summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')
-rw-r--r--src/lib/libssl/ssl_clnt.c287
1 files changed, 96 insertions, 191 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index c8d4aca1c3..6f2edf5d90 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.3 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.4 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -211,8 +211,7 @@ ssl3_connect(SSL *s)
211 cb(s, SSL_CB_HANDSHAKE_START, 1); 211 cb(s, SSL_CB_HANDSHAKE_START, 1);
212 212
213 if ((s->version & 0xff00 ) != 0x0300) { 213 if ((s->version & 0xff00 ) != 0x0300) {
214 SSLerror( 214 SSLerror(ERR_R_INTERNAL_ERROR);
215 ERR_R_INTERNAL_ERROR);
216 ret = -1; 215 ret = -1;
217 goto end; 216 goto end;
218 } 217 }
@@ -551,8 +550,7 @@ ssl3_connect(SSL *s)
551 /* break; */ 550 /* break; */
552 551
553 default: 552 default:
554 SSLerror( 553 SSLerror(SSL_R_UNKNOWN_STATE);
555 SSL_R_UNKNOWN_STATE);
556 ret = -1; 554 ret = -1;
557 goto end; 555 goto end;
558 /* break; */ 556 /* break; */
@@ -597,8 +595,7 @@ ssl3_client_hello(SSL *s)
597 SSL_SESSION *sess = s->session; 595 SSL_SESSION *sess = s->session;
598 596
599 if (ssl_supported_version_range(s, NULL, &max_version) != 1) { 597 if (ssl_supported_version_range(s, NULL, &max_version) != 1) {
600 SSLerror( 598 SSLerror(SSL_R_NO_PROTOCOLS_AVAILABLE);
601 SSL_R_NO_PROTOCOLS_AVAILABLE);
602 return (-1); 599 return (-1);
603 } 600 }
604 s->client_version = s->version = max_version; 601 s->client_version = s->version = max_version;
@@ -668,8 +665,7 @@ ssl3_client_hello(SSL *s)
668 *(p++) = i; 665 *(p++) = i;
669 if (i != 0) { 666 if (i != 0) {
670 if (i > (int)sizeof(s->session->session_id)) { 667 if (i > (int)sizeof(s->session->session_id)) {
671 SSLerror( 668 SSLerror(ERR_R_INTERNAL_ERROR);
672 ERR_R_INTERNAL_ERROR);
673 goto err; 669 goto err;
674 } 670 }
675 memcpy(p, s->session->session_id, i); 671 memcpy(p, s->session->session_id, i);
@@ -679,8 +675,7 @@ ssl3_client_hello(SSL *s)
679 /* DTLS Cookie. */ 675 /* DTLS Cookie. */
680 if (SSL_IS_DTLS(s)) { 676 if (SSL_IS_DTLS(s)) {
681 if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) { 677 if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) {
682 SSLerror( 678 SSLerror(ERR_R_INTERNAL_ERROR);
683 ERR_R_INTERNAL_ERROR);
684 goto err; 679 goto err;
685 } 680 }
686 *(p++) = D1I(s)->cookie_len; 681 *(p++) = D1I(s)->cookie_len;
@@ -693,8 +688,7 @@ ssl3_client_hello(SSL *s)
693 bufend - &p[2], &outlen)) 688 bufend - &p[2], &outlen))
694 goto err; 689 goto err;
695 if (outlen == 0) { 690 if (outlen == 0) {
696 SSLerror( 691 SSLerror(SSL_R_NO_CIPHERS_AVAILABLE);
697 SSL_R_NO_CIPHERS_AVAILABLE);
698 goto err; 692 goto err;
699 } 693 }
700 s2n(outlen, p); 694 s2n(outlen, p);
@@ -706,8 +700,7 @@ ssl3_client_hello(SSL *s)
706 700
707 /* TLS extensions*/ 701 /* TLS extensions*/
708 if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) { 702 if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
709 SSLerror( 703 SSLerror(ERR_R_INTERNAL_ERROR);
710 ERR_R_INTERNAL_ERROR);
711 goto err; 704 goto err;
712 } 705 }
713 706
@@ -759,8 +752,7 @@ ssl3_get_server_hello(SSL *s)
759 } else { 752 } else {
760 /* Already sent a cookie. */ 753 /* Already sent a cookie. */
761 al = SSL_AD_UNEXPECTED_MESSAGE; 754 al = SSL_AD_UNEXPECTED_MESSAGE;
762 SSLerror( 755 SSLerror(SSL_R_BAD_MESSAGE_TYPE);
763 SSL_R_BAD_MESSAGE_TYPE);
764 goto f_err; 756 goto f_err;
765 } 757 }
766 } 758 }
@@ -768,8 +760,7 @@ ssl3_get_server_hello(SSL *s)
768 760
769 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) { 761 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {
770 al = SSL_AD_UNEXPECTED_MESSAGE; 762 al = SSL_AD_UNEXPECTED_MESSAGE;
771 SSLerror( 763 SSLerror(SSL_R_BAD_MESSAGE_TYPE);
772 SSL_R_BAD_MESSAGE_TYPE);
773 goto f_err; 764 goto f_err;
774 } 765 }
775 766
@@ -777,8 +768,7 @@ ssl3_get_server_hello(SSL *s)
777 goto truncated; 768 goto truncated;
778 769
779 if (ssl_supported_version_range(s, &min_version, &max_version) != 1) { 770 if (ssl_supported_version_range(s, &min_version, &max_version) != 1) {
780 SSLerror( 771 SSLerror(SSL_R_NO_PROTOCOLS_AVAILABLE);
781 SSL_R_NO_PROTOCOLS_AVAILABLE);
782 goto err; 772 goto err;
783 } 773 }
784 774
@@ -812,8 +802,7 @@ ssl3_get_server_hello(SSL *s)
812 if ((CBS_len(&session_id) > sizeof(s->session->session_id)) || 802 if ((CBS_len(&session_id) > sizeof(s->session->session_id)) ||
813 (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)) { 803 (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)) {
814 al = SSL_AD_ILLEGAL_PARAMETER; 804 al = SSL_AD_ILLEGAL_PARAMETER;
815 SSLerror( 805 SSLerror(SSL_R_SSL3_SESSION_ID_TOO_LONG);
816 SSL_R_SSL3_SESSION_ID_TOO_LONG);
817 goto f_err; 806 goto f_err;
818 } 807 }
819 808
@@ -845,8 +834,7 @@ ssl3_get_server_hello(SSL *s)
845 s->sid_ctx, s->sid_ctx_length) != 0) { 834 s->sid_ctx, s->sid_ctx_length) != 0) {
846 /* actually a client application bug */ 835 /* actually a client application bug */
847 al = SSL_AD_ILLEGAL_PARAMETER; 836 al = SSL_AD_ILLEGAL_PARAMETER;
848 SSLerror( 837 SSLerror(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
849 SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
850 goto f_err; 838 goto f_err;
851 } 839 }
852 s->s3->flags |= SSL3_FLAGS_CCS_OK; 840 s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -878,8 +866,7 @@ ssl3_get_server_hello(SSL *s)
878 866
879 if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) { 867 if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) {
880 al = SSL_AD_ILLEGAL_PARAMETER; 868 al = SSL_AD_ILLEGAL_PARAMETER;
881 SSLerror( 869 SSLerror(SSL_R_UNKNOWN_CIPHER_RETURNED);
882 SSL_R_UNKNOWN_CIPHER_RETURNED);
883 goto f_err; 870 goto f_err;
884 } 871 }
885 872
@@ -887,8 +874,7 @@ ssl3_get_server_hello(SSL *s)
887 if ((cipher->algorithm_ssl & SSL_TLSV1_2) && 874 if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
888 (TLS1_get_version(s) < TLS1_2_VERSION)) { 875 (TLS1_get_version(s) < TLS1_2_VERSION)) {
889 al = SSL_AD_ILLEGAL_PARAMETER; 876 al = SSL_AD_ILLEGAL_PARAMETER;
890 SSLerror( 877 SSLerror(SSL_R_WRONG_CIPHER_RETURNED);
891 SSL_R_WRONG_CIPHER_RETURNED);
892 goto f_err; 878 goto f_err;
893 } 879 }
894 880
@@ -897,8 +883,7 @@ ssl3_get_server_hello(SSL *s)
897 if (i < 0) { 883 if (i < 0) {
898 /* we did not say we would use this cipher */ 884 /* we did not say we would use this cipher */
899 al = SSL_AD_ILLEGAL_PARAMETER; 885 al = SSL_AD_ILLEGAL_PARAMETER;
900 SSLerror( 886 SSLerror(SSL_R_WRONG_CIPHER_RETURNED);
901 SSL_R_WRONG_CIPHER_RETURNED);
902 goto f_err; 887 goto f_err;
903 } 888 }
904 889
@@ -911,8 +896,7 @@ ssl3_get_server_hello(SSL *s)
911 s->session->cipher_id = s->session->cipher->id; 896 s->session->cipher_id = s->session->cipher->id;
912 if (s->internal->hit && (s->session->cipher_id != cipher->id)) { 897 if (s->internal->hit && (s->session->cipher_id != cipher->id)) {
913 al = SSL_AD_ILLEGAL_PARAMETER; 898 al = SSL_AD_ILLEGAL_PARAMETER;
914 SSLerror( 899 SSLerror(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
915 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
916 goto f_err; 900 goto f_err;
917 } 901 }
918 S3I(s)->tmp.new_cipher = cipher; 902 S3I(s)->tmp.new_cipher = cipher;
@@ -933,8 +917,7 @@ ssl3_get_server_hello(SSL *s)
933 917
934 if (compression_method != 0) { 918 if (compression_method != 0) {
935 al = SSL_AD_ILLEGAL_PARAMETER; 919 al = SSL_AD_ILLEGAL_PARAMETER;
936 SSLerror( 920 SSLerror(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
937 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
938 goto f_err; 921 goto f_err;
939 } 922 }
940 923
@@ -991,15 +974,13 @@ ssl3_get_server_certificate(SSL *s)
991 974
992 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { 975 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
993 al = SSL_AD_UNEXPECTED_MESSAGE; 976 al = SSL_AD_UNEXPECTED_MESSAGE;
994 SSLerror( 977 SSLerror(SSL_R_BAD_MESSAGE_TYPE);
995 SSL_R_BAD_MESSAGE_TYPE);
996 goto f_err; 978 goto f_err;
997 } 979 }
998 980
999 981
1000 if ((sk = sk_X509_new_null()) == NULL) { 982 if ((sk = sk_X509_new_null()) == NULL) {
1001 SSLerror( 983 SSLerror(ERR_R_MALLOC_FAILURE);
1002 ERR_R_MALLOC_FAILURE);
1003 goto err; 984 goto err;
1004 } 985 }
1005 986
@@ -1013,8 +994,7 @@ ssl3_get_server_certificate(SSL *s)
1013 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) || 994 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) ||
1014 CBS_len(&cbs) != 0) { 995 CBS_len(&cbs) != 0) {
1015 al = SSL_AD_DECODE_ERROR; 996 al = SSL_AD_DECODE_ERROR;
1016 SSLerror( 997 SSLerror(SSL_R_LENGTH_MISMATCH);
1017 SSL_R_LENGTH_MISMATCH);
1018 goto f_err; 998 goto f_err;
1019 } 999 }
1020 1000
@@ -1025,8 +1005,7 @@ ssl3_get_server_certificate(SSL *s)
1025 goto truncated; 1005 goto truncated;
1026 if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) { 1006 if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
1027 al = SSL_AD_DECODE_ERROR; 1007 al = SSL_AD_DECODE_ERROR;
1028 SSLerror( 1008 SSLerror(SSL_R_CERT_LENGTH_MISMATCH);
1029 SSL_R_CERT_LENGTH_MISMATCH);
1030 goto f_err; 1009 goto f_err;
1031 } 1010 }
1032 1011
@@ -1034,19 +1013,16 @@ ssl3_get_server_certificate(SSL *s)
1034 x = d2i_X509(NULL, &q, CBS_len(&cert)); 1013 x = d2i_X509(NULL, &q, CBS_len(&cert));
1035 if (x == NULL) { 1014 if (x == NULL) {
1036 al = SSL_AD_BAD_CERTIFICATE; 1015 al = SSL_AD_BAD_CERTIFICATE;
1037 SSLerror( 1016 SSLerror(ERR_R_ASN1_LIB);
1038 ERR_R_ASN1_LIB);
1039 goto f_err; 1017 goto f_err;
1040 } 1018 }
1041 if (q != CBS_data(&cert) + CBS_len(&cert)) { 1019 if (q != CBS_data(&cert) + CBS_len(&cert)) {
1042 al = SSL_AD_DECODE_ERROR; 1020 al = SSL_AD_DECODE_ERROR;
1043 SSLerror( 1021 SSLerror(SSL_R_CERT_LENGTH_MISMATCH);
1044 SSL_R_CERT_LENGTH_MISMATCH);
1045 goto f_err; 1022 goto f_err;
1046 } 1023 }
1047 if (!sk_X509_push(sk, x)) { 1024 if (!sk_X509_push(sk, x)) {
1048 SSLerror( 1025 SSLerror(ERR_R_MALLOC_FAILURE);
1049 ERR_R_MALLOC_FAILURE);
1050 goto err; 1026 goto err;
1051 } 1027 }
1052 x = NULL; 1028 x = NULL;
@@ -1055,8 +1031,7 @@ ssl3_get_server_certificate(SSL *s)
1055 i = ssl_verify_cert_chain(s, sk); 1031 i = ssl_verify_cert_chain(s, sk);
1056 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) { 1032 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
1057 al = ssl_verify_alarm_type(s->verify_result); 1033 al = ssl_verify_alarm_type(s->verify_result);
1058 SSLerror( 1034 SSLerror(SSL_R_CERTIFICATE_VERIFY_FAILED);
1059 SSL_R_CERTIFICATE_VERIFY_FAILED);
1060 goto f_err; 1035 goto f_err;
1061 1036
1062 } 1037 }
@@ -1082,8 +1057,7 @@ ssl3_get_server_certificate(SSL *s)
1082 if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { 1057 if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
1083 x = NULL; 1058 x = NULL;
1084 al = SSL3_AL_FATAL; 1059 al = SSL3_AL_FATAL;
1085 SSLerror( 1060 SSLerror(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1086 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1087 goto f_err; 1061 goto f_err;
1088 } 1062 }
1089 1063
@@ -1091,8 +1065,7 @@ ssl3_get_server_certificate(SSL *s)
1091 if (i < 0) { 1065 if (i < 0) {
1092 x = NULL; 1066 x = NULL;
1093 al = SSL3_AL_FATAL; 1067 al = SSL3_AL_FATAL;
1094 SSLerror( 1068 SSLerror(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1095 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1096 goto f_err; 1069 goto f_err;
1097 } 1070 }
1098 1071
@@ -1118,8 +1091,7 @@ ssl3_get_server_certificate(SSL *s)
1118truncated: 1091truncated:
1119 /* wrong packet length */ 1092 /* wrong packet length */
1120 al = SSL_AD_DECODE_ERROR; 1093 al = SSL_AD_DECODE_ERROR;
1121 SSLerror( 1094 SSLerror(SSL_R_BAD_PACKET_LENGTH);
1122 SSL_R_BAD_PACKET_LENGTH);
1123f_err: 1095f_err:
1124 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1096 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1125 } 1097 }
@@ -1337,8 +1309,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1337 1309
1338 if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) { 1310 if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) {
1339 al = SSL_AD_INTERNAL_ERROR; 1311 al = SSL_AD_INTERNAL_ERROR;
1340 SSLerror( 1312 SSLerror(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1341 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1342 goto f_err; 1313 goto f_err;
1343 } 1314 }
1344 1315
@@ -1414,8 +1385,7 @@ ssl3_get_server_key_exchange(SSL *s)
1414 * ephemeral keys. 1385 * ephemeral keys.
1415 */ 1386 */
1416 if (alg_k & (SSL_kDHE|SSL_kECDHE)) { 1387 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
1417 SSLerror( 1388 SSLerror(SSL_R_UNEXPECTED_MESSAGE);
1418 SSL_R_UNEXPECTED_MESSAGE);
1419 al = SSL_AD_UNEXPECTED_MESSAGE; 1389 al = SSL_AD_UNEXPECTED_MESSAGE;
1420 goto f_err; 1390 goto f_err;
1421 } 1391 }
@@ -1463,8 +1433,7 @@ ssl3_get_server_key_exchange(SSL *s)
1463 int sigalg = tls12_get_sigid(pkey); 1433 int sigalg = tls12_get_sigid(pkey);
1464 /* Should never happen */ 1434 /* Should never happen */
1465 if (sigalg == -1) { 1435 if (sigalg == -1) {
1466 SSLerror( 1436 SSLerror(ERR_R_INTERNAL_ERROR);
1467 ERR_R_INTERNAL_ERROR);
1468 goto err; 1437 goto err;
1469 } 1438 }
1470 /* 1439 /*
@@ -1474,15 +1443,13 @@ ssl3_get_server_key_exchange(SSL *s)
1474 if (2 > n) 1443 if (2 > n)
1475 goto truncated; 1444 goto truncated;
1476 if (sigalg != (int)p[1]) { 1445 if (sigalg != (int)p[1]) {
1477 SSLerror( 1446 SSLerror(SSL_R_WRONG_SIGNATURE_TYPE);
1478 SSL_R_WRONG_SIGNATURE_TYPE);
1479 al = SSL_AD_DECODE_ERROR; 1447 al = SSL_AD_DECODE_ERROR;
1480 goto f_err; 1448 goto f_err;
1481 } 1449 }
1482 md = tls12_get_hash(p[0]); 1450 md = tls12_get_hash(p[0]);
1483 if (md == NULL) { 1451 if (md == NULL) {
1484 SSLerror( 1452 SSLerror(SSL_R_UNKNOWN_DIGEST);
1485 SSL_R_UNKNOWN_DIGEST);
1486 al = SSL_AD_DECODE_ERROR; 1453 al = SSL_AD_DECODE_ERROR;
1487 goto f_err; 1454 goto f_err;
1488 } 1455 }
@@ -1500,8 +1467,7 @@ ssl3_get_server_key_exchange(SSL *s)
1500 if (i != n || n > j) { 1467 if (i != n || n > j) {
1501 /* wrong packet length */ 1468 /* wrong packet length */
1502 al = SSL_AD_DECODE_ERROR; 1469 al = SSL_AD_DECODE_ERROR;
1503 SSLerror( 1470 SSLerror(SSL_R_WRONG_SIGNATURE_LENGTH);
1504 SSL_R_WRONG_SIGNATURE_LENGTH);
1505 goto f_err; 1471 goto f_err;
1506 } 1472 }
1507 1473
@@ -1533,15 +1499,13 @@ ssl3_get_server_key_exchange(SSL *s)
1533 p, n, pkey->pkey.rsa); 1499 p, n, pkey->pkey.rsa);
1534 if (i < 0) { 1500 if (i < 0) {
1535 al = SSL_AD_DECRYPT_ERROR; 1501 al = SSL_AD_DECRYPT_ERROR;
1536 SSLerror( 1502 SSLerror(SSL_R_BAD_RSA_DECRYPT);
1537 SSL_R_BAD_RSA_DECRYPT);
1538 goto f_err; 1503 goto f_err;
1539 } 1504 }
1540 if (i == 0) { 1505 if (i == 0) {
1541 /* bad signature */ 1506 /* bad signature */
1542 al = SSL_AD_DECRYPT_ERROR; 1507 al = SSL_AD_DECRYPT_ERROR;
1543 SSLerror( 1508 SSLerror(SSL_R_BAD_SIGNATURE);
1544 SSL_R_BAD_SIGNATURE);
1545 goto f_err; 1509 goto f_err;
1546 } 1510 }
1547 } else { 1511 } else {
@@ -1554,23 +1518,20 @@ ssl3_get_server_key_exchange(SSL *s)
1554 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) { 1518 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) {
1555 /* bad signature */ 1519 /* bad signature */
1556 al = SSL_AD_DECRYPT_ERROR; 1520 al = SSL_AD_DECRYPT_ERROR;
1557 SSLerror( 1521 SSLerror(SSL_R_BAD_SIGNATURE);
1558 SSL_R_BAD_SIGNATURE);
1559 goto f_err; 1522 goto f_err;
1560 } 1523 }
1561 } 1524 }
1562 } else { 1525 } else {
1563 /* aNULL does not need public keys. */ 1526 /* aNULL does not need public keys. */
1564 if (!(alg_a & SSL_aNULL)) { 1527 if (!(alg_a & SSL_aNULL)) {
1565 SSLerror( 1528 SSLerror(ERR_R_INTERNAL_ERROR);
1566 ERR_R_INTERNAL_ERROR);
1567 goto err; 1529 goto err;
1568 } 1530 }
1569 /* still data left over */ 1531 /* still data left over */
1570 if (n != 0) { 1532 if (n != 0) {
1571 al = SSL_AD_DECODE_ERROR; 1533 al = SSL_AD_DECODE_ERROR;
1572 SSLerror( 1534 SSLerror(SSL_R_EXTRA_DATA_IN_MESSAGE);
1573 SSL_R_EXTRA_DATA_IN_MESSAGE);
1574 goto f_err; 1535 goto f_err;
1575 } 1536 }
1576 } 1537 }
@@ -1630,16 +1591,14 @@ ssl3_get_certificate_request(SSL *s)
1630 1591
1631 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { 1592 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
1632 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1593 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1633 SSLerror( 1594 SSLerror(SSL_R_WRONG_MESSAGE_TYPE);
1634 SSL_R_WRONG_MESSAGE_TYPE);
1635 goto err; 1595 goto err;
1636 } 1596 }
1637 1597
1638 /* TLS does not like anon-DH with client cert */ 1598 /* TLS does not like anon-DH with client cert */
1639 if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) { 1599 if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
1640 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1600 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1641 SSLerror( 1601 SSLerror(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1642 SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1643 goto err; 1602 goto err;
1644 } 1603 }
1645 1604
@@ -1648,8 +1607,7 @@ ssl3_get_certificate_request(SSL *s)
1648 CBS_init(&cert_request, s->internal->init_msg, n); 1607 CBS_init(&cert_request, s->internal->init_msg, n);
1649 1608
1650 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { 1609 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
1651 SSLerror( 1610 SSLerror(ERR_R_MALLOC_FAILURE);
1652 ERR_R_MALLOC_FAILURE);
1653 goto err; 1611 goto err;
1654 } 1612 }
1655 1613
@@ -1662,8 +1620,7 @@ ssl3_get_certificate_request(SSL *s)
1662 if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) || 1620 if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) ||
1663 !CBS_write_bytes(&ctypes, (uint8_t *)S3I(s)->tmp.ctype, 1621 !CBS_write_bytes(&ctypes, (uint8_t *)S3I(s)->tmp.ctype,
1664 sizeof(S3I(s)->tmp.ctype), NULL)) { 1622 sizeof(S3I(s)->tmp.ctype), NULL)) {
1665 SSLerror( 1623 SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
1666 SSL_R_DATA_LENGTH_TOO_LONG);
1667 goto err; 1624 goto err;
1668 } 1625 }
1669 1626
@@ -1671,8 +1628,7 @@ ssl3_get_certificate_request(SSL *s)
1671 CBS sigalgs; 1628 CBS sigalgs;
1672 1629
1673 if (CBS_len(&cert_request) < 2) { 1630 if (CBS_len(&cert_request) < 2) {
1674 SSLerror( 1631 SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
1675 SSL_R_DATA_LENGTH_TOO_LONG);
1676 goto err; 1632 goto err;
1677 } 1633 }
1678 1634
@@ -1681,32 +1637,28 @@ ssl3_get_certificate_request(SSL *s)
1681 */ 1637 */
1682 if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) { 1638 if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) {
1683 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1639 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1684 SSLerror( 1640 SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
1685 SSL_R_DATA_LENGTH_TOO_LONG);
1686 goto err; 1641 goto err;
1687 } 1642 }
1688 if ((CBS_len(&sigalgs) & 1) || 1643 if ((CBS_len(&sigalgs) & 1) ||
1689 !tls1_process_sigalgs(s, CBS_data(&sigalgs), 1644 !tls1_process_sigalgs(s, CBS_data(&sigalgs),
1690 CBS_len(&sigalgs))) { 1645 CBS_len(&sigalgs))) {
1691 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1646 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1692 SSLerror( 1647 SSLerror(SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1693 SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1694 goto err; 1648 goto err;
1695 } 1649 }
1696 } 1650 }
1697 1651
1698 /* get the CA RDNs */ 1652 /* get the CA RDNs */
1699 if (CBS_len(&cert_request) < 2) { 1653 if (CBS_len(&cert_request) < 2) {
1700 SSLerror( 1654 SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
1701 SSL_R_DATA_LENGTH_TOO_LONG);
1702 goto err; 1655 goto err;
1703 } 1656 }
1704 1657
1705 if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) || 1658 if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) ||
1706 CBS_len(&cert_request) != 0) { 1659 CBS_len(&cert_request) != 0) {
1707 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1660 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1708 SSLerror( 1661 SSLerror(SSL_R_LENGTH_MISMATCH);
1709 SSL_R_LENGTH_MISMATCH);
1710 goto err; 1662 goto err;
1711 } 1663 }
1712 1664
@@ -1714,15 +1666,13 @@ ssl3_get_certificate_request(SSL *s)
1714 CBS rdn; 1666 CBS rdn;
1715 1667
1716 if (CBS_len(&rdn_list) < 2) { 1668 if (CBS_len(&rdn_list) < 2) {
1717 SSLerror( 1669 SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
1718 SSL_R_DATA_LENGTH_TOO_LONG);
1719 goto err; 1670 goto err;
1720 } 1671 }
1721 1672
1722 if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) { 1673 if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) {
1723 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1674 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1724 SSLerror( 1675 SSLerror(SSL_R_CA_DN_TOO_LONG);
1725 SSL_R_CA_DN_TOO_LONG);
1726 goto err; 1676 goto err;
1727 } 1677 }
1728 1678
@@ -1730,20 +1680,17 @@ ssl3_get_certificate_request(SSL *s)
1730 if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) { 1680 if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) {
1731 ssl3_send_alert(s, SSL3_AL_FATAL, 1681 ssl3_send_alert(s, SSL3_AL_FATAL,
1732 SSL_AD_DECODE_ERROR); 1682 SSL_AD_DECODE_ERROR);
1733 SSLerror( 1683 SSLerror(ERR_R_ASN1_LIB);
1734 ERR_R_ASN1_LIB);
1735 goto err; 1684 goto err;
1736 } 1685 }
1737 1686
1738 if (q != CBS_data(&rdn) + CBS_len(&rdn)) { 1687 if (q != CBS_data(&rdn) + CBS_len(&rdn)) {
1739 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1688 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1740 SSLerror( 1689 SSLerror(SSL_R_CA_DN_LENGTH_MISMATCH);
1741 SSL_R_CA_DN_LENGTH_MISMATCH);
1742 goto err; 1690 goto err;
1743 } 1691 }
1744 if (!sk_X509_NAME_push(ca_sk, xn)) { 1692 if (!sk_X509_NAME_push(ca_sk, xn)) {
1745 SSLerror( 1693 SSLerror(ERR_R_MALLOC_FAILURE);
1746 ERR_R_MALLOC_FAILURE);
1747 goto err; 1694 goto err;
1748 } 1695 }
1749 xn = NULL; /* avoid free in err block */ 1696 xn = NULL; /* avoid free in err block */
@@ -1759,8 +1706,7 @@ ssl3_get_certificate_request(SSL *s)
1759 ret = 1; 1706 ret = 1;
1760 if (0) { 1707 if (0) {
1761truncated: 1708truncated:
1762 SSLerror( 1709 SSLerror(SSL_R_BAD_PACKET_LENGTH);
1763 SSL_R_BAD_PACKET_LENGTH);
1764 } 1710 }
1765err: 1711err:
1766 X509_NAME_free(xn); 1712 X509_NAME_free(xn);
@@ -1793,15 +1739,13 @@ ssl3_get_new_session_ticket(SSL *s)
1793 } 1739 }
1794 if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { 1740 if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
1795 al = SSL_AD_UNEXPECTED_MESSAGE; 1741 al = SSL_AD_UNEXPECTED_MESSAGE;
1796 SSLerror( 1742 SSLerror(SSL_R_BAD_MESSAGE_TYPE);
1797 SSL_R_BAD_MESSAGE_TYPE);
1798 goto f_err; 1743 goto f_err;
1799 } 1744 }
1800 1745
1801 if (n < 0) { 1746 if (n < 0) {
1802 al = SSL_AD_DECODE_ERROR; 1747 al = SSL_AD_DECODE_ERROR;
1803 SSLerror( 1748 SSLerror(SSL_R_LENGTH_MISMATCH);
1804 SSL_R_LENGTH_MISMATCH);
1805 goto f_err; 1749 goto f_err;
1806 } 1750 }
1807 1751
@@ -1813,16 +1757,14 @@ ssl3_get_new_session_ticket(SSL *s)
1813 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) || 1757 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) ||
1814 CBS_len(&cbs) != 0) { 1758 CBS_len(&cbs) != 0) {
1815 al = SSL_AD_DECODE_ERROR; 1759 al = SSL_AD_DECODE_ERROR;
1816 SSLerror( 1760 SSLerror(SSL_R_LENGTH_MISMATCH);
1817 SSL_R_LENGTH_MISMATCH);
1818 goto f_err; 1761 goto f_err;
1819 } 1762 }
1820 s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint; 1763 s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint;
1821 1764
1822 if (!CBS_stow(&session_ticket, &s->session->tlsext_tick, 1765 if (!CBS_stow(&session_ticket, &s->session->tlsext_tick,
1823 &s->session->tlsext_ticklen)) { 1766 &s->session->tlsext_ticklen)) {
1824 SSLerror( 1767 SSLerror(ERR_R_MALLOC_FAILURE);
1825 ERR_R_MALLOC_FAILURE);
1826 goto err; 1768 goto err;
1827 } 1769 }
1828 1770
@@ -1872,8 +1814,7 @@ ssl3_get_cert_status(SSL *s)
1872 if (n < 0) { 1814 if (n < 0) {
1873 /* need at least status type + length */ 1815 /* need at least status type + length */
1874 al = SSL_AD_DECODE_ERROR; 1816 al = SSL_AD_DECODE_ERROR;
1875 SSLerror( 1817 SSLerror(SSL_R_LENGTH_MISMATCH);
1876 SSL_R_LENGTH_MISMATCH);
1877 goto f_err; 1818 goto f_err;
1878 } 1819 }
1879 1820
@@ -1882,23 +1823,20 @@ ssl3_get_cert_status(SSL *s)
1882 CBS_len(&cert_status) < 3) { 1823 CBS_len(&cert_status) < 3) {
1883 /* need at least status type + length */ 1824 /* need at least status type + length */
1884 al = SSL_AD_DECODE_ERROR; 1825 al = SSL_AD_DECODE_ERROR;
1885 SSLerror( 1826 SSLerror(SSL_R_LENGTH_MISMATCH);
1886 SSL_R_LENGTH_MISMATCH);
1887 goto f_err; 1827 goto f_err;
1888 } 1828 }
1889 1829
1890 if (status_type != TLSEXT_STATUSTYPE_ocsp) { 1830 if (status_type != TLSEXT_STATUSTYPE_ocsp) {
1891 al = SSL_AD_DECODE_ERROR; 1831 al = SSL_AD_DECODE_ERROR;
1892 SSLerror( 1832 SSLerror(SSL_R_UNSUPPORTED_STATUS_TYPE);
1893 SSL_R_UNSUPPORTED_STATUS_TYPE);
1894 goto f_err; 1833 goto f_err;
1895 } 1834 }
1896 1835
1897 if (!CBS_get_u24_length_prefixed(&cert_status, &response) || 1836 if (!CBS_get_u24_length_prefixed(&cert_status, &response) ||
1898 CBS_len(&cert_status) != 0) { 1837 CBS_len(&cert_status) != 0) {
1899 al = SSL_AD_DECODE_ERROR; 1838 al = SSL_AD_DECODE_ERROR;
1900 SSLerror( 1839 SSLerror(SSL_R_LENGTH_MISMATCH);
1901 SSL_R_LENGTH_MISMATCH);
1902 goto f_err; 1840 goto f_err;
1903 } 1841 }
1904 1842
@@ -1906,8 +1844,7 @@ ssl3_get_cert_status(SSL *s)
1906 &stow_len) || stow_len > INT_MAX) { 1844 &stow_len) || stow_len > INT_MAX) {
1907 s->internal->tlsext_ocsp_resplen = 0; 1845 s->internal->tlsext_ocsp_resplen = 0;
1908 al = SSL_AD_INTERNAL_ERROR; 1846 al = SSL_AD_INTERNAL_ERROR;
1909 SSLerror( 1847 SSLerror(ERR_R_MALLOC_FAILURE);
1910 ERR_R_MALLOC_FAILURE);
1911 goto f_err; 1848 goto f_err;
1912 } 1849 }
1913 s->internal->tlsext_ocsp_resplen = (int)stow_len; 1850 s->internal->tlsext_ocsp_resplen = (int)stow_len;
@@ -1918,14 +1855,12 @@ ssl3_get_cert_status(SSL *s)
1918 s->ctx->internal->tlsext_status_arg); 1855 s->ctx->internal->tlsext_status_arg);
1919 if (ret == 0) { 1856 if (ret == 0) {
1920 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 1857 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1921 SSLerror( 1858 SSLerror(SSL_R_INVALID_STATUS_RESPONSE);
1922 SSL_R_INVALID_STATUS_RESPONSE);
1923 goto f_err; 1859 goto f_err;
1924 } 1860 }
1925 if (ret < 0) { 1861 if (ret < 0) {
1926 al = SSL_AD_INTERNAL_ERROR; 1862 al = SSL_AD_INTERNAL_ERROR;
1927 SSLerror( 1863 SSLerror(ERR_R_MALLOC_FAILURE);
1928 ERR_R_MALLOC_FAILURE);
1929 goto f_err; 1864 goto f_err;
1930 } 1865 }
1931 } 1866 }
@@ -1974,8 +1909,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
1974 pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1909 pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1975 if (pkey == NULL || pkey->type != EVP_PKEY_RSA || 1910 if (pkey == NULL || pkey->type != EVP_PKEY_RSA ||
1976 pkey->pkey.rsa == NULL) { 1911 pkey->pkey.rsa == NULL) {
1977 SSLerror( 1912 SSLerror(ERR_R_INTERNAL_ERROR);
1978 ERR_R_INTERNAL_ERROR);
1979 goto err; 1913 goto err;
1980 } 1914 }
1981 1915
@@ -1984,16 +1918,14 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
1984 arc4random_buf(&pms[2], sizeof(pms) - 2); 1918 arc4random_buf(&pms[2], sizeof(pms) - 2);
1985 1919
1986 if ((enc_pms = malloc(RSA_size(pkey->pkey.rsa))) == NULL) { 1920 if ((enc_pms = malloc(RSA_size(pkey->pkey.rsa))) == NULL) {
1987 SSLerror( 1921 SSLerror(ERR_R_MALLOC_FAILURE);
1988 ERR_R_MALLOC_FAILURE);
1989 goto err; 1922 goto err;
1990 } 1923 }
1991 1924
1992 enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, pkey->pkey.rsa, 1925 enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, pkey->pkey.rsa,
1993 RSA_PKCS1_PADDING); 1926 RSA_PKCS1_PADDING);
1994 if (enc_len <= 0) { 1927 if (enc_len <= 0) {
1995 SSLerror( 1928 SSLerror(SSL_R_BAD_RSA_ENCRYPT);
1996 SSL_R_BAD_RSA_ENCRYPT);
1997 goto err; 1929 goto err;
1998 } 1930 }
1999 1931
@@ -2031,8 +1963,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2031 /* Ensure that we have an ephemeral key for DHE. */ 1963 /* Ensure that we have an ephemeral key for DHE. */
2032 if (sess_cert->peer_dh_tmp == NULL) { 1964 if (sess_cert->peer_dh_tmp == NULL) {
2033 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1965 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2034 SSLerror( 1966 SSLerror(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
2035 SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
2036 goto err; 1967 goto err;
2037 } 1968 }
2038 dh_srvr = sess_cert->peer_dh_tmp; 1969 dh_srvr = sess_cert->peer_dh_tmp;
@@ -2048,8 +1979,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2048 } 1979 }
2049 key_size = DH_size(dh_clnt); 1980 key_size = DH_size(dh_clnt);
2050 if ((key = malloc(key_size)) == NULL) { 1981 if ((key = malloc(key_size)) == NULL) {
2051 SSLerror( 1982 SSLerror(ERR_R_MALLOC_FAILURE);
2052 ERR_R_MALLOC_FAILURE);
2053 goto err; 1983 goto err;
2054 } 1984 }
2055 key_len = DH_compute_key(key, dh_srvr->pub_key, dh_clnt); 1985 key_len = DH_compute_key(key, dh_srvr->pub_key, dh_clnt);
@@ -2098,14 +2028,12 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
2098 2028
2099 if ((group = EC_KEY_get0_group(sc->peer_ecdh_tmp)) == NULL || 2029 if ((group = EC_KEY_get0_group(sc->peer_ecdh_tmp)) == NULL ||
2100 (point = EC_KEY_get0_public_key(sc->peer_ecdh_tmp)) == NULL) { 2030 (point = EC_KEY_get0_public_key(sc->peer_ecdh_tmp)) == NULL) {
2101 SSLerror( 2031 SSLerror(ERR_R_INTERNAL_ERROR);
2102 ERR_R_INTERNAL_ERROR);
2103 goto err; 2032 goto err;
2104 } 2033 }
2105 2034
2106 if ((ecdh = EC_KEY_new()) == NULL) { 2035 if ((ecdh = EC_KEY_new()) == NULL) {
2107 SSLerror( 2036 SSLerror(ERR_R_MALLOC_FAILURE);
2108 ERR_R_MALLOC_FAILURE);
2109 goto err; 2037 goto err;
2110 } 2038 }
2111 2039
@@ -2124,8 +2052,7 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
2124 goto err; 2052 goto err;
2125 } 2053 }
2126 if ((key = malloc(key_size)) == NULL) { 2054 if ((key = malloc(key_size)) == NULL) {
2127 SSLerror( 2055 SSLerror(ERR_R_MALLOC_FAILURE);
2128 ERR_R_MALLOC_FAILURE);
2129 } 2056 }
2130 key_len = ECDH_compute_key(key, key_size, point, ecdh, NULL); 2057 key_len = ECDH_compute_key(key, key_size, point, ecdh, NULL);
2131 if (key_len <= 0) { 2058 if (key_len <= 0) {
@@ -2146,8 +2073,7 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
2146 } 2073 }
2147 2074
2148 if ((bn_ctx = BN_CTX_new()) == NULL) { 2075 if ((bn_ctx = BN_CTX_new()) == NULL) {
2149 SSLerror( 2076 SSLerror(ERR_R_MALLOC_FAILURE);
2150 ERR_R_MALLOC_FAILURE);
2151 goto err; 2077 goto err;
2152 } 2078 }
2153 2079
@@ -2233,8 +2159,7 @@ ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sc, CBB *cbb)
2233 goto err; 2159 goto err;
2234 } else { 2160 } else {
2235 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2161 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2236 SSLerror( 2162 SSLerror(ERR_R_INTERNAL_ERROR);
2237 ERR_R_INTERNAL_ERROR);
2238 goto err; 2163 goto err;
2239 } 2164 }
2240 2165
@@ -2261,8 +2186,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2261 /* Get server sertificate PKEY and create ctx from it */ 2186 /* Get server sertificate PKEY and create ctx from it */
2262 peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509; 2187 peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509;
2263 if (peer_cert == NULL) { 2188 if (peer_cert == NULL) {
2264 SSLerror( 2189 SSLerror(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2265 SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2266 goto err; 2190 goto err;
2267 } 2191 }
2268 2192
@@ -2298,8 +2222,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2298 */ 2222 */
2299 ukm_hash = EVP_MD_CTX_create(); 2223 ukm_hash = EVP_MD_CTX_create();
2300 if (ukm_hash == NULL) { 2224 if (ukm_hash == NULL) {
2301 SSLerror( 2225 SSLerror(ERR_R_MALLOC_FAILURE);
2302 ERR_R_MALLOC_FAILURE);
2303 goto err; 2226 goto err;
2304 } 2227 }
2305 2228
@@ -2371,8 +2294,7 @@ ssl3_send_client_key_exchange(SSL *s)
2371 if ((sess_cert = SSI(s)->sess_cert) == NULL) { 2294 if ((sess_cert = SSI(s)->sess_cert) == NULL) {
2372 ssl3_send_alert(s, SSL3_AL_FATAL, 2295 ssl3_send_alert(s, SSL3_AL_FATAL,
2373 SSL_AD_UNEXPECTED_MESSAGE); 2296 SSL_AD_UNEXPECTED_MESSAGE);
2374 SSLerror( 2297 SSLerror(ERR_R_INTERNAL_ERROR);
2375 ERR_R_INTERNAL_ERROR);
2376 goto err; 2298 goto err;
2377 } 2299 }
2378 2300
@@ -2395,8 +2317,7 @@ ssl3_send_client_key_exchange(SSL *s)
2395 } else { 2317 } else {
2396 ssl3_send_alert(s, SSL3_AL_FATAL, 2318 ssl3_send_alert(s, SSL3_AL_FATAL,
2397 SSL_AD_HANDSHAKE_FAILURE); 2319 SSL_AD_HANDSHAKE_FAILURE);
2398 SSLerror( 2320 SSLerror(ERR_R_INTERNAL_ERROR);
2399 ERR_R_INTERNAL_ERROR);
2400 goto err; 2321 goto err;
2401 } 2322 }
2402 2323
@@ -2458,16 +2379,14 @@ ssl3_send_client_verify(SSL *s)
2458 &hdata); 2379 &hdata);
2459 if (hdatalen <= 0 || 2380 if (hdatalen <= 0 ||
2460 !tls12_get_sigandhash(p, pkey, md)) { 2381 !tls12_get_sigandhash(p, pkey, md)) {
2461 SSLerror( 2382 SSLerror(ERR_R_INTERNAL_ERROR);
2462 ERR_R_INTERNAL_ERROR);
2463 goto err; 2383 goto err;
2464 } 2384 }
2465 p += 2; 2385 p += 2;
2466 if (!EVP_SignInit_ex(&mctx, md, NULL) || 2386 if (!EVP_SignInit_ex(&mctx, md, NULL) ||
2467 !EVP_SignUpdate(&mctx, hdata, hdatalen) || 2387 !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
2468 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { 2388 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
2469 SSLerror( 2389 SSLerror(ERR_R_EVP_LIB);
2470 ERR_R_EVP_LIB);
2471 goto err; 2390 goto err;
2472 } 2391 }
2473 s2n(u, p); 2392 s2n(u, p);
@@ -2480,8 +2399,7 @@ ssl3_send_client_verify(SSL *s)
2480 if (RSA_sign(NID_md5_sha1, data, 2399 if (RSA_sign(NID_md5_sha1, data,
2481 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]), 2400 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
2482 &u, pkey->pkey.rsa) <= 0 ) { 2401 &u, pkey->pkey.rsa) <= 0 ) {
2483 SSLerror( 2402 SSLerror(ERR_R_RSA_LIB);
2484 ERR_R_RSA_LIB);
2485 goto err; 2403 goto err;
2486 } 2404 }
2487 s2n(u, p); 2405 s2n(u, p);
@@ -2491,8 +2409,7 @@ ssl3_send_client_verify(SSL *s)
2491 &(data[MD5_DIGEST_LENGTH]), 2409 &(data[MD5_DIGEST_LENGTH]),
2492 SHA_DIGEST_LENGTH, &(p[2]), 2410 SHA_DIGEST_LENGTH, &(p[2]),
2493 (unsigned int *)&j, pkey->pkey.dsa)) { 2411 (unsigned int *)&j, pkey->pkey.dsa)) {
2494 SSLerror( 2412 SSLerror(ERR_R_DSA_LIB);
2495 ERR_R_DSA_LIB);
2496 goto err; 2413 goto err;
2497 } 2414 }
2498 s2n(j, p); 2415 s2n(j, p);
@@ -2502,8 +2419,7 @@ ssl3_send_client_verify(SSL *s)
2502 &(data[MD5_DIGEST_LENGTH]), 2419 &(data[MD5_DIGEST_LENGTH]),
2503 SHA_DIGEST_LENGTH, &(p[2]), 2420 SHA_DIGEST_LENGTH, &(p[2]),
2504 (unsigned int *)&j, pkey->pkey.ec)) { 2421 (unsigned int *)&j, pkey->pkey.ec)) {
2505 SSLerror( 2422 SSLerror(ERR_R_ECDSA_LIB);
2506 ERR_R_ECDSA_LIB);
2507 goto err; 2423 goto err;
2508 } 2424 }
2509 s2n(j, p); 2425 s2n(j, p);
@@ -2520,14 +2436,12 @@ ssl3_send_client_verify(SSL *s)
2520 2436
2521 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); 2437 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
2522 if (hdatalen <= 0) { 2438 if (hdatalen <= 0) {
2523 SSLerror( 2439 SSLerror(ERR_R_INTERNAL_ERROR);
2524 ERR_R_INTERNAL_ERROR);
2525 goto err; 2440 goto err;
2526 } 2441 }
2527 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || 2442 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
2528 !(md = EVP_get_digestbynid(nid))) { 2443 !(md = EVP_get_digestbynid(nid))) {
2529 SSLerror( 2444 SSLerror(ERR_R_EVP_LIB);
2530 ERR_R_EVP_LIB);
2531 goto err; 2445 goto err;
2532 } 2446 }
2533 if (!EVP_DigestInit_ex(&mctx, md, NULL) || 2447 if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
@@ -2540,8 +2454,7 @@ ssl3_send_client_verify(SSL *s)
2540 NULL) <= 0) || 2454 NULL) <= 0) ||
2541 (EVP_PKEY_sign(pctx, &(p[2]), &sigsize, 2455 (EVP_PKEY_sign(pctx, &(p[2]), &sigsize,
2542 signbuf, u) <= 0)) { 2456 signbuf, u) <= 0)) {
2543 SSLerror( 2457 SSLerror(ERR_R_EVP_LIB);
2544 ERR_R_EVP_LIB);
2545 goto err; 2458 goto err;
2546 } 2459 }
2547 if (!tls1_digest_cached_records(s)) 2460 if (!tls1_digest_cached_records(s))
@@ -2551,8 +2464,7 @@ ssl3_send_client_verify(SSL *s)
2551 n = j + 2; 2464 n = j + 2;
2552#endif 2465#endif
2553 } else { 2466 } else {
2554 SSLerror( 2467 SSLerror(ERR_R_INTERNAL_ERROR);
2555 ERR_R_INTERNAL_ERROR);
2556 goto err; 2468 goto err;
2557 } 2469 }
2558 2470
@@ -2610,8 +2522,7 @@ ssl3_send_client_certificate(SSL *s)
2610 i = 0; 2522 i = 0;
2611 } else if (i == 1) { 2523 } else if (i == 1) {
2612 i = 0; 2524 i = 0;
2613 SSLerror( 2525 SSLerror(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2614 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2615 } 2526 }
2616 2527
2617 X509_free(x509); 2528 X509_free(x509);
@@ -2665,8 +2576,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2665 2576
2666 sc = SSI(s)->sess_cert; 2577 sc = SSI(s)->sess_cert;
2667 if (sc == NULL) { 2578 if (sc == NULL) {
2668 SSLerror( 2579 SSLerror(ERR_R_INTERNAL_ERROR);
2669 ERR_R_INTERNAL_ERROR);
2670 goto err; 2580 goto err;
2671 } 2581 }
2672 dh = SSI(s)->sess_cert->peer_dh_tmp; 2582 dh = SSI(s)->sess_cert->peer_dh_tmp;
@@ -2678,8 +2588,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2678 if (ssl_check_srvr_ecc_cert_and_alg( 2588 if (ssl_check_srvr_ecc_cert_and_alg(
2679 sc->peer_pkeys[idx].x509, s) == 0) { 2589 sc->peer_pkeys[idx].x509, s) == 0) {
2680 /* check failed */ 2590 /* check failed */
2681 SSLerror( 2591 SSLerror(SSL_R_BAD_ECC_CERT);
2682 SSL_R_BAD_ECC_CERT);
2683 goto f_err; 2592 goto f_err;
2684 } else { 2593 } else {
2685 return (1); 2594 return (1);
@@ -2691,25 +2600,21 @@ ssl3_check_cert_and_algorithm(SSL *s)
2691 2600
2692 /* Check that we have a certificate if we require one. */ 2601 /* Check that we have a certificate if we require one. */
2693 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { 2602 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
2694 SSLerror( 2603 SSLerror(SSL_R_MISSING_RSA_SIGNING_CERT);
2695 SSL_R_MISSING_RSA_SIGNING_CERT);
2696 goto f_err; 2604 goto f_err;
2697 } else if ((alg_a & SSL_aDSS) && 2605 } else if ((alg_a & SSL_aDSS) &&
2698 !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { 2606 !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
2699 SSLerror( 2607 SSLerror(SSL_R_MISSING_DSA_SIGNING_CERT);
2700 SSL_R_MISSING_DSA_SIGNING_CERT);
2701 goto f_err; 2608 goto f_err;
2702 } 2609 }
2703 if ((alg_k & SSL_kRSA) && 2610 if ((alg_k & SSL_kRSA) &&
2704 !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) { 2611 !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
2705 SSLerror( 2612 SSLerror(SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2706 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2707 goto f_err; 2613 goto f_err;
2708 } 2614 }
2709 if ((alg_k & SSL_kDHE) && 2615 if ((alg_k & SSL_kDHE) &&
2710 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { 2616 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
2711 SSLerror( 2617 SSLerror(SSL_R_MISSING_DH_KEY);
2712 SSL_R_MISSING_DH_KEY);
2713 goto f_err; 2618 goto f_err;
2714 } 2619 }
2715 2620
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 11:50:32 +0000