Send alert on CKE error.

RT#4610 Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-07-19 17:20:58 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2016-07-19 17:20:58 +0100
commit: 9ae9cbc0c7c8a4629a6b68bdc690fe85d82b35ca (patch)
tree: 9654fae99f1e3f98b07152fb31f1030498d6debf
parent: 6d3b5eeb511c80b21ee8c916f232cb20c12e0f53 (diff)
download: openssl-9ae9cbc0c7c8a4629a6b68bdc690fe85d82b35ca.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 299f85b2fb..803afd8fa4 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2678,12 +2678,14 @@ int ssl3_get_client_key_exchange(SSL *s)
             i = *p;
             p += 1;
             if (n != 1 + i) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                goto err;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+                al = SSL_AD_DECODE_ERROR;
+                goto f_err;
             }
             if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) {
                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                goto err;
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                goto f_err;
             }
             /*
              * p is pointing to somewhere in the buffer currently, so set it
author	Dr. Stephen Henson <steve@openssl.org>	2016-07-19 17:20:58 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2016-07-19 17:20:58 +0100
commit	9ae9cbc0c7c8a4629a6b68bdc690fe85d82b35ca (patch)
tree	9654fae99f1e3f98b07152fb31f1030498d6debf
parent	6d3b5eeb511c80b21ee8c916f232cb20c12e0f53 (diff)
download	openssl-9ae9cbc0c7c8a4629a6b68bdc690fe85d82b35ca.tar.gz