[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Dr. Stephen Henson]

The branch OpenSSL_1_0_2-stable has been updated
       via  9ae9cbc0c7c8a4629a6b68bdc690fe85d82b35ca (commit)
      from  6d3b5eeb511c80b21ee8c916f232cb20c12e0f53 (commit)


- Log -----------------------------------------------------------------
commit 9ae9cbc0c7c8a4629a6b68bdc690fe85d82b35ca
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Jul 19 17:20:58 2016 +0100

    Send alert on CKE error.
    
    RT#4610
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_srvr.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 299f85b..803afd8 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2678,12 +2678,14 @@ int ssl3_get_client_key_exchange(SSL *s)
             i = *p;
             p += 1;
             if (n != 1 + i) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                goto err;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+                al = SSL_AD_DECODE_ERROR;
+                goto f_err;
             }
             if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) {
                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                goto err;
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                goto f_err;
             }
             /*
              * p is pointing to somewhere in the buffer currently, so set it