The branch master has been updated
via 31a7d80d0ddb9dddde45c112316057a83e743c15 (commit)
from 0ed26acce328ec16a3aa635f1ca37365e8c7403a (commit)
- Log -----------------------------------------------------------------
commit 31a7d80d0ddb9dddde45c112316057a83e743c15
Author: Dr. Stephen Henson <[email protected]>
Date: Fri Jul 22 15:55:38 2016 +0100
Send alert for bad DH CKE
RT#4511
Reviewed-by: Matt Caswell <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_srvr.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index e56d791..b7f2a0f 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2269,17 +2269,12 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int
*al)
EVP_PKEY *ckey = NULL;
int ret = 0;
- if (!PACKET_get_net_2(pkt, &i)) {
+ if (!PACKET_get_net_2(pkt, &i) || PACKET_remaining(pkt) != i) {
*al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CKE_DHE,
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
goto err;
}
- if (PACKET_remaining(pkt) != i) {
- SSLerr(SSL_F_TLS_PROCESS_CKE_DHE,
- SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
- goto err;
- }
skey = s->s3->tmp.pkey;
if (skey == NULL) {
*al = SSL_AD_HANDSHAKE_FAILURE;
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
