Be strict about requiring ServerKeyExchange. Missing ServerKeyExchange is handled, but only because it hits an ERR_R_INTERNAL_ERROR in ssl3_send_client_key_exchange in trying to find the server ECDH parameters. Be strict about requiring it for ECDHE. Change-Id: Ifce5b73c8bd14746b8a2185f479d550e9e3f84df Reviewed-on: https://boringssl-review.googlesource.com/1157 Reviewed-by: Adam Langley <agl@google.com>

commit: 9c651c9ef6d0ec8a4fa953efcdd85e3130015fe6 [log] [tgz]
author: David Benjamin <davidben@chromium.org> Sat Jul 12 13:27:45 2014 -0400
committer: Adam Langley <agl@google.com> Mon Jul 14 21:42:30 2014 +0000
tree: ef2e2f5384ab1f3bb1bcea7d92712f59c5082e62
parent: ced551f9673426a7287d958aa1f3967f24107da9 [diff] [blame]
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 6c10a32..a28fd33 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c

@@ -1286,6 +1286,13 @@
 
 	if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
 		{
+		if (ssl_cipher_requires_server_key_exchange(s->s3->tmp.new_cipher))
+			{
+			OPENSSL_PUT_ERROR(SSL, ssl3_get_key_exchange, SSL_R_UNEXPECTED_MESSAGE);
+			ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+			return -1;
+			}
+
 #ifndef OPENSSL_NO_PSK
 		/* In plain PSK ciphersuite, ServerKeyExchange can be
 		   omitted if no identity hint is sent. Set
commit	9c651c9ef6d0ec8a4fa953efcdd85e3130015fe6	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Sat Jul 12 13:27:45 2014 -0400
committer	Adam Langley <agl@google.com>	Mon Jul 14 21:42:30 2014 +0000
tree	ef2e2f5384ab1f3bb1bcea7d92712f59c5082e62
parent	ced551f9673426a7287d958aa1f3967f24107da9 [diff] [blame]