Merge tag 'OTP-17.5.6' into maint

=== OTP-17.5.6 ===

Changed Applications:
- inets-5.10.9
- ssh-3.2.4
- ssl-6.0.1

Unchanged Applications:
- asn1-3.0.4
- common_test-1.10.1
- compiler-5.0.4
- cosEvent-2.1.15
- cosEventDomain-1.1.14
- cosFileTransfer-1.1.16
- cosNotification-1.1.21
- cosProperty-1.1.17
- cosTime-1.1.14
- cosTransactions-1.2.14
- crypto-3.5
- debugger-4.0.3
- dialyzer-2.7.4
- diameter-1.9.2
- edoc-0.7.16
- eldap-1.1.1
- erl_docgen-0.3.7
- erl_interface-3.7.20
- erts-6.4.1
- et-1.5
- eunit-2.2.9
- gs-1.5.16
- hipe-3.11.3
- ic-4.3.6
- jinterface-1.5.12
- kernel-3.2
- megaco-3.17.3
- mnesia-4.12.5
- observer-2.0.4
- odbc-2.10.22
- orber-3.7.1
- os_mon-2.3.1
- ose-1.0.2
- otp_mibs-1.0.10
- parsetools-2.0.12
- percept-0.8.10
- public_key-0.23
- reltool-0.6.6
- runtime_tools-1.8.16
- sasl-2.4.1
- snmp-5.1.2
- stdlib-2.4
- syntax_tools-1.6.18
- test_server-3.8.1
- tools-2.7.2
- typer-0.9.8
- webtool-0.8.10
- wx-1.3.3
- xmerl-1.3.7

4 files changed, 38 insertions, 18 deletions

diff --git a/lib/ssl/doc/src/notes.xml b/lib/ssl/doc/src/notes.xml
index 352563700b..fe0606b1a3 100644
--- a/lib/ssl/doc/src/notes.xml
+++ b/lib/ssl/doc/src/notes.xml
@@ -25,7 +25,23 @@
     <file>notes.xml</file>
   </header>
   <p>This document describes the changes made to the SSL application.</p>
-  <section><title>SSL 6.0</title>
+  <section><title>SSL 6.0.1</title>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+      <list>
+        <item>
+          <p>
+	    Terminate gracefully when receving bad input to premaster
+	    secret calculation</p>
+          <p>
+	    Own Id: OTP-12783</p>
+        </item>
+      </list>
+    </section>
+
+</section>
+
+<section><title>SSL 6.0</title>
 
     <section><title>Fixed Bugs and Malfunctions</title>
       <list>
diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src
index 7986722094..d100e41930 100644
--- a/lib/ssl/src/ssl.appup.src
+++ b/lib/ssl/src/ssl.appup.src
@@ -1,12 +1,14 @@
 %% -*- erlang -*-
 {"%VSN%",
  [
+  {<<"6.0">>, [{load_module, ssl_handshake, soft_purge, soft_purge, []}]},
   {<<"5\\.3\\.[1-7]($|\\..*)">>, [{restart_application, ssl}]},
   {<<"5\\.[0-2]($|\\..*)">>, [{restart_application, ssl}]},
   {<<"4\\..*">>, [{restart_application, ssl}]},
   {<<"3\\..*">>, [{restart_application, ssl}]}
  ], 
  [
+  {<<"6.0">>, [{load_module, ssl_handshake, soft_purge, soft_purge, []}]},
   {<<"5\\.3\\.[1-7]($|\\..*)">>, [{restart_application, ssl}]},
   {<<"5\\.[0-2]($|\\..*)">>, [{restart_application, ssl}]},
   {<<"4\\..*">>, [{restart_application, ssl}]},
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 88ccb94e0b..29b64f7a81 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2013-2014. All Rights Reserved.
+%% Copyright Ericsson AB 2013-2015. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -500,19 +500,27 @@ update_handshake_history({Handshake0, _Prev}, Data) ->
 %%     end.
 
 premaster_secret(OtherPublicDhKey, MyPrivateKey, #'DHParameter'{} = Params) ->
-    public_key:compute_key(OtherPublicDhKey, MyPrivateKey, Params);
-
+    try 
+	public_key:compute_key(OtherPublicDhKey, MyPrivateKey, Params)  
+    catch 
+	error:computation_failed -> 
+	    throw(?ALERT_REC(?FATAL, ?ILLEGAL_PARAMETER))
+    end;	   
 premaster_secret(PublicDhKey, PrivateDhKey, #server_dh_params{dh_p = Prime, dh_g = Base}) ->
-    crypto:compute_key(dh, PublicDhKey, PrivateDhKey, [Prime, Base]);
+    try 
+	crypto:compute_key(dh, PublicDhKey, PrivateDhKey, [Prime, Base])
+    catch 
+	error:computation_failed -> 
+	    throw(?ALERT_REC(?FATAL, ?ILLEGAL_PARAMETER))
+    end;
 premaster_secret(#client_srp_public{srp_a = ClientPublicKey}, ServerKey, #srp_user{prime = Prime,
 										   verifier = Verifier}) ->
     case crypto:compute_key(srp, ClientPublicKey, ServerKey, {host, [Verifier, Prime, '6a']}) of
 	error ->
-	    ?ALERT_REC(?FATAL, ?ILLEGAL_PARAMETER);
+	    throw(?ALERT_REC(?FATAL, ?ILLEGAL_PARAMETER));
 	PremasterSecret ->
 	    PremasterSecret
     end;
-
 premaster_secret(#server_srp_params{srp_n = Prime, srp_g = Generator, srp_s = Salt, srp_b = Public},
 		 ClientKeys, {Username, Password}) ->
     case ssl_srp_primes:check_srp_params(Generator, Prime) of
@@ -520,21 +528,19 @@ premaster_secret(#server_srp_params{srp_n = Prime, srp_g = Generator, srp_s = Sa
 	    DerivedKey = crypto:hash(sha, [Salt, crypto:hash(sha, [Username, <<$:>>, Password])]),
 	    case crypto:compute_key(srp, Public, ClientKeys, {user, [DerivedKey, Prime, Generator, '6a']}) of
 		error ->
-		    ?ALERT_REC(?FATAL, ?ILLEGAL_PARAMETER);
+		    throw(?ALERT_REC(?FATAL, ?ILLEGAL_PARAMETER));
 		PremasterSecret ->
 		    PremasterSecret
 	    end;
 	_ ->
-	    ?ALERT_REC(?FATAL, ?ILLEGAL_PARAMETER)
+	    throw(?ALERT_REC(?FATAL, ?ILLEGAL_PARAMETER))
     end;
-
 premaster_secret(#client_rsa_psk_identity{
 		    identity = PSKIdentity,
 		    exchange_keys = #encrypted_premaster_secret{premaster_secret = EncPMS}
 		   }, #'RSAPrivateKey'{} = Key, PSKLookup) ->
     PremasterSecret = premaster_secret(EncPMS, Key),
     psk_secret(PSKIdentity, PSKLookup, PremasterSecret);
-
 premaster_secret(#server_dhe_psk_params{
 		    hint = IdentityHint,
 		    dh_params =  #server_dh_params{dh_y = PublicDhKey} = Params},
@@ -542,7 +548,6 @@ premaster_secret(#server_dhe_psk_params{
 		    LookupFun) ->
     PremasterSecret = premaster_secret(PublicDhKey, PrivateDhKey, Params),
     psk_secret(IdentityHint, LookupFun, PremasterSecret);
-
 premaster_secret({rsa_psk, PSKIdentity}, PSKLookup, RSAPremasterSecret) ->
     psk_secret(PSKIdentity, PSKLookup, RSAPremasterSecret).
 
@@ -551,13 +556,10 @@ premaster_secret(#client_dhe_psk_identity{
 		    dh_public = PublicDhKey}, PrivateKey, #'DHParameter'{} = Params, PSKLookup) ->
     PremasterSecret = premaster_secret(PublicDhKey, PrivateKey, Params),
     psk_secret(PSKIdentity, PSKLookup, PremasterSecret).
-
 premaster_secret(#client_psk_identity{identity = PSKIdentity}, PSKLookup) ->
     psk_secret(PSKIdentity, PSKLookup);
-
 premaster_secret({psk, PSKIdentity}, PSKLookup) ->
     psk_secret(PSKIdentity, PSKLookup);
-
 premaster_secret(#'ECPoint'{} = ECPoint, #'ECPrivateKey'{} = ECDHKeys) ->
     public_key:compute_key(ECPoint, ECDHKeys);
 premaster_secret(EncSecret, #'RSAPrivateKey'{} = RSAPrivateKey) ->
@@ -1933,7 +1935,7 @@ psk_secret(PSKIdentity, PSKLookup) ->
 	#alert{} = Alert ->
 	    Alert;
 	_ ->
-	    ?ALERT_REC(?FATAL, ?ILLEGAL_PARAMETER)
+	    throw(?ALERT_REC(?FATAL, ?ILLEGAL_PARAMETER))
     end.
 
 psk_secret(PSKIdentity, PSKLookup, PremasterSecret) ->
@@ -1945,7 +1947,7 @@ psk_secret(PSKIdentity, PSKLookup, PremasterSecret) ->
 	#alert{} = Alert ->
 	    Alert;
 	_ ->
-	    ?ALERT_REC(?FATAL, ?ILLEGAL_PARAMETER)
+	    throw(?ALERT_REC(?FATAL, ?ILLEGAL_PARAMETER))
     end.
 
 handle_psk_identity(_PSKIdentity, LookupFun)
diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk
index 3663fb7857..d5a9a71736 100644
--- a/lib/ssl/vsn.mk
+++ b/lib/ssl/vsn.mk
@@ -1 +1 @@
-SSL_VSN = 6.0
+SSL_VSN = 6.0.1