summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')
-rw-r--r--src/lib/libssl/ssl_clnt.c262
1 files changed, 131 insertions, 131 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index f7bbca0d78..c8d4aca1c3 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.2 2017/01/26 06:32:58 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.3 2017/01/26 10:40:21 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -211,7 +211,7 @@ ssl3_connect(SSL *s)
211 cb(s, SSL_CB_HANDSHAKE_START, 1); 211 cb(s, SSL_CB_HANDSHAKE_START, 1);
212 212
213 if ((s->version & 0xff00 ) != 0x0300) { 213 if ((s->version & 0xff00 ) != 0x0300) {
214 SSLerr(SSL_F_SSL3_CONNECT, 214 SSLerror(
215 ERR_R_INTERNAL_ERROR); 215 ERR_R_INTERNAL_ERROR);
216 ret = -1; 216 ret = -1;
217 goto end; 217 goto end;
@@ -551,7 +551,7 @@ ssl3_connect(SSL *s)
551 /* break; */ 551 /* break; */
552 552
553 default: 553 default:
554 SSLerr(SSL_F_SSL3_CONNECT, 554 SSLerror(
555 SSL_R_UNKNOWN_STATE); 555 SSL_R_UNKNOWN_STATE);
556 ret = -1; 556 ret = -1;
557 goto end; 557 goto end;
@@ -597,7 +597,7 @@ ssl3_client_hello(SSL *s)
597 SSL_SESSION *sess = s->session; 597 SSL_SESSION *sess = s->session;
598 598
599 if (ssl_supported_version_range(s, NULL, &max_version) != 1) { 599 if (ssl_supported_version_range(s, NULL, &max_version) != 1) {
600 SSLerr(SSL_F_SSL3_CLIENT_HELLO, 600 SSLerror(
601 SSL_R_NO_PROTOCOLS_AVAILABLE); 601 SSL_R_NO_PROTOCOLS_AVAILABLE);
602 return (-1); 602 return (-1);
603 } 603 }
@@ -668,7 +668,7 @@ ssl3_client_hello(SSL *s)
668 *(p++) = i; 668 *(p++) = i;
669 if (i != 0) { 669 if (i != 0) {
670 if (i > (int)sizeof(s->session->session_id)) { 670 if (i > (int)sizeof(s->session->session_id)) {
671 SSLerr(SSL_F_SSL3_CLIENT_HELLO, 671 SSLerror(
672 ERR_R_INTERNAL_ERROR); 672 ERR_R_INTERNAL_ERROR);
673 goto err; 673 goto err;
674 } 674 }
@@ -679,7 +679,7 @@ ssl3_client_hello(SSL *s)
679 /* DTLS Cookie. */ 679 /* DTLS Cookie. */
680 if (SSL_IS_DTLS(s)) { 680 if (SSL_IS_DTLS(s)) {
681 if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) { 681 if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) {
682 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, 682 SSLerror(
683 ERR_R_INTERNAL_ERROR); 683 ERR_R_INTERNAL_ERROR);
684 goto err; 684 goto err;
685 } 685 }
@@ -693,7 +693,7 @@ ssl3_client_hello(SSL *s)
693 bufend - &p[2], &outlen)) 693 bufend - &p[2], &outlen))
694 goto err; 694 goto err;
695 if (outlen == 0) { 695 if (outlen == 0) {
696 SSLerr(SSL_F_SSL3_CLIENT_HELLO, 696 SSLerror(
697 SSL_R_NO_CIPHERS_AVAILABLE); 697 SSL_R_NO_CIPHERS_AVAILABLE);
698 goto err; 698 goto err;
699 } 699 }
@@ -706,7 +706,7 @@ ssl3_client_hello(SSL *s)
706 706
707 /* TLS extensions*/ 707 /* TLS extensions*/
708 if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) { 708 if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
709 SSLerr(SSL_F_SSL3_CLIENT_HELLO, 709 SSLerror(
710 ERR_R_INTERNAL_ERROR); 710 ERR_R_INTERNAL_ERROR);
711 goto err; 711 goto err;
712 } 712 }
@@ -759,7 +759,7 @@ ssl3_get_server_hello(SSL *s)
759 } else { 759 } else {
760 /* Already sent a cookie. */ 760 /* Already sent a cookie. */
761 al = SSL_AD_UNEXPECTED_MESSAGE; 761 al = SSL_AD_UNEXPECTED_MESSAGE;
762 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 762 SSLerror(
763 SSL_R_BAD_MESSAGE_TYPE); 763 SSL_R_BAD_MESSAGE_TYPE);
764 goto f_err; 764 goto f_err;
765 } 765 }
@@ -768,7 +768,7 @@ ssl3_get_server_hello(SSL *s)
768 768
769 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) { 769 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {
770 al = SSL_AD_UNEXPECTED_MESSAGE; 770 al = SSL_AD_UNEXPECTED_MESSAGE;
771 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 771 SSLerror(
772 SSL_R_BAD_MESSAGE_TYPE); 772 SSL_R_BAD_MESSAGE_TYPE);
773 goto f_err; 773 goto f_err;
774 } 774 }
@@ -777,13 +777,13 @@ ssl3_get_server_hello(SSL *s)
777 goto truncated; 777 goto truncated;
778 778
779 if (ssl_supported_version_range(s, &min_version, &max_version) != 1) { 779 if (ssl_supported_version_range(s, &min_version, &max_version) != 1) {
780 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 780 SSLerror(
781 SSL_R_NO_PROTOCOLS_AVAILABLE); 781 SSL_R_NO_PROTOCOLS_AVAILABLE);
782 goto err; 782 goto err;
783 } 783 }
784 784
785 if (server_version < min_version || server_version > max_version) { 785 if (server_version < min_version || server_version > max_version) {
786 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); 786 SSLerror(SSL_R_WRONG_SSL_VERSION);
787 s->version = (s->version & 0xff00) | (server_version & 0xff); 787 s->version = (s->version & 0xff00) | (server_version & 0xff);
788 al = SSL_AD_PROTOCOL_VERSION; 788 al = SSL_AD_PROTOCOL_VERSION;
789 goto f_err; 789 goto f_err;
@@ -793,7 +793,7 @@ ssl3_get_server_hello(SSL *s)
793 if ((method = tls1_get_client_method(server_version)) == NULL) 793 if ((method = tls1_get_client_method(server_version)) == NULL)
794 method = dtls1_get_client_method(server_version); 794 method = dtls1_get_client_method(server_version);
795 if (method == NULL) { 795 if (method == NULL) {
796 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR); 796 SSLerror(ERR_R_INTERNAL_ERROR);
797 goto err; 797 goto err;
798 } 798 }
799 s->method = method; 799 s->method = method;
@@ -812,7 +812,7 @@ ssl3_get_server_hello(SSL *s)
812 if ((CBS_len(&session_id) > sizeof(s->session->session_id)) || 812 if ((CBS_len(&session_id) > sizeof(s->session->session_id)) ||
813 (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)) { 813 (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)) {
814 al = SSL_AD_ILLEGAL_PARAMETER; 814 al = SSL_AD_ILLEGAL_PARAMETER;
815 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 815 SSLerror(
816 SSL_R_SSL3_SESSION_ID_TOO_LONG); 816 SSL_R_SSL3_SESSION_ID_TOO_LONG);
817 goto f_err; 817 goto f_err;
818 } 818 }
@@ -845,7 +845,7 @@ ssl3_get_server_hello(SSL *s)
845 s->sid_ctx, s->sid_ctx_length) != 0) { 845 s->sid_ctx, s->sid_ctx_length) != 0) {
846 /* actually a client application bug */ 846 /* actually a client application bug */
847 al = SSL_AD_ILLEGAL_PARAMETER; 847 al = SSL_AD_ILLEGAL_PARAMETER;
848 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 848 SSLerror(
849 SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); 849 SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
850 goto f_err; 850 goto f_err;
851 } 851 }
@@ -878,7 +878,7 @@ ssl3_get_server_hello(SSL *s)
878 878
879 if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) { 879 if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) {
880 al = SSL_AD_ILLEGAL_PARAMETER; 880 al = SSL_AD_ILLEGAL_PARAMETER;
881 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 881 SSLerror(
882 SSL_R_UNKNOWN_CIPHER_RETURNED); 882 SSL_R_UNKNOWN_CIPHER_RETURNED);
883 goto f_err; 883 goto f_err;
884 } 884 }
@@ -887,7 +887,7 @@ ssl3_get_server_hello(SSL *s)
887 if ((cipher->algorithm_ssl & SSL_TLSV1_2) && 887 if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
888 (TLS1_get_version(s) < TLS1_2_VERSION)) { 888 (TLS1_get_version(s) < TLS1_2_VERSION)) {
889 al = SSL_AD_ILLEGAL_PARAMETER; 889 al = SSL_AD_ILLEGAL_PARAMETER;
890 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 890 SSLerror(
891 SSL_R_WRONG_CIPHER_RETURNED); 891 SSL_R_WRONG_CIPHER_RETURNED);
892 goto f_err; 892 goto f_err;
893 } 893 }
@@ -897,7 +897,7 @@ ssl3_get_server_hello(SSL *s)
897 if (i < 0) { 897 if (i < 0) {
898 /* we did not say we would use this cipher */ 898 /* we did not say we would use this cipher */
899 al = SSL_AD_ILLEGAL_PARAMETER; 899 al = SSL_AD_ILLEGAL_PARAMETER;
900 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 900 SSLerror(
901 SSL_R_WRONG_CIPHER_RETURNED); 901 SSL_R_WRONG_CIPHER_RETURNED);
902 goto f_err; 902 goto f_err;
903 } 903 }
@@ -911,7 +911,7 @@ ssl3_get_server_hello(SSL *s)
911 s->session->cipher_id = s->session->cipher->id; 911 s->session->cipher_id = s->session->cipher->id;
912 if (s->internal->hit && (s->session->cipher_id != cipher->id)) { 912 if (s->internal->hit && (s->session->cipher_id != cipher->id)) {
913 al = SSL_AD_ILLEGAL_PARAMETER; 913 al = SSL_AD_ILLEGAL_PARAMETER;
914 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 914 SSLerror(
915 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 915 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
916 goto f_err; 916 goto f_err;
917 } 917 }
@@ -933,7 +933,7 @@ ssl3_get_server_hello(SSL *s)
933 933
934 if (compression_method != 0) { 934 if (compression_method != 0) {
935 al = SSL_AD_ILLEGAL_PARAMETER; 935 al = SSL_AD_ILLEGAL_PARAMETER;
936 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 936 SSLerror(
937 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 937 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
938 goto f_err; 938 goto f_err;
939 } 939 }
@@ -942,11 +942,11 @@ ssl3_get_server_hello(SSL *s)
942 p = (unsigned char *)CBS_data(&cbs); 942 p = (unsigned char *)CBS_data(&cbs);
943 if (!ssl_parse_serverhello_tlsext(s, &p, CBS_len(&cbs), &al)) { 943 if (!ssl_parse_serverhello_tlsext(s, &p, CBS_len(&cbs), &al)) {
944 /* 'al' set by ssl_parse_serverhello_tlsext */ 944 /* 'al' set by ssl_parse_serverhello_tlsext */
945 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT); 945 SSLerror(SSL_R_PARSE_TLSEXT);
946 goto f_err; 946 goto f_err;
947 } 947 }
948 if (ssl_check_serverhello_tlsext(s) <= 0) { 948 if (ssl_check_serverhello_tlsext(s) <= 0) {
949 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); 949 SSLerror(SSL_R_SERVERHELLO_TLSEXT);
950 goto err; 950 goto err;
951 } 951 }
952 952
@@ -959,7 +959,7 @@ ssl3_get_server_hello(SSL *s)
959truncated: 959truncated:
960 /* wrong packet length */ 960 /* wrong packet length */
961 al = SSL_AD_DECODE_ERROR; 961 al = SSL_AD_DECODE_ERROR;
962 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH); 962 SSLerror(SSL_R_BAD_PACKET_LENGTH);
963f_err: 963f_err:
964 ssl3_send_alert(s, SSL3_AL_FATAL, al); 964 ssl3_send_alert(s, SSL3_AL_FATAL, al);
965err: 965err:
@@ -991,14 +991,14 @@ ssl3_get_server_certificate(SSL *s)
991 991
992 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { 992 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
993 al = SSL_AD_UNEXPECTED_MESSAGE; 993 al = SSL_AD_UNEXPECTED_MESSAGE;
994 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 994 SSLerror(
995 SSL_R_BAD_MESSAGE_TYPE); 995 SSL_R_BAD_MESSAGE_TYPE);
996 goto f_err; 996 goto f_err;
997 } 997 }
998 998
999 999
1000 if ((sk = sk_X509_new_null()) == NULL) { 1000 if ((sk = sk_X509_new_null()) == NULL) {
1001 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1001 SSLerror(
1002 ERR_R_MALLOC_FAILURE); 1002 ERR_R_MALLOC_FAILURE);
1003 goto err; 1003 goto err;
1004 } 1004 }
@@ -1013,7 +1013,7 @@ ssl3_get_server_certificate(SSL *s)
1013 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) || 1013 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) ||
1014 CBS_len(&cbs) != 0) { 1014 CBS_len(&cbs) != 0) {
1015 al = SSL_AD_DECODE_ERROR; 1015 al = SSL_AD_DECODE_ERROR;
1016 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1016 SSLerror(
1017 SSL_R_LENGTH_MISMATCH); 1017 SSL_R_LENGTH_MISMATCH);
1018 goto f_err; 1018 goto f_err;
1019 } 1019 }
@@ -1025,7 +1025,7 @@ ssl3_get_server_certificate(SSL *s)
1025 goto truncated; 1025 goto truncated;
1026 if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) { 1026 if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
1027 al = SSL_AD_DECODE_ERROR; 1027 al = SSL_AD_DECODE_ERROR;
1028 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1028 SSLerror(
1029 SSL_R_CERT_LENGTH_MISMATCH); 1029 SSL_R_CERT_LENGTH_MISMATCH);
1030 goto f_err; 1030 goto f_err;
1031 } 1031 }
@@ -1034,18 +1034,18 @@ ssl3_get_server_certificate(SSL *s)
1034 x = d2i_X509(NULL, &q, CBS_len(&cert)); 1034 x = d2i_X509(NULL, &q, CBS_len(&cert));
1035 if (x == NULL) { 1035 if (x == NULL) {
1036 al = SSL_AD_BAD_CERTIFICATE; 1036 al = SSL_AD_BAD_CERTIFICATE;
1037 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1037 SSLerror(
1038 ERR_R_ASN1_LIB); 1038 ERR_R_ASN1_LIB);
1039 goto f_err; 1039 goto f_err;
1040 } 1040 }
1041 if (q != CBS_data(&cert) + CBS_len(&cert)) { 1041 if (q != CBS_data(&cert) + CBS_len(&cert)) {
1042 al = SSL_AD_DECODE_ERROR; 1042 al = SSL_AD_DECODE_ERROR;
1043 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1043 SSLerror(
1044 SSL_R_CERT_LENGTH_MISMATCH); 1044 SSL_R_CERT_LENGTH_MISMATCH);
1045 goto f_err; 1045 goto f_err;
1046 } 1046 }
1047 if (!sk_X509_push(sk, x)) { 1047 if (!sk_X509_push(sk, x)) {
1048 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1048 SSLerror(
1049 ERR_R_MALLOC_FAILURE); 1049 ERR_R_MALLOC_FAILURE);
1050 goto err; 1050 goto err;
1051 } 1051 }
@@ -1055,7 +1055,7 @@ ssl3_get_server_certificate(SSL *s)
1055 i = ssl_verify_cert_chain(s, sk); 1055 i = ssl_verify_cert_chain(s, sk);
1056 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) { 1056 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
1057 al = ssl_verify_alarm_type(s->verify_result); 1057 al = ssl_verify_alarm_type(s->verify_result);
1058 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1058 SSLerror(
1059 SSL_R_CERTIFICATE_VERIFY_FAILED); 1059 SSL_R_CERTIFICATE_VERIFY_FAILED);
1060 goto f_err; 1060 goto f_err;
1061 1061
@@ -1082,7 +1082,7 @@ ssl3_get_server_certificate(SSL *s)
1082 if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { 1082 if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
1083 x = NULL; 1083 x = NULL;
1084 al = SSL3_AL_FATAL; 1084 al = SSL3_AL_FATAL;
1085 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1085 SSLerror(
1086 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); 1086 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1087 goto f_err; 1087 goto f_err;
1088 } 1088 }
@@ -1091,7 +1091,7 @@ ssl3_get_server_certificate(SSL *s)
1091 if (i < 0) { 1091 if (i < 0) {
1092 x = NULL; 1092 x = NULL;
1093 al = SSL3_AL_FATAL; 1093 al = SSL3_AL_FATAL;
1094 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1094 SSLerror(
1095 SSL_R_UNKNOWN_CERTIFICATE_TYPE); 1095 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1096 goto f_err; 1096 goto f_err;
1097 } 1097 }
@@ -1118,7 +1118,7 @@ ssl3_get_server_certificate(SSL *s)
1118truncated: 1118truncated:
1119 /* wrong packet length */ 1119 /* wrong packet length */
1120 al = SSL_AD_DECODE_ERROR; 1120 al = SSL_AD_DECODE_ERROR;
1121 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1121 SSLerror(
1122 SSL_R_BAD_PACKET_LENGTH); 1122 SSL_R_BAD_PACKET_LENGTH);
1123f_err: 1123f_err:
1124 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1124 ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1150,21 +1150,21 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1150 CBS_init(&cbs, *pp, *nn); 1150 CBS_init(&cbs, *pp, *nn);
1151 1151
1152 if ((dh = DH_new()) == NULL) { 1152 if ((dh = DH_new()) == NULL) {
1153 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB); 1153 SSLerror(ERR_R_DH_LIB);
1154 goto err; 1154 goto err;
1155 } 1155 }
1156 1156
1157 if (!CBS_get_u16_length_prefixed(&cbs, &dhp)) 1157 if (!CBS_get_u16_length_prefixed(&cbs, &dhp))
1158 goto truncated; 1158 goto truncated;
1159 if ((dh->p = BN_bin2bn(CBS_data(&dhp), CBS_len(&dhp), NULL)) == NULL) { 1159 if ((dh->p = BN_bin2bn(CBS_data(&dhp), CBS_len(&dhp), NULL)) == NULL) {
1160 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1160 SSLerror(ERR_R_BN_LIB);
1161 goto err; 1161 goto err;
1162 } 1162 }
1163 1163
1164 if (!CBS_get_u16_length_prefixed(&cbs, &dhg)) 1164 if (!CBS_get_u16_length_prefixed(&cbs, &dhg))
1165 goto truncated; 1165 goto truncated;
1166 if ((dh->g = BN_bin2bn(CBS_data(&dhg), CBS_len(&dhg), NULL)) == NULL) { 1166 if ((dh->g = BN_bin2bn(CBS_data(&dhg), CBS_len(&dhg), NULL)) == NULL) {
1167 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1167 SSLerror(ERR_R_BN_LIB);
1168 goto err; 1168 goto err;
1169 } 1169 }
1170 1170
@@ -1172,7 +1172,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1172 goto truncated; 1172 goto truncated;
1173 if ((dh->pub_key = BN_bin2bn(CBS_data(&dhpk), CBS_len(&dhpk), 1173 if ((dh->pub_key = BN_bin2bn(CBS_data(&dhpk), CBS_len(&dhpk),
1174 NULL)) == NULL) { 1174 NULL)) == NULL) {
1175 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); 1175 SSLerror(ERR_R_BN_LIB);
1176 goto err; 1176 goto err;
1177 } 1177 }
1178 1178
@@ -1181,7 +1181,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1181 * Discard keys weaker than 1024 bits. 1181 * Discard keys weaker than 1024 bits.
1182 */ 1182 */
1183 if (DH_size(dh) < 1024 / 8) { 1183 if (DH_size(dh) < 1024 / 8) {
1184 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_LENGTH); 1184 SSLerror(SSL_R_BAD_DH_P_LENGTH);
1185 goto err; 1185 goto err;
1186 } 1186 }
1187 1187
@@ -1202,7 +1202,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1202 1202
1203 truncated: 1203 truncated:
1204 al = SSL_AD_DECODE_ERROR; 1204 al = SSL_AD_DECODE_ERROR;
1205 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); 1205 SSLerror(SSL_R_BAD_PACKET_LENGTH);
1206 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1206 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1207 1207
1208 err: 1208 err:
@@ -1227,16 +1227,16 @@ ssl3_get_server_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, int nid, CBS *public)
1227 */ 1227 */
1228 1228
1229 if ((ecdh = EC_KEY_new()) == NULL) { 1229 if ((ecdh = EC_KEY_new()) == NULL) {
1230 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1230 SSLerror(ERR_R_MALLOC_FAILURE);
1231 goto err; 1231 goto err;
1232 } 1232 }
1233 1233
1234 if ((ngroup = EC_GROUP_new_by_curve_name(nid)) == NULL) { 1234 if ((ngroup = EC_GROUP_new_by_curve_name(nid)) == NULL) {
1235 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); 1235 SSLerror(ERR_R_EC_LIB);
1236 goto err; 1236 goto err;
1237 } 1237 }
1238 if (EC_KEY_set_group(ecdh, ngroup) == 0) { 1238 if (EC_KEY_set_group(ecdh, ngroup) == 0) {
1239 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); 1239 SSLerror(ERR_R_EC_LIB);
1240 goto err; 1240 goto err;
1241 } 1241 }
1242 1242
@@ -1244,13 +1244,13 @@ ssl3_get_server_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, int nid, CBS *public)
1244 1244
1245 if ((point = EC_POINT_new(group)) == NULL || 1245 if ((point = EC_POINT_new(group)) == NULL ||
1246 (bn_ctx = BN_CTX_new()) == NULL) { 1246 (bn_ctx = BN_CTX_new()) == NULL) {
1247 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1247 SSLerror(ERR_R_MALLOC_FAILURE);
1248 goto err; 1248 goto err;
1249 } 1249 }
1250 1250
1251 if (EC_POINT_oct2point(group, point, CBS_data(public), 1251 if (EC_POINT_oct2point(group, point, CBS_data(public),
1252 CBS_len(public), bn_ctx) == 0) { 1252 CBS_len(public), bn_ctx) == 0) {
1253 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT); 1253 SSLerror(SSL_R_BAD_ECPOINT);
1254 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1254 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1255 goto err; 1255 goto err;
1256 } 1256 }
@@ -1276,18 +1276,18 @@ ssl3_get_server_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, int nid, CBS *public)
1276 size_t outlen; 1276 size_t outlen;
1277 1277
1278 if (nid != NID_X25519) { 1278 if (nid != NID_X25519) {
1279 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 1279 SSLerror(ERR_R_INTERNAL_ERROR);
1280 goto err; 1280 goto err;
1281 } 1281 }
1282 1282
1283 if (CBS_len(public) != X25519_KEY_LENGTH) { 1283 if (CBS_len(public) != X25519_KEY_LENGTH) {
1284 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT); 1284 SSLerror(SSL_R_BAD_ECPOINT);
1285 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1285 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1286 goto err; 1286 goto err;
1287 } 1287 }
1288 1288
1289 if (!CBS_stow(public, &sc->peer_x25519_tmp, &outlen)) { 1289 if (!CBS_stow(public, &sc->peer_x25519_tmp, &outlen)) {
1290 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); 1290 SSLerror(ERR_R_MALLOC_FAILURE);
1291 goto err; 1291 goto err;
1292 } 1292 }
1293 1293
@@ -1321,7 +1321,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1321 curve_type != NAMED_CURVE_TYPE || 1321 curve_type != NAMED_CURVE_TYPE ||
1322 !CBS_get_u16(&cbs, &curve_id)) { 1322 !CBS_get_u16(&cbs, &curve_id)) {
1323 al = SSL_AD_DECODE_ERROR; 1323 al = SSL_AD_DECODE_ERROR;
1324 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); 1324 SSLerror(SSL_R_LENGTH_TOO_SHORT);
1325 goto f_err; 1325 goto f_err;
1326 } 1326 }
1327 1327
@@ -1331,13 +1331,13 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1331 */ 1331 */
1332 if (tls1_check_curve(s, curve_id) != 1) { 1332 if (tls1_check_curve(s, curve_id) != 1) {
1333 al = SSL_AD_DECODE_ERROR; 1333 al = SSL_AD_DECODE_ERROR;
1334 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE); 1334 SSLerror(SSL_R_WRONG_CURVE);
1335 goto f_err; 1335 goto f_err;
1336 } 1336 }
1337 1337
1338 if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) { 1338 if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) {
1339 al = SSL_AD_INTERNAL_ERROR; 1339 al = SSL_AD_INTERNAL_ERROR;
1340 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1340 SSLerror(
1341 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); 1341 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1342 goto f_err; 1342 goto f_err;
1343 } 1343 }
@@ -1373,7 +1373,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1373 1373
1374 truncated: 1374 truncated:
1375 al = SSL_AD_DECODE_ERROR; 1375 al = SSL_AD_DECODE_ERROR;
1376 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); 1376 SSLerror(SSL_R_BAD_PACKET_LENGTH);
1377 1377
1378 f_err: 1378 f_err:
1379 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1379 ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1414,7 +1414,7 @@ ssl3_get_server_key_exchange(SSL *s)
1414 * ephemeral keys. 1414 * ephemeral keys.
1415 */ 1415 */
1416 if (alg_k & (SSL_kDHE|SSL_kECDHE)) { 1416 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
1417 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1417 SSLerror(
1418 SSL_R_UNEXPECTED_MESSAGE); 1418 SSL_R_UNEXPECTED_MESSAGE);
1419 al = SSL_AD_UNEXPECTED_MESSAGE; 1419 al = SSL_AD_UNEXPECTED_MESSAGE;
1420 goto f_err; 1420 goto f_err;
@@ -1451,7 +1451,7 @@ ssl3_get_server_key_exchange(SSL *s)
1451 goto err; 1451 goto err;
1452 } else if (alg_k != 0) { 1452 } else if (alg_k != 0) {
1453 al = SSL_AD_UNEXPECTED_MESSAGE; 1453 al = SSL_AD_UNEXPECTED_MESSAGE;
1454 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); 1454 SSLerror(SSL_R_UNEXPECTED_MESSAGE);
1455 goto f_err; 1455 goto f_err;
1456 } 1456 }
1457 1457
@@ -1463,7 +1463,7 @@ ssl3_get_server_key_exchange(SSL *s)
1463 int sigalg = tls12_get_sigid(pkey); 1463 int sigalg = tls12_get_sigid(pkey);
1464 /* Should never happen */ 1464 /* Should never happen */
1465 if (sigalg == -1) { 1465 if (sigalg == -1) {
1466 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1466 SSLerror(
1467 ERR_R_INTERNAL_ERROR); 1467 ERR_R_INTERNAL_ERROR);
1468 goto err; 1468 goto err;
1469 } 1469 }
@@ -1474,14 +1474,14 @@ ssl3_get_server_key_exchange(SSL *s)
1474 if (2 > n) 1474 if (2 > n)
1475 goto truncated; 1475 goto truncated;
1476 if (sigalg != (int)p[1]) { 1476 if (sigalg != (int)p[1]) {
1477 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1477 SSLerror(
1478 SSL_R_WRONG_SIGNATURE_TYPE); 1478 SSL_R_WRONG_SIGNATURE_TYPE);
1479 al = SSL_AD_DECODE_ERROR; 1479 al = SSL_AD_DECODE_ERROR;
1480 goto f_err; 1480 goto f_err;
1481 } 1481 }
1482 md = tls12_get_hash(p[0]); 1482 md = tls12_get_hash(p[0]);
1483 if (md == NULL) { 1483 if (md == NULL) {
1484 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1484 SSLerror(
1485 SSL_R_UNKNOWN_DIGEST); 1485 SSL_R_UNKNOWN_DIGEST);
1486 al = SSL_AD_DECODE_ERROR; 1486 al = SSL_AD_DECODE_ERROR;
1487 goto f_err; 1487 goto f_err;
@@ -1500,7 +1500,7 @@ ssl3_get_server_key_exchange(SSL *s)
1500 if (i != n || n > j) { 1500 if (i != n || n > j) {
1501 /* wrong packet length */ 1501 /* wrong packet length */
1502 al = SSL_AD_DECODE_ERROR; 1502 al = SSL_AD_DECODE_ERROR;
1503 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1503 SSLerror(
1504 SSL_R_WRONG_SIGNATURE_LENGTH); 1504 SSL_R_WRONG_SIGNATURE_LENGTH);
1505 goto f_err; 1505 goto f_err;
1506 } 1506 }
@@ -1533,14 +1533,14 @@ ssl3_get_server_key_exchange(SSL *s)
1533 p, n, pkey->pkey.rsa); 1533 p, n, pkey->pkey.rsa);
1534 if (i < 0) { 1534 if (i < 0) {
1535 al = SSL_AD_DECRYPT_ERROR; 1535 al = SSL_AD_DECRYPT_ERROR;
1536 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1536 SSLerror(
1537 SSL_R_BAD_RSA_DECRYPT); 1537 SSL_R_BAD_RSA_DECRYPT);
1538 goto f_err; 1538 goto f_err;
1539 } 1539 }
1540 if (i == 0) { 1540 if (i == 0) {
1541 /* bad signature */ 1541 /* bad signature */
1542 al = SSL_AD_DECRYPT_ERROR; 1542 al = SSL_AD_DECRYPT_ERROR;
1543 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1543 SSLerror(
1544 SSL_R_BAD_SIGNATURE); 1544 SSL_R_BAD_SIGNATURE);
1545 goto f_err; 1545 goto f_err;
1546 } 1546 }
@@ -1554,7 +1554,7 @@ ssl3_get_server_key_exchange(SSL *s)
1554 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) { 1554 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) {
1555 /* bad signature */ 1555 /* bad signature */
1556 al = SSL_AD_DECRYPT_ERROR; 1556 al = SSL_AD_DECRYPT_ERROR;
1557 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1557 SSLerror(
1558 SSL_R_BAD_SIGNATURE); 1558 SSL_R_BAD_SIGNATURE);
1559 goto f_err; 1559 goto f_err;
1560 } 1560 }
@@ -1562,14 +1562,14 @@ ssl3_get_server_key_exchange(SSL *s)
1562 } else { 1562 } else {
1563 /* aNULL does not need public keys. */ 1563 /* aNULL does not need public keys. */
1564 if (!(alg_a & SSL_aNULL)) { 1564 if (!(alg_a & SSL_aNULL)) {
1565 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1565 SSLerror(
1566 ERR_R_INTERNAL_ERROR); 1566 ERR_R_INTERNAL_ERROR);
1567 goto err; 1567 goto err;
1568 } 1568 }
1569 /* still data left over */ 1569 /* still data left over */
1570 if (n != 0) { 1570 if (n != 0) {
1571 al = SSL_AD_DECODE_ERROR; 1571 al = SSL_AD_DECODE_ERROR;
1572 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1572 SSLerror(
1573 SSL_R_EXTRA_DATA_IN_MESSAGE); 1573 SSL_R_EXTRA_DATA_IN_MESSAGE);
1574 goto f_err; 1574 goto f_err;
1575 } 1575 }
@@ -1583,7 +1583,7 @@ ssl3_get_server_key_exchange(SSL *s)
1583 truncated: 1583 truncated:
1584 /* wrong packet length */ 1584 /* wrong packet length */
1585 al = SSL_AD_DECODE_ERROR; 1585 al = SSL_AD_DECODE_ERROR;
1586 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); 1586 SSLerror(SSL_R_BAD_PACKET_LENGTH);
1587 1587
1588 f_err: 1588 f_err:
1589 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1589 ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1630,7 +1630,7 @@ ssl3_get_certificate_request(SSL *s)
1630 1630
1631 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { 1631 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
1632 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1632 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1633 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1633 SSLerror(
1634 SSL_R_WRONG_MESSAGE_TYPE); 1634 SSL_R_WRONG_MESSAGE_TYPE);
1635 goto err; 1635 goto err;
1636 } 1636 }
@@ -1638,7 +1638,7 @@ ssl3_get_certificate_request(SSL *s)
1638 /* TLS does not like anon-DH with client cert */ 1638 /* TLS does not like anon-DH with client cert */
1639 if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) { 1639 if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
1640 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1640 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1641 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1641 SSLerror(
1642 SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); 1642 SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1643 goto err; 1643 goto err;
1644 } 1644 }
@@ -1648,7 +1648,7 @@ ssl3_get_certificate_request(SSL *s)
1648 CBS_init(&cert_request, s->internal->init_msg, n); 1648 CBS_init(&cert_request, s->internal->init_msg, n);
1649 1649
1650 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { 1650 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
1651 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1651 SSLerror(
1652 ERR_R_MALLOC_FAILURE); 1652 ERR_R_MALLOC_FAILURE);
1653 goto err; 1653 goto err;
1654 } 1654 }
@@ -1662,7 +1662,7 @@ ssl3_get_certificate_request(SSL *s)
1662 if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) || 1662 if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) ||
1663 !CBS_write_bytes(&ctypes, (uint8_t *)S3I(s)->tmp.ctype, 1663 !CBS_write_bytes(&ctypes, (uint8_t *)S3I(s)->tmp.ctype,
1664 sizeof(S3I(s)->tmp.ctype), NULL)) { 1664 sizeof(S3I(s)->tmp.ctype), NULL)) {
1665 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1665 SSLerror(
1666 SSL_R_DATA_LENGTH_TOO_LONG); 1666 SSL_R_DATA_LENGTH_TOO_LONG);
1667 goto err; 1667 goto err;
1668 } 1668 }
@@ -1671,7 +1671,7 @@ ssl3_get_certificate_request(SSL *s)
1671 CBS sigalgs; 1671 CBS sigalgs;
1672 1672
1673 if (CBS_len(&cert_request) < 2) { 1673 if (CBS_len(&cert_request) < 2) {
1674 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1674 SSLerror(
1675 SSL_R_DATA_LENGTH_TOO_LONG); 1675 SSL_R_DATA_LENGTH_TOO_LONG);
1676 goto err; 1676 goto err;
1677 } 1677 }
@@ -1681,7 +1681,7 @@ ssl3_get_certificate_request(SSL *s)
1681 */ 1681 */
1682 if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) { 1682 if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) {
1683 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1683 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1684 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1684 SSLerror(
1685 SSL_R_DATA_LENGTH_TOO_LONG); 1685 SSL_R_DATA_LENGTH_TOO_LONG);
1686 goto err; 1686 goto err;
1687 } 1687 }
@@ -1689,7 +1689,7 @@ ssl3_get_certificate_request(SSL *s)
1689 !tls1_process_sigalgs(s, CBS_data(&sigalgs), 1689 !tls1_process_sigalgs(s, CBS_data(&sigalgs),
1690 CBS_len(&sigalgs))) { 1690 CBS_len(&sigalgs))) {
1691 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1691 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1692 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1692 SSLerror(
1693 SSL_R_SIGNATURE_ALGORITHMS_ERROR); 1693 SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1694 goto err; 1694 goto err;
1695 } 1695 }
@@ -1697,7 +1697,7 @@ ssl3_get_certificate_request(SSL *s)
1697 1697
1698 /* get the CA RDNs */ 1698 /* get the CA RDNs */
1699 if (CBS_len(&cert_request) < 2) { 1699 if (CBS_len(&cert_request) < 2) {
1700 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1700 SSLerror(
1701 SSL_R_DATA_LENGTH_TOO_LONG); 1701 SSL_R_DATA_LENGTH_TOO_LONG);
1702 goto err; 1702 goto err;
1703 } 1703 }
@@ -1705,7 +1705,7 @@ ssl3_get_certificate_request(SSL *s)
1705 if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) || 1705 if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) ||
1706 CBS_len(&cert_request) != 0) { 1706 CBS_len(&cert_request) != 0) {
1707 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1707 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1708 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1708 SSLerror(
1709 SSL_R_LENGTH_MISMATCH); 1709 SSL_R_LENGTH_MISMATCH);
1710 goto err; 1710 goto err;
1711 } 1711 }
@@ -1714,14 +1714,14 @@ ssl3_get_certificate_request(SSL *s)
1714 CBS rdn; 1714 CBS rdn;
1715 1715
1716 if (CBS_len(&rdn_list) < 2) { 1716 if (CBS_len(&rdn_list) < 2) {
1717 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1717 SSLerror(
1718 SSL_R_DATA_LENGTH_TOO_LONG); 1718 SSL_R_DATA_LENGTH_TOO_LONG);
1719 goto err; 1719 goto err;
1720 } 1720 }
1721 1721
1722 if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) { 1722 if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) {
1723 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1723 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1724 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1724 SSLerror(
1725 SSL_R_CA_DN_TOO_LONG); 1725 SSL_R_CA_DN_TOO_LONG);
1726 goto err; 1726 goto err;
1727 } 1727 }
@@ -1730,19 +1730,19 @@ ssl3_get_certificate_request(SSL *s)
1730 if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) { 1730 if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) {
1731 ssl3_send_alert(s, SSL3_AL_FATAL, 1731 ssl3_send_alert(s, SSL3_AL_FATAL,
1732 SSL_AD_DECODE_ERROR); 1732 SSL_AD_DECODE_ERROR);
1733 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1733 SSLerror(
1734 ERR_R_ASN1_LIB); 1734 ERR_R_ASN1_LIB);
1735 goto err; 1735 goto err;
1736 } 1736 }
1737 1737
1738 if (q != CBS_data(&rdn) + CBS_len(&rdn)) { 1738 if (q != CBS_data(&rdn) + CBS_len(&rdn)) {
1739 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1739 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1740 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1740 SSLerror(
1741 SSL_R_CA_DN_LENGTH_MISMATCH); 1741 SSL_R_CA_DN_LENGTH_MISMATCH);
1742 goto err; 1742 goto err;
1743 } 1743 }
1744 if (!sk_X509_NAME_push(ca_sk, xn)) { 1744 if (!sk_X509_NAME_push(ca_sk, xn)) {
1745 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1745 SSLerror(
1746 ERR_R_MALLOC_FAILURE); 1746 ERR_R_MALLOC_FAILURE);
1747 goto err; 1747 goto err;
1748 } 1748 }
@@ -1759,7 +1759,7 @@ ssl3_get_certificate_request(SSL *s)
1759 ret = 1; 1759 ret = 1;
1760 if (0) { 1760 if (0) {
1761truncated: 1761truncated:
1762 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, 1762 SSLerror(
1763 SSL_R_BAD_PACKET_LENGTH); 1763 SSL_R_BAD_PACKET_LENGTH);
1764 } 1764 }
1765err: 1765err:
@@ -1793,14 +1793,14 @@ ssl3_get_new_session_ticket(SSL *s)
1793 } 1793 }
1794 if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { 1794 if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
1795 al = SSL_AD_UNEXPECTED_MESSAGE; 1795 al = SSL_AD_UNEXPECTED_MESSAGE;
1796 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, 1796 SSLerror(
1797 SSL_R_BAD_MESSAGE_TYPE); 1797 SSL_R_BAD_MESSAGE_TYPE);
1798 goto f_err; 1798 goto f_err;
1799 } 1799 }
1800 1800
1801 if (n < 0) { 1801 if (n < 0) {
1802 al = SSL_AD_DECODE_ERROR; 1802 al = SSL_AD_DECODE_ERROR;
1803 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, 1803 SSLerror(
1804 SSL_R_LENGTH_MISMATCH); 1804 SSL_R_LENGTH_MISMATCH);
1805 goto f_err; 1805 goto f_err;
1806 } 1806 }
@@ -1813,7 +1813,7 @@ ssl3_get_new_session_ticket(SSL *s)
1813 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) || 1813 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) ||
1814 CBS_len(&cbs) != 0) { 1814 CBS_len(&cbs) != 0) {
1815 al = SSL_AD_DECODE_ERROR; 1815 al = SSL_AD_DECODE_ERROR;
1816 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, 1816 SSLerror(
1817 SSL_R_LENGTH_MISMATCH); 1817 SSL_R_LENGTH_MISMATCH);
1818 goto f_err; 1818 goto f_err;
1819 } 1819 }
@@ -1821,7 +1821,7 @@ ssl3_get_new_session_ticket(SSL *s)
1821 1821
1822 if (!CBS_stow(&session_ticket, &s->session->tlsext_tick, 1822 if (!CBS_stow(&session_ticket, &s->session->tlsext_tick,
1823 &s->session->tlsext_ticklen)) { 1823 &s->session->tlsext_ticklen)) {
1824 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, 1824 SSLerror(
1825 ERR_R_MALLOC_FAILURE); 1825 ERR_R_MALLOC_FAILURE);
1826 goto err; 1826 goto err;
1827 } 1827 }
@@ -1872,7 +1872,7 @@ ssl3_get_cert_status(SSL *s)
1872 if (n < 0) { 1872 if (n < 0) {
1873 /* need at least status type + length */ 1873 /* need at least status type + length */
1874 al = SSL_AD_DECODE_ERROR; 1874 al = SSL_AD_DECODE_ERROR;
1875 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, 1875 SSLerror(
1876 SSL_R_LENGTH_MISMATCH); 1876 SSL_R_LENGTH_MISMATCH);
1877 goto f_err; 1877 goto f_err;
1878 } 1878 }
@@ -1882,14 +1882,14 @@ ssl3_get_cert_status(SSL *s)
1882 CBS_len(&cert_status) < 3) { 1882 CBS_len(&cert_status) < 3) {
1883 /* need at least status type + length */ 1883 /* need at least status type + length */
1884 al = SSL_AD_DECODE_ERROR; 1884 al = SSL_AD_DECODE_ERROR;
1885 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, 1885 SSLerror(
1886 SSL_R_LENGTH_MISMATCH); 1886 SSL_R_LENGTH_MISMATCH);
1887 goto f_err; 1887 goto f_err;
1888 } 1888 }
1889 1889
1890 if (status_type != TLSEXT_STATUSTYPE_ocsp) { 1890 if (status_type != TLSEXT_STATUSTYPE_ocsp) {
1891 al = SSL_AD_DECODE_ERROR; 1891 al = SSL_AD_DECODE_ERROR;
1892 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, 1892 SSLerror(
1893 SSL_R_UNSUPPORTED_STATUS_TYPE); 1893 SSL_R_UNSUPPORTED_STATUS_TYPE);
1894 goto f_err; 1894 goto f_err;
1895 } 1895 }
@@ -1897,7 +1897,7 @@ ssl3_get_cert_status(SSL *s)
1897 if (!CBS_get_u24_length_prefixed(&cert_status, &response) || 1897 if (!CBS_get_u24_length_prefixed(&cert_status, &response) ||
1898 CBS_len(&cert_status) != 0) { 1898 CBS_len(&cert_status) != 0) {
1899 al = SSL_AD_DECODE_ERROR; 1899 al = SSL_AD_DECODE_ERROR;
1900 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, 1900 SSLerror(
1901 SSL_R_LENGTH_MISMATCH); 1901 SSL_R_LENGTH_MISMATCH);
1902 goto f_err; 1902 goto f_err;
1903 } 1903 }
@@ -1906,7 +1906,7 @@ ssl3_get_cert_status(SSL *s)
1906 &stow_len) || stow_len > INT_MAX) { 1906 &stow_len) || stow_len > INT_MAX) {
1907 s->internal->tlsext_ocsp_resplen = 0; 1907 s->internal->tlsext_ocsp_resplen = 0;
1908 al = SSL_AD_INTERNAL_ERROR; 1908 al = SSL_AD_INTERNAL_ERROR;
1909 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, 1909 SSLerror(
1910 ERR_R_MALLOC_FAILURE); 1910 ERR_R_MALLOC_FAILURE);
1911 goto f_err; 1911 goto f_err;
1912 } 1912 }
@@ -1918,13 +1918,13 @@ ssl3_get_cert_status(SSL *s)
1918 s->ctx->internal->tlsext_status_arg); 1918 s->ctx->internal->tlsext_status_arg);
1919 if (ret == 0) { 1919 if (ret == 0) {
1920 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 1920 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1921 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, 1921 SSLerror(
1922 SSL_R_INVALID_STATUS_RESPONSE); 1922 SSL_R_INVALID_STATUS_RESPONSE);
1923 goto f_err; 1923 goto f_err;
1924 } 1924 }
1925 if (ret < 0) { 1925 if (ret < 0) {
1926 al = SSL_AD_INTERNAL_ERROR; 1926 al = SSL_AD_INTERNAL_ERROR;
1927 SSLerr(SSL_F_SSL3_GET_CERT_STATUS, 1927 SSLerror(
1928 ERR_R_MALLOC_FAILURE); 1928 ERR_R_MALLOC_FAILURE);
1929 goto f_err; 1929 goto f_err;
1930 } 1930 }
@@ -1950,7 +1950,7 @@ ssl3_get_server_done(SSL *s)
1950 if (n > 0) { 1950 if (n > 0) {
1951 /* should contain no data */ 1951 /* should contain no data */
1952 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1952 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1953 SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); 1953 SSLerror(SSL_R_LENGTH_MISMATCH);
1954 return (-1); 1954 return (-1);
1955 } 1955 }
1956 ret = 1; 1956 ret = 1;
@@ -1974,7 +1974,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
1974 pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1974 pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1975 if (pkey == NULL || pkey->type != EVP_PKEY_RSA || 1975 if (pkey == NULL || pkey->type != EVP_PKEY_RSA ||
1976 pkey->pkey.rsa == NULL) { 1976 pkey->pkey.rsa == NULL) {
1977 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 1977 SSLerror(
1978 ERR_R_INTERNAL_ERROR); 1978 ERR_R_INTERNAL_ERROR);
1979 goto err; 1979 goto err;
1980 } 1980 }
@@ -1984,7 +1984,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
1984 arc4random_buf(&pms[2], sizeof(pms) - 2); 1984 arc4random_buf(&pms[2], sizeof(pms) - 2);
1985 1985
1986 if ((enc_pms = malloc(RSA_size(pkey->pkey.rsa))) == NULL) { 1986 if ((enc_pms = malloc(RSA_size(pkey->pkey.rsa))) == NULL) {
1987 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 1987 SSLerror(
1988 ERR_R_MALLOC_FAILURE); 1988 ERR_R_MALLOC_FAILURE);
1989 goto err; 1989 goto err;
1990 } 1990 }
@@ -1992,7 +1992,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
1992 enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, pkey->pkey.rsa, 1992 enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, pkey->pkey.rsa,
1993 RSA_PKCS1_PADDING); 1993 RSA_PKCS1_PADDING);
1994 if (enc_len <= 0) { 1994 if (enc_len <= 0) {
1995 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 1995 SSLerror(
1996 SSL_R_BAD_RSA_ENCRYPT); 1996 SSL_R_BAD_RSA_ENCRYPT);
1997 goto err; 1997 goto err;
1998 } 1998 }
@@ -2031,7 +2031,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2031 /* Ensure that we have an ephemeral key for DHE. */ 2031 /* Ensure that we have an ephemeral key for DHE. */
2032 if (sess_cert->peer_dh_tmp == NULL) { 2032 if (sess_cert->peer_dh_tmp == NULL) {
2033 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2033 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2034 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2034 SSLerror(
2035 SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); 2035 SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
2036 goto err; 2036 goto err;
2037 } 2037 }
@@ -2039,22 +2039,22 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2039 2039
2040 /* Generate a new random key. */ 2040 /* Generate a new random key. */
2041 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { 2041 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
2042 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 2042 SSLerror(ERR_R_DH_LIB);
2043 goto err; 2043 goto err;
2044 } 2044 }
2045 if (!DH_generate_key(dh_clnt)) { 2045 if (!DH_generate_key(dh_clnt)) {
2046 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 2046 SSLerror(ERR_R_DH_LIB);
2047 goto err; 2047 goto err;
2048 } 2048 }
2049 key_size = DH_size(dh_clnt); 2049 key_size = DH_size(dh_clnt);
2050 if ((key = malloc(key_size)) == NULL) { 2050 if ((key = malloc(key_size)) == NULL) {
2051 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2051 SSLerror(
2052 ERR_R_MALLOC_FAILURE); 2052 ERR_R_MALLOC_FAILURE);
2053 goto err; 2053 goto err;
2054 } 2054 }
2055 key_len = DH_compute_key(key, dh_srvr->pub_key, dh_clnt); 2055 key_len = DH_compute_key(key, dh_srvr->pub_key, dh_clnt);
2056 if (key_len <= 0) { 2056 if (key_len <= 0) {
2057 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 2057 SSLerror(ERR_R_DH_LIB);
2058 goto err; 2058 goto err;
2059 } 2059 }
2060 2060
@@ -2098,38 +2098,38 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
2098 2098
2099 if ((group = EC_KEY_get0_group(sc->peer_ecdh_tmp)) == NULL || 2099 if ((group = EC_KEY_get0_group(sc->peer_ecdh_tmp)) == NULL ||
2100 (point = EC_KEY_get0_public_key(sc->peer_ecdh_tmp)) == NULL) { 2100 (point = EC_KEY_get0_public_key(sc->peer_ecdh_tmp)) == NULL) {
2101 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2101 SSLerror(
2102 ERR_R_INTERNAL_ERROR); 2102 ERR_R_INTERNAL_ERROR);
2103 goto err; 2103 goto err;
2104 } 2104 }
2105 2105
2106 if ((ecdh = EC_KEY_new()) == NULL) { 2106 if ((ecdh = EC_KEY_new()) == NULL) {
2107 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2107 SSLerror(
2108 ERR_R_MALLOC_FAILURE); 2108 ERR_R_MALLOC_FAILURE);
2109 goto err; 2109 goto err;
2110 } 2110 }
2111 2111
2112 if (!EC_KEY_set_group(ecdh, group)) { 2112 if (!EC_KEY_set_group(ecdh, group)) {
2113 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); 2113 SSLerror(ERR_R_EC_LIB);
2114 goto err; 2114 goto err;
2115 } 2115 }
2116 2116
2117 /* Generate a new ECDH key pair. */ 2117 /* Generate a new ECDH key pair. */
2118 if (!(EC_KEY_generate_key(ecdh))) { 2118 if (!(EC_KEY_generate_key(ecdh))) {
2119 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 2119 SSLerror(ERR_R_ECDH_LIB);
2120 goto err; 2120 goto err;
2121 } 2121 }
2122 if ((key_size = ECDH_size(ecdh)) <= 0) { 2122 if ((key_size = ECDH_size(ecdh)) <= 0) {
2123 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 2123 SSLerror(ERR_R_ECDH_LIB);
2124 goto err; 2124 goto err;
2125 } 2125 }
2126 if ((key = malloc(key_size)) == NULL) { 2126 if ((key = malloc(key_size)) == NULL) {
2127 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2127 SSLerror(
2128 ERR_R_MALLOC_FAILURE); 2128 ERR_R_MALLOC_FAILURE);
2129 } 2129 }
2130 key_len = ECDH_compute_key(key, key_size, point, ecdh, NULL); 2130 key_len = ECDH_compute_key(key, key_size, point, ecdh, NULL);
2131 if (key_len <= 0) { 2131 if (key_len <= 0) {
2132 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 2132 SSLerror(ERR_R_ECDH_LIB);
2133 goto err; 2133 goto err;
2134 } 2134 }
2135 2135
@@ -2141,12 +2141,12 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
2141 encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh), 2141 encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
2142 POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL); 2142 POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
2143 if (encoded_len == 0) { 2143 if (encoded_len == 0) {
2144 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); 2144 SSLerror(ERR_R_ECDH_LIB);
2145 goto err; 2145 goto err;
2146 } 2146 }
2147 2147
2148 if ((bn_ctx = BN_CTX_new()) == NULL) { 2148 if ((bn_ctx = BN_CTX_new()) == NULL) {
2149 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2149 SSLerror(
2150 ERR_R_MALLOC_FAILURE); 2150 ERR_R_MALLOC_FAILURE);
2151 goto err; 2151 goto err;
2152 } 2152 }
@@ -2233,7 +2233,7 @@ ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sc, CBB *cbb)
2233 goto err; 2233 goto err;
2234 } else { 2234 } else {
2235 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2235 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2236 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2236 SSLerror(
2237 ERR_R_INTERNAL_ERROR); 2237 ERR_R_INTERNAL_ERROR);
2238 goto err; 2238 goto err;
2239 } 2239 }
@@ -2261,7 +2261,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2261 /* Get server sertificate PKEY and create ctx from it */ 2261 /* Get server sertificate PKEY and create ctx from it */
2262 peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509; 2262 peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509;
2263 if (peer_cert == NULL) { 2263 if (peer_cert == NULL) {
2264 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2264 SSLerror(
2265 SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); 2265 SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2266 goto err; 2266 goto err;
2267 } 2267 }
@@ -2298,7 +2298,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2298 */ 2298 */
2299 ukm_hash = EVP_MD_CTX_create(); 2299 ukm_hash = EVP_MD_CTX_create();
2300 if (ukm_hash == NULL) { 2300 if (ukm_hash == NULL) {
2301 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2301 SSLerror(
2302 ERR_R_MALLOC_FAILURE); 2302 ERR_R_MALLOC_FAILURE);
2303 goto err; 2303 goto err;
2304 } 2304 }
@@ -2315,7 +2315,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2315 EVP_MD_CTX_destroy(ukm_hash); 2315 EVP_MD_CTX_destroy(ukm_hash);
2316 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, 2316 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
2317 EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) { 2317 EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
2318 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG); 2318 SSLerror(SSL_R_LIBRARY_BUG);
2319 goto err; 2319 goto err;
2320 } 2320 }
2321 2321
@@ -2325,7 +2325,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2325 msglen = 255; 2325 msglen = 255;
2326 if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 2326 if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret,
2327 32) < 0) { 2327 32) < 0) {
2328 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG); 2328 SSLerror(SSL_R_LIBRARY_BUG);
2329 goto err; 2329 goto err;
2330 } 2330 }
2331 2331
@@ -2371,7 +2371,7 @@ ssl3_send_client_key_exchange(SSL *s)
2371 if ((sess_cert = SSI(s)->sess_cert) == NULL) { 2371 if ((sess_cert = SSI(s)->sess_cert) == NULL) {
2372 ssl3_send_alert(s, SSL3_AL_FATAL, 2372 ssl3_send_alert(s, SSL3_AL_FATAL,
2373 SSL_AD_UNEXPECTED_MESSAGE); 2373 SSL_AD_UNEXPECTED_MESSAGE);
2374 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2374 SSLerror(
2375 ERR_R_INTERNAL_ERROR); 2375 ERR_R_INTERNAL_ERROR);
2376 goto err; 2376 goto err;
2377 } 2377 }
@@ -2395,7 +2395,7 @@ ssl3_send_client_key_exchange(SSL *s)
2395 } else { 2395 } else {
2396 ssl3_send_alert(s, SSL3_AL_FATAL, 2396 ssl3_send_alert(s, SSL3_AL_FATAL,
2397 SSL_AD_HANDSHAKE_FAILURE); 2397 SSL_AD_HANDSHAKE_FAILURE);
2398 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2398 SSLerror(
2399 ERR_R_INTERNAL_ERROR); 2399 ERR_R_INTERNAL_ERROR);
2400 goto err; 2400 goto err;
2401 } 2401 }
@@ -2458,7 +2458,7 @@ ssl3_send_client_verify(SSL *s)
2458 &hdata); 2458 &hdata);
2459 if (hdatalen <= 0 || 2459 if (hdatalen <= 0 ||
2460 !tls12_get_sigandhash(p, pkey, md)) { 2460 !tls12_get_sigandhash(p, pkey, md)) {
2461 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2461 SSLerror(
2462 ERR_R_INTERNAL_ERROR); 2462 ERR_R_INTERNAL_ERROR);
2463 goto err; 2463 goto err;
2464 } 2464 }
@@ -2466,7 +2466,7 @@ ssl3_send_client_verify(SSL *s)
2466 if (!EVP_SignInit_ex(&mctx, md, NULL) || 2466 if (!EVP_SignInit_ex(&mctx, md, NULL) ||
2467 !EVP_SignUpdate(&mctx, hdata, hdatalen) || 2467 !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
2468 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { 2468 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
2469 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2469 SSLerror(
2470 ERR_R_EVP_LIB); 2470 ERR_R_EVP_LIB);
2471 goto err; 2471 goto err;
2472 } 2472 }
@@ -2480,7 +2480,7 @@ ssl3_send_client_verify(SSL *s)
2480 if (RSA_sign(NID_md5_sha1, data, 2480 if (RSA_sign(NID_md5_sha1, data,
2481 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]), 2481 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
2482 &u, pkey->pkey.rsa) <= 0 ) { 2482 &u, pkey->pkey.rsa) <= 0 ) {
2483 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2483 SSLerror(
2484 ERR_R_RSA_LIB); 2484 ERR_R_RSA_LIB);
2485 goto err; 2485 goto err;
2486 } 2486 }
@@ -2491,7 +2491,7 @@ ssl3_send_client_verify(SSL *s)
2491 &(data[MD5_DIGEST_LENGTH]), 2491 &(data[MD5_DIGEST_LENGTH]),
2492 SHA_DIGEST_LENGTH, &(p[2]), 2492 SHA_DIGEST_LENGTH, &(p[2]),
2493 (unsigned int *)&j, pkey->pkey.dsa)) { 2493 (unsigned int *)&j, pkey->pkey.dsa)) {
2494 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2494 SSLerror(
2495 ERR_R_DSA_LIB); 2495 ERR_R_DSA_LIB);
2496 goto err; 2496 goto err;
2497 } 2497 }
@@ -2502,7 +2502,7 @@ ssl3_send_client_verify(SSL *s)
2502 &(data[MD5_DIGEST_LENGTH]), 2502 &(data[MD5_DIGEST_LENGTH]),
2503 SHA_DIGEST_LENGTH, &(p[2]), 2503 SHA_DIGEST_LENGTH, &(p[2]),
2504 (unsigned int *)&j, pkey->pkey.ec)) { 2504 (unsigned int *)&j, pkey->pkey.ec)) {
2505 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2505 SSLerror(
2506 ERR_R_ECDSA_LIB); 2506 ERR_R_ECDSA_LIB);
2507 goto err; 2507 goto err;
2508 } 2508 }
@@ -2520,13 +2520,13 @@ ssl3_send_client_verify(SSL *s)
2520 2520
2521 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); 2521 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
2522 if (hdatalen <= 0) { 2522 if (hdatalen <= 0) {
2523 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2523 SSLerror(
2524 ERR_R_INTERNAL_ERROR); 2524 ERR_R_INTERNAL_ERROR);
2525 goto err; 2525 goto err;
2526 } 2526 }
2527 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || 2527 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
2528 !(md = EVP_get_digestbynid(nid))) { 2528 !(md = EVP_get_digestbynid(nid))) {
2529 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2529 SSLerror(
2530 ERR_R_EVP_LIB); 2530 ERR_R_EVP_LIB);
2531 goto err; 2531 goto err;
2532 } 2532 }
@@ -2540,7 +2540,7 @@ ssl3_send_client_verify(SSL *s)
2540 NULL) <= 0) || 2540 NULL) <= 0) ||
2541 (EVP_PKEY_sign(pctx, &(p[2]), &sigsize, 2541 (EVP_PKEY_sign(pctx, &(p[2]), &sigsize,
2542 signbuf, u) <= 0)) { 2542 signbuf, u) <= 0)) {
2543 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2543 SSLerror(
2544 ERR_R_EVP_LIB); 2544 ERR_R_EVP_LIB);
2545 goto err; 2545 goto err;
2546 } 2546 }
@@ -2551,7 +2551,7 @@ ssl3_send_client_verify(SSL *s)
2551 n = j + 2; 2551 n = j + 2;
2552#endif 2552#endif
2553 } else { 2553 } else {
2554 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, 2554 SSLerror(
2555 ERR_R_INTERNAL_ERROR); 2555 ERR_R_INTERNAL_ERROR);
2556 goto err; 2556 goto err;
2557 } 2557 }
@@ -2610,7 +2610,7 @@ ssl3_send_client_certificate(SSL *s)
2610 i = 0; 2610 i = 0;
2611 } else if (i == 1) { 2611 } else if (i == 1) {
2612 i = 0; 2612 i = 0;
2613 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, 2613 SSLerror(
2614 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); 2614 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2615 } 2615 }
2616 2616
@@ -2665,7 +2665,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2665 2665
2666 sc = SSI(s)->sess_cert; 2666 sc = SSI(s)->sess_cert;
2667 if (sc == NULL) { 2667 if (sc == NULL) {
2668 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2668 SSLerror(
2669 ERR_R_INTERNAL_ERROR); 2669 ERR_R_INTERNAL_ERROR);
2670 goto err; 2670 goto err;
2671 } 2671 }
@@ -2678,7 +2678,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2678 if (ssl_check_srvr_ecc_cert_and_alg( 2678 if (ssl_check_srvr_ecc_cert_and_alg(
2679 sc->peer_pkeys[idx].x509, s) == 0) { 2679 sc->peer_pkeys[idx].x509, s) == 0) {
2680 /* check failed */ 2680 /* check failed */
2681 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2681 SSLerror(
2682 SSL_R_BAD_ECC_CERT); 2682 SSL_R_BAD_ECC_CERT);
2683 goto f_err; 2683 goto f_err;
2684 } else { 2684 } else {
@@ -2691,24 +2691,24 @@ ssl3_check_cert_and_algorithm(SSL *s)
2691 2691
2692 /* Check that we have a certificate if we require one. */ 2692 /* Check that we have a certificate if we require one. */
2693 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { 2693 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
2694 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2694 SSLerror(
2695 SSL_R_MISSING_RSA_SIGNING_CERT); 2695 SSL_R_MISSING_RSA_SIGNING_CERT);
2696 goto f_err; 2696 goto f_err;
2697 } else if ((alg_a & SSL_aDSS) && 2697 } else if ((alg_a & SSL_aDSS) &&
2698 !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { 2698 !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
2699 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2699 SSLerror(
2700 SSL_R_MISSING_DSA_SIGNING_CERT); 2700 SSL_R_MISSING_DSA_SIGNING_CERT);
2701 goto f_err; 2701 goto f_err;
2702 } 2702 }
2703 if ((alg_k & SSL_kRSA) && 2703 if ((alg_k & SSL_kRSA) &&
2704 !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) { 2704 !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
2705 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2705 SSLerror(
2706 SSL_R_MISSING_RSA_ENCRYPTING_CERT); 2706 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2707 goto f_err; 2707 goto f_err;
2708 } 2708 }
2709 if ((alg_k & SSL_kDHE) && 2709 if ((alg_k & SSL_kDHE) &&
2710 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { 2710 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
2711 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2711 SSLerror(
2712 SSL_R_MISSING_DH_KEY); 2712 SSL_R_MISSING_DH_KEY);
2713 goto f_err; 2713 goto f_err;
2714 } 2714 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-07 21:53:05 +0000