Allow code which calls RSA temp key callback to cope
with a failure. Fix typos in some error codes.
This commit is contained in:
Dr. Stephen Henson
4
CHANGES
4
CHANGES
@@ -4,6 +4,10 @@
|
|||||||
|
|
||||||
Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
|
Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
|
||||||
|
|
||||||
|
*) Allow for the possibility of temp RSA key generation failure:
|
||||||
|
the code used to assume it always worked and crashed on failure.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
*) Fix potential buffer overrun problem in BIO_printf().
|
*) Fix potential buffer overrun problem in BIO_printf().
|
||||||
[Ulf M<>ller, using public domain code by Patrick Powell; problem
|
[Ulf M<>ller, using public domain code by Patrick Powell; problem
|
||||||
pointed out by David Sacerdote <das33@cornell.edu>]
|
pointed out by David Sacerdote <das33@cornell.edu>]
|
||||||
|
|||||||
3
FAQ
3
FAQ
@@ -44,6 +44,9 @@ might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
|
|||||||
predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much
|
predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much
|
||||||
of this still applies to OpenSSL.
|
of this still applies to OpenSSL.
|
||||||
|
|
||||||
|
There is some documentation about certificate extensions and PKCS#12
|
||||||
|
in doc/openssl.txt
|
||||||
|
|
||||||
The original SSLeay documentation is included in OpenSSL as
|
The original SSLeay documentation is included in OpenSSL as
|
||||||
doc/ssleay.txt. It may be useful when none of the other ressources
|
doc/ssleay.txt. It may be useful when none of the other ressources
|
||||||
help, but please note that it reflects the obsolete version SSLeay
|
help, but please note that it reflects the obsolete version SSLeay
|
||||||
|
|||||||
@@ -48,11 +48,11 @@ R SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
|
|||||||
R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
|
R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
|
||||||
R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
|
R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
|
||||||
R SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
|
R SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
|
||||||
R SSL_R_TLSV1_ALERT_EXPORT_RESTRICION 1060
|
R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
|
||||||
R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
|
R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
|
||||||
R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
|
R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
|
||||||
R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
|
R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
|
||||||
R SSL_R_TLSV1_ALERT_USER_CANCLED 1090
|
R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
|
||||||
R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
|
R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
|
||||||
|
|
||||||
R RSAREF_R_CONTENT_ENCODING 0x0400
|
R RSAREF_R_CONTENT_ENCODING 0x0400
|
||||||
|
|||||||
@@ -955,6 +955,12 @@ static int ssl3_send_server_key_exchange(SSL *s)
|
|||||||
rsa=s->cert->rsa_tmp_cb(s,
|
rsa=s->cert->rsa_tmp_cb(s,
|
||||||
SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
|
SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
|
||||||
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
|
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
|
||||||
|
if(rsa == NULL)
|
||||||
|
{
|
||||||
|
al=SSL_AD_HANDSHAKE_FAILURE;
|
||||||
|
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
|
||||||
|
goto f_err;
|
||||||
|
}
|
||||||
CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
|
CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
|
||||||
cert->rsa_tmp=rsa;
|
cert->rsa_tmp=rsa;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1372,6 +1372,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
|
|||||||
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
|
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
|
||||||
#define SSL_R_DIGEST_CHECK_FAILED 149
|
#define SSL_R_DIGEST_CHECK_FAILED 149
|
||||||
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
|
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
|
||||||
|
#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092
|
||||||
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
|
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
|
||||||
#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
|
#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
|
||||||
#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
|
#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
|
||||||
|
|||||||
@@ -255,6 +255,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
|||||||
{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"},
|
{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"},
|
||||||
{SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"},
|
{SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"},
|
||||||
{SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"},
|
{SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"},
|
||||||
|
{SSL_R_ERROR_GENERATING_TMP_RSA_KEY ,"error generating tmp rsa key"},
|
||||||
{SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"},
|
{SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"},
|
||||||
{SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"},
|
{SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"},
|
||||||
{SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"},
|
{SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"},
|
||||||
|
|||||||
Reference in New Issue
Block a user