summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl_lib.c65
1 files changed, 22 insertions, 43 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 605fc428ad..898fdbc479 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.154 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.155 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -226,8 +226,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
226 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), 226 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
227 &(ctx->internal->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST); 227 &(ctx->internal->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
228 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { 228 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
229 SSLerror( 229 SSLerror(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
230 SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
231 return (0); 230 return (0);
232 } 231 }
233 return (1); 232 return (1);
@@ -381,8 +380,7 @@ SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
381 unsigned int sid_ctx_len) 380 unsigned int sid_ctx_len)
382{ 381{
383 if (sid_ctx_len > sizeof ctx->sid_ctx) { 382 if (sid_ctx_len > sizeof ctx->sid_ctx) {
384 SSLerror( 383 SSLerror(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
385 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
386 return (0); 384 return (0);
387 } 385 }
388 ctx->sid_ctx_length = sid_ctx_len; 386 ctx->sid_ctx_length = sid_ctx_len;
@@ -396,8 +394,7 @@ SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
396 unsigned int sid_ctx_len) 394 unsigned int sid_ctx_len)
397{ 395{
398 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 396 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
399 SSLerror( 397 SSLerror(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
400 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
401 return (0); 398 return (0);
402 } 399 }
403 ssl->sid_ctx_length = sid_ctx_len; 400 ssl->sid_ctx_length = sid_ctx_len;
@@ -873,13 +870,11 @@ SSL_CTX_check_private_key(const SSL_CTX *ctx)
873{ 870{
874 if ((ctx == NULL) || (ctx->internal->cert == NULL) || 871 if ((ctx == NULL) || (ctx->internal->cert == NULL) ||
875 (ctx->internal->cert->key->x509 == NULL)) { 872 (ctx->internal->cert->key->x509 == NULL)) {
876 SSLerror( 873 SSLerror(SSL_R_NO_CERTIFICATE_ASSIGNED);
877 SSL_R_NO_CERTIFICATE_ASSIGNED);
878 return (0); 874 return (0);
879 } 875 }
880 if (ctx->internal->cert->key->privatekey == NULL) { 876 if (ctx->internal->cert->key->privatekey == NULL) {
881 SSLerror( 877 SSLerror(SSL_R_NO_PRIVATE_KEY_ASSIGNED);
882 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
883 return (0); 878 return (0);
884 } 879 }
885 return (X509_check_private_key(ctx->internal->cert->key->x509, 880 return (X509_check_private_key(ctx->internal->cert->key->x509,
@@ -891,23 +886,19 @@ int
891SSL_check_private_key(const SSL *ssl) 886SSL_check_private_key(const SSL *ssl)
892{ 887{
893 if (ssl == NULL) { 888 if (ssl == NULL) {
894 SSLerror( 889 SSLerror(ERR_R_PASSED_NULL_PARAMETER);
895 ERR_R_PASSED_NULL_PARAMETER);
896 return (0); 890 return (0);
897 } 891 }
898 if (ssl->cert == NULL) { 892 if (ssl->cert == NULL) {
899 SSLerror( 893 SSLerror(SSL_R_NO_CERTIFICATE_ASSIGNED);
900 SSL_R_NO_CERTIFICATE_ASSIGNED);
901 return (0); 894 return (0);
902 } 895 }
903 if (ssl->cert->key->x509 == NULL) { 896 if (ssl->cert->key->x509 == NULL) {
904 SSLerror( 897 SSLerror(SSL_R_NO_CERTIFICATE_ASSIGNED);
905 SSL_R_NO_CERTIFICATE_ASSIGNED);
906 return (0); 898 return (0);
907 } 899 }
908 if (ssl->cert->key->privatekey == NULL) { 900 if (ssl->cert->key->privatekey == NULL) {
909 SSLerror( 901 SSLerror(SSL_R_NO_PRIVATE_KEY_ASSIGNED);
910 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
911 return (0); 902 return (0);
912 } 903 }
913 return (X509_check_private_key(ssl->cert->key->x509, 904 return (X509_check_private_key(ssl->cert->key->x509,
@@ -1428,8 +1419,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1428 * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2]. 1419 * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
1429 */ 1420 */
1430 if (num < 2 || num > 0x10000 - 2) { 1421 if (num < 2 || num > 0x10000 - 2) {
1431 SSLerror( 1422 SSLerror(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1432 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1433 return (NULL); 1423 return (NULL);
1434 } 1424 }
1435 1425
@@ -1441,8 +1431,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1441 CBS_init(&cbs, p, num); 1431 CBS_init(&cbs, p, num);
1442 while (CBS_len(&cbs) > 0) { 1432 while (CBS_len(&cbs) > 0) {
1443 if (!CBS_get_u16(&cbs, &cipher_value)) { 1433 if (!CBS_get_u16(&cbs, &cipher_value)) {
1444 SSLerror( 1434 SSLerror(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1445 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1446 goto err; 1435 goto err;
1447 } 1436 }
1448 1437
@@ -1454,8 +1443,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1454 * renegotiating. 1443 * renegotiating.
1455 */ 1444 */
1456 if (s->internal->renegotiate) { 1445 if (s->internal->renegotiate) {
1457 SSLerror( 1446 SSLerror(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1458 SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1459 ssl3_send_alert(s, SSL3_AL_FATAL, 1447 ssl3_send_alert(s, SSL3_AL_FATAL,
1460 SSL_AD_HANDSHAKE_FAILURE); 1448 SSL_AD_HANDSHAKE_FAILURE);
1461 1449
@@ -1474,8 +1462,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1474 */ 1462 */
1475 max_version = ssl_max_server_version(s); 1463 max_version = ssl_max_server_version(s);
1476 if (max_version == 0 || s->version < max_version) { 1464 if (max_version == 0 || s->version < max_version) {
1477 SSLerror( 1465 SSLerror(SSL_R_INAPPROPRIATE_FALLBACK);
1478 SSL_R_INAPPROPRIATE_FALLBACK);
1479 if (s->s3 != NULL) 1466 if (s->s3 != NULL)
1480 ssl3_send_alert(s, SSL3_AL_FATAL, 1467 ssl3_send_alert(s, SSL3_AL_FATAL,
1481 SSL_AD_INAPPROPRIATE_FALLBACK); 1468 SSL_AD_INAPPROPRIATE_FALLBACK);
@@ -1486,8 +1473,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1486 1473
1487 if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) { 1474 if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
1488 if (!sk_SSL_CIPHER_push(sk, c)) { 1475 if (!sk_SSL_CIPHER_push(sk, c)) {
1489 SSLerror( 1476 SSLerror(ERR_R_MALLOC_FAILURE);
1490 ERR_R_MALLOC_FAILURE);
1491 goto err; 1477 goto err;
1492 } 1478 }
1493 } 1479 }
@@ -1812,8 +1798,7 @@ SSL_CTX_new(const SSL_METHOD *meth)
1812 } 1798 }
1813 1799
1814 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 1800 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1815 SSLerror( 1801 SSLerror(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1816 SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1817 goto err; 1802 goto err;
1818 } 1803 }
1819 1804
@@ -1881,13 +1866,11 @@ SSL_CTX_new(const SSL_METHOD *meth)
1881 goto err; 1866 goto err;
1882 1867
1883 if ((ret->internal->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { 1868 if ((ret->internal->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
1884 SSLerror( 1869 SSLerror(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1885 SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1886 goto err2; 1870 goto err2;
1887 } 1871 }
1888 if ((ret->internal->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { 1872 if ((ret->internal->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
1889 SSLerror( 1873 SSLerror(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1890 SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1891 goto err2; 1874 goto err2;
1892 } 1875 }
1893 1876
@@ -2126,8 +2109,7 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2126 /* Key usage, if present, must allow signing. */ 2109 /* Key usage, if present, must allow signing. */
2127 if ((x->ex_flags & EXFLAG_KUSAGE) && 2110 if ((x->ex_flags & EXFLAG_KUSAGE) &&
2128 ((x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) == 0)) { 2111 ((x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) == 0)) {
2129 SSLerror( 2112 SSLerror(SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2130 SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2131 return (0); 2113 return (0);
2132 } 2114 }
2133 } 2115 }
@@ -2448,24 +2430,21 @@ SSL_set_connect_state(SSL *s)
2448int 2430int
2449ssl_undefined_function(SSL *s) 2431ssl_undefined_function(SSL *s)
2450{ 2432{
2451 SSLerror( 2433 SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2452 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2453 return (0); 2434 return (0);
2454} 2435}
2455 2436
2456int 2437int
2457ssl_undefined_void_function(void) 2438ssl_undefined_void_function(void)
2458{ 2439{
2459 SSLerror( 2440 SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2460 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2461 return (0); 2441 return (0);
2462} 2442}
2463 2443
2464int 2444int
2465ssl_undefined_const_function(const SSL *s) 2445ssl_undefined_const_function(const SSL *s)
2466{ 2446{
2467 SSLerror( 2447 SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2468 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2469 return (0); 2448 return (0);
2470} 2449}
2471 2450
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-07 06:59:54 +0000