[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Dr. Stephen Henson
steve at openssl.org
Fri Jul 22 15:15:32 UTC 2016
The branch OpenSSL_1_0_2-stable has been updated
via 02f873c5410e8b96c6a55cc906b8f10cd84b0835 (commit)
from b746aa3fe05b5b5f7126df247ac3eceeb995e2a0 (commit)
- Log -----------------------------------------------------------------
commit 02f873c5410e8b96c6a55cc906b8f10cd84b0835
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Jul 22 16:02:07 2016 +0100
Send alert for bad DH CKE
RT#4511
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_srvr.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 803afd8..c95d610 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2325,7 +2325,8 @@ int ssl3_get_client_key_exchange(SSL *s)
if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
- goto err;
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ goto f_err;
} else {
p -= 2;
i = (int)n;
@@ -2378,9 +2379,10 @@ int ssl3_get_client_key_exchange(SSL *s)
i = DH_compute_key(p, pub, dh_srvr);
if (i <= 0) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
BN_clear_free(pub);
- goto err;
+ goto f_err;
}
DH_free(s->s3->tmp.dh);
More information about the openssl-commits
mailing list