diff options
Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 254 |
1 files changed, 85 insertions, 169 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 46ca4d6c9c..0b110d6a72 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.3 2017/01/26 10:40:21 beck Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.4 2017/01/26 12:16:13 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -253,8 +253,7 @@ ssl3_accept(SSL *s) | |||
| 253 | * client that doesn't support secure | 253 | * client that doesn't support secure |
| 254 | * renegotiation. | 254 | * renegotiation. |
| 255 | */ | 255 | */ |
| 256 | SSLerror( | 256 | SSLerror(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); |
| 257 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | ||
| 258 | ssl3_send_alert(s, SSL3_AL_FATAL, | 257 | ssl3_send_alert(s, SSL3_AL_FATAL, |
| 259 | SSL_AD_HANDSHAKE_FAILURE); | 258 | SSL_AD_HANDSHAKE_FAILURE); |
| 260 | ret = -1; | 259 | ret = -1; |
| @@ -484,8 +483,7 @@ ssl3_accept(SSL *s) | |||
| 484 | * at this point and digest cached records. | 483 | * at this point and digest cached records. |
| 485 | */ | 484 | */ |
| 486 | if (!S3I(s)->handshake_buffer) { | 485 | if (!S3I(s)->handshake_buffer) { |
| 487 | SSLerror( | 486 | SSLerror(ERR_R_INTERNAL_ERROR); |
| 488 | ERR_R_INTERNAL_ERROR); | ||
| 489 | ret = -1; | 487 | ret = -1; |
| 490 | goto end; | 488 | goto end; |
| 491 | } | 489 | } |
| @@ -673,8 +671,7 @@ ssl3_accept(SSL *s) | |||
| 673 | /* break; */ | 671 | /* break; */ |
| 674 | 672 | ||
| 675 | default: | 673 | default: |
| 676 | SSLerror( | 674 | SSLerror(SSL_R_UNKNOWN_STATE); |
| 677 | SSL_R_UNKNOWN_STATE); | ||
| 678 | ret = -1; | 675 | ret = -1; |
| 679 | goto end; | 676 | goto end; |
| 680 | /* break; */ | 677 | /* break; */ |
| @@ -868,8 +865,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 868 | if (cookie_len > sizeof(D1I(s)->rcvd_cookie)) { | 865 | if (cookie_len > sizeof(D1I(s)->rcvd_cookie)) { |
| 869 | /* too much data */ | 866 | /* too much data */ |
| 870 | al = SSL_AD_DECODE_ERROR; | 867 | al = SSL_AD_DECODE_ERROR; |
| 871 | SSLerror( | 868 | SSLerror(SSL_R_COOKIE_MISMATCH); |
| 872 | SSL_R_COOKIE_MISMATCH); | ||
| 873 | goto f_err; | 869 | goto f_err; |
| 874 | } | 870 | } |
| 875 | 871 | ||
| @@ -885,8 +881,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 885 | if (s->ctx->internal->app_verify_cookie_cb(s, | 881 | if (s->ctx->internal->app_verify_cookie_cb(s, |
| 886 | D1I(s)->rcvd_cookie, cookie_len) == 0) { | 882 | D1I(s)->rcvd_cookie, cookie_len) == 0) { |
| 887 | al = SSL_AD_HANDSHAKE_FAILURE; | 883 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 888 | SSLerror( | 884 | SSLerror(SSL_R_COOKIE_MISMATCH); |
| 889 | SSL_R_COOKIE_MISMATCH); | ||
| 890 | goto f_err; | 885 | goto f_err; |
| 891 | } | 886 | } |
| 892 | /* else cookie verification succeeded */ | 887 | /* else cookie verification succeeded */ |
| @@ -894,8 +889,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 894 | D1I(s)->cookie_len) != 0) { | 889 | D1I(s)->cookie_len) != 0) { |
| 895 | /* default verification */ | 890 | /* default verification */ |
| 896 | al = SSL_AD_HANDSHAKE_FAILURE; | 891 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 897 | SSLerror( | 892 | SSLerror(SSL_R_COOKIE_MISMATCH); |
| 898 | SSL_R_COOKIE_MISMATCH); | ||
| 899 | goto f_err; | 893 | goto f_err; |
| 900 | } | 894 | } |
| 901 | 895 | ||
| @@ -911,8 +905,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 911 | if ((i == 0) && (j != 0)) { | 905 | if ((i == 0) && (j != 0)) { |
| 912 | /* we need a cipher if we are not resuming a session */ | 906 | /* we need a cipher if we are not resuming a session */ |
| 913 | al = SSL_AD_ILLEGAL_PARAMETER; | 907 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 914 | SSLerror( | 908 | SSLerror(SSL_R_NO_CIPHERS_SPECIFIED); |
| 915 | SSL_R_NO_CIPHERS_SPECIFIED); | ||
| 916 | goto f_err; | 909 | goto f_err; |
| 917 | } | 910 | } |
| 918 | if (p - d + i > n) | 911 | if (p - d + i > n) |
| @@ -941,8 +934,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 941 | * list if we are asked to reuse it | 934 | * list if we are asked to reuse it |
| 942 | */ | 935 | */ |
| 943 | al = SSL_AD_ILLEGAL_PARAMETER; | 936 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 944 | SSLerror( | 937 | SSLerror(SSL_R_REQUIRED_CIPHER_MISSING); |
| 945 | SSL_R_REQUIRED_CIPHER_MISSING); | ||
| 946 | goto f_err; | 938 | goto f_err; |
| 947 | } | 939 | } |
| 948 | } | 940 | } |
| @@ -962,8 +954,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 962 | if (j >= i) { | 954 | if (j >= i) { |
| 963 | /* no compress */ | 955 | /* no compress */ |
| 964 | al = SSL_AD_DECODE_ERROR; | 956 | al = SSL_AD_DECODE_ERROR; |
| 965 | SSLerror( | 957 | SSLerror(SSL_R_NO_COMPRESSION_SPECIFIED); |
| 966 | SSL_R_NO_COMPRESSION_SPECIFIED); | ||
| 967 | goto f_err; | 958 | goto f_err; |
| 968 | } | 959 | } |
| 969 | 960 | ||
| @@ -974,8 +965,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 974 | goto f_err; | 965 | goto f_err; |
| 975 | } | 966 | } |
| 976 | if (ssl_check_clienthello_tlsext_early(s) <= 0) { | 967 | if (ssl_check_clienthello_tlsext_early(s) <= 0) { |
| 977 | SSLerror( | 968 | SSLerror(SSL_R_CLIENTHELLO_TLSEXT); |
| 978 | SSL_R_CLIENTHELLO_TLSEXT); | ||
| 979 | goto err; | 969 | goto err; |
| 980 | } | 970 | } |
| 981 | 971 | ||
| @@ -1006,8 +996,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 1006 | SSL_get_ciphers(s)); | 996 | SSL_get_ciphers(s)); |
| 1007 | if (pref_cipher == NULL) { | 997 | if (pref_cipher == NULL) { |
| 1008 | al = SSL_AD_HANDSHAKE_FAILURE; | 998 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 1009 | SSLerror( | 999 | SSLerror(SSL_R_NO_SHARED_CIPHER); |
| 1010 | SSL_R_NO_SHARED_CIPHER); | ||
| 1011 | goto f_err; | 1000 | goto f_err; |
| 1012 | } | 1001 | } |
| 1013 | 1002 | ||
| @@ -1032,8 +1021,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 1032 | s->session->ciphers = ciphers; | 1021 | s->session->ciphers = ciphers; |
| 1033 | if (ciphers == NULL) { | 1022 | if (ciphers == NULL) { |
| 1034 | al = SSL_AD_ILLEGAL_PARAMETER; | 1023 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 1035 | SSLerror( | 1024 | SSLerror(SSL_R_NO_CIPHERS_PASSED); |
| 1036 | SSL_R_NO_CIPHERS_PASSED); | ||
| 1037 | goto f_err; | 1025 | goto f_err; |
| 1038 | } | 1026 | } |
| 1039 | ciphers = NULL; | 1027 | ciphers = NULL; |
| @@ -1042,8 +1030,7 @@ ssl3_get_client_hello(SSL *s) | |||
| 1042 | 1030 | ||
| 1043 | if (c == NULL) { | 1031 | if (c == NULL) { |
| 1044 | al = SSL_AD_HANDSHAKE_FAILURE; | 1032 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 1045 | SSLerror( | 1033 | SSLerror(SSL_R_NO_SHARED_CIPHER); |
| 1046 | SSL_R_NO_SHARED_CIPHER); | ||
| 1047 | goto f_err; | 1034 | goto f_err; |
| 1048 | } | 1035 | } |
| 1049 | S3I(s)->tmp.new_cipher = c; | 1036 | S3I(s)->tmp.new_cipher = c; |
| @@ -1142,8 +1129,7 @@ ssl3_send_server_hello(SSL *s) | |||
| 1142 | 1129 | ||
| 1143 | sl = s->session->session_id_length; | 1130 | sl = s->session->session_id_length; |
| 1144 | if (sl > (int)sizeof(s->session->session_id)) { | 1131 | if (sl > (int)sizeof(s->session->session_id)) { |
| 1145 | SSLerror( | 1132 | SSLerror(ERR_R_INTERNAL_ERROR); |
| 1146 | ERR_R_INTERNAL_ERROR); | ||
| 1147 | goto err; | 1133 | goto err; |
| 1148 | } | 1134 | } |
| 1149 | 1135 | ||
| @@ -1166,8 +1152,7 @@ ssl3_send_server_hello(SSL *s) | |||
| 1166 | 1152 | ||
| 1167 | if ((p = ssl_add_serverhello_tlsext(s, p + outlen, | 1153 | if ((p = ssl_add_serverhello_tlsext(s, p + outlen, |
| 1168 | bufend)) == NULL) { | 1154 | bufend)) == NULL) { |
| 1169 | SSLerror( | 1155 | SSLerror(ERR_R_INTERNAL_ERROR); |
| 1170 | ERR_R_INTERNAL_ERROR); | ||
| 1171 | goto err; | 1156 | goto err; |
| 1172 | } | 1157 | } |
| 1173 | 1158 | ||
| @@ -1208,8 +1193,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) | |||
| 1208 | if (s->cert->dh_tmp_auto != 0) { | 1193 | if (s->cert->dh_tmp_auto != 0) { |
| 1209 | if ((dhp = ssl_get_auto_dh(s)) == NULL) { | 1194 | if ((dhp = ssl_get_auto_dh(s)) == NULL) { |
| 1210 | al = SSL_AD_INTERNAL_ERROR; | 1195 | al = SSL_AD_INTERNAL_ERROR; |
| 1211 | SSLerror( | 1196 | SSLerror(ERR_R_INTERNAL_ERROR); |
| 1212 | ERR_R_INTERNAL_ERROR); | ||
| 1213 | goto f_err; | 1197 | goto f_err; |
| 1214 | } | 1198 | } |
| 1215 | } else | 1199 | } else |
| @@ -1221,14 +1205,12 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) | |||
| 1221 | 1205 | ||
| 1222 | if (dhp == NULL) { | 1206 | if (dhp == NULL) { |
| 1223 | al = SSL_AD_HANDSHAKE_FAILURE; | 1207 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 1224 | SSLerror( | 1208 | SSLerror(SSL_R_MISSING_TMP_DH_KEY); |
| 1225 | SSL_R_MISSING_TMP_DH_KEY); | ||
| 1226 | goto f_err; | 1209 | goto f_err; |
| 1227 | } | 1210 | } |
| 1228 | 1211 | ||
| 1229 | if (S3I(s)->tmp.dh != NULL) { | 1212 | if (S3I(s)->tmp.dh != NULL) { |
| 1230 | SSLerror( | 1213 | SSLerror(ERR_R_INTERNAL_ERROR); |
| 1231 | ERR_R_INTERNAL_ERROR); | ||
| 1232 | goto err; | 1214 | goto err; |
| 1233 | } | 1215 | } |
| 1234 | 1216 | ||
| @@ -1299,14 +1281,12 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) | |||
| 1299 | } | 1281 | } |
| 1300 | if (ecdhp == NULL) { | 1282 | if (ecdhp == NULL) { |
| 1301 | al = SSL_AD_HANDSHAKE_FAILURE; | 1283 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 1302 | SSLerror( | 1284 | SSLerror(SSL_R_MISSING_TMP_ECDH_KEY); |
| 1303 | SSL_R_MISSING_TMP_ECDH_KEY); | ||
| 1304 | goto f_err; | 1285 | goto f_err; |
| 1305 | } | 1286 | } |
| 1306 | 1287 | ||
| 1307 | if (S3I(s)->tmp.ecdh != NULL) { | 1288 | if (S3I(s)->tmp.ecdh != NULL) { |
| 1308 | SSLerror( | 1289 | SSLerror(ERR_R_INTERNAL_ERROR); |
| 1309 | ERR_R_INTERNAL_ERROR); | ||
| 1310 | goto err; | 1290 | goto err; |
| 1311 | } | 1291 | } |
| 1312 | 1292 | ||
| @@ -1314,8 +1294,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) | |||
| 1314 | if (s->cert->ecdh_tmp_auto != 0) { | 1294 | if (s->cert->ecdh_tmp_auto != 0) { |
| 1315 | ecdh = ecdhp; | 1295 | ecdh = ecdhp; |
| 1316 | } else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { | 1296 | } else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { |
| 1317 | SSLerror( | 1297 | SSLerror(ERR_R_ECDH_LIB); |
| 1318 | ERR_R_ECDH_LIB); | ||
| 1319 | goto err; | 1298 | goto err; |
| 1320 | } | 1299 | } |
| 1321 | S3I(s)->tmp.ecdh = ecdh; | 1300 | S3I(s)->tmp.ecdh = ecdh; |
| @@ -1324,8 +1303,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) | |||
| 1324 | (EC_KEY_get0_private_key(ecdh) == NULL) || | 1303 | (EC_KEY_get0_private_key(ecdh) == NULL) || |
| 1325 | (s->internal->options & SSL_OP_SINGLE_ECDH_USE)) { | 1304 | (s->internal->options & SSL_OP_SINGLE_ECDH_USE)) { |
| 1326 | if (!EC_KEY_generate_key(ecdh)) { | 1305 | if (!EC_KEY_generate_key(ecdh)) { |
| 1327 | SSLerror( | 1306 | SSLerror(ERR_R_ECDH_LIB); |
| 1328 | ERR_R_ECDH_LIB); | ||
| 1329 | goto err; | 1307 | goto err; |
| 1330 | } | 1308 | } |
| 1331 | } | 1309 | } |
| @@ -1333,8 +1311,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) | |||
| 1333 | if (((group = EC_KEY_get0_group(ecdh)) == NULL) || | 1311 | if (((group = EC_KEY_get0_group(ecdh)) == NULL) || |
| 1334 | (EC_KEY_get0_public_key(ecdh) == NULL) || | 1312 | (EC_KEY_get0_public_key(ecdh) == NULL) || |
| 1335 | (EC_KEY_get0_private_key(ecdh) == NULL)) { | 1313 | (EC_KEY_get0_private_key(ecdh) == NULL)) { |
| 1336 | SSLerror( | 1314 | SSLerror(ERR_R_ECDH_LIB); |
| 1337 | ERR_R_ECDH_LIB); | ||
| 1338 | goto err; | 1315 | goto err; |
| 1339 | } | 1316 | } |
| 1340 | 1317 | ||
| @@ -1344,8 +1321,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) | |||
| 1344 | */ | 1321 | */ |
| 1345 | if ((curve_id = tls1_ec_nid2curve_id( | 1322 | if ((curve_id = tls1_ec_nid2curve_id( |
| 1346 | EC_GROUP_get_curve_name(group))) == 0) { | 1323 | EC_GROUP_get_curve_name(group))) == 0) { |
| 1347 | SSLerror( | 1324 | SSLerror(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); |
| 1348 | SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); | ||
| 1349 | goto err; | 1325 | goto err; |
| 1350 | } | 1326 | } |
| 1351 | 1327 | ||
| @@ -1360,8 +1336,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) | |||
| 1360 | 1336 | ||
| 1361 | bn_ctx = BN_CTX_new(); | 1337 | bn_ctx = BN_CTX_new(); |
| 1362 | if ((encodedPoint == NULL) || (bn_ctx == NULL)) { | 1338 | if ((encodedPoint == NULL) || (bn_ctx == NULL)) { |
| 1363 | SSLerror( | 1339 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 1364 | ERR_R_MALLOC_FAILURE); | ||
| 1365 | goto err; | 1340 | goto err; |
| 1366 | } | 1341 | } |
| 1367 | 1342 | ||
| @@ -1421,8 +1396,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb) | |||
| 1421 | 1396 | ||
| 1422 | /* Generate an X25519 key pair. */ | 1397 | /* Generate an X25519 key pair. */ |
| 1423 | if (S3I(s)->tmp.x25519 != NULL) { | 1398 | if (S3I(s)->tmp.x25519 != NULL) { |
| 1424 | SSLerror( | 1399 | SSLerror(ERR_R_INTERNAL_ERROR); |
| 1425 | ERR_R_INTERNAL_ERROR); | ||
| 1426 | goto err; | 1400 | goto err; |
| 1427 | } | 1401 | } |
| 1428 | if ((S3I(s)->tmp.x25519 = malloc(X25519_KEY_LENGTH)) == NULL) | 1402 | if ((S3I(s)->tmp.x25519 = malloc(X25519_KEY_LENGTH)) == NULL) |
| @@ -1433,8 +1407,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb) | |||
| 1433 | 1407 | ||
| 1434 | /* Serialize public key. */ | 1408 | /* Serialize public key. */ |
| 1435 | if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { | 1409 | if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { |
| 1436 | SSLerror( | 1410 | SSLerror(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); |
| 1437 | SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); | ||
| 1438 | goto err; | 1411 | goto err; |
| 1439 | } | 1412 | } |
| 1440 | 1413 | ||
| @@ -1509,8 +1482,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1509 | goto err; | 1482 | goto err; |
| 1510 | } else { | 1483 | } else { |
| 1511 | al = SSL_AD_HANDSHAKE_FAILURE; | 1484 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 1512 | SSLerror( | 1485 | SSLerror(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); |
| 1513 | SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); | ||
| 1514 | goto f_err; | 1486 | goto f_err; |
| 1515 | } | 1487 | } |
| 1516 | 1488 | ||
| @@ -1531,8 +1503,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1531 | 1503 | ||
| 1532 | if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + | 1504 | if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + |
| 1533 | params_len + kn)) { | 1505 | params_len + kn)) { |
| 1534 | SSLerror( | 1506 | SSLerror(ERR_LIB_BUF); |
| 1535 | ERR_LIB_BUF); | ||
| 1536 | goto err; | 1507 | goto err; |
| 1537 | } | 1508 | } |
| 1538 | 1509 | ||
| @@ -1611,8 +1582,7 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1611 | } else { | 1582 | } else { |
| 1612 | /* Is this error check actually needed? */ | 1583 | /* Is this error check actually needed? */ |
| 1613 | al = SSL_AD_HANDSHAKE_FAILURE; | 1584 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 1614 | SSLerror( | 1585 | SSLerror(SSL_R_UNKNOWN_PKEY_TYPE); |
| 1615 | SSL_R_UNKNOWN_PKEY_TYPE); | ||
| 1616 | goto f_err; | 1586 | goto f_err; |
| 1617 | } | 1587 | } |
| 1618 | } | 1588 | } |
| @@ -1724,8 +1694,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n) | |||
| 1724 | if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || | 1694 | if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || |
| 1725 | (pkey->pkey.rsa == NULL)) { | 1695 | (pkey->pkey.rsa == NULL)) { |
| 1726 | al = SSL_AD_HANDSHAKE_FAILURE; | 1696 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 1727 | SSLerror( | 1697 | SSLerror(SSL_R_MISSING_RSA_CERTIFICATE); |
| 1728 | SSL_R_MISSING_RSA_CERTIFICATE); | ||
| 1729 | goto f_err; | 1698 | goto f_err; |
| 1730 | } | 1699 | } |
| 1731 | rsa = pkey->pkey.rsa; | 1700 | rsa = pkey->pkey.rsa; |
| @@ -1734,8 +1703,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n) | |||
| 1734 | goto truncated; | 1703 | goto truncated; |
| 1735 | n2s(p, i); | 1704 | n2s(p, i); |
| 1736 | if (n != i + 2) { | 1705 | if (n != i + 2) { |
| 1737 | SSLerror( | 1706 | SSLerror(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG); |
| 1738 | SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG); | ||
| 1739 | goto err; | 1707 | goto err; |
| 1740 | } else | 1708 | } else |
| 1741 | n = i; | 1709 | n = i; |
| @@ -1836,15 +1804,13 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n) | |||
| 1836 | 1804 | ||
| 1837 | if (S3I(s)->tmp.dh == NULL) { | 1805 | if (S3I(s)->tmp.dh == NULL) { |
| 1838 | al = SSL_AD_HANDSHAKE_FAILURE; | 1806 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 1839 | SSLerror( | 1807 | SSLerror(SSL_R_MISSING_TMP_DH_KEY); |
| 1840 | SSL_R_MISSING_TMP_DH_KEY); | ||
| 1841 | goto f_err; | 1808 | goto f_err; |
| 1842 | } | 1809 | } |
| 1843 | dh = S3I(s)->tmp.dh; | 1810 | dh = S3I(s)->tmp.dh; |
| 1844 | 1811 | ||
| 1845 | if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) { | 1812 | if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) { |
| 1846 | SSLerror( | 1813 | SSLerror(SSL_R_BN_LIB); |
| 1847 | SSL_R_BN_LIB); | ||
| 1848 | goto err; | 1814 | goto err; |
| 1849 | } | 1815 | } |
| 1850 | 1816 | ||
| @@ -1894,8 +1860,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) | |||
| 1894 | 1860 | ||
| 1895 | /* Initialize structures for server's ECDH key pair. */ | 1861 | /* Initialize structures for server's ECDH key pair. */ |
| 1896 | if ((srvr_ecdh = EC_KEY_new()) == NULL) { | 1862 | if ((srvr_ecdh = EC_KEY_new()) == NULL) { |
| 1897 | SSLerror( | 1863 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 1898 | ERR_R_MALLOC_FAILURE); | ||
| 1899 | goto err; | 1864 | goto err; |
| 1900 | } | 1865 | } |
| 1901 | 1866 | ||
| @@ -1910,15 +1875,13 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) | |||
| 1910 | 1875 | ||
| 1911 | if (!EC_KEY_set_group(srvr_ecdh, group) || | 1876 | if (!EC_KEY_set_group(srvr_ecdh, group) || |
| 1912 | !EC_KEY_set_private_key(srvr_ecdh, priv_key)) { | 1877 | !EC_KEY_set_private_key(srvr_ecdh, priv_key)) { |
| 1913 | SSLerror( | 1878 | SSLerror(ERR_R_EC_LIB); |
| 1914 | ERR_R_EC_LIB); | ||
| 1915 | goto err; | 1879 | goto err; |
| 1916 | } | 1880 | } |
| 1917 | 1881 | ||
| 1918 | /* Let's get client's public key */ | 1882 | /* Let's get client's public key */ |
| 1919 | if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) { | 1883 | if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) { |
| 1920 | SSLerror( | 1884 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 1921 | ERR_R_MALLOC_FAILURE); | ||
| 1922 | goto err; | 1885 | goto err; |
| 1923 | } | 1886 | } |
| 1924 | 1887 | ||
| @@ -1940,16 +1903,14 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) | |||
| 1940 | * group. | 1903 | * group. |
| 1941 | */ | 1904 | */ |
| 1942 | al = SSL_AD_HANDSHAKE_FAILURE; | 1905 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 1943 | SSLerror( | 1906 | SSLerror(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS); |
| 1944 | SSL_R_UNABLE_TO_DECODE_ECDH_CERTS); | ||
| 1945 | goto f_err; | 1907 | goto f_err; |
| 1946 | } | 1908 | } |
| 1947 | 1909 | ||
| 1948 | if (EC_POINT_copy(clnt_ecpoint, | 1910 | if (EC_POINT_copy(clnt_ecpoint, |
| 1949 | EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) | 1911 | EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) |
| 1950 | == 0) { | 1912 | == 0) { |
| 1951 | SSLerror( | 1913 | SSLerror(ERR_R_EC_LIB); |
| 1952 | ERR_R_EC_LIB); | ||
| 1953 | goto err; | 1914 | goto err; |
| 1954 | } | 1915 | } |
| 1955 | ret = 2; /* Skip certificate verify processing */ | 1916 | ret = 2; /* Skip certificate verify processing */ |
| @@ -1959,8 +1920,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) | |||
| 1959 | * in the ClientKeyExchange message. | 1920 | * in the ClientKeyExchange message. |
| 1960 | */ | 1921 | */ |
| 1961 | if ((bn_ctx = BN_CTX_new()) == NULL) { | 1922 | if ((bn_ctx = BN_CTX_new()) == NULL) { |
| 1962 | SSLerror( | 1923 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 1963 | ERR_R_MALLOC_FAILURE); | ||
| 1964 | goto err; | 1924 | goto err; |
| 1965 | } | 1925 | } |
| 1966 | 1926 | ||
| @@ -1969,14 +1929,12 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) | |||
| 1969 | 1929 | ||
| 1970 | p += 1; | 1930 | p += 1; |
| 1971 | if (n != 1 + i) { | 1931 | if (n != 1 + i) { |
| 1972 | SSLerror( | 1932 | SSLerror(ERR_R_EC_LIB); |
| 1973 | ERR_R_EC_LIB); | ||
| 1974 | goto err; | 1933 | goto err; |
| 1975 | } | 1934 | } |
| 1976 | if (EC_POINT_oct2point(group, | 1935 | if (EC_POINT_oct2point(group, |
| 1977 | clnt_ecpoint, p, i, bn_ctx) == 0) { | 1936 | clnt_ecpoint, p, i, bn_ctx) == 0) { |
| 1978 | SSLerror( | 1937 | SSLerror(ERR_R_EC_LIB); |
| 1979 | ERR_R_EC_LIB); | ||
| 1980 | goto err; | 1938 | goto err; |
| 1981 | } | 1939 | } |
| 1982 | /* | 1940 | /* |
| @@ -1989,15 +1947,13 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n) | |||
| 1989 | /* Compute the shared pre-master secret */ | 1947 | /* Compute the shared pre-master secret */ |
| 1990 | key_size = ECDH_size(srvr_ecdh); | 1948 | key_size = ECDH_size(srvr_ecdh); |
| 1991 | if (key_size <= 0) { | 1949 | if (key_size <= 0) { |
| 1992 | SSLerror( | 1950 | SSLerror(ERR_R_ECDH_LIB); |
| 1993 | ERR_R_ECDH_LIB); | ||
| 1994 | goto err; | 1951 | goto err; |
| 1995 | } | 1952 | } |
| 1996 | i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh, | 1953 | i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh, |
| 1997 | NULL); | 1954 | NULL); |
| 1998 | if (i <= 0) { | 1955 | if (i <= 0) { |
| 1999 | SSLerror( | 1956 | SSLerror(ERR_R_ECDH_LIB); |
| 2000 | ERR_R_ECDH_LIB); | ||
| 2001 | goto err; | 1957 | goto err; |
| 2002 | } | 1958 | } |
| 2003 | 1959 | ||
| @@ -2114,16 +2070,14 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n) | |||
| 2114 | if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, | 2070 | if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, |
| 2115 | &Tclass, n) != V_ASN1_CONSTRUCTED || | 2071 | &Tclass, n) != V_ASN1_CONSTRUCTED || |
| 2116 | Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) { | 2072 | Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) { |
| 2117 | SSLerror( | 2073 | SSLerror(SSL_R_DECRYPTION_FAILED); |
| 2118 | SSL_R_DECRYPTION_FAILED); | ||
| 2119 | goto gerr; | 2074 | goto gerr; |
| 2120 | } | 2075 | } |
| 2121 | start = p; | 2076 | start = p; |
| 2122 | inlen = Tlen; | 2077 | inlen = Tlen; |
| 2123 | if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, | 2078 | if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, |
| 2124 | start, inlen) <=0) { | 2079 | start, inlen) <=0) { |
| 2125 | SSLerror( | 2080 | SSLerror(SSL_R_DECRYPTION_FAILED); |
| 2126 | SSL_R_DECRYPTION_FAILED); | ||
| 2127 | goto gerr; | 2081 | goto gerr; |
| 2128 | } | 2082 | } |
| 2129 | /* Generate master secret */ | 2083 | /* Generate master secret */ |
| @@ -2184,8 +2138,7 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 2184 | goto err; | 2138 | goto err; |
| 2185 | } else { | 2139 | } else { |
| 2186 | al = SSL_AD_HANDSHAKE_FAILURE; | 2140 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 2187 | SSLerror( | 2141 | SSLerror(SSL_R_UNKNOWN_CIPHER_TYPE); |
| 2188 | SSL_R_UNKNOWN_CIPHER_TYPE); | ||
| 2189 | goto f_err; | 2142 | goto f_err; |
| 2190 | } | 2143 | } |
| 2191 | 2144 | ||
| @@ -2228,8 +2181,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2228 | S3I(s)->tmp.reuse_message = 1; | 2181 | S3I(s)->tmp.reuse_message = 1; |
| 2229 | if (peer != NULL) { | 2182 | if (peer != NULL) { |
| 2230 | al = SSL_AD_UNEXPECTED_MESSAGE; | 2183 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 2231 | SSLerror( | 2184 | SSLerror(SSL_R_MISSING_VERIFY_MESSAGE); |
| 2232 | SSL_R_MISSING_VERIFY_MESSAGE); | ||
| 2233 | goto f_err; | 2185 | goto f_err; |
| 2234 | } | 2186 | } |
| 2235 | ret = 1; | 2187 | ret = 1; |
| @@ -2237,22 +2189,19 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2237 | } | 2189 | } |
| 2238 | 2190 | ||
| 2239 | if (peer == NULL) { | 2191 | if (peer == NULL) { |
| 2240 | SSLerror( | 2192 | SSLerror(SSL_R_NO_CLIENT_CERT_RECEIVED); |
| 2241 | SSL_R_NO_CLIENT_CERT_RECEIVED); | ||
| 2242 | al = SSL_AD_UNEXPECTED_MESSAGE; | 2193 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 2243 | goto f_err; | 2194 | goto f_err; |
| 2244 | } | 2195 | } |
| 2245 | 2196 | ||
| 2246 | if (!(type & EVP_PKT_SIGN)) { | 2197 | if (!(type & EVP_PKT_SIGN)) { |
| 2247 | SSLerror( | 2198 | SSLerror(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); |
| 2248 | SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); | ||
| 2249 | al = SSL_AD_ILLEGAL_PARAMETER; | 2199 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 2250 | goto f_err; | 2200 | goto f_err; |
| 2251 | } | 2201 | } |
| 2252 | 2202 | ||
| 2253 | if (S3I(s)->change_cipher_spec) { | 2203 | if (S3I(s)->change_cipher_spec) { |
| 2254 | SSLerror( | 2204 | SSLerror(SSL_R_CCS_RECEIVED_EARLY); |
| 2255 | SSL_R_CCS_RECEIVED_EARLY); | ||
| 2256 | al = SSL_AD_UNEXPECTED_MESSAGE; | 2205 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 2257 | goto f_err; | 2206 | goto f_err; |
| 2258 | } | 2207 | } |
| @@ -2273,8 +2222,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2273 | int sigalg = tls12_get_sigid(pkey); | 2222 | int sigalg = tls12_get_sigid(pkey); |
| 2274 | /* Should never happen */ | 2223 | /* Should never happen */ |
| 2275 | if (sigalg == -1) { | 2224 | if (sigalg == -1) { |
| 2276 | SSLerror( | 2225 | SSLerror(ERR_R_INTERNAL_ERROR); |
| 2277 | ERR_R_INTERNAL_ERROR); | ||
| 2278 | al = SSL_AD_INTERNAL_ERROR; | 2226 | al = SSL_AD_INTERNAL_ERROR; |
| 2279 | goto f_err; | 2227 | goto f_err; |
| 2280 | } | 2228 | } |
| @@ -2282,15 +2230,13 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2282 | goto truncated; | 2230 | goto truncated; |
| 2283 | /* Check key type is consistent with signature */ | 2231 | /* Check key type is consistent with signature */ |
| 2284 | if (sigalg != (int)p[1]) { | 2232 | if (sigalg != (int)p[1]) { |
| 2285 | SSLerror( | 2233 | SSLerror(SSL_R_WRONG_SIGNATURE_TYPE); |
| 2286 | SSL_R_WRONG_SIGNATURE_TYPE); | ||
| 2287 | al = SSL_AD_DECODE_ERROR; | 2234 | al = SSL_AD_DECODE_ERROR; |
| 2288 | goto f_err; | 2235 | goto f_err; |
| 2289 | } | 2236 | } |
| 2290 | md = tls12_get_hash(p[0]); | 2237 | md = tls12_get_hash(p[0]); |
| 2291 | if (md == NULL) { | 2238 | if (md == NULL) { |
| 2292 | SSLerror( | 2239 | SSLerror(SSL_R_UNKNOWN_DIGEST); |
| 2293 | SSL_R_UNKNOWN_DIGEST); | ||
| 2294 | al = SSL_AD_DECODE_ERROR; | 2240 | al = SSL_AD_DECODE_ERROR; |
| 2295 | goto f_err; | 2241 | goto f_err; |
| 2296 | } | 2242 | } |
| @@ -2306,8 +2252,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2306 | } | 2252 | } |
| 2307 | j = EVP_PKEY_size(pkey); | 2253 | j = EVP_PKEY_size(pkey); |
| 2308 | if ((i > j) || (n > j) || (n <= 0)) { | 2254 | if ((i > j) || (n > j) || (n <= 0)) { |
| 2309 | SSLerror( | 2255 | SSLerror(SSL_R_WRONG_SIGNATURE_SIZE); |
| 2310 | SSL_R_WRONG_SIGNATURE_SIZE); | ||
| 2311 | al = SSL_AD_DECODE_ERROR; | 2256 | al = SSL_AD_DECODE_ERROR; |
| 2312 | goto f_err; | 2257 | goto f_err; |
| 2313 | } | 2258 | } |
| @@ -2317,23 +2262,20 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2317 | void *hdata; | 2262 | void *hdata; |
| 2318 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); | 2263 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); |
| 2319 | if (hdatalen <= 0) { | 2264 | if (hdatalen <= 0) { |
| 2320 | SSLerror( | 2265 | SSLerror(ERR_R_INTERNAL_ERROR); |
| 2321 | ERR_R_INTERNAL_ERROR); | ||
| 2322 | al = SSL_AD_INTERNAL_ERROR; | 2266 | al = SSL_AD_INTERNAL_ERROR; |
| 2323 | goto f_err; | 2267 | goto f_err; |
| 2324 | } | 2268 | } |
| 2325 | if (!EVP_VerifyInit_ex(&mctx, md, NULL) || | 2269 | if (!EVP_VerifyInit_ex(&mctx, md, NULL) || |
| 2326 | !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { | 2270 | !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { |
| 2327 | SSLerror( | 2271 | SSLerror(ERR_R_EVP_LIB); |
| 2328 | ERR_R_EVP_LIB); | ||
| 2329 | al = SSL_AD_INTERNAL_ERROR; | 2272 | al = SSL_AD_INTERNAL_ERROR; |
| 2330 | goto f_err; | 2273 | goto f_err; |
| 2331 | } | 2274 | } |
| 2332 | 2275 | ||
| 2333 | if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) { | 2276 | if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) { |
| 2334 | al = SSL_AD_DECRYPT_ERROR; | 2277 | al = SSL_AD_DECRYPT_ERROR; |
| 2335 | SSLerror( | 2278 | SSLerror(SSL_R_BAD_SIGNATURE); |
| 2336 | SSL_R_BAD_SIGNATURE); | ||
| 2337 | goto f_err; | 2279 | goto f_err; |
| 2338 | } | 2280 | } |
| 2339 | } else | 2281 | } else |
| @@ -2343,14 +2285,12 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2343 | pkey->pkey.rsa); | 2285 | pkey->pkey.rsa); |
| 2344 | if (i < 0) { | 2286 | if (i < 0) { |
| 2345 | al = SSL_AD_DECRYPT_ERROR; | 2287 | al = SSL_AD_DECRYPT_ERROR; |
| 2346 | SSLerror( | 2288 | SSLerror(SSL_R_BAD_RSA_DECRYPT); |
| 2347 | SSL_R_BAD_RSA_DECRYPT); | ||
| 2348 | goto f_err; | 2289 | goto f_err; |
| 2349 | } | 2290 | } |
| 2350 | if (i == 0) { | 2291 | if (i == 0) { |
| 2351 | al = SSL_AD_DECRYPT_ERROR; | 2292 | al = SSL_AD_DECRYPT_ERROR; |
| 2352 | SSLerror( | 2293 | SSLerror(SSL_R_BAD_RSA_SIGNATURE); |
| 2353 | SSL_R_BAD_RSA_SIGNATURE); | ||
| 2354 | goto f_err; | 2294 | goto f_err; |
| 2355 | } | 2295 | } |
| 2356 | } else | 2296 | } else |
| @@ -2361,8 +2301,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2361 | if (j <= 0) { | 2301 | if (j <= 0) { |
| 2362 | /* bad signature */ | 2302 | /* bad signature */ |
| 2363 | al = SSL_AD_DECRYPT_ERROR; | 2303 | al = SSL_AD_DECRYPT_ERROR; |
| 2364 | SSLerror( | 2304 | SSLerror(SSL_R_BAD_DSA_SIGNATURE); |
| 2365 | SSL_R_BAD_DSA_SIGNATURE); | ||
| 2366 | goto f_err; | 2305 | goto f_err; |
| 2367 | } | 2306 | } |
| 2368 | } else | 2307 | } else |
| @@ -2373,8 +2312,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2373 | if (j <= 0) { | 2312 | if (j <= 0) { |
| 2374 | /* bad signature */ | 2313 | /* bad signature */ |
| 2375 | al = SSL_AD_DECRYPT_ERROR; | 2314 | al = SSL_AD_DECRYPT_ERROR; |
| 2376 | SSLerror( | 2315 | SSLerror(SSL_R_BAD_ECDSA_SIGNATURE); |
| 2377 | SSL_R_BAD_ECDSA_SIGNATURE); | ||
| 2378 | goto f_err; | 2316 | goto f_err; |
| 2379 | } | 2317 | } |
| 2380 | } else | 2318 | } else |
| @@ -2390,22 +2328,19 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2390 | 2328 | ||
| 2391 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); | 2329 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); |
| 2392 | if (hdatalen <= 0) { | 2330 | if (hdatalen <= 0) { |
| 2393 | SSLerror( | 2331 | SSLerror(ERR_R_INTERNAL_ERROR); |
| 2394 | ERR_R_INTERNAL_ERROR); | ||
| 2395 | al = SSL_AD_INTERNAL_ERROR; | 2332 | al = SSL_AD_INTERNAL_ERROR; |
| 2396 | goto f_err; | 2333 | goto f_err; |
| 2397 | } | 2334 | } |
| 2398 | if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || | 2335 | if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || |
| 2399 | !(md = EVP_get_digestbynid(nid))) { | 2336 | !(md = EVP_get_digestbynid(nid))) { |
| 2400 | SSLerror( | 2337 | SSLerror(ERR_R_EVP_LIB); |
| 2401 | ERR_R_EVP_LIB); | ||
| 2402 | al = SSL_AD_INTERNAL_ERROR; | 2338 | al = SSL_AD_INTERNAL_ERROR; |
| 2403 | goto f_err; | 2339 | goto f_err; |
| 2404 | } | 2340 | } |
| 2405 | pctx = EVP_PKEY_CTX_new(pkey, NULL); | 2341 | pctx = EVP_PKEY_CTX_new(pkey, NULL); |
| 2406 | if (!pctx) { | 2342 | if (!pctx) { |
| 2407 | SSLerror( | 2343 | SSLerror(ERR_R_EVP_LIB); |
| 2408 | ERR_R_EVP_LIB); | ||
| 2409 | al = SSL_AD_INTERNAL_ERROR; | 2344 | al = SSL_AD_INTERNAL_ERROR; |
| 2410 | goto f_err; | 2345 | goto f_err; |
| 2411 | } | 2346 | } |
| @@ -2418,8 +2353,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2418 | EVP_PKEY_CTRL_GOST_SIG_FORMAT, | 2353 | EVP_PKEY_CTRL_GOST_SIG_FORMAT, |
| 2419 | GOST_SIG_FORMAT_RS_LE, | 2354 | GOST_SIG_FORMAT_RS_LE, |
| 2420 | NULL) <= 0)) { | 2355 | NULL) <= 0)) { |
| 2421 | SSLerror( | 2356 | SSLerror(ERR_R_EVP_LIB); |
| 2422 | ERR_R_EVP_LIB); | ||
| 2423 | al = SSL_AD_INTERNAL_ERROR; | 2357 | al = SSL_AD_INTERNAL_ERROR; |
| 2424 | EVP_PKEY_CTX_free(pctx); | 2358 | EVP_PKEY_CTX_free(pctx); |
| 2425 | goto f_err; | 2359 | goto f_err; |
| @@ -2427,8 +2361,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2427 | 2361 | ||
| 2428 | if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) { | 2362 | if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) { |
| 2429 | al = SSL_AD_DECRYPT_ERROR; | 2363 | al = SSL_AD_DECRYPT_ERROR; |
| 2430 | SSLerror( | 2364 | SSLerror(SSL_R_BAD_SIGNATURE); |
| 2431 | SSL_R_BAD_SIGNATURE); | ||
| 2432 | EVP_PKEY_CTX_free(pctx); | 2365 | EVP_PKEY_CTX_free(pctx); |
| 2433 | goto f_err; | 2366 | goto f_err; |
| 2434 | } | 2367 | } |
| @@ -2437,8 +2370,7 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2437 | } else | 2370 | } else |
| 2438 | #endif | 2371 | #endif |
| 2439 | { | 2372 | { |
| 2440 | SSLerror( | 2373 | SSLerror(ERR_R_INTERNAL_ERROR); |
| 2441 | ERR_R_INTERNAL_ERROR); | ||
| 2442 | al = SSL_AD_UNSUPPORTED_CERTIFICATE; | 2374 | al = SSL_AD_UNSUPPORTED_CERTIFICATE; |
| 2443 | goto f_err; | 2375 | goto f_err; |
| 2444 | } | 2376 | } |
| @@ -2482,8 +2414,7 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2482 | if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { | 2414 | if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { |
| 2483 | if ((s->verify_mode & SSL_VERIFY_PEER) && | 2415 | if ((s->verify_mode & SSL_VERIFY_PEER) && |
| 2484 | (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { | 2416 | (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { |
| 2485 | SSLerror( | 2417 | SSLerror(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); |
| 2486 | SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); | ||
| 2487 | al = SSL_AD_HANDSHAKE_FAILURE; | 2418 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 2488 | goto f_err; | 2419 | goto f_err; |
| 2489 | } | 2420 | } |
| @@ -2492,8 +2423,7 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2492 | * the client must return a 0 list. | 2423 | * the client must return a 0 list. |
| 2493 | */ | 2424 | */ |
| 2494 | if (S3I(s)->tmp.cert_request) { | 2425 | if (S3I(s)->tmp.cert_request) { |
| 2495 | SSLerror( | 2426 | SSLerror(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST |
| 2496 | SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST | ||
| 2497 | ); | 2427 | ); |
| 2498 | al = SSL_AD_UNEXPECTED_MESSAGE; | 2428 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 2499 | goto f_err; | 2429 | goto f_err; |
| @@ -2504,8 +2434,7 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2504 | 2434 | ||
| 2505 | if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { | 2435 | if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { |
| 2506 | al = SSL_AD_UNEXPECTED_MESSAGE; | 2436 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 2507 | SSLerror( | 2437 | SSLerror(SSL_R_WRONG_MESSAGE_TYPE); |
| 2508 | SSL_R_WRONG_MESSAGE_TYPE); | ||
| 2509 | goto f_err; | 2438 | goto f_err; |
| 2510 | } | 2439 | } |
| 2511 | 2440 | ||
| @@ -2515,8 +2444,7 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2515 | CBS_init(&cbs, s->internal->init_msg, n); | 2444 | CBS_init(&cbs, s->internal->init_msg, n); |
| 2516 | 2445 | ||
| 2517 | if ((sk = sk_X509_new_null()) == NULL) { | 2446 | if ((sk = sk_X509_new_null()) == NULL) { |
| 2518 | SSLerror( | 2447 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 2519 | ERR_R_MALLOC_FAILURE); | ||
| 2520 | goto err; | 2448 | goto err; |
| 2521 | } | 2449 | } |
| 2522 | 2450 | ||
| @@ -2529,27 +2457,23 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2529 | 2457 | ||
| 2530 | if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) { | 2458 | if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) { |
| 2531 | al = SSL_AD_DECODE_ERROR; | 2459 | al = SSL_AD_DECODE_ERROR; |
| 2532 | SSLerror( | 2460 | SSLerror(SSL_R_CERT_LENGTH_MISMATCH); |
| 2533 | SSL_R_CERT_LENGTH_MISMATCH); | ||
| 2534 | goto f_err; | 2461 | goto f_err; |
| 2535 | } | 2462 | } |
| 2536 | 2463 | ||
| 2537 | q = CBS_data(&cert); | 2464 | q = CBS_data(&cert); |
| 2538 | x = d2i_X509(NULL, &q, CBS_len(&cert)); | 2465 | x = d2i_X509(NULL, &q, CBS_len(&cert)); |
| 2539 | if (x == NULL) { | 2466 | if (x == NULL) { |
| 2540 | SSLerror( | 2467 | SSLerror(ERR_R_ASN1_LIB); |
| 2541 | ERR_R_ASN1_LIB); | ||
| 2542 | goto err; | 2468 | goto err; |
| 2543 | } | 2469 | } |
| 2544 | if (q != CBS_data(&cert) + CBS_len(&cert)) { | 2470 | if (q != CBS_data(&cert) + CBS_len(&cert)) { |
| 2545 | al = SSL_AD_DECODE_ERROR; | 2471 | al = SSL_AD_DECODE_ERROR; |
| 2546 | SSLerror( | 2472 | SSLerror(SSL_R_CERT_LENGTH_MISMATCH); |
| 2547 | SSL_R_CERT_LENGTH_MISMATCH); | ||
| 2548 | goto f_err; | 2473 | goto f_err; |
| 2549 | } | 2474 | } |
| 2550 | if (!sk_X509_push(sk, x)) { | 2475 | if (!sk_X509_push(sk, x)) { |
| 2551 | SSLerror( | 2476 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 2552 | ERR_R_MALLOC_FAILURE); | ||
| 2553 | goto err; | 2477 | goto err; |
| 2554 | } | 2478 | } |
| 2555 | x = NULL; | 2479 | x = NULL; |
| @@ -2562,8 +2486,7 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2562 | */ | 2486 | */ |
| 2563 | if ((s->verify_mode & SSL_VERIFY_PEER) && | 2487 | if ((s->verify_mode & SSL_VERIFY_PEER) && |
| 2564 | (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { | 2488 | (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { |
| 2565 | SSLerror( | 2489 | SSLerror(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); |
| 2566 | SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); | ||
| 2567 | al = SSL_AD_HANDSHAKE_FAILURE; | 2490 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 2568 | goto f_err; | 2491 | goto f_err; |
| 2569 | } | 2492 | } |
| @@ -2576,8 +2499,7 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2576 | i = ssl_verify_cert_chain(s, sk); | 2499 | i = ssl_verify_cert_chain(s, sk); |
| 2577 | if (i <= 0) { | 2500 | if (i <= 0) { |
| 2578 | al = ssl_verify_alarm_type(s->verify_result); | 2501 | al = ssl_verify_alarm_type(s->verify_result); |
| 2579 | SSLerror( | 2502 | SSLerror(SSL_R_NO_CERTIFICATE_RETURNED); |
| 2580 | SSL_R_NO_CERTIFICATE_RETURNED); | ||
| 2581 | goto f_err; | 2503 | goto f_err; |
| 2582 | } | 2504 | } |
| 2583 | } | 2505 | } |
| @@ -2593,8 +2515,7 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2593 | if (SSI(s)->sess_cert == NULL) { | 2515 | if (SSI(s)->sess_cert == NULL) { |
| 2594 | SSI(s)->sess_cert = ssl_sess_cert_new(); | 2516 | SSI(s)->sess_cert = ssl_sess_cert_new(); |
| 2595 | if (SSI(s)->sess_cert == NULL) { | 2517 | if (SSI(s)->sess_cert == NULL) { |
| 2596 | SSLerror( | 2518 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 2597 | ERR_R_MALLOC_FAILURE); | ||
| 2598 | goto err; | 2519 | goto err; |
| 2599 | } | 2520 | } |
| 2600 | } | 2521 | } |
| @@ -2612,8 +2533,7 @@ ssl3_get_client_certificate(SSL *s) | |||
| 2612 | if (0) { | 2533 | if (0) { |
| 2613 | truncated: | 2534 | truncated: |
| 2614 | al = SSL_AD_DECODE_ERROR; | 2535 | al = SSL_AD_DECODE_ERROR; |
| 2615 | SSLerror( | 2536 | SSLerror(SSL_R_BAD_PACKET_LENGTH); |
| 2616 | SSL_R_BAD_PACKET_LENGTH); | ||
| 2617 | f_err: | 2537 | f_err: |
| 2618 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 2538 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 2619 | } | 2539 | } |
| @@ -2638,8 +2558,7 @@ ssl3_send_server_certificate(SSL *s) | |||
| 2638 | 2558 | ||
| 2639 | if (s->internal->state == SSL3_ST_SW_CERT_A) { | 2559 | if (s->internal->state == SSL3_ST_SW_CERT_A) { |
| 2640 | if ((x = ssl_get_server_send_cert(s)) == NULL) { | 2560 | if ((x = ssl_get_server_send_cert(s)) == NULL) { |
| 2641 | SSLerror( | 2561 | SSLerror(ERR_R_INTERNAL_ERROR); |
| 2642 | ERR_R_INTERNAL_ERROR); | ||
| 2643 | return (0); | 2562 | return (0); |
| 2644 | } | 2563 | } |
| 2645 | 2564 | ||
| @@ -2857,8 +2776,7 @@ ssl3_get_next_proto(SSL *s) | |||
| 2857 | * extension in their ClientHello | 2776 | * extension in their ClientHello |
| 2858 | */ | 2777 | */ |
| 2859 | if (!S3I(s)->next_proto_neg_seen) { | 2778 | if (!S3I(s)->next_proto_neg_seen) { |
| 2860 | SSLerror( | 2779 | SSLerror(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); |
| 2861 | SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); | ||
| 2862 | return (-1); | 2780 | return (-1); |
| 2863 | } | 2781 | } |
| 2864 | 2782 | ||
| @@ -2874,8 +2792,7 @@ ssl3_get_next_proto(SSL *s) | |||
| 2874 | * by ssl3_get_finished). | 2792 | * by ssl3_get_finished). |
| 2875 | */ | 2793 | */ |
| 2876 | if (!S3I(s)->change_cipher_spec) { | 2794 | if (!S3I(s)->change_cipher_spec) { |
| 2877 | SSLerror( | 2795 | SSLerror(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); |
| 2878 | SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); | ||
| 2879 | return (-1); | 2796 | return (-1); |
| 2880 | } | 2797 | } |
| 2881 | 2798 | ||
| @@ -2905,8 +2822,7 @@ ssl3_get_next_proto(SSL *s) | |||
| 2905 | s->internal->next_proto_negotiated_len = 0; | 2822 | s->internal->next_proto_negotiated_len = 0; |
| 2906 | 2823 | ||
| 2907 | if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) { | 2824 | if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) { |
| 2908 | SSLerror( | 2825 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 2909 | ERR_R_MALLOC_FAILURE); | ||
| 2910 | return (0); | 2826 | return (0); |
| 2911 | } | 2827 | } |
| 2912 | s->internal->next_proto_negotiated_len = (uint8_t)len; | 2828 | s->internal->next_proto_negotiated_len = (uint8_t)len; |