external/boringssl: Sync to d89d65ba12e28e543df4fd9dfbc687bb8be1dba7. This includes the following changes: https://boringssl.googlesource.com/boringssl/+log/45210dd4e21ace9d28cb76b3f83303fcdd2efcce..d89d65ba12e28e543df4fd9dfbc687bb8be1dba7 Test: BoringSSL CTS Presubmits. Change-Id: I2dc13b549eac1f345553da07b7fb66824fc77204

commit: ab8b888152733533e60c1ebbe8438594a3a2e3d7 [log] [tgz]
author: Robert Sloan <varomodt@google.com> Mon Mar 26 11:39:51 2018 -0700
committer: Robert Sloan <varomodt@google.com> Mon Mar 26 11:41:04 2018 -0700
tree: bb70888d6d3aa4c8ad98d75acfe5ae688ae2fef3
parent: 9083ef933c7f44d6ee3cd1b7ca91135fdada8e31 [diff] [blame]
diff --git a/src/ssl/ssl_key_share.cc b/src/ssl/ssl_key_share.cc
index a5ae578..4d76bb2 100644
--- a/src/ssl/ssl_key_share.cc
+++ b/src/ssl/ssl_key_share.cc

@@ -97,8 +97,10 @@
       return false;
     }
 
-    if (!EC_POINT_oct2point(group.get(), peer_point.get(), peer_key.data(),
+    if (peer_key.empty() || peer_key[0] != POINT_CONVERSION_UNCOMPRESSED ||
+        !EC_POINT_oct2point(group.get(), peer_point.get(), peer_key.data(),
                             peer_key.size(), bn_ctx.get())) {
+      OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECPOINT);
       *out_alert = SSL_AD_DECODE_ERROR;
       return false;
     }
commit	ab8b888152733533e60c1ebbe8438594a3a2e3d7	[log] [tgz]
author	Robert Sloan <varomodt@google.com>	Mon Mar 26 11:39:51 2018 -0700
committer	Robert Sloan <varomodt@google.com>	Mon Mar 26 11:41:04 2018 -0700
tree	bb70888d6d3aa4c8ad98d75acfe5ae688ae2fef3
parent	9083ef933c7f44d6ee3cd1b7ca91135fdada8e31 [diff] [blame]