Fix missing return value checks
Ensure that all functions have their return values checked where appropriate. This covers all functions defined and called from within libssl. Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell
parent
4bcdb4a601
commit
69f6823748
@ -292,7 +292,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
|
|||||||
else if (ssl->handshake_func == ssl->method->ssl_accept)
|
else if (ssl->handshake_func == ssl->method->ssl_accept)
|
||||||
SSL_set_accept_state(ssl);
|
SSL_set_accept_state(ssl);
|
||||||
|
|
||||||
SSL_clear(ssl);
|
if(!SSL_clear(ssl)) {
|
||||||
|
ret = 0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
if (b->next_bio != NULL)
|
if (b->next_bio != NULL)
|
||||||
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
|
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
|
||||||
|
|||||||
@ -989,7 +989,10 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
|
|||||||
s->d1->handshake_write_seq, 0, 0);
|
s->d1->handshake_write_seq, 0, 0);
|
||||||
|
|
||||||
/* buffer the message to handle re-xmits */
|
/* buffer the message to handle re-xmits */
|
||||||
dtls1_buffer_message(s, 1);
|
if(!dtls1_buffer_message(s, 1)) {
|
||||||
|
SSLerr(SSL_F_DTLS1_SEND_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
s->state = b;
|
s->state = b;
|
||||||
}
|
}
|
||||||
@ -1237,7 +1240,7 @@ void dtls1_clear_record_buffer(SSL *s)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
|
void dtls1_set_message_header(SSL *s, unsigned char *p,
|
||||||
unsigned char mt, unsigned long len,
|
unsigned char mt, unsigned long len,
|
||||||
unsigned long frag_off,
|
unsigned long frag_off,
|
||||||
unsigned long frag_len)
|
unsigned long frag_len)
|
||||||
@ -1250,8 +1253,6 @@ unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
|
|||||||
|
|
||||||
dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
|
dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
|
||||||
frag_off, frag_len);
|
frag_off, frag_len);
|
||||||
|
|
||||||
return p += DTLS1_HM_HEADER_LENGTH;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* don't actually do the writing, wait till the MTU has been retrieved */
|
/* don't actually do the writing, wait till the MTU has been retrieved */
|
||||||
|
|||||||
@ -181,8 +181,10 @@ int dtls1_connect(SSL *s)
|
|||||||
cb = s->ctx->info_callback;
|
cb = s->ctx->info_callback;
|
||||||
|
|
||||||
s->in_handshake++;
|
s->in_handshake++;
|
||||||
if (!SSL_in_init(s) || SSL_in_before(s))
|
if (!SSL_in_init(s) || SSL_in_before(s)) {
|
||||||
SSL_clear(s);
|
if(!SSL_clear(s))
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_SCTP
|
#ifndef OPENSSL_NO_SCTP
|
||||||
/*
|
/*
|
||||||
|
|||||||
@ -567,7 +567,11 @@ static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
|
|||||||
s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
|
s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
|
||||||
s->init_off = 0;
|
s->init_off = 0;
|
||||||
/* Buffer the message to handle re-xmits */
|
/* Buffer the message to handle re-xmits */
|
||||||
dtls1_buffer_message(s, 0);
|
/*
|
||||||
|
* Deliberately swallow error return. We really should do something with
|
||||||
|
* this - but its a void function that can't (easily) be changed
|
||||||
|
*/
|
||||||
|
if(!dtls1_buffer_message(s, 0));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int dtls1_handshake_write(SSL *s)
|
static int dtls1_handshake_write(SSL *s)
|
||||||
|
|||||||
@ -937,7 +937,10 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
|
|||||||
}
|
}
|
||||||
#ifndef OPENSSL_NO_HEARTBEATS
|
#ifndef OPENSSL_NO_HEARTBEATS
|
||||||
else if (rr->type == TLS1_RT_HEARTBEAT) {
|
else if (rr->type == TLS1_RT_HEARTBEAT) {
|
||||||
dtls1_process_heartbeat(s);
|
/* We allow a 0 return */
|
||||||
|
if(dtls1_process_heartbeat(s) < 0) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
/* Exit and notify application to read again */
|
/* Exit and notify application to read again */
|
||||||
rr->length = 0;
|
rr->length = 0;
|
||||||
@ -1246,7 +1249,8 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
|
|||||||
if (dtls1_check_timeout_num(s) < 0)
|
if (dtls1_check_timeout_num(s) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
dtls1_retransmit_buffered_messages(s);
|
/* Ignore retransmit failures - swallow return code */
|
||||||
|
if(dtls1_retransmit_buffered_messages(s));
|
||||||
rr->length = 0;
|
rr->length = 0;
|
||||||
goto start;
|
goto start;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -184,8 +184,10 @@ int dtls1_accept(SSL *s)
|
|||||||
|
|
||||||
/* init things to blank */
|
/* init things to blank */
|
||||||
s->in_handshake++;
|
s->in_handshake++;
|
||||||
if (!SSL_in_init(s) || SSL_in_before(s))
|
if (!SSL_in_init(s) || SSL_in_before(s)) {
|
||||||
SSL_clear(s);
|
if(!SSL_clear(s))
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
s->d1->listen = listen;
|
s->d1->listen = listen;
|
||||||
#ifndef OPENSSL_NO_SCTP
|
#ifndef OPENSSL_NO_SCTP
|
||||||
|
|||||||
@ -157,8 +157,10 @@ int ssl23_connect(SSL *s)
|
|||||||
cb = s->ctx->info_callback;
|
cb = s->ctx->info_callback;
|
||||||
|
|
||||||
s->in_handshake++;
|
s->in_handshake++;
|
||||||
if (!SSL_in_init(s) || SSL_in_before(s))
|
if (!SSL_in_init(s) || SSL_in_before(s)) {
|
||||||
SSL_clear(s);
|
if(!SSL_clear(s))
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
state = s->state;
|
state = s->state;
|
||||||
|
|||||||
@ -156,8 +156,10 @@ int ssl23_accept(SSL *s)
|
|||||||
cb = s->ctx->info_callback;
|
cb = s->ctx->info_callback;
|
||||||
|
|
||||||
s->in_handshake++;
|
s->in_handshake++;
|
||||||
if (!SSL_in_init(s) || SSL_in_before(s))
|
if (!SSL_in_init(s) || SSL_in_before(s)) {
|
||||||
SSL_clear(s);
|
if(!SSL_clear(s))
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
state = s->state;
|
state = s->state;
|
||||||
|
|||||||
@ -197,8 +197,10 @@ int ssl3_connect(SSL *s)
|
|||||||
cb = s->ctx->info_callback;
|
cb = s->ctx->info_callback;
|
||||||
|
|
||||||
s->in_handshake++;
|
s->in_handshake++;
|
||||||
if (!SSL_in_init(s) || SSL_in_before(s))
|
if (!SSL_in_init(s) || SSL_in_before(s)) {
|
||||||
SSL_clear(s);
|
if(!SSL_clear(s))
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_HEARTBEATS
|
#ifndef OPENSSL_NO_HEARTBEATS
|
||||||
/*
|
/*
|
||||||
@ -3044,6 +3046,11 @@ int ssl3_send_client_key_exchange(SSL *s)
|
|||||||
OPENSSL_cleanse(pms, pmslen);
|
OPENSSL_cleanse(pms, pmslen);
|
||||||
OPENSSL_free(pms);
|
OPENSSL_free(pms);
|
||||||
s->cert->pms = NULL;
|
s->cert->pms = NULL;
|
||||||
|
if(s->session->master_key_length < 0) {
|
||||||
|
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
||||||
|
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return n;
|
return n;
|
||||||
memerr:
|
memerr:
|
||||||
|
|||||||
10
ssl/s3_enc.c
10
ssl/s3_enc.c
@ -253,7 +253,10 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
|||||||
EVP_CIPHER_CTX_init(s->enc_read_ctx);
|
EVP_CIPHER_CTX_init(s->enc_read_ctx);
|
||||||
dd = s->enc_read_ctx;
|
dd = s->enc_read_ctx;
|
||||||
|
|
||||||
ssl_replace_hash(&s->read_hash, m);
|
if(!ssl_replace_hash(&s->read_hash, m)) {
|
||||||
|
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto err2;
|
||||||
|
}
|
||||||
#ifndef OPENSSL_NO_COMP
|
#ifndef OPENSSL_NO_COMP
|
||||||
/* COMPRESS */
|
/* COMPRESS */
|
||||||
if (s->expand != NULL) {
|
if (s->expand != NULL) {
|
||||||
@ -288,7 +291,10 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
|||||||
*/
|
*/
|
||||||
EVP_CIPHER_CTX_init(s->enc_write_ctx);
|
EVP_CIPHER_CTX_init(s->enc_write_ctx);
|
||||||
dd = s->enc_write_ctx;
|
dd = s->enc_write_ctx;
|
||||||
ssl_replace_hash(&s->write_hash, m);
|
if(!ssl_replace_hash(&s->write_hash, m)) {
|
||||||
|
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto err2;
|
||||||
|
}
|
||||||
#ifndef OPENSSL_NO_COMP
|
#ifndef OPENSSL_NO_COMP
|
||||||
/* COMPRESS */
|
/* COMPRESS */
|
||||||
if (s->compress != NULL) {
|
if (s->compress != NULL) {
|
||||||
|
|||||||
@ -3114,7 +3114,8 @@ int ssl3_new(SSL *s)
|
|||||||
s->s3 = s3;
|
s->s3 = s3;
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_SRP
|
#ifndef OPENSSL_NO_SRP
|
||||||
SSL_SRP_CTX_init(s);
|
if(!SSL_SRP_CTX_init(s))
|
||||||
|
goto err;
|
||||||
#endif
|
#endif
|
||||||
s->method->ssl_clear(s);
|
s->method->ssl_clear(s);
|
||||||
return (1);
|
return (1);
|
||||||
|
|||||||
@ -1320,7 +1320,10 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
|
|||||||
}
|
}
|
||||||
#ifndef OPENSSL_NO_HEARTBEATS
|
#ifndef OPENSSL_NO_HEARTBEATS
|
||||||
else if (rr->type == TLS1_RT_HEARTBEAT) {
|
else if (rr->type == TLS1_RT_HEARTBEAT) {
|
||||||
tls1_process_heartbeat(s);
|
/* We can ignore 0 return values */
|
||||||
|
if(tls1_process_heartbeat(s) < 0) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
/* Exit and notify application to read again */
|
/* Exit and notify application to read again */
|
||||||
rr->length = 0;
|
rr->length = 0;
|
||||||
|
|||||||
@ -226,8 +226,10 @@ int ssl3_accept(SSL *s)
|
|||||||
|
|
||||||
/* init things to blank */
|
/* init things to blank */
|
||||||
s->in_handshake++;
|
s->in_handshake++;
|
||||||
if (!SSL_in_init(s) || SSL_in_before(s))
|
if (!SSL_in_init(s) || SSL_in_before(s)) {
|
||||||
SSL_clear(s);
|
if(!SSL_clear(s))
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
if (s->cert == NULL) {
|
if (s->cert == NULL) {
|
||||||
SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
|
SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
|
||||||
@ -2227,6 +2229,11 @@ int ssl3_get_client_key_exchange(SSL *s)
|
|||||||
sizeof
|
sizeof
|
||||||
(rand_premaster_secret));
|
(rand_premaster_secret));
|
||||||
OPENSSL_cleanse(p, sizeof(rand_premaster_secret));
|
OPENSSL_cleanse(p, sizeof(rand_premaster_secret));
|
||||||
|
if(s->session->master_key_length < 0) {
|
||||||
|
al = SSL_AD_INTERNAL_ERROR;
|
||||||
|
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto f_err;
|
||||||
|
}
|
||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_DH
|
#ifndef OPENSSL_NO_DH
|
||||||
@ -2319,6 +2326,11 @@ int ssl3_get_client_key_exchange(SSL *s)
|
|||||||
session->master_key,
|
session->master_key,
|
||||||
p, i);
|
p, i);
|
||||||
OPENSSL_cleanse(p, i);
|
OPENSSL_cleanse(p, i);
|
||||||
|
if(s->session->master_key_length < 0) {
|
||||||
|
al = SSL_AD_INTERNAL_ERROR;
|
||||||
|
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto f_err;
|
||||||
|
}
|
||||||
if (dh_clnt)
|
if (dh_clnt)
|
||||||
return 2;
|
return 2;
|
||||||
} else
|
} else
|
||||||
@ -2484,6 +2496,11 @@ int ssl3_get_client_key_exchange(SSL *s)
|
|||||||
s->
|
s->
|
||||||
session->master_key,
|
session->master_key,
|
||||||
pms, outl);
|
pms, outl);
|
||||||
|
if(s->session->master_key_length < 0) {
|
||||||
|
al = SSL_INTERNAL_ERROR;
|
||||||
|
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto f_err;
|
||||||
|
}
|
||||||
|
|
||||||
if (kssl_ctx->client_princ) {
|
if (kssl_ctx->client_princ) {
|
||||||
size_t len = strlen(kssl_ctx->client_princ);
|
size_t len = strlen(kssl_ctx->client_princ);
|
||||||
@ -2632,6 +2649,11 @@ int ssl3_get_client_key_exchange(SSL *s)
|
|||||||
p, i);
|
p, i);
|
||||||
|
|
||||||
OPENSSL_cleanse(p, i);
|
OPENSSL_cleanse(p, i);
|
||||||
|
if(s->session->master_key_length < 0) {
|
||||||
|
al = SSL_AD_INTERNAL_ERROR;
|
||||||
|
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto f_err;
|
||||||
|
}
|
||||||
return (ret);
|
return (ret);
|
||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
@ -2716,6 +2738,11 @@ int ssl3_get_client_key_exchange(SSL *s)
|
|||||||
session->master_key,
|
session->master_key,
|
||||||
psk_or_pre_ms,
|
psk_or_pre_ms,
|
||||||
pre_ms_len);
|
pre_ms_len);
|
||||||
|
if(s->session->master_key_length < 0) {
|
||||||
|
al = SSL_AD_INTERNAL_ERROR;
|
||||||
|
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto psk_err;
|
||||||
|
}
|
||||||
psk_err = 0;
|
psk_err = 0;
|
||||||
psk_err:
|
psk_err:
|
||||||
OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
|
OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
|
||||||
@ -2817,6 +2844,11 @@ int ssl3_get_client_key_exchange(SSL *s)
|
|||||||
s->
|
s->
|
||||||
session->master_key,
|
session->master_key,
|
||||||
premaster_secret, 32);
|
premaster_secret, 32);
|
||||||
|
if(s->session->master_key_length < 0) {
|
||||||
|
al = SSL_AD_INTERNAL_ERROR;
|
||||||
|
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto f_err;
|
||||||
|
}
|
||||||
/* Check if pubkey from client certificate was used */
|
/* Check if pubkey from client certificate was used */
|
||||||
if (EVP_PKEY_CTX_ctrl
|
if (EVP_PKEY_CTX_ctrl
|
||||||
(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
|
(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
|
||||||
|
|||||||
@ -1773,7 +1773,7 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl,
|
|||||||
__owur const COMP_METHOD *SSL_get_current_compression(SSL *s);
|
__owur const COMP_METHOD *SSL_get_current_compression(SSL *s);
|
||||||
__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s);
|
__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s);
|
||||||
__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp);
|
__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp);
|
||||||
__owur STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
|
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
|
||||||
__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
|
__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
|
||||||
*meths);
|
*meths);
|
||||||
void SSL_COMP_free_compression_methods(void);
|
void SSL_COMP_free_compression_methods(void);
|
||||||
@ -1782,7 +1782,7 @@ __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
|
|||||||
__owur const void *SSL_get_current_compression(SSL *s);
|
__owur const void *SSL_get_current_compression(SSL *s);
|
||||||
__owur const void *SSL_get_current_expansion(SSL *s);
|
__owur const void *SSL_get_current_expansion(SSL *s);
|
||||||
__owur const char *SSL_COMP_get_name(const void *comp);
|
__owur const char *SSL_COMP_get_name(const void *comp);
|
||||||
__owur void *SSL_COMP_get_compression_methods(void);
|
void *SSL_COMP_get_compression_methods(void);
|
||||||
__owur int SSL_COMP_add_compression_method(int id, void *cm);
|
__owur int SSL_COMP_add_compression_method(int id, void *cm);
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
@ -1956,6 +1956,7 @@ void ERR_load_SSL_strings(void);
|
|||||||
# define SSL_F_DTLS1_READ_BYTES 258
|
# define SSL_F_DTLS1_READ_BYTES 258
|
||||||
# define SSL_F_DTLS1_READ_FAILED 259
|
# define SSL_F_DTLS1_READ_FAILED 259
|
||||||
# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
|
# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
|
||||||
|
# define SSL_F_DTLS1_SEND_CHANGE_CIPHER_SPEC 342
|
||||||
# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
|
# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
|
||||||
# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
|
# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
|
||||||
# define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
|
# define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
|
||||||
|
|||||||
@ -130,7 +130,7 @@ int SSL_library_init(void)
|
|||||||
* This will initialise the built-in compression algorithms. The value
|
* This will initialise the built-in compression algorithms. The value
|
||||||
* returned is a STACK_OF(SSL_COMP), but that can be discarded safely
|
* returned is a STACK_OF(SSL_COMP), but that can be discarded safely
|
||||||
*/
|
*/
|
||||||
(void)SSL_COMP_get_compression_methods();
|
SSL_COMP_get_compression_methods();
|
||||||
#endif
|
#endif
|
||||||
/* initialize cipher/digest methods table */
|
/* initialize cipher/digest methods table */
|
||||||
ssl_load_ciphers();
|
ssl_load_ciphers();
|
||||||
|
|||||||
@ -532,10 +532,13 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
|
|||||||
else
|
else
|
||||||
*comp = NULL;
|
*comp = NULL;
|
||||||
}
|
}
|
||||||
|
/* If were only interested in comp then return success */
|
||||||
|
if((enc == NULL) && (md == NULL))
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((enc == NULL) || (md == NULL))
|
if ((enc == NULL) || (md == NULL))
|
||||||
return (0);
|
return 0;
|
||||||
|
|
||||||
switch (c->algorithm_enc) {
|
switch (c->algorithm_enc) {
|
||||||
case SSL_DES:
|
case SSL_DES:
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
/* ssl/ssl_err.c */
|
/* ssl/ssl_err.c */
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -83,8 +83,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
|
|||||||
{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
|
{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
|
||||||
{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
|
{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
|
||||||
{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "dtls1_get_message"},
|
{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "dtls1_get_message"},
|
||||||
{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),
|
{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"},
|
||||||
"DTLS1_GET_MESSAGE_FRAGMENT"},
|
|
||||||
{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "dtls1_get_record"},
|
{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "dtls1_get_record"},
|
||||||
{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "dtls1_handle_timeout"},
|
{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "dtls1_handle_timeout"},
|
||||||
{ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "dtls1_heartbeat"},
|
{ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "dtls1_heartbeat"},
|
||||||
@ -96,7 +95,9 @@ static ERR_STRING_DATA SSL_str_functs[] = {
|
|||||||
{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "dtls1_read_bytes"},
|
{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "dtls1_read_bytes"},
|
||||||
{ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "dtls1_read_failed"},
|
{ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "dtls1_read_failed"},
|
||||||
{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),
|
{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),
|
||||||
"dtls1_send_certificate_request"},
|
"DTLS1_SEND_CERTIFICATE_REQUEST"},
|
||||||
|
{ERR_FUNC(SSL_F_DTLS1_SEND_CHANGE_CIPHER_SPEC),
|
||||||
|
"dtls1_send_change_cipher_spec"},
|
||||||
{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE),
|
{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE),
|
||||||
"dtls1_send_client_certificate"},
|
"dtls1_send_client_certificate"},
|
||||||
{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE),
|
{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE),
|
||||||
@ -109,8 +110,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
|
|||||||
{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "dtls1_send_server_hello"},
|
{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "dtls1_send_server_hello"},
|
||||||
{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),
|
{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),
|
||||||
"dtls1_send_server_key_exchange"},
|
"dtls1_send_server_key_exchange"},
|
||||||
{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),
|
{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "dtls1_write_app_data_bytes"},
|
||||||
"dtls1_write_app_data_bytes"},
|
|
||||||
{ERR_FUNC(SSL_F_SSL23_ACCEPT), "ssl23_accept"},
|
{ERR_FUNC(SSL_F_SSL23_ACCEPT), "ssl23_accept"},
|
||||||
{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
|
{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
|
||||||
{ERR_FUNC(SSL_F_SSL23_CONNECT), "ssl23_connect"},
|
{ERR_FUNC(SSL_F_SSL23_CONNECT), "ssl23_connect"},
|
||||||
@ -130,10 +130,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
|
|||||||
{ERR_FUNC(SSL_F_SSL3_CONNECT), "ssl3_connect"},
|
{ERR_FUNC(SSL_F_SSL3_CONNECT), "ssl3_connect"},
|
||||||
{ERR_FUNC(SSL_F_SSL3_CTRL), "ssl3_ctrl"},
|
{ERR_FUNC(SSL_F_SSL3_CTRL), "ssl3_ctrl"},
|
||||||
{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "ssl3_ctx_ctrl"},
|
{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "ssl3_ctx_ctrl"},
|
||||||
{ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS),
|
{ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "ssl3_digest_cached_records"},
|
||||||
"ssl3_digest_cached_records"},
|
{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "ssl3_do_change_cipher_spec"},
|
||||||
{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC),
|
|
||||||
"ssl3_do_change_cipher_spec"},
|
|
||||||
{ERR_FUNC(SSL_F_SSL3_ENC), "ssl3_enc"},
|
{ERR_FUNC(SSL_F_SSL3_ENC), "ssl3_enc"},
|
||||||
{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
|
{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
|
||||||
{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),
|
{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),
|
||||||
@ -183,8 +181,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
|
|||||||
{ERR_FUNC(SSL_F_SSL_ADD_CERT_TO_BUF), "SSL_ADD_CERT_TO_BUF"},
|
{ERR_FUNC(SSL_F_SSL_ADD_CERT_TO_BUF), "SSL_ADD_CERT_TO_BUF"},
|
||||||
{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT),
|
{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT),
|
||||||
"ssl_add_clienthello_renegotiate_ext"},
|
"ssl_add_clienthello_renegotiate_ext"},
|
||||||
{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),
|
{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "ssl_add_clienthello_tlsext"},
|
||||||
"ssl_add_clienthello_tlsext"},
|
|
||||||
{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT),
|
{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT),
|
||||||
"ssl_add_clienthello_use_srtp_ext"},
|
"ssl_add_clienthello_use_srtp_ext"},
|
||||||
{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),
|
{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),
|
||||||
@ -193,8 +190,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
|
|||||||
"SSL_add_file_cert_subjects_to_stack"},
|
"SSL_add_file_cert_subjects_to_stack"},
|
||||||
{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),
|
{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),
|
||||||
"ssl_add_serverhello_renegotiate_ext"},
|
"ssl_add_serverhello_renegotiate_ext"},
|
||||||
{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),
|
{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "ssl_add_serverhello_tlsext"},
|
||||||
"ssl_add_serverhello_tlsext"},
|
|
||||||
{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT),
|
{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT),
|
||||||
"ssl_add_serverhello_use_srtp_ext"},
|
"ssl_add_serverhello_use_srtp_ext"},
|
||||||
{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "ssl_bad_method"},
|
{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "ssl_bad_method"},
|
||||||
@ -210,8 +206,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
|
|||||||
"SSL_CHECK_SERVERHELLO_TLSEXT"},
|
"SSL_CHECK_SERVERHELLO_TLSEXT"},
|
||||||
{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),
|
{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),
|
||||||
"ssl_check_srvr_ecc_cert_and_alg"},
|
"ssl_check_srvr_ecc_cert_and_alg"},
|
||||||
{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),
|
{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
|
||||||
"SSL_CIPHER_PROCESS_RULESTR"},
|
|
||||||
{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
|
{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
|
||||||
{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
|
{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
|
||||||
{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),
|
{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),
|
||||||
@ -296,10 +291,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
|
|||||||
{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
|
{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
|
{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
|
{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),
|
{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
|
||||||
"SSL_set_session_id_context"},
|
{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT),
|
|
||||||
"SSL_set_session_ticket_ext"},
|
|
||||||
{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
|
{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
|
{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
|
||||||
{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
|
{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
|
||||||
@ -317,10 +310,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
|
|||||||
{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
|
{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
|
||||||
{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
|
{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
|
||||||
{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
|
{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
|
||||||
{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1),
|
{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
|
||||||
"SSL_use_RSAPrivateKey_ASN1"},
|
{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
|
||||||
{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),
|
|
||||||
"SSL_use_RSAPrivateKey_file"},
|
|
||||||
{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"},
|
{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"},
|
||||||
{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
|
{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
|
||||||
{ERR_FUNC(SSL_F_TLS12_CHECK_PEER_SIGALG), "tls12_check_peer_sigalg"},
|
{ERR_FUNC(SSL_F_TLS12_CHECK_PEER_SIGALG), "tls12_check_peer_sigalg"},
|
||||||
@ -391,16 +382,14 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||||||
{ERR_REASON(SSL_R_BAD_VALUE), "bad value"},
|
{ERR_REASON(SSL_R_BAD_VALUE), "bad value"},
|
||||||
{ERR_REASON(SSL_R_BAD_WRITE_RETRY), "bad write retry"},
|
{ERR_REASON(SSL_R_BAD_WRITE_RETRY), "bad write retry"},
|
||||||
{ERR_REASON(SSL_R_BIO_NOT_SET), "bio not set"},
|
{ERR_REASON(SSL_R_BIO_NOT_SET), "bio not set"},
|
||||||
{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),
|
{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"},
|
||||||
"block cipher pad is wrong"},
|
|
||||||
{ERR_REASON(SSL_R_BN_LIB), "bn lib"},
|
{ERR_REASON(SSL_R_BN_LIB), "bn lib"},
|
||||||
{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH), "ca dn length mismatch"},
|
{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH), "ca dn length mismatch"},
|
||||||
{ERR_REASON(SSL_R_CA_DN_TOO_LONG), "ca dn too long"},
|
{ERR_REASON(SSL_R_CA_DN_TOO_LONG), "ca dn too long"},
|
||||||
{ERR_REASON(SSL_R_CA_KEY_TOO_SMALL), "ca key too small"},
|
{ERR_REASON(SSL_R_CA_KEY_TOO_SMALL), "ca key too small"},
|
||||||
{ERR_REASON(SSL_R_CA_MD_TOO_WEAK), "ca md too weak"},
|
{ERR_REASON(SSL_R_CA_MD_TOO_WEAK), "ca md too weak"},
|
||||||
{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY), "ccs received early"},
|
{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY), "ccs received early"},
|
||||||
{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),
|
{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"},
|
||||||
"certificate verify failed"},
|
|
||||||
{ERR_REASON(SSL_R_CERT_CB_ERROR), "cert cb error"},
|
{ERR_REASON(SSL_R_CERT_CB_ERROR), "cert cb error"},
|
||||||
{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH), "cert length mismatch"},
|
{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH), "cert length mismatch"},
|
||||||
{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
|
{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
|
||||||
@ -413,8 +402,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||||||
{ERR_REASON(SSL_R_COMPRESSION_FAILURE), "compression failure"},
|
{ERR_REASON(SSL_R_COMPRESSION_FAILURE), "compression failure"},
|
||||||
{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
|
{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
|
||||||
"compression id not within private range"},
|
"compression id not within private range"},
|
||||||
{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),
|
{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"},
|
||||||
"compression library error"},
|
|
||||||
{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
|
{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
|
||||||
{ERR_REASON(SSL_R_COOKIE_MISMATCH), "cookie mismatch"},
|
{ERR_REASON(SSL_R_COOKIE_MISMATCH), "cookie mismatch"},
|
||||||
{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),
|
{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),
|
||||||
@ -443,8 +431,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||||||
{ERR_REASON(SSL_R_EE_KEY_TOO_SMALL), "ee key too small"},
|
{ERR_REASON(SSL_R_EE_KEY_TOO_SMALL), "ee key too small"},
|
||||||
{ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),
|
{ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),
|
||||||
"empty srtp protection profile list"},
|
"empty srtp protection profile list"},
|
||||||
{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),
|
{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"},
|
||||||
"encrypted length too long"},
|
|
||||||
{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),
|
{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),
|
||||||
"error generating tmp rsa key"},
|
"error generating tmp rsa key"},
|
||||||
{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
|
{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
|
||||||
@ -494,8 +481,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||||||
{ERR_REASON(SSL_R_MISSING_ECDH_CERT), "missing ecdh cert"},
|
{ERR_REASON(SSL_R_MISSING_ECDH_CERT), "missing ecdh cert"},
|
||||||
{ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT),
|
{ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT),
|
||||||
"missing ecdsa signing cert"},
|
"missing ecdsa signing cert"},
|
||||||
{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),
|
{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"},
|
||||||
"missing export tmp dh key"},
|
|
||||||
{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),
|
{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),
|
||||||
"missing export tmp rsa key"},
|
"missing export tmp rsa key"},
|
||||||
{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
|
{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
|
||||||
@ -527,8 +513,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||||||
{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
|
{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
|
||||||
{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"},
|
{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"},
|
||||||
{ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"},
|
{ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"},
|
||||||
{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST),
|
{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST), "no required digest"},
|
||||||
"digest requred for handshake isn't computed"},
|
|
||||||
{ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
|
{ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
|
||||||
{ERR_REASON(SSL_R_NO_SHARED_SIGATURE_ALGORITHMS),
|
{ERR_REASON(SSL_R_NO_SHARED_SIGATURE_ALGORITHMS),
|
||||||
"no shared sigature algorithms"},
|
"no shared sigature algorithms"},
|
||||||
@ -546,8 +531,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||||||
"only TLS 1.2 allowed in Suite B mode"},
|
"only TLS 1.2 allowed in Suite B mode"},
|
||||||
{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),
|
{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),
|
||||||
"only tls allowed in fips mode"},
|
"only tls allowed in fips mode"},
|
||||||
{ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),
|
{ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), "opaque PRF input too long"},
|
||||||
"opaque PRF input too long"},
|
|
||||||
{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
|
{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
|
||||||
{ERR_REASON(SSL_R_PARSE_TLSEXT), "parse tlsext"},
|
{ERR_REASON(SSL_R_PARSE_TLSEXT), "parse tlsext"},
|
||||||
{ERR_REASON(SSL_R_PATH_TOO_LONG), "path too long"},
|
{ERR_REASON(SSL_R_PATH_TOO_LONG), "path too long"},
|
||||||
@ -597,8 +581,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||||||
{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
|
{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
|
||||||
"ssl3 ext invalid servername type"},
|
"ssl3 ext invalid servername type"},
|
||||||
{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
|
{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
|
||||||
{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),
|
{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"},
|
||||||
"ssl3 session id too short"},
|
|
||||||
{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
|
{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
|
||||||
"sslv3 alert bad certificate"},
|
"sslv3 alert bad certificate"},
|
||||||
{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
|
{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
|
||||||
@ -634,13 +617,11 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||||||
"ssl session id context too long"},
|
"ssl session id context too long"},
|
||||||
{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
|
{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
|
||||||
"ssl session id has bad length"},
|
"ssl session id has bad length"},
|
||||||
{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),
|
{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"},
|
||||||
"tlsv1 alert access denied"},
|
|
||||||
{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
|
{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
|
||||||
{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
|
{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
|
||||||
"tlsv1 alert decryption failed"},
|
"tlsv1 alert decryption failed"},
|
||||||
{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
|
{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"},
|
||||||
"tlsv1 alert decrypt error"},
|
|
||||||
{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
|
{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
|
||||||
"tlsv1 alert export restriction"},
|
"tlsv1 alert export restriction"},
|
||||||
{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
|
{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
|
||||||
@ -683,8 +664,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||||||
"tls rsa encrypted value length is wrong"},
|
"tls rsa encrypted value length is wrong"},
|
||||||
{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),
|
{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),
|
||||||
"tried to use unsupported cipher"},
|
"tried to use unsupported cipher"},
|
||||||
{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),
|
{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"},
|
||||||
"unable to decode dh certs"},
|
|
||||||
{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),
|
{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),
|
||||||
"unable to decode ecdh certs"},
|
"unable to decode ecdh certs"},
|
||||||
{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),
|
{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),
|
||||||
@ -693,8 +673,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||||||
"unable to find ecdh parameters"},
|
"unable to find ecdh parameters"},
|
||||||
{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
|
{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
|
||||||
"unable to find public key parameters"},
|
"unable to find public key parameters"},
|
||||||
{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),
|
{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"},
|
||||||
"unable to find ssl method"},
|
|
||||||
{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
|
{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
|
||||||
"unable to load ssl3 md5 routines"},
|
"unable to load ssl3 md5 routines"},
|
||||||
{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
|
{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
|
||||||
@ -708,12 +687,10 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||||||
{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE), "unknown cipher type"},
|
{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE), "unknown cipher type"},
|
||||||
{ERR_REASON(SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"},
|
{ERR_REASON(SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"},
|
||||||
{ERR_REASON(SSL_R_UNKNOWN_DIGEST), "unknown digest"},
|
{ERR_REASON(SSL_R_UNKNOWN_DIGEST), "unknown digest"},
|
||||||
{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),
|
{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"},
|
||||||
"unknown key exchange type"},
|
|
||||||
{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"},
|
{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"},
|
||||||
{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"},
|
{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"},
|
||||||
{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),
|
{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"},
|
||||||
"unknown remote error type"},
|
|
||||||
{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION), "unknown ssl version"},
|
{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION), "unknown ssl version"},
|
||||||
{ERR_REASON(SSL_R_UNKNOWN_STATE), "unknown state"},
|
{ERR_REASON(SSL_R_UNKNOWN_STATE), "unknown state"},
|
||||||
{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),
|
{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),
|
||||||
|
|||||||
@ -378,7 +378,8 @@ SSL *SSL_new(SSL_CTX *ctx)
|
|||||||
s->references = 1;
|
s->references = 1;
|
||||||
s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
|
s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
|
||||||
|
|
||||||
SSL_clear(s);
|
if(!SSL_clear(s))
|
||||||
|
goto err;
|
||||||
|
|
||||||
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
|
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
|
||||||
|
|
||||||
@ -885,7 +886,10 @@ void SSL_copy_session_id(SSL *t, const SSL *f)
|
|||||||
CERT *tmp;
|
CERT *tmp;
|
||||||
|
|
||||||
/* Do we need to to SSL locking? */
|
/* Do we need to to SSL locking? */
|
||||||
SSL_set_session(t, SSL_get_session(f));
|
if(!SSL_set_session(t, SSL_get_session(f))) {
|
||||||
|
/* How do we handle this!! void function */
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* what if we are setup as SSLv2 but want to talk SSLv3 or vice-versa
|
* what if we are setup as SSLv2 but want to talk SSLv3 or vice-versa
|
||||||
@ -904,7 +908,10 @@ void SSL_copy_session_id(SSL *t, const SSL *f)
|
|||||||
t->cert = NULL;
|
t->cert = NULL;
|
||||||
if (tmp != NULL)
|
if (tmp != NULL)
|
||||||
ssl_cert_free(tmp);
|
ssl_cert_free(tmp);
|
||||||
SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
|
if(!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) {
|
||||||
|
/* Really should do something about this..but void function - ignore */
|
||||||
|
;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Fix this so it checks all the valid key/cert options */
|
/* Fix this so it checks all the valid key/cert options */
|
||||||
@ -1924,10 +1931,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
|
|||||||
if (ret->cert_store == NULL)
|
if (ret->cert_store == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
ssl_create_cipher_list(ret->method,
|
if(!ssl_create_cipher_list(ret->method,
|
||||||
&ret->cipher_list, &ret->cipher_list_by_id,
|
&ret->cipher_list, &ret->cipher_list_by_id,
|
||||||
SSL_DEFAULT_CIPHER_LIST, ret->cert);
|
SSL_DEFAULT_CIPHER_LIST, ret->cert)
|
||||||
if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
||||||
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
||||||
goto err2;
|
goto err2;
|
||||||
}
|
}
|
||||||
@ -1980,7 +1987,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
|
|||||||
ret->psk_server_callback = NULL;
|
ret->psk_server_callback = NULL;
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_SRP
|
#ifndef OPENSSL_NO_SRP
|
||||||
SSL_CTX_SRP_CTX_init(ret);
|
if(!SSL_CTX_SRP_CTX_init(ret))
|
||||||
|
goto err;
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_ENGINE
|
#ifndef OPENSSL_NO_ENGINE
|
||||||
ret->client_cert_engine = NULL;
|
ret->client_cert_engine = NULL;
|
||||||
@ -2783,7 +2791,8 @@ SSL *SSL_dup(SSL *s)
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length);
|
if(!SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length))
|
||||||
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret->options = s->options;
|
ret->options = s->options;
|
||||||
|
|||||||
@ -693,7 +693,10 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
|
|||||||
int r;
|
int r;
|
||||||
unsigned long err;
|
unsigned long err;
|
||||||
|
|
||||||
SSL_CTX_clear_chain_certs(ctx);
|
if(!SSL_CTX_clear_chain_certs(ctx)) {
|
||||||
|
ret = 0;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
while ((ca = PEM_read_bio_X509(in, NULL,
|
while ((ca = PEM_read_bio_X509(in, NULL,
|
||||||
ctx->default_passwd_callback,
|
ctx->default_passwd_callback,
|
||||||
|
|||||||
@ -510,12 +510,14 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
|
|||||||
*/
|
*/
|
||||||
if (!
|
if (!
|
||||||
(s->session_ctx->session_cache_mode &
|
(s->session_ctx->session_cache_mode &
|
||||||
SSL_SESS_CACHE_NO_INTERNAL_STORE))
|
SSL_SESS_CACHE_NO_INTERNAL_STORE)) {
|
||||||
/*
|
/*
|
||||||
* The following should not return 1, otherwise, things are
|
* The following should not return 1, otherwise, things are
|
||||||
* very strange
|
* very strange
|
||||||
*/
|
*/
|
||||||
SSL_CTX_add_session(s->session_ctx, ret);
|
if(SSL_CTX_add_session(s->session_ctx, ret))
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -214,7 +214,8 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
|
|||||||
if (x->compress_meth != 0) {
|
if (x->compress_meth != 0) {
|
||||||
SSL_COMP *comp = NULL;
|
SSL_COMP *comp = NULL;
|
||||||
|
|
||||||
ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0);
|
if(!ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0))
|
||||||
|
goto err;
|
||||||
if (comp == NULL) {
|
if (comp == NULL) {
|
||||||
if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <=
|
if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <=
|
||||||
0)
|
0)
|
||||||
|
|||||||
@ -1443,8 +1443,11 @@ int main(int argc, char *argv[])
|
|||||||
SSL_CTX_set_security_level(s_ctx, 0);
|
SSL_CTX_set_security_level(s_ctx, 0);
|
||||||
|
|
||||||
if (cipher != NULL) {
|
if (cipher != NULL) {
|
||||||
SSL_CTX_set_cipher_list(c_ctx, cipher);
|
if(!SSL_CTX_set_cipher_list(c_ctx, cipher)
|
||||||
SSL_CTX_set_cipher_list(s_ctx, cipher);
|
|| !SSL_CTX_set_cipher_list(s_ctx, cipher)) {
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Process SSL_CONF arguments */
|
/* Process SSL_CONF arguments */
|
||||||
@ -1537,10 +1540,13 @@ int main(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (client_auth) {
|
if (client_auth) {
|
||||||
SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM);
|
if(!SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM)
|
||||||
SSL_CTX_use_PrivateKey_file(c_ctx,
|
|| !SSL_CTX_use_PrivateKey_file(c_ctx,
|
||||||
(client_key ? client_key : client_cert),
|
(client_key ? client_key : client_cert),
|
||||||
SSL_FILETYPE_PEM);
|
SSL_FILETYPE_PEM)) {
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
|
if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
|
||||||
@ -1569,8 +1575,11 @@ int main(int argc, char *argv[])
|
|||||||
|
|
||||||
{
|
{
|
||||||
int session_id_context = 0;
|
int session_id_context = 0;
|
||||||
SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
|
if(!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
|
||||||
sizeof session_id_context);
|
sizeof session_id_context)) {
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Use PSK only if PSK key is given */
|
/* Use PSK only if PSK key is given */
|
||||||
@ -1637,15 +1646,22 @@ int main(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (serverinfo_sct)
|
if (serverinfo_sct) {
|
||||||
SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
|
if(!SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
|
||||||
NULL, NULL, NULL,
|
NULL, NULL, NULL,
|
||||||
serverinfo_cli_parse_cb, NULL);
|
serverinfo_cli_parse_cb, NULL)) {
|
||||||
if (serverinfo_tack)
|
BIO_printf(bio_err, "Error adding SCT extension\n");
|
||||||
SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (serverinfo_tack) {
|
||||||
|
if(!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
|
||||||
NULL, NULL, NULL,
|
NULL, NULL, NULL,
|
||||||
serverinfo_cli_parse_cb, NULL);
|
serverinfo_cli_parse_cb, NULL)) {
|
||||||
|
BIO_printf(bio_err, "Error adding TACK extension\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
if (serverinfo_file)
|
if (serverinfo_file)
|
||||||
if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) {
|
if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) {
|
||||||
BIO_printf(bio_err, "missing serverinfo file\n");
|
BIO_printf(bio_err, "missing serverinfo file\n");
|
||||||
@ -1653,39 +1669,41 @@ int main(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (custom_ext) {
|
if (custom_ext) {
|
||||||
SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
|
if(!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
|
||||||
custom_ext_0_cli_add_cb,
|
custom_ext_0_cli_add_cb,
|
||||||
NULL, NULL,
|
NULL, NULL,
|
||||||
custom_ext_0_cli_parse_cb, NULL);
|
custom_ext_0_cli_parse_cb, NULL)
|
||||||
SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
|
|| !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
|
||||||
custom_ext_1_cli_add_cb,
|
custom_ext_1_cli_add_cb,
|
||||||
NULL, NULL,
|
NULL, NULL,
|
||||||
custom_ext_1_cli_parse_cb, NULL);
|
custom_ext_1_cli_parse_cb, NULL)
|
||||||
SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
|
|| !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
|
||||||
custom_ext_2_cli_add_cb,
|
custom_ext_2_cli_add_cb,
|
||||||
NULL, NULL,
|
NULL, NULL,
|
||||||
custom_ext_2_cli_parse_cb, NULL);
|
custom_ext_2_cli_parse_cb, NULL)
|
||||||
SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
|
|| !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
|
||||||
custom_ext_3_cli_add_cb,
|
custom_ext_3_cli_add_cb,
|
||||||
NULL, NULL,
|
NULL, NULL,
|
||||||
custom_ext_3_cli_parse_cb, NULL);
|
custom_ext_3_cli_parse_cb, NULL)
|
||||||
|
|| !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
|
||||||
SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
|
|
||||||
custom_ext_0_srv_add_cb,
|
custom_ext_0_srv_add_cb,
|
||||||
NULL, NULL,
|
NULL, NULL,
|
||||||
custom_ext_0_srv_parse_cb, NULL);
|
custom_ext_0_srv_parse_cb, NULL)
|
||||||
SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
|
|| !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
|
||||||
custom_ext_1_srv_add_cb,
|
custom_ext_1_srv_add_cb,
|
||||||
NULL, NULL,
|
NULL, NULL,
|
||||||
custom_ext_1_srv_parse_cb, NULL);
|
custom_ext_1_srv_parse_cb, NULL)
|
||||||
SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
|
|| !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
|
||||||
custom_ext_2_srv_add_cb,
|
custom_ext_2_srv_add_cb,
|
||||||
NULL, NULL,
|
NULL, NULL,
|
||||||
custom_ext_2_srv_parse_cb, NULL);
|
custom_ext_2_srv_parse_cb, NULL)
|
||||||
SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
|
|| !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
|
||||||
custom_ext_3_srv_add_cb,
|
custom_ext_3_srv_add_cb,
|
||||||
NULL, NULL,
|
NULL, NULL,
|
||||||
custom_ext_3_srv_parse_cb, NULL);
|
custom_ext_3_srv_parse_cb, NULL)) {
|
||||||
|
BIO_printf(bio_err, "Error setting custom extensions\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (alpn_server)
|
if (alpn_server)
|
||||||
@ -1699,7 +1717,12 @@ int main(int argc, char *argv[])
|
|||||||
BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
|
BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
|
/* Returns 0 on success!! */
|
||||||
|
if(SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
|
||||||
|
BIO_printf(bio_err, "Error setting ALPN\n");
|
||||||
|
OPENSSL_free(alpn);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
OPENSSL_free(alpn);
|
OPENSSL_free(alpn);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1722,8 +1745,12 @@ int main(int argc, char *argv[])
|
|||||||
#endif /* OPENSSL_NO_KRB5 */
|
#endif /* OPENSSL_NO_KRB5 */
|
||||||
|
|
||||||
for (i = 0; i < number; i++) {
|
for (i = 0; i < number; i++) {
|
||||||
if (!reuse)
|
if (!reuse) {
|
||||||
SSL_set_session(c_ssl, NULL);
|
if(!SSL_set_session(c_ssl, NULL)) {
|
||||||
|
BIO_printf(bio_err, "Failed to set session\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
if (bio_pair)
|
if (bio_pair)
|
||||||
ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
|
ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
|
||||||
else
|
else
|
||||||
|
|||||||
@ -1095,7 +1095,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
|
|||||||
* exchange and before certificate verify)
|
* exchange and before certificate verify)
|
||||||
*/
|
*/
|
||||||
s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
|
s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
|
||||||
ssl3_digest_cached_records(s);
|
if(!ssl3_digest_cached_records(s))
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
|
hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
|
||||||
#ifdef SSL_DEBUG
|
#ifdef SSL_DEBUG
|
||||||
|
|||||||
26
ssl/t1_lib.c
26
ssl/t1_lib.c
@ -1431,7 +1431,11 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
|||||||
if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
|
if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
|
||||||
int el;
|
int el;
|
||||||
|
|
||||||
ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
|
/* Returns 0 on success!! */
|
||||||
|
if (ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0)) {
|
||||||
|
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
if ((limit - ret - 4 - el) < 0)
|
if ((limit - ret - 4 - el) < 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -1601,8 +1605,11 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
|
|||||||
if (SSL_IS_DTLS(s) && s->srtp_profile) {
|
if (SSL_IS_DTLS(s) && s->srtp_profile) {
|
||||||
int el;
|
int el;
|
||||||
|
|
||||||
ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
|
/* Returns 0 on success!! */
|
||||||
|
if(ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0)) {
|
||||||
|
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
if ((limit - ret - 4 - el) < 0)
|
if ((limit - ret - 4 - el) < 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
@ -4141,12 +4148,13 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
|
|||||||
/* Set validity of certificates in an SSL structure */
|
/* Set validity of certificates in an SSL structure */
|
||||||
void tls1_set_cert_validity(SSL *s)
|
void tls1_set_cert_validity(SSL *s)
|
||||||
{
|
{
|
||||||
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC);
|
/* Deliberately ignore all return values */
|
||||||
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN);
|
if(tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC)
|
||||||
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN);
|
|| tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN)
|
||||||
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA);
|
|| tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN)
|
||||||
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA);
|
|| tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA)
|
||||||
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC);
|
|| tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA)
|
||||||
|
|| tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* User level utiity function to check a chain is suitable */
|
/* User level utiity function to check a chain is suitable */
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user