summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
-rw-r--r--src/lib/libssl/ssl_srvr.c220
1 files changed, 106 insertions, 114 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index a716947ab9..46ca4d6c9c 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.2 2017/01/26 06:32:58 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.3 2017/01/26 10:40:21 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -189,7 +189,7 @@ ssl3_accept(SSL *s)
189 SSL_clear(s); 189 SSL_clear(s);
190 190
191 if (s->cert == NULL) { 191 if (s->cert == NULL) {
192 SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET); 192 SSLerror(SSL_R_NO_CERTIFICATE_SET);
193 ret = -1; 193 ret = -1;
194 goto end; 194 goto end;
195 } 195 }
@@ -212,7 +212,7 @@ ssl3_accept(SSL *s)
212 cb(s, SSL_CB_HANDSHAKE_START, 1); 212 cb(s, SSL_CB_HANDSHAKE_START, 1);
213 213
214 if ((s->version >> 8) != 3) { 214 if ((s->version >> 8) != 3) {
215 SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); 215 SSLerror(ERR_R_INTERNAL_ERROR);
216 ret = -1; 216 ret = -1;
217 goto end; 217 goto end;
218 } 218 }
@@ -253,7 +253,7 @@ ssl3_accept(SSL *s)
253 * client that doesn't support secure 253 * client that doesn't support secure
254 * renegotiation. 254 * renegotiation.
255 */ 255 */
256 SSLerr(SSL_F_SSL3_ACCEPT, 256 SSLerror(
257 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 257 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
258 ssl3_send_alert(s, SSL3_AL_FATAL, 258 ssl3_send_alert(s, SSL3_AL_FATAL,
259 SSL_AD_HANDSHAKE_FAILURE); 259 SSL_AD_HANDSHAKE_FAILURE);
@@ -484,7 +484,7 @@ ssl3_accept(SSL *s)
484 * at this point and digest cached records. 484 * at this point and digest cached records.
485 */ 485 */
486 if (!S3I(s)->handshake_buffer) { 486 if (!S3I(s)->handshake_buffer) {
487 SSLerr(SSL_F_SSL3_ACCEPT, 487 SSLerror(
488 ERR_R_INTERNAL_ERROR); 488 ERR_R_INTERNAL_ERROR);
489 ret = -1; 489 ret = -1;
490 goto end; 490 goto end;
@@ -673,7 +673,7 @@ ssl3_accept(SSL *s)
673 /* break; */ 673 /* break; */
674 674
675 default: 675 default:
676 SSLerr(SSL_F_SSL3_ACCEPT, 676 SSLerror(
677 SSL_R_UNKNOWN_STATE); 677 SSL_R_UNKNOWN_STATE);
678 ret = -1; 678 ret = -1;
679 goto end; 679 goto end;
@@ -765,7 +765,7 @@ ssl3_get_client_hello(SSL *s)
765 p += 2; 765 p += 2;
766 766
767 if (ssl_max_shared_version(s, s->client_version, &shared_version) != 1) { 767 if (ssl_max_shared_version(s, s->client_version, &shared_version) != 1) {
768 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); 768 SSLerror(SSL_R_WRONG_VERSION_NUMBER);
769 if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && 769 if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
770 !s->internal->enc_write_ctx && !s->internal->write_hash) { 770 !s->internal->enc_write_ctx && !s->internal->write_hash) {
771 /* 771 /*
@@ -782,7 +782,7 @@ ssl3_get_client_hello(SSL *s)
782 if ((method = tls1_get_server_method(shared_version)) == NULL) 782 if ((method = tls1_get_server_method(shared_version)) == NULL)
783 method = dtls1_get_server_method(shared_version); 783 method = dtls1_get_server_method(shared_version);
784 if (method == NULL) { 784 if (method == NULL) {
785 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); 785 SSLerror(ERR_R_INTERNAL_ERROR);
786 goto err; 786 goto err;
787 } 787 }
788 s->method = method; 788 s->method = method;
@@ -868,7 +868,7 @@ ssl3_get_client_hello(SSL *s)
868 if (cookie_len > sizeof(D1I(s)->rcvd_cookie)) { 868 if (cookie_len > sizeof(D1I(s)->rcvd_cookie)) {
869 /* too much data */ 869 /* too much data */
870 al = SSL_AD_DECODE_ERROR; 870 al = SSL_AD_DECODE_ERROR;
871 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 871 SSLerror(
872 SSL_R_COOKIE_MISMATCH); 872 SSL_R_COOKIE_MISMATCH);
873 goto f_err; 873 goto f_err;
874 } 874 }
@@ -885,7 +885,7 @@ ssl3_get_client_hello(SSL *s)
885 if (s->ctx->internal->app_verify_cookie_cb(s, 885 if (s->ctx->internal->app_verify_cookie_cb(s,
886 D1I(s)->rcvd_cookie, cookie_len) == 0) { 886 D1I(s)->rcvd_cookie, cookie_len) == 0) {
887 al = SSL_AD_HANDSHAKE_FAILURE; 887 al = SSL_AD_HANDSHAKE_FAILURE;
888 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 888 SSLerror(
889 SSL_R_COOKIE_MISMATCH); 889 SSL_R_COOKIE_MISMATCH);
890 goto f_err; 890 goto f_err;
891 } 891 }
@@ -894,7 +894,7 @@ ssl3_get_client_hello(SSL *s)
894 D1I(s)->cookie_len) != 0) { 894 D1I(s)->cookie_len) != 0) {
895 /* default verification */ 895 /* default verification */
896 al = SSL_AD_HANDSHAKE_FAILURE; 896 al = SSL_AD_HANDSHAKE_FAILURE;
897 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 897 SSLerror(
898 SSL_R_COOKIE_MISMATCH); 898 SSL_R_COOKIE_MISMATCH);
899 goto f_err; 899 goto f_err;
900 } 900 }
@@ -911,7 +911,7 @@ ssl3_get_client_hello(SSL *s)
911 if ((i == 0) && (j != 0)) { 911 if ((i == 0) && (j != 0)) {
912 /* we need a cipher if we are not resuming a session */ 912 /* we need a cipher if we are not resuming a session */
913 al = SSL_AD_ILLEGAL_PARAMETER; 913 al = SSL_AD_ILLEGAL_PARAMETER;
914 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 914 SSLerror(
915 SSL_R_NO_CIPHERS_SPECIFIED); 915 SSL_R_NO_CIPHERS_SPECIFIED);
916 goto f_err; 916 goto f_err;
917 } 917 }
@@ -941,7 +941,7 @@ ssl3_get_client_hello(SSL *s)
941 * list if we are asked to reuse it 941 * list if we are asked to reuse it
942 */ 942 */
943 al = SSL_AD_ILLEGAL_PARAMETER; 943 al = SSL_AD_ILLEGAL_PARAMETER;
944 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 944 SSLerror(
945 SSL_R_REQUIRED_CIPHER_MISSING); 945 SSL_R_REQUIRED_CIPHER_MISSING);
946 goto f_err; 946 goto f_err;
947 } 947 }
@@ -962,7 +962,7 @@ ssl3_get_client_hello(SSL *s)
962 if (j >= i) { 962 if (j >= i) {
963 /* no compress */ 963 /* no compress */
964 al = SSL_AD_DECODE_ERROR; 964 al = SSL_AD_DECODE_ERROR;
965 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 965 SSLerror(
966 SSL_R_NO_COMPRESSION_SPECIFIED); 966 SSL_R_NO_COMPRESSION_SPECIFIED);
967 goto f_err; 967 goto f_err;
968 } 968 }
@@ -970,11 +970,11 @@ ssl3_get_client_hello(SSL *s)
970 /* TLS extensions*/ 970 /* TLS extensions*/
971 if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) { 971 if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) {
972 /* 'al' set by ssl_parse_clienthello_tlsext */ 972 /* 'al' set by ssl_parse_clienthello_tlsext */
973 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT); 973 SSLerror(SSL_R_PARSE_TLSEXT);
974 goto f_err; 974 goto f_err;
975 } 975 }
976 if (ssl_check_clienthello_tlsext_early(s) <= 0) { 976 if (ssl_check_clienthello_tlsext_early(s) <= 0) {
977 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 977 SSLerror(
978 SSL_R_CLIENTHELLO_TLSEXT); 978 SSL_R_CLIENTHELLO_TLSEXT);
979 goto err; 979 goto err;
980 } 980 }
@@ -1006,7 +1006,7 @@ ssl3_get_client_hello(SSL *s)
1006 SSL_get_ciphers(s)); 1006 SSL_get_ciphers(s));
1007 if (pref_cipher == NULL) { 1007 if (pref_cipher == NULL) {
1008 al = SSL_AD_HANDSHAKE_FAILURE; 1008 al = SSL_AD_HANDSHAKE_FAILURE;
1009 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 1009 SSLerror(
1010 SSL_R_NO_SHARED_CIPHER); 1010 SSL_R_NO_SHARED_CIPHER);
1011 goto f_err; 1011 goto f_err;
1012 } 1012 }
@@ -1032,7 +1032,7 @@ ssl3_get_client_hello(SSL *s)
1032 s->session->ciphers = ciphers; 1032 s->session->ciphers = ciphers;
1033 if (ciphers == NULL) { 1033 if (ciphers == NULL) {
1034 al = SSL_AD_ILLEGAL_PARAMETER; 1034 al = SSL_AD_ILLEGAL_PARAMETER;
1035 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 1035 SSLerror(
1036 SSL_R_NO_CIPHERS_PASSED); 1036 SSL_R_NO_CIPHERS_PASSED);
1037 goto f_err; 1037 goto f_err;
1038 } 1038 }
@@ -1042,7 +1042,7 @@ ssl3_get_client_hello(SSL *s)
1042 1042
1043 if (c == NULL) { 1043 if (c == NULL) {
1044 al = SSL_AD_HANDSHAKE_FAILURE; 1044 al = SSL_AD_HANDSHAKE_FAILURE;
1045 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 1045 SSLerror(
1046 SSL_R_NO_SHARED_CIPHER); 1046 SSL_R_NO_SHARED_CIPHER);
1047 goto f_err; 1047 goto f_err;
1048 } 1048 }
@@ -1074,7 +1074,7 @@ ssl3_get_client_hello(SSL *s)
1074 1074
1075 /* Handles TLS extensions that we couldn't check earlier */ 1075 /* Handles TLS extensions that we couldn't check earlier */
1076 if (ssl_check_clienthello_tlsext_late(s) <= 0) { 1076 if (ssl_check_clienthello_tlsext_late(s) <= 0) {
1077 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); 1077 SSLerror(SSL_R_CLIENTHELLO_TLSEXT);
1078 goto err; 1078 goto err;
1079 } 1079 }
1080 1080
@@ -1083,7 +1083,7 @@ ssl3_get_client_hello(SSL *s)
1083 if (0) { 1083 if (0) {
1084truncated: 1084truncated:
1085 al = SSL_AD_DECODE_ERROR; 1085 al = SSL_AD_DECODE_ERROR;
1086 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_BAD_PACKET_LENGTH); 1086 SSLerror(SSL_R_BAD_PACKET_LENGTH);
1087f_err: 1087f_err:
1088 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1088 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1089 } 1089 }
@@ -1142,7 +1142,7 @@ ssl3_send_server_hello(SSL *s)
1142 1142
1143 sl = s->session->session_id_length; 1143 sl = s->session->session_id_length;
1144 if (sl > (int)sizeof(s->session->session_id)) { 1144 if (sl > (int)sizeof(s->session->session_id)) {
1145 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, 1145 SSLerror(
1146 ERR_R_INTERNAL_ERROR); 1146 ERR_R_INTERNAL_ERROR);
1147 goto err; 1147 goto err;
1148 } 1148 }
@@ -1166,7 +1166,7 @@ ssl3_send_server_hello(SSL *s)
1166 1166
1167 if ((p = ssl_add_serverhello_tlsext(s, p + outlen, 1167 if ((p = ssl_add_serverhello_tlsext(s, p + outlen,
1168 bufend)) == NULL) { 1168 bufend)) == NULL) {
1169 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, 1169 SSLerror(
1170 ERR_R_INTERNAL_ERROR); 1170 ERR_R_INTERNAL_ERROR);
1171 goto err; 1171 goto err;
1172 } 1172 }
@@ -1208,7 +1208,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
1208 if (s->cert->dh_tmp_auto != 0) { 1208 if (s->cert->dh_tmp_auto != 0) {
1209 if ((dhp = ssl_get_auto_dh(s)) == NULL) { 1209 if ((dhp = ssl_get_auto_dh(s)) == NULL) {
1210 al = SSL_AD_INTERNAL_ERROR; 1210 al = SSL_AD_INTERNAL_ERROR;
1211 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1211 SSLerror(
1212 ERR_R_INTERNAL_ERROR); 1212 ERR_R_INTERNAL_ERROR);
1213 goto f_err; 1213 goto f_err;
1214 } 1214 }
@@ -1221,13 +1221,13 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
1221 1221
1222 if (dhp == NULL) { 1222 if (dhp == NULL) {
1223 al = SSL_AD_HANDSHAKE_FAILURE; 1223 al = SSL_AD_HANDSHAKE_FAILURE;
1224 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1224 SSLerror(
1225 SSL_R_MISSING_TMP_DH_KEY); 1225 SSL_R_MISSING_TMP_DH_KEY);
1226 goto f_err; 1226 goto f_err;
1227 } 1227 }
1228 1228
1229 if (S3I(s)->tmp.dh != NULL) { 1229 if (S3I(s)->tmp.dh != NULL) {
1230 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1230 SSLerror(
1231 ERR_R_INTERNAL_ERROR); 1231 ERR_R_INTERNAL_ERROR);
1232 goto err; 1232 goto err;
1233 } 1233 }
@@ -1235,12 +1235,12 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
1235 if (s->cert->dh_tmp_auto != 0) { 1235 if (s->cert->dh_tmp_auto != 0) {
1236 dh = dhp; 1236 dh = dhp;
1237 } else if ((dh = DHparams_dup(dhp)) == NULL) { 1237 } else if ((dh = DHparams_dup(dhp)) == NULL) {
1238 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); 1238 SSLerror(ERR_R_DH_LIB);
1239 goto err; 1239 goto err;
1240 } 1240 }
1241 S3I(s)->tmp.dh = dh; 1241 S3I(s)->tmp.dh = dh;
1242 if (!DH_generate_key(dh)) { 1242 if (!DH_generate_key(dh)) {
1243 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); 1243 SSLerror(ERR_R_DH_LIB);
1244 goto err; 1244 goto err;
1245 } 1245 }
1246 1246
@@ -1299,13 +1299,13 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1299 } 1299 }
1300 if (ecdhp == NULL) { 1300 if (ecdhp == NULL) {
1301 al = SSL_AD_HANDSHAKE_FAILURE; 1301 al = SSL_AD_HANDSHAKE_FAILURE;
1302 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1302 SSLerror(
1303 SSL_R_MISSING_TMP_ECDH_KEY); 1303 SSL_R_MISSING_TMP_ECDH_KEY);
1304 goto f_err; 1304 goto f_err;
1305 } 1305 }
1306 1306
1307 if (S3I(s)->tmp.ecdh != NULL) { 1307 if (S3I(s)->tmp.ecdh != NULL) {
1308 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1308 SSLerror(
1309 ERR_R_INTERNAL_ERROR); 1309 ERR_R_INTERNAL_ERROR);
1310 goto err; 1310 goto err;
1311 } 1311 }
@@ -1314,7 +1314,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1314 if (s->cert->ecdh_tmp_auto != 0) { 1314 if (s->cert->ecdh_tmp_auto != 0) {
1315 ecdh = ecdhp; 1315 ecdh = ecdhp;
1316 } else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { 1316 } else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
1317 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1317 SSLerror(
1318 ERR_R_ECDH_LIB); 1318 ERR_R_ECDH_LIB);
1319 goto err; 1319 goto err;
1320 } 1320 }
@@ -1324,7 +1324,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1324 (EC_KEY_get0_private_key(ecdh) == NULL) || 1324 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1325 (s->internal->options & SSL_OP_SINGLE_ECDH_USE)) { 1325 (s->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
1326 if (!EC_KEY_generate_key(ecdh)) { 1326 if (!EC_KEY_generate_key(ecdh)) {
1327 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1327 SSLerror(
1328 ERR_R_ECDH_LIB); 1328 ERR_R_ECDH_LIB);
1329 goto err; 1329 goto err;
1330 } 1330 }
@@ -1333,7 +1333,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1333 if (((group = EC_KEY_get0_group(ecdh)) == NULL) || 1333 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1334 (EC_KEY_get0_public_key(ecdh) == NULL) || 1334 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1335 (EC_KEY_get0_private_key(ecdh) == NULL)) { 1335 (EC_KEY_get0_private_key(ecdh) == NULL)) {
1336 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1336 SSLerror(
1337 ERR_R_ECDH_LIB); 1337 ERR_R_ECDH_LIB);
1338 goto err; 1338 goto err;
1339 } 1339 }
@@ -1344,7 +1344,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1344 */ 1344 */
1345 if ((curve_id = tls1_ec_nid2curve_id( 1345 if ((curve_id = tls1_ec_nid2curve_id(
1346 EC_GROUP_get_curve_name(group))) == 0) { 1346 EC_GROUP_get_curve_name(group))) == 0) {
1347 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1347 SSLerror(
1348 SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); 1348 SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1349 goto err; 1349 goto err;
1350 } 1350 }
@@ -1360,7 +1360,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1360 1360
1361 bn_ctx = BN_CTX_new(); 1361 bn_ctx = BN_CTX_new();
1362 if ((encodedPoint == NULL) || (bn_ctx == NULL)) { 1362 if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
1363 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1363 SSLerror(
1364 ERR_R_MALLOC_FAILURE); 1364 ERR_R_MALLOC_FAILURE);
1365 goto err; 1365 goto err;
1366 } 1366 }
@@ -1369,7 +1369,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1369 POINT_CONVERSION_UNCOMPRESSED, encodedPoint, encodedlen, bn_ctx); 1369 POINT_CONVERSION_UNCOMPRESSED, encodedPoint, encodedlen, bn_ctx);
1370 1370
1371 if (encodedlen == 0) { 1371 if (encodedlen == 0) {
1372 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); 1372 SSLerror(ERR_R_ECDH_LIB);
1373 goto err; 1373 goto err;
1374 } 1374 }
1375 1375
@@ -1421,7 +1421,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
1421 1421
1422 /* Generate an X25519 key pair. */ 1422 /* Generate an X25519 key pair. */
1423 if (S3I(s)->tmp.x25519 != NULL) { 1423 if (S3I(s)->tmp.x25519 != NULL) {
1424 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1424 SSLerror(
1425 ERR_R_INTERNAL_ERROR); 1425 ERR_R_INTERNAL_ERROR);
1426 goto err; 1426 goto err;
1427 } 1427 }
@@ -1433,7 +1433,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
1433 1433
1434 /* Serialize public key. */ 1434 /* Serialize public key. */
1435 if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { 1435 if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) {
1436 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1436 SSLerror(
1437 SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); 1437 SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1438 goto err; 1438 goto err;
1439 } 1439 }
@@ -1509,7 +1509,7 @@ ssl3_send_server_key_exchange(SSL *s)
1509 goto err; 1509 goto err;
1510 } else { 1510 } else {
1511 al = SSL_AD_HANDSHAKE_FAILURE; 1511 al = SSL_AD_HANDSHAKE_FAILURE;
1512 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1512 SSLerror(
1513 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 1513 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1514 goto f_err; 1514 goto f_err;
1515 } 1515 }
@@ -1531,7 +1531,7 @@ ssl3_send_server_key_exchange(SSL *s)
1531 1531
1532 if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + 1532 if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) +
1533 params_len + kn)) { 1533 params_len + kn)) {
1534 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1534 SSLerror(
1535 ERR_LIB_BUF); 1535 ERR_LIB_BUF);
1536 goto err; 1536 goto err;
1537 } 1537 }
@@ -1575,9 +1575,7 @@ ssl3_send_server_key_exchange(SSL *s)
1575 } 1575 }
1576 if (RSA_sign(NID_md5_sha1, md_buf, j, 1576 if (RSA_sign(NID_md5_sha1, md_buf, j,
1577 &(p[2]), &u, pkey->pkey.rsa) <= 0) { 1577 &(p[2]), &u, pkey->pkey.rsa) <= 0) {
1578 SSLerr( 1578 SSLerror(ERR_R_RSA_LIB);
1579 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1580 ERR_LIB_RSA);
1581 goto err; 1579 goto err;
1582 } 1580 }
1583 s2n(u, p); 1581 s2n(u, p);
@@ -1588,9 +1586,7 @@ ssl3_send_server_key_exchange(SSL *s)
1588 if (!tls12_get_sigandhash(p, pkey, md)) { 1586 if (!tls12_get_sigandhash(p, pkey, md)) {
1589 /* Should never happen */ 1587 /* Should never happen */
1590 al = SSL_AD_INTERNAL_ERROR; 1588 al = SSL_AD_INTERNAL_ERROR;
1591 SSLerr( 1589 SSLerror(ERR_R_INTERNAL_ERROR);
1592 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1593 ERR_R_INTERNAL_ERROR);
1594 goto f_err; 1590 goto f_err;
1595 } 1591 }
1596 p += 2; 1592 p += 2;
@@ -1605,9 +1601,7 @@ ssl3_send_server_key_exchange(SSL *s)
1605 EVP_SignUpdate(&md_ctx, d, n); 1601 EVP_SignUpdate(&md_ctx, d, n);
1606 if (!EVP_SignFinal(&md_ctx, &p[2], 1602 if (!EVP_SignFinal(&md_ctx, &p[2],
1607 (unsigned int *)&i, pkey)) { 1603 (unsigned int *)&i, pkey)) {
1608 SSLerr( 1604 SSLerror(ERR_R_EVP_LIB);
1609 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1610 ERR_LIB_EVP);
1611 goto err; 1605 goto err;
1612 } 1606 }
1613 s2n(i, p); 1607 s2n(i, p);
@@ -1617,7 +1611,7 @@ ssl3_send_server_key_exchange(SSL *s)
1617 } else { 1611 } else {
1618 /* Is this error check actually needed? */ 1612 /* Is this error check actually needed? */
1619 al = SSL_AD_HANDSHAKE_FAILURE; 1613 al = SSL_AD_HANDSHAKE_FAILURE;
1620 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, 1614 SSLerror(
1621 SSL_R_UNKNOWN_PKEY_TYPE); 1615 SSL_R_UNKNOWN_PKEY_TYPE);
1622 goto f_err; 1616 goto f_err;
1623 } 1617 }
@@ -1684,9 +1678,7 @@ ssl3_send_certificate_request(SSL *s)
1684 if (!BUF_MEM_grow_clean(buf, 1678 if (!BUF_MEM_grow_clean(buf,
1685 ssl3_handshake_msg_hdr_len(s) + n + j 1679 ssl3_handshake_msg_hdr_len(s) + n + j
1686 + 2)) { 1680 + 2)) {
1687 SSLerr( 1681 SSLerror(ERR_R_BUF_LIB);
1688 SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
1689 ERR_R_BUF_LIB);
1690 goto err; 1682 goto err;
1691 } 1683 }
1692 p = ssl3_handshake_msg_start(s, 1684 p = ssl3_handshake_msg_start(s,
@@ -1732,7 +1724,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
1732 if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || 1724 if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) ||
1733 (pkey->pkey.rsa == NULL)) { 1725 (pkey->pkey.rsa == NULL)) {
1734 al = SSL_AD_HANDSHAKE_FAILURE; 1726 al = SSL_AD_HANDSHAKE_FAILURE;
1735 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1727 SSLerror(
1736 SSL_R_MISSING_RSA_CERTIFICATE); 1728 SSL_R_MISSING_RSA_CERTIFICATE);
1737 goto f_err; 1729 goto f_err;
1738 } 1730 }
@@ -1742,7 +1734,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
1742 goto truncated; 1734 goto truncated;
1743 n2s(p, i); 1735 n2s(p, i);
1744 if (n != i + 2) { 1736 if (n != i + 2) {
1745 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1737 SSLerror(
1746 SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG); 1738 SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
1747 goto err; 1739 goto err;
1748 } else 1740 } else
@@ -1756,7 +1748,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
1756 1748
1757 if (i != SSL_MAX_MASTER_KEY_LENGTH) { 1749 if (i != SSL_MAX_MASTER_KEY_LENGTH) {
1758 al = SSL_AD_DECODE_ERROR; 1750 al = SSL_AD_DECODE_ERROR;
1759 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ 1751 /* SSLerror(SSL_R_BAD_RSA_DECRYPT); */
1760 } 1752 }
1761 1753
1762 if (p - d + 2 > n) /* needed in the SSL3 case */ 1754 if (p - d + 2 > n) /* needed in the SSL3 case */
@@ -1778,7 +1770,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
1778 (p[0] == (s->version >> 8)) && 1770 (p[0] == (s->version >> 8)) &&
1779 (p[1] == (s->version & 0xff)))) { 1771 (p[1] == (s->version & 0xff)))) {
1780 al = SSL_AD_DECODE_ERROR; 1772 al = SSL_AD_DECODE_ERROR;
1781 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ 1773 /* SSLerror(SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
1782 1774
1783 /* 1775 /*
1784 * The Klima-Pokorny-Rosa extension of 1776 * The Klima-Pokorny-Rosa extension of
@@ -1816,7 +1808,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
1816 return (1); 1808 return (1);
1817truncated: 1809truncated:
1818 al = SSL_AD_DECODE_ERROR; 1810 al = SSL_AD_DECODE_ERROR;
1819 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); 1811 SSLerror(SSL_R_BAD_PACKET_LENGTH);
1820f_err: 1812f_err:
1821 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1813 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1822err: 1814err:
@@ -1844,21 +1836,21 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n)
1844 1836
1845 if (S3I(s)->tmp.dh == NULL) { 1837 if (S3I(s)->tmp.dh == NULL) {
1846 al = SSL_AD_HANDSHAKE_FAILURE; 1838 al = SSL_AD_HANDSHAKE_FAILURE;
1847 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1839 SSLerror(
1848 SSL_R_MISSING_TMP_DH_KEY); 1840 SSL_R_MISSING_TMP_DH_KEY);
1849 goto f_err; 1841 goto f_err;
1850 } 1842 }
1851 dh = S3I(s)->tmp.dh; 1843 dh = S3I(s)->tmp.dh;
1852 1844
1853 if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) { 1845 if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) {
1854 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1846 SSLerror(
1855 SSL_R_BN_LIB); 1847 SSL_R_BN_LIB);
1856 goto err; 1848 goto err;
1857 } 1849 }
1858 1850
1859 key_size = DH_compute_key(p, bn, dh); 1851 key_size = DH_compute_key(p, bn, dh);
1860 if (key_size <= 0) { 1852 if (key_size <= 0) {
1861 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); 1853 SSLerror(ERR_R_DH_LIB);
1862 BN_clear_free(bn); 1854 BN_clear_free(bn);
1863 goto err; 1855 goto err;
1864 } 1856 }
@@ -1878,7 +1870,7 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n)
1878 1870
1879 truncated: 1871 truncated:
1880 al = SSL_AD_DECODE_ERROR; 1872 al = SSL_AD_DECODE_ERROR;
1881 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); 1873 SSLerror(SSL_R_BAD_PACKET_LENGTH);
1882 f_err: 1874 f_err:
1883 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1875 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1884 err: 1876 err:
@@ -1902,7 +1894,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1902 1894
1903 /* Initialize structures for server's ECDH key pair. */ 1895 /* Initialize structures for server's ECDH key pair. */
1904 if ((srvr_ecdh = EC_KEY_new()) == NULL) { 1896 if ((srvr_ecdh = EC_KEY_new()) == NULL) {
1905 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1897 SSLerror(
1906 ERR_R_MALLOC_FAILURE); 1898 ERR_R_MALLOC_FAILURE);
1907 goto err; 1899 goto err;
1908 } 1900 }
@@ -1918,14 +1910,14 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1918 1910
1919 if (!EC_KEY_set_group(srvr_ecdh, group) || 1911 if (!EC_KEY_set_group(srvr_ecdh, group) ||
1920 !EC_KEY_set_private_key(srvr_ecdh, priv_key)) { 1912 !EC_KEY_set_private_key(srvr_ecdh, priv_key)) {
1921 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1913 SSLerror(
1922 ERR_R_EC_LIB); 1914 ERR_R_EC_LIB);
1923 goto err; 1915 goto err;
1924 } 1916 }
1925 1917
1926 /* Let's get client's public key */ 1918 /* Let's get client's public key */
1927 if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) { 1919 if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) {
1928 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1920 SSLerror(
1929 ERR_R_MALLOC_FAILURE); 1921 ERR_R_MALLOC_FAILURE);
1930 goto err; 1922 goto err;
1931 } 1923 }
@@ -1948,7 +1940,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1948 * group. 1940 * group.
1949 */ 1941 */
1950 al = SSL_AD_HANDSHAKE_FAILURE; 1942 al = SSL_AD_HANDSHAKE_FAILURE;
1951 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1943 SSLerror(
1952 SSL_R_UNABLE_TO_DECODE_ECDH_CERTS); 1944 SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
1953 goto f_err; 1945 goto f_err;
1954 } 1946 }
@@ -1956,7 +1948,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1956 if (EC_POINT_copy(clnt_ecpoint, 1948 if (EC_POINT_copy(clnt_ecpoint,
1957 EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) 1949 EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec))
1958 == 0) { 1950 == 0) {
1959 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1951 SSLerror(
1960 ERR_R_EC_LIB); 1952 ERR_R_EC_LIB);
1961 goto err; 1953 goto err;
1962 } 1954 }
@@ -1967,7 +1959,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1967 * in the ClientKeyExchange message. 1959 * in the ClientKeyExchange message.
1968 */ 1960 */
1969 if ((bn_ctx = BN_CTX_new()) == NULL) { 1961 if ((bn_ctx = BN_CTX_new()) == NULL) {
1970 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1962 SSLerror(
1971 ERR_R_MALLOC_FAILURE); 1963 ERR_R_MALLOC_FAILURE);
1972 goto err; 1964 goto err;
1973 } 1965 }
@@ -1977,13 +1969,13 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1977 1969
1978 p += 1; 1970 p += 1;
1979 if (n != 1 + i) { 1971 if (n != 1 + i) {
1980 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1972 SSLerror(
1981 ERR_R_EC_LIB); 1973 ERR_R_EC_LIB);
1982 goto err; 1974 goto err;
1983 } 1975 }
1984 if (EC_POINT_oct2point(group, 1976 if (EC_POINT_oct2point(group,
1985 clnt_ecpoint, p, i, bn_ctx) == 0) { 1977 clnt_ecpoint, p, i, bn_ctx) == 0) {
1986 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1978 SSLerror(
1987 ERR_R_EC_LIB); 1979 ERR_R_EC_LIB);
1988 goto err; 1980 goto err;
1989 } 1981 }
@@ -1997,14 +1989,14 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1997 /* Compute the shared pre-master secret */ 1989 /* Compute the shared pre-master secret */
1998 key_size = ECDH_size(srvr_ecdh); 1990 key_size = ECDH_size(srvr_ecdh);
1999 if (key_size <= 0) { 1991 if (key_size <= 0) {
2000 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1992 SSLerror(
2001 ERR_R_ECDH_LIB); 1993 ERR_R_ECDH_LIB);
2002 goto err; 1994 goto err;
2003 } 1995 }
2004 i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh, 1996 i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh,
2005 NULL); 1997 NULL);
2006 if (i <= 0) { 1998 if (i <= 0) {
2007 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 1999 SSLerror(
2008 ERR_R_ECDH_LIB); 2000 ERR_R_ECDH_LIB);
2009 goto err; 2001 goto err;
2010 } 2002 }
@@ -2122,7 +2114,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
2122 if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, 2114 if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag,
2123 &Tclass, n) != V_ASN1_CONSTRUCTED || 2115 &Tclass, n) != V_ASN1_CONSTRUCTED ||
2124 Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) { 2116 Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) {
2125 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2117 SSLerror(
2126 SSL_R_DECRYPTION_FAILED); 2118 SSL_R_DECRYPTION_FAILED);
2127 goto gerr; 2119 goto gerr;
2128 } 2120 }
@@ -2130,7 +2122,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
2130 inlen = Tlen; 2122 inlen = Tlen;
2131 if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, 2123 if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen,
2132 start, inlen) <=0) { 2124 start, inlen) <=0) {
2133 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2125 SSLerror(
2134 SSL_R_DECRYPTION_FAILED); 2126 SSL_R_DECRYPTION_FAILED);
2135 goto gerr; 2127 goto gerr;
2136 } 2128 }
@@ -2154,7 +2146,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
2154 2146
2155 truncated: 2147 truncated:
2156 al = SSL_AD_DECODE_ERROR; 2148 al = SSL_AD_DECODE_ERROR;
2157 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); 2149 SSLerror(SSL_R_BAD_PACKET_LENGTH);
2158 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2150 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2159 err: 2151 err:
2160 return (-1); 2152 return (-1);
@@ -2192,7 +2184,7 @@ ssl3_get_client_key_exchange(SSL *s)
2192 goto err; 2184 goto err;
2193 } else { 2185 } else {
2194 al = SSL_AD_HANDSHAKE_FAILURE; 2186 al = SSL_AD_HANDSHAKE_FAILURE;
2195 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2187 SSLerror(
2196 SSL_R_UNKNOWN_CIPHER_TYPE); 2188 SSL_R_UNKNOWN_CIPHER_TYPE);
2197 goto f_err; 2189 goto f_err;
2198 } 2190 }
@@ -2236,7 +2228,7 @@ ssl3_get_cert_verify(SSL *s)
2236 S3I(s)->tmp.reuse_message = 1; 2228 S3I(s)->tmp.reuse_message = 1;
2237 if (peer != NULL) { 2229 if (peer != NULL) {
2238 al = SSL_AD_UNEXPECTED_MESSAGE; 2230 al = SSL_AD_UNEXPECTED_MESSAGE;
2239 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2231 SSLerror(
2240 SSL_R_MISSING_VERIFY_MESSAGE); 2232 SSL_R_MISSING_VERIFY_MESSAGE);
2241 goto f_err; 2233 goto f_err;
2242 } 2234 }
@@ -2245,21 +2237,21 @@ ssl3_get_cert_verify(SSL *s)
2245 } 2237 }
2246 2238
2247 if (peer == NULL) { 2239 if (peer == NULL) {
2248 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2240 SSLerror(
2249 SSL_R_NO_CLIENT_CERT_RECEIVED); 2241 SSL_R_NO_CLIENT_CERT_RECEIVED);
2250 al = SSL_AD_UNEXPECTED_MESSAGE; 2242 al = SSL_AD_UNEXPECTED_MESSAGE;
2251 goto f_err; 2243 goto f_err;
2252 } 2244 }
2253 2245
2254 if (!(type & EVP_PKT_SIGN)) { 2246 if (!(type & EVP_PKT_SIGN)) {
2255 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2247 SSLerror(
2256 SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); 2248 SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
2257 al = SSL_AD_ILLEGAL_PARAMETER; 2249 al = SSL_AD_ILLEGAL_PARAMETER;
2258 goto f_err; 2250 goto f_err;
2259 } 2251 }
2260 2252
2261 if (S3I(s)->change_cipher_spec) { 2253 if (S3I(s)->change_cipher_spec) {
2262 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2254 SSLerror(
2263 SSL_R_CCS_RECEIVED_EARLY); 2255 SSL_R_CCS_RECEIVED_EARLY);
2264 al = SSL_AD_UNEXPECTED_MESSAGE; 2256 al = SSL_AD_UNEXPECTED_MESSAGE;
2265 goto f_err; 2257 goto f_err;
@@ -2281,7 +2273,7 @@ ssl3_get_cert_verify(SSL *s)
2281 int sigalg = tls12_get_sigid(pkey); 2273 int sigalg = tls12_get_sigid(pkey);
2282 /* Should never happen */ 2274 /* Should never happen */
2283 if (sigalg == -1) { 2275 if (sigalg == -1) {
2284 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2276 SSLerror(
2285 ERR_R_INTERNAL_ERROR); 2277 ERR_R_INTERNAL_ERROR);
2286 al = SSL_AD_INTERNAL_ERROR; 2278 al = SSL_AD_INTERNAL_ERROR;
2287 goto f_err; 2279 goto f_err;
@@ -2290,14 +2282,14 @@ ssl3_get_cert_verify(SSL *s)
2290 goto truncated; 2282 goto truncated;
2291 /* Check key type is consistent with signature */ 2283 /* Check key type is consistent with signature */
2292 if (sigalg != (int)p[1]) { 2284 if (sigalg != (int)p[1]) {
2293 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2285 SSLerror(
2294 SSL_R_WRONG_SIGNATURE_TYPE); 2286 SSL_R_WRONG_SIGNATURE_TYPE);
2295 al = SSL_AD_DECODE_ERROR; 2287 al = SSL_AD_DECODE_ERROR;
2296 goto f_err; 2288 goto f_err;
2297 } 2289 }
2298 md = tls12_get_hash(p[0]); 2290 md = tls12_get_hash(p[0]);
2299 if (md == NULL) { 2291 if (md == NULL) {
2300 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2292 SSLerror(
2301 SSL_R_UNKNOWN_DIGEST); 2293 SSL_R_UNKNOWN_DIGEST);
2302 al = SSL_AD_DECODE_ERROR; 2294 al = SSL_AD_DECODE_ERROR;
2303 goto f_err; 2295 goto f_err;
@@ -2314,7 +2306,7 @@ ssl3_get_cert_verify(SSL *s)
2314 } 2306 }
2315 j = EVP_PKEY_size(pkey); 2307 j = EVP_PKEY_size(pkey);
2316 if ((i > j) || (n > j) || (n <= 0)) { 2308 if ((i > j) || (n > j) || (n <= 0)) {
2317 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2309 SSLerror(
2318 SSL_R_WRONG_SIGNATURE_SIZE); 2310 SSL_R_WRONG_SIGNATURE_SIZE);
2319 al = SSL_AD_DECODE_ERROR; 2311 al = SSL_AD_DECODE_ERROR;
2320 goto f_err; 2312 goto f_err;
@@ -2325,14 +2317,14 @@ ssl3_get_cert_verify(SSL *s)
2325 void *hdata; 2317 void *hdata;
2326 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); 2318 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
2327 if (hdatalen <= 0) { 2319 if (hdatalen <= 0) {
2328 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2320 SSLerror(
2329 ERR_R_INTERNAL_ERROR); 2321 ERR_R_INTERNAL_ERROR);
2330 al = SSL_AD_INTERNAL_ERROR; 2322 al = SSL_AD_INTERNAL_ERROR;
2331 goto f_err; 2323 goto f_err;
2332 } 2324 }
2333 if (!EVP_VerifyInit_ex(&mctx, md, NULL) || 2325 if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
2334 !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { 2326 !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
2335 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2327 SSLerror(
2336 ERR_R_EVP_LIB); 2328 ERR_R_EVP_LIB);
2337 al = SSL_AD_INTERNAL_ERROR; 2329 al = SSL_AD_INTERNAL_ERROR;
2338 goto f_err; 2330 goto f_err;
@@ -2340,7 +2332,7 @@ ssl3_get_cert_verify(SSL *s)
2340 2332
2341 if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) { 2333 if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
2342 al = SSL_AD_DECRYPT_ERROR; 2334 al = SSL_AD_DECRYPT_ERROR;
2343 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2335 SSLerror(
2344 SSL_R_BAD_SIGNATURE); 2336 SSL_R_BAD_SIGNATURE);
2345 goto f_err; 2337 goto f_err;
2346 } 2338 }
@@ -2351,13 +2343,13 @@ ssl3_get_cert_verify(SSL *s)
2351 pkey->pkey.rsa); 2343 pkey->pkey.rsa);
2352 if (i < 0) { 2344 if (i < 0) {
2353 al = SSL_AD_DECRYPT_ERROR; 2345 al = SSL_AD_DECRYPT_ERROR;
2354 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2346 SSLerror(
2355 SSL_R_BAD_RSA_DECRYPT); 2347 SSL_R_BAD_RSA_DECRYPT);
2356 goto f_err; 2348 goto f_err;
2357 } 2349 }
2358 if (i == 0) { 2350 if (i == 0) {
2359 al = SSL_AD_DECRYPT_ERROR; 2351 al = SSL_AD_DECRYPT_ERROR;
2360 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2352 SSLerror(
2361 SSL_R_BAD_RSA_SIGNATURE); 2353 SSL_R_BAD_RSA_SIGNATURE);
2362 goto f_err; 2354 goto f_err;
2363 } 2355 }
@@ -2369,7 +2361,7 @@ ssl3_get_cert_verify(SSL *s)
2369 if (j <= 0) { 2361 if (j <= 0) {
2370 /* bad signature */ 2362 /* bad signature */
2371 al = SSL_AD_DECRYPT_ERROR; 2363 al = SSL_AD_DECRYPT_ERROR;
2372 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2364 SSLerror(
2373 SSL_R_BAD_DSA_SIGNATURE); 2365 SSL_R_BAD_DSA_SIGNATURE);
2374 goto f_err; 2366 goto f_err;
2375 } 2367 }
@@ -2381,7 +2373,7 @@ ssl3_get_cert_verify(SSL *s)
2381 if (j <= 0) { 2373 if (j <= 0) {
2382 /* bad signature */ 2374 /* bad signature */
2383 al = SSL_AD_DECRYPT_ERROR; 2375 al = SSL_AD_DECRYPT_ERROR;
2384 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2376 SSLerror(
2385 SSL_R_BAD_ECDSA_SIGNATURE); 2377 SSL_R_BAD_ECDSA_SIGNATURE);
2386 goto f_err; 2378 goto f_err;
2387 } 2379 }
@@ -2398,21 +2390,21 @@ ssl3_get_cert_verify(SSL *s)
2398 2390
2399 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); 2391 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
2400 if (hdatalen <= 0) { 2392 if (hdatalen <= 0) {
2401 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2393 SSLerror(
2402 ERR_R_INTERNAL_ERROR); 2394 ERR_R_INTERNAL_ERROR);
2403 al = SSL_AD_INTERNAL_ERROR; 2395 al = SSL_AD_INTERNAL_ERROR;
2404 goto f_err; 2396 goto f_err;
2405 } 2397 }
2406 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || 2398 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
2407 !(md = EVP_get_digestbynid(nid))) { 2399 !(md = EVP_get_digestbynid(nid))) {
2408 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2400 SSLerror(
2409 ERR_R_EVP_LIB); 2401 ERR_R_EVP_LIB);
2410 al = SSL_AD_INTERNAL_ERROR; 2402 al = SSL_AD_INTERNAL_ERROR;
2411 goto f_err; 2403 goto f_err;
2412 } 2404 }
2413 pctx = EVP_PKEY_CTX_new(pkey, NULL); 2405 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2414 if (!pctx) { 2406 if (!pctx) {
2415 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2407 SSLerror(
2416 ERR_R_EVP_LIB); 2408 ERR_R_EVP_LIB);
2417 al = SSL_AD_INTERNAL_ERROR; 2409 al = SSL_AD_INTERNAL_ERROR;
2418 goto f_err; 2410 goto f_err;
@@ -2426,7 +2418,7 @@ ssl3_get_cert_verify(SSL *s)
2426 EVP_PKEY_CTRL_GOST_SIG_FORMAT, 2418 EVP_PKEY_CTRL_GOST_SIG_FORMAT,
2427 GOST_SIG_FORMAT_RS_LE, 2419 GOST_SIG_FORMAT_RS_LE,
2428 NULL) <= 0)) { 2420 NULL) <= 0)) {
2429 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2421 SSLerror(
2430 ERR_R_EVP_LIB); 2422 ERR_R_EVP_LIB);
2431 al = SSL_AD_INTERNAL_ERROR; 2423 al = SSL_AD_INTERNAL_ERROR;
2432 EVP_PKEY_CTX_free(pctx); 2424 EVP_PKEY_CTX_free(pctx);
@@ -2435,7 +2427,7 @@ ssl3_get_cert_verify(SSL *s)
2435 2427
2436 if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) { 2428 if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) {
2437 al = SSL_AD_DECRYPT_ERROR; 2429 al = SSL_AD_DECRYPT_ERROR;
2438 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2430 SSLerror(
2439 SSL_R_BAD_SIGNATURE); 2431 SSL_R_BAD_SIGNATURE);
2440 EVP_PKEY_CTX_free(pctx); 2432 EVP_PKEY_CTX_free(pctx);
2441 goto f_err; 2433 goto f_err;
@@ -2445,7 +2437,7 @@ ssl3_get_cert_verify(SSL *s)
2445 } else 2437 } else
2446#endif 2438#endif
2447 { 2439 {
2448 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, 2440 SSLerror(
2449 ERR_R_INTERNAL_ERROR); 2441 ERR_R_INTERNAL_ERROR);
2450 al = SSL_AD_UNSUPPORTED_CERTIFICATE; 2442 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
2451 goto f_err; 2443 goto f_err;
@@ -2456,7 +2448,7 @@ ssl3_get_cert_verify(SSL *s)
2456 if (0) { 2448 if (0) {
2457truncated: 2449truncated:
2458 al = SSL_AD_DECODE_ERROR; 2450 al = SSL_AD_DECODE_ERROR;
2459 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_PACKET_LENGTH); 2451 SSLerror(SSL_R_BAD_PACKET_LENGTH);
2460f_err: 2452f_err:
2461 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2453 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2462 } 2454 }
@@ -2490,7 +2482,7 @@ ssl3_get_client_certificate(SSL *s)
2490 if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { 2482 if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
2491 if ((s->verify_mode & SSL_VERIFY_PEER) && 2483 if ((s->verify_mode & SSL_VERIFY_PEER) &&
2492 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { 2484 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
2493 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2485 SSLerror(
2494 SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); 2486 SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2495 al = SSL_AD_HANDSHAKE_FAILURE; 2487 al = SSL_AD_HANDSHAKE_FAILURE;
2496 goto f_err; 2488 goto f_err;
@@ -2500,7 +2492,7 @@ ssl3_get_client_certificate(SSL *s)
2500 * the client must return a 0 list. 2492 * the client must return a 0 list.
2501 */ 2493 */
2502 if (S3I(s)->tmp.cert_request) { 2494 if (S3I(s)->tmp.cert_request) {
2503 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2495 SSLerror(
2504 SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 2496 SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
2505 ); 2497 );
2506 al = SSL_AD_UNEXPECTED_MESSAGE; 2498 al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -2512,7 +2504,7 @@ ssl3_get_client_certificate(SSL *s)
2512 2504
2513 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { 2505 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
2514 al = SSL_AD_UNEXPECTED_MESSAGE; 2506 al = SSL_AD_UNEXPECTED_MESSAGE;
2515 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2507 SSLerror(
2516 SSL_R_WRONG_MESSAGE_TYPE); 2508 SSL_R_WRONG_MESSAGE_TYPE);
2517 goto f_err; 2509 goto f_err;
2518 } 2510 }
@@ -2523,7 +2515,7 @@ ssl3_get_client_certificate(SSL *s)
2523 CBS_init(&cbs, s->internal->init_msg, n); 2515 CBS_init(&cbs, s->internal->init_msg, n);
2524 2516
2525 if ((sk = sk_X509_new_null()) == NULL) { 2517 if ((sk = sk_X509_new_null()) == NULL) {
2526 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2518 SSLerror(
2527 ERR_R_MALLOC_FAILURE); 2519 ERR_R_MALLOC_FAILURE);
2528 goto err; 2520 goto err;
2529 } 2521 }
@@ -2537,7 +2529,7 @@ ssl3_get_client_certificate(SSL *s)
2537 2529
2538 if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) { 2530 if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
2539 al = SSL_AD_DECODE_ERROR; 2531 al = SSL_AD_DECODE_ERROR;
2540 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2532 SSLerror(
2541 SSL_R_CERT_LENGTH_MISMATCH); 2533 SSL_R_CERT_LENGTH_MISMATCH);
2542 goto f_err; 2534 goto f_err;
2543 } 2535 }
@@ -2545,18 +2537,18 @@ ssl3_get_client_certificate(SSL *s)
2545 q = CBS_data(&cert); 2537 q = CBS_data(&cert);
2546 x = d2i_X509(NULL, &q, CBS_len(&cert)); 2538 x = d2i_X509(NULL, &q, CBS_len(&cert));
2547 if (x == NULL) { 2539 if (x == NULL) {
2548 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2540 SSLerror(
2549 ERR_R_ASN1_LIB); 2541 ERR_R_ASN1_LIB);
2550 goto err; 2542 goto err;
2551 } 2543 }
2552 if (q != CBS_data(&cert) + CBS_len(&cert)) { 2544 if (q != CBS_data(&cert) + CBS_len(&cert)) {
2553 al = SSL_AD_DECODE_ERROR; 2545 al = SSL_AD_DECODE_ERROR;
2554 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2546 SSLerror(
2555 SSL_R_CERT_LENGTH_MISMATCH); 2547 SSL_R_CERT_LENGTH_MISMATCH);
2556 goto f_err; 2548 goto f_err;
2557 } 2549 }
2558 if (!sk_X509_push(sk, x)) { 2550 if (!sk_X509_push(sk, x)) {
2559 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2551 SSLerror(
2560 ERR_R_MALLOC_FAILURE); 2552 ERR_R_MALLOC_FAILURE);
2561 goto err; 2553 goto err;
2562 } 2554 }
@@ -2570,7 +2562,7 @@ ssl3_get_client_certificate(SSL *s)
2570 */ 2562 */
2571 if ((s->verify_mode & SSL_VERIFY_PEER) && 2563 if ((s->verify_mode & SSL_VERIFY_PEER) &&
2572 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { 2564 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
2573 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2565 SSLerror(
2574 SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); 2566 SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2575 al = SSL_AD_HANDSHAKE_FAILURE; 2567 al = SSL_AD_HANDSHAKE_FAILURE;
2576 goto f_err; 2568 goto f_err;
@@ -2584,7 +2576,7 @@ ssl3_get_client_certificate(SSL *s)
2584 i = ssl_verify_cert_chain(s, sk); 2576 i = ssl_verify_cert_chain(s, sk);
2585 if (i <= 0) { 2577 if (i <= 0) {
2586 al = ssl_verify_alarm_type(s->verify_result); 2578 al = ssl_verify_alarm_type(s->verify_result);
2587 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2579 SSLerror(
2588 SSL_R_NO_CERTIFICATE_RETURNED); 2580 SSL_R_NO_CERTIFICATE_RETURNED);
2589 goto f_err; 2581 goto f_err;
2590 } 2582 }
@@ -2601,7 +2593,7 @@ ssl3_get_client_certificate(SSL *s)
2601 if (SSI(s)->sess_cert == NULL) { 2593 if (SSI(s)->sess_cert == NULL) {
2602 SSI(s)->sess_cert = ssl_sess_cert_new(); 2594 SSI(s)->sess_cert = ssl_sess_cert_new();
2603 if (SSI(s)->sess_cert == NULL) { 2595 if (SSI(s)->sess_cert == NULL) {
2604 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2596 SSLerror(
2605 ERR_R_MALLOC_FAILURE); 2597 ERR_R_MALLOC_FAILURE);
2606 goto err; 2598 goto err;
2607 } 2599 }
@@ -2620,7 +2612,7 @@ ssl3_get_client_certificate(SSL *s)
2620 if (0) { 2612 if (0) {
2621truncated: 2613truncated:
2622 al = SSL_AD_DECODE_ERROR; 2614 al = SSL_AD_DECODE_ERROR;
2623 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, 2615 SSLerror(
2624 SSL_R_BAD_PACKET_LENGTH); 2616 SSL_R_BAD_PACKET_LENGTH);
2625f_err: 2617f_err:
2626 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2618 ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -2646,7 +2638,7 @@ ssl3_send_server_certificate(SSL *s)
2646 2638
2647 if (s->internal->state == SSL3_ST_SW_CERT_A) { 2639 if (s->internal->state == SSL3_ST_SW_CERT_A) {
2648 if ((x = ssl_get_server_send_cert(s)) == NULL) { 2640 if ((x = ssl_get_server_send_cert(s)) == NULL) {
2649 SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, 2641 SSLerror(
2650 ERR_R_INTERNAL_ERROR); 2642 ERR_R_INTERNAL_ERROR);
2651 return (0); 2643 return (0);
2652 } 2644 }
@@ -2865,7 +2857,7 @@ ssl3_get_next_proto(SSL *s)
2865 * extension in their ClientHello 2857 * extension in their ClientHello
2866 */ 2858 */
2867 if (!S3I(s)->next_proto_neg_seen) { 2859 if (!S3I(s)->next_proto_neg_seen) {
2868 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, 2860 SSLerror(
2869 SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); 2861 SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
2870 return (-1); 2862 return (-1);
2871 } 2863 }
@@ -2882,7 +2874,7 @@ ssl3_get_next_proto(SSL *s)
2882 * by ssl3_get_finished). 2874 * by ssl3_get_finished).
2883 */ 2875 */
2884 if (!S3I(s)->change_cipher_spec) { 2876 if (!S3I(s)->change_cipher_spec) {
2885 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, 2877 SSLerror(
2886 SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); 2878 SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
2887 return (-1); 2879 return (-1);
2888 } 2880 }
@@ -2913,7 +2905,7 @@ ssl3_get_next_proto(SSL *s)
2913 s->internal->next_proto_negotiated_len = 0; 2905 s->internal->next_proto_negotiated_len = 0;
2914 2906
2915 if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) { 2907 if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) {
2916 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, 2908 SSLerror(
2917 ERR_R_MALLOC_FAILURE); 2909 ERR_R_MALLOC_FAILURE);
2918 return (0); 2910 return (0);
2919 } 2911 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 18:39:57 +0000