDSHAKE_FAILURE;
            SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB);
            goto err;
        }