external/boringssl: Sync to d89d65ba12e28e543df4fd9dfbc687bb8be1dba7.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/45210dd4e21ace9d28cb76b3f83303fcdd2efcce..d89d65ba12e28e543df4fd9dfbc687bb8be1dba7
Test: BoringSSL CTS Presubmits.
Change-Id: I2dc13b549eac1f345553da07b7fb66824fc77204
diff --git a/src/ssl/ssl_key_share.cc b/src/ssl/ssl_key_share.cc
index a5ae578..4d76bb2 100644
--- a/src/ssl/ssl_key_share.cc
+++ b/src/ssl/ssl_key_share.cc
@@ -97,8 +97,10 @@
return false;
}
- if (!EC_POINT_oct2point(group.get(), peer_point.get(), peer_key.data(),
+ if (peer_key.empty() || peer_key[0] != POINT_CONVERSION_UNCOMPRESSED ||
+ !EC_POINT_oct2point(group.get(), peer_point.get(), peer_key.data(),
peer_key.size(), bn_ctx.get())) {
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECPOINT);
*out_alert = SSL_AD_DECODE_ERROR;
return false;
}