Convert the state machine code to use SSLfatal() (f63a17d6) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

crypto/err/openssl.txt

+47 −0

Original line number	Diff line number	Diff line
		@@ -965,9 +965,13 @@ SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:*
		SSL_F_ADD_KEY_SHARE:512:add_key_share
		SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list
		SSL_F_CHECK_SUITEB_CIPHER_LIST:331:check_suiteb_cipher_list
		SSL_F_CONSTRUCT_CA_NAMES:552:construct_ca_names
		SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS:553:construct_key_exchange_tbs
		SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH:539:create_synthetic_message_hash
		SSL_F_CT_MOVE_SCTS:345:ct_move_scts
		SSL_F_CT_STRICT:349:ct_strict
		SSL_F_CUSTOM_EXT_ADD:554:custom_ext_add
		SSL_F_CUSTOM_EXT_PARSE:555:custom_ext_parse
		SSL_F_D2I_SSL_SESSION:103:d2i_SSL_SESSION
		SSL_F_DANE_CTX_ENABLE:347:dane_ctx_enable
		SSL_F_DANE_MTYPE_SET:393:dane_mtype_set
		@@ -993,11 +997,15 @@ SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST:385:\
		SSL_F_DTLS_GET_REASSEMBLED_MESSAGE:370:dtls_get_reassembled_message
		SSL_F_DTLS_PROCESS_HELLO_VERIFY:386:dtls_process_hello_verify
		SSL_F_EARLY_DATA_COUNT_OK:532:early_data_count_ok
		SSL_F_FINAL_EARLY_DATA:556:final_early_data
		SSL_F_FINAL_EC_PT_FORMATS:485:final_ec_pt_formats
		SSL_F_FINAL_EMS:486:final_ems
		SSL_F_FINAL_KEY_SHARE:503:final_key_share
		SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen
		SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate
		SSL_F_FINAL_SERVER_NAME:558:final_server_name
		SSL_F_FINAL_SIG_ALGS:497:final_sig_algs
		SSL_F_GET_CERT_VERIFY_TBS_DATA:588:get_cert_verify_tbs_data
		SSL_F_NSS_KEYLOG_INT:500:nss_keylog_int
		SSL_F_OPENSSL_INIT_SSL:342:OPENSSL_init_ssl
		SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION:436:*
		@@ -1010,6 +1018,7 @@ SSL_F_PARSE_CA_NAMES:541:parse_ca_names
		SSL_F_PROCESS_KEY_SHARE_EXT:439:*
		SSL_F_READ_STATE_MACHINE:352:read_state_machine
		SSL_F_SET_CLIENT_CIPHERSUITE:540:set_client_ciphersuite
		SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET:589:srp_generate_server_master_secret
		SSL_F_SSL3_CHANGE_CIPHER_STATE:129:ssl3_change_cipher_state
		SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM:130:ssl3_check_cert_and_algorithm
		SSL_F_SSL3_CTRL:213:ssl3_ctrl
		@@ -1017,6 +1026,7 @@ SSL_F_SSL3_CTX_CTRL:133:ssl3_ctx_ctrl
		SSL_F_SSL3_DIGEST_CACHED_RECORDS:293:ssl3_digest_cached_records
		SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC:292:ssl3_do_change_cipher_spec
		SSL_F_SSL3_FINAL_FINISH_MAC:285:ssl3_final_finish_mac
		SSL_F_SSL3_FINISH_MAC:587:ssl3_finish_mac
		SSL_F_SSL3_GENERATE_KEY_BLOCK:238:ssl3_generate_key_block
		SSL_F_SSL3_GENERATE_MASTER_SECRET:388:ssl3_generate_master_secret
		SSL_F_SSL3_GET_RECORD:143:ssl3_get_record
		@@ -1087,15 +1097,18 @@ SSL_F_SSL_CTX_USE_SERVERINFO_EX:543:SSL_CTX_use_serverinfo_ex
		SSL_F_SSL_CTX_USE_SERVERINFO_FILE:337:SSL_CTX_use_serverinfo_file
		SSL_F_SSL_DANE_DUP:403:ssl_dane_dup
		SSL_F_SSL_DANE_ENABLE:395:SSL_dane_enable
		SSL_F_SSL_DERIVE:590:ssl_derive
		SSL_F_SSL_DO_CONFIG:391:ssl_do_config
		SSL_F_SSL_DO_HANDSHAKE:180:SSL_do_handshake
		SSL_F_SSL_DUP_CA_LIST:408:SSL_dup_CA_list
		SSL_F_SSL_ENABLE_CT:402:SSL_enable_ct
		SSL_F_SSL_GENERATE_PKEY_GROUP:559:ssl_generate_pkey_group
		SSL_F_SSL_GENERATE_SESSION_ID:547:ssl_generate_session_id
		SSL_F_SSL_GET_NEW_SESSION:181:ssl_get_new_session
		SSL_F_SSL_GET_PREV_SESSION:217:ssl_get_prev_session
		SSL_F_SSL_GET_SERVER_CERT_INDEX:322:*
		SSL_F_SSL_GET_SIGN_PKEY:183:*
		SSL_F_SSL_HANDSHAKE_HASH:560:ssl_handshake_hash
		SSL_F_SSL_INIT_WBIO_BUFFER:184:ssl_init_wbio_buffer
		SSL_F_SSL_KEY_UPDATE:515:SSL_key_update
		SSL_F_SSL_LOAD_CLIENT_CA_FILE:185:SSL_load_client_CA_file
		@@ -1103,6 +1116,7 @@ SSL_F_SSL_LOG_MASTER_SECRET:498:*
		SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE:499:ssl_log_rsa_client_key_exchange
		SSL_F_SSL_MODULE_INIT:392:ssl_module_init
		SSL_F_SSL_NEW:186:SSL_new
		SSL_F_SSL_NEXT_PROTO_VALIDATE:565:ssl_next_proto_validate
		SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT:300:*
		SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT:302:*
		SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT:310:*
		@@ -1163,6 +1177,8 @@ SSL_F_STATE_MACHINE:353:state_machine
		SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg
		SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs
		SSL_F_TLS13_CHANGE_CIPHER_STATE:440:tls13_change_cipher_state
		SSL_F_TLS13_GENERATE_SECRET:591:tls13_generate_secret
		SSL_F_TLS13_HKDF_EXPAND:561:tls13_hkdf_expand
		SSL_F_TLS13_SETUP_KEY_BLOCK:441:tls13_setup_key_block
		SSL_F_TLS1_CHANGE_CIPHER_STATE:209:tls1_change_cipher_state
		SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS:341:*
		@@ -1258,17 +1274,40 @@ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO:521:\
		tls_early_post_process_client_hello
		SSL_F_TLS_GET_MESSAGE_BODY:351:tls_get_message_body
		SSL_F_TLS_GET_MESSAGE_HEADER:387:tls_get_message_header
		SSL_F_TLS_HANDLE_ALPN:562:tls_handle_alpn
		SSL_F_TLS_HANDLE_STATUS_REQUEST:563:tls_handle_status_request
		SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES:566:tls_parse_certificate_authorities
		SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT:449:*
		SSL_F_TLS_PARSE_CTOS_ALPN:567:tls_parse_ctos_alpn
		SSL_F_TLS_PARSE_CTOS_EARLY_DATA:568:tls_parse_ctos_early_data
		SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS:569:tls_parse_ctos_ec_pt_formats
		SSL_F_TLS_PARSE_CTOS_EMS:570:tls_parse_ctos_ems
		SSL_F_TLS_PARSE_CTOS_KEY_SHARE:463:tls_parse_ctos_key_share
		SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN:571:tls_parse_ctos_maxfragmentlen
		SSL_F_TLS_PARSE_CTOS_PSK:505:tls_parse_ctos_psk
		SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES:572:tls_parse_ctos_psk_kex_modes
		SSL_F_TLS_PARSE_CTOS_RENEGOTIATE:464:tls_parse_ctos_renegotiate
		SSL_F_TLS_PARSE_CTOS_SERVER_NAME:573:tls_parse_ctos_server_name
		SSL_F_TLS_PARSE_CTOS_SESSION_TICKET:574:tls_parse_ctos_session_ticket
		SSL_F_TLS_PARSE_CTOS_SIG_ALGS:575:tls_parse_ctos_sig_algs
		SSL_F_TLS_PARSE_CTOS_SRP:576:tls_parse_ctos_srp
		SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST:577:tls_parse_ctos_status_request
		SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS:578:tls_parse_ctos_supported_groups
		SSL_F_TLS_PARSE_CTOS_USE_SRTP:465:tls_parse_ctos_use_srtp
		SSL_F_TLS_PARSE_STOC_ALPN:579:tls_parse_stoc_alpn
		SSL_F_TLS_PARSE_STOC_COOKIE:534:tls_parse_stoc_cookie
		SSL_F_TLS_PARSE_STOC_EARLY_DATA:538:tls_parse_stoc_early_data
		SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO:528:*
		SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS:580:tls_parse_stoc_ec_pt_formats
		SSL_F_TLS_PARSE_STOC_KEY_SHARE:445:tls_parse_stoc_key_share
		SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN:581:tls_parse_stoc_maxfragmentlen
		SSL_F_TLS_PARSE_STOC_NPN:582:tls_parse_stoc_npn
		SSL_F_TLS_PARSE_STOC_PSK:502:tls_parse_stoc_psk
		SSL_F_TLS_PARSE_STOC_RENEGOTIATE:448:tls_parse_stoc_renegotiate
		SSL_F_TLS_PARSE_STOC_SCT:564:tls_parse_stoc_sct
		SSL_F_TLS_PARSE_STOC_SERVER_NAME:583:tls_parse_stoc_server_name
		SSL_F_TLS_PARSE_STOC_SESSION_TICKET:584:tls_parse_stoc_session_ticket
		SSL_F_TLS_PARSE_STOC_STATUS_REQUEST:585:tls_parse_stoc_status_request
		SSL_F_TLS_PARSE_STOC_USE_SRTP:446:tls_parse_stoc_use_srtp
		SSL_F_TLS_POST_PROCESS_CLIENT_HELLO:378:tls_post_process_client_hello
		SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE:384:\
		@@ -1309,6 +1348,7 @@ SSL_F_TLS_PSK_DO_BINDER:506:tls_psk_do_binder
		SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT:450:*
		SSL_F_TLS_SETUP_HANDSHAKE:508:tls_setup_handshake
		SSL_F_USE_CERTIFICATE_CHAIN_FILE:220:use_certificate_chain_file
		SSL_F_WRITE_STATE_MACHINE:586:write_state_machine
		TS_F_DEF_SERIAL_CB:110:def_serial_cb
		TS_F_DEF_TIME_CB:111:def_time_cb
		TS_F_ESS_ADD_SIGNING_CERT:112:ess_add_signing_cert
		@@ -2286,14 +2326,17 @@ SSL_R_BAD_DATA_RETURNED_BY_CALLBACK:106:bad data returned by callback
		SSL_R_BAD_DECOMPRESSION:107:bad decompression
		SSL_R_BAD_DH_VALUE:102:bad dh value
		SSL_R_BAD_DIGEST_LENGTH:111:bad digest length
		SSL_R_BAD_EARLY_DATA:233:bad early data
		SSL_R_BAD_ECC_CERT:304:bad ecc cert
		SSL_R_BAD_ECPOINT:306:bad ecpoint
		SSL_R_BAD_EXTENSION:110:bad extension
		SSL_R_BAD_HANDSHAKE_LENGTH:332:bad handshake length
		SSL_R_BAD_HANDSHAKE_STATE:236:bad handshake state
		SSL_R_BAD_HELLO_REQUEST:105:bad hello request
		SSL_R_BAD_KEY_SHARE:108:bad key share
		SSL_R_BAD_KEY_UPDATE:122:bad key update
		SSL_R_BAD_LENGTH:271:bad length
		SSL_R_BAD_PACKET:240:bad packet
		SSL_R_BAD_PACKET_LENGTH:115:bad packet length
		SSL_R_BAD_PROTOCOL_VERSION_NUMBER:116:bad protocol version number
		SSL_R_BAD_PSK:219:bad psk
		@@ -2311,6 +2354,7 @@ SSL_R_BAD_WRITE_RETRY:127:bad write retry
		SSL_R_BIO_NOT_SET:128:bio not set
		SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:129:block cipher pad is wrong
		SSL_R_BN_LIB:130:bn lib
		SSL_R_CALLBACK_FAILED:234:callback failed
		SSL_R_CANNOT_CHANGE_CIPHER:109:cannot change cipher
		SSL_R_CA_DN_LENGTH_MISMATCH:131:ca dn length mismatch
		SSL_R_CA_KEY_TOO_SMALL:397:ca key too small
		@@ -2380,6 +2424,7 @@ SSL_R_INCONSISTENT_EARLY_DATA_ALPN:222:inconsistent early data alpn
		SSL_R_INCONSISTENT_EARLY_DATA_SNI:231:inconsistent early data sni
		SSL_R_INCONSISTENT_EXTMS:104:inconsistent extms
		SSL_R_INVALID_ALERT:205:invalid alert
		SSL_R_INVALID_CERTIFICATE_OR_ALG:238:invalid certificate or alg
		SSL_R_INVALID_COMMAND:280:invalid command
		SSL_R_INVALID_COMPRESSION_ALGORITHM:341:invalid compression algorithm
		SSL_R_INVALID_CONFIGURATION_NAME:113:invalid configuration name
		@@ -2409,6 +2454,7 @@ SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION:209:missing supported groups extension
		SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
		SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
		SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
		SSL_R_NO_APPLICATION_PROTOCOL:235:no application protocol
		SSL_R_NO_CERTIFICATES_RETURNED:176:no certificates returned
		SSL_R_NO_CERTIFICATE_ASSIGNED:177:no certificate assigned
		SSL_R_NO_CERTIFICATE_SET:179:no certificate set
		@@ -2439,6 +2485,7 @@ SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
		SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
		SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
		old session compression algorithm not returned
		SSL_R_OVERFLOW_ERROR:237:overflow error
		SSL_R_PACKET_LENGTH_TOO_LONG:198:packet length too long
		SSL_R_PARSE_TLSEXT:227:parse tlsext
		SSL_R_PATH_TOO_LONG:270:path too long

include/openssl/sslerr.h

+47 −0

Original line number	Diff line number	Diff line
		@@ -26,9 +26,13 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_ADD_KEY_SHARE 512
		# define SSL_F_BYTES_TO_CIPHER_LIST 519
		# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331
		# define SSL_F_CONSTRUCT_CA_NAMES 552
		# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553
		# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539
		# define SSL_F_CT_MOVE_SCTS 345
		# define SSL_F_CT_STRICT 349
		# define SSL_F_CUSTOM_EXT_ADD 554
		# define SSL_F_CUSTOM_EXT_PARSE 555
		# define SSL_F_D2I_SSL_SESSION 103
		# define SSL_F_DANE_CTX_ENABLE 347
		# define SSL_F_DANE_MTYPE_SET 393
		@@ -53,11 +57,15 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370
		# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386
		# define SSL_F_EARLY_DATA_COUNT_OK 532
		# define SSL_F_FINAL_EARLY_DATA 556
		# define SSL_F_FINAL_EC_PT_FORMATS 485
		# define SSL_F_FINAL_EMS 486
		# define SSL_F_FINAL_KEY_SHARE 503
		# define SSL_F_FINAL_MAXFRAGMENTLEN 557
		# define SSL_F_FINAL_RENEGOTIATE 483
		# define SSL_F_FINAL_SERVER_NAME 558
		# define SSL_F_FINAL_SIG_ALGS 497
		# define SSL_F_GET_CERT_VERIFY_TBS_DATA 588
		# define SSL_F_NSS_KEYLOG_INT 500
		# define SSL_F_OPENSSL_INIT_SSL 342
		# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 436
		@@ -70,6 +78,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_PROCESS_KEY_SHARE_EXT 439
		# define SSL_F_READ_STATE_MACHINE 352
		# define SSL_F_SET_CLIENT_CIPHERSUITE 540
		# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 589
		# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
		# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
		# define SSL_F_SSL3_CTRL 213
		@@ -77,6 +86,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
		# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
		# define SSL_F_SSL3_FINAL_FINISH_MAC 285
		# define SSL_F_SSL3_FINISH_MAC 587
		# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
		# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388
		# define SSL_F_SSL3_GET_RECORD 143
		@@ -145,15 +155,18 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337
		# define SSL_F_SSL_DANE_DUP 403
		# define SSL_F_SSL_DANE_ENABLE 395
		# define SSL_F_SSL_DERIVE 590
		# define SSL_F_SSL_DO_CONFIG 391
		# define SSL_F_SSL_DO_HANDSHAKE 180
		# define SSL_F_SSL_DUP_CA_LIST 408
		# define SSL_F_SSL_ENABLE_CT 402
		# define SSL_F_SSL_GENERATE_PKEY_GROUP 559
		# define SSL_F_SSL_GENERATE_SESSION_ID 547
		# define SSL_F_SSL_GET_NEW_SESSION 181
		# define SSL_F_SSL_GET_PREV_SESSION 217
		# define SSL_F_SSL_GET_SERVER_CERT_INDEX 322
		# define SSL_F_SSL_GET_SIGN_PKEY 183
		# define SSL_F_SSL_HANDSHAKE_HASH 560
		# define SSL_F_SSL_INIT_WBIO_BUFFER 184
		# define SSL_F_SSL_KEY_UPDATE 515
		# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
		@@ -161,6 +174,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 499
		# define SSL_F_SSL_MODULE_INIT 392
		# define SSL_F_SSL_NEW 186
		# define SSL_F_SSL_NEXT_PROTO_VALIDATE 565
		# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300
		# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302
		# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310
		@@ -221,6 +235,8 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLS12_CHECK_PEER_SIGALG 333
		# define SSL_F_TLS12_COPY_SIGALGS 533
		# define SSL_F_TLS13_CHANGE_CIPHER_STATE 440
		# define SSL_F_TLS13_GENERATE_SECRET 591
		# define SSL_F_TLS13_HKDF_EXPAND 561
		# define SSL_F_TLS13_SETUP_KEY_BLOCK 441
		# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
		# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341
		@@ -311,17 +327,40 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 521
		# define SSL_F_TLS_GET_MESSAGE_BODY 351
		# define SSL_F_TLS_GET_MESSAGE_HEADER 387
		# define SSL_F_TLS_HANDLE_ALPN 562
		# define SSL_F_TLS_HANDLE_STATUS_REQUEST 563
		# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 566
		# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449
		# define SSL_F_TLS_PARSE_CTOS_ALPN 567
		# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 568
		# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 569
		# define SSL_F_TLS_PARSE_CTOS_EMS 570
		# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 463
		# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 571
		# define SSL_F_TLS_PARSE_CTOS_PSK 505
		# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572
		# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464
		# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 573
		# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 574
		# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 575
		# define SSL_F_TLS_PARSE_CTOS_SRP 576
		# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 577
		# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 578
		# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465
		# define SSL_F_TLS_PARSE_STOC_ALPN 579
		# define SSL_F_TLS_PARSE_STOC_COOKIE 534
		# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538
		# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528
		# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 580
		# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445
		# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 581
		# define SSL_F_TLS_PARSE_STOC_NPN 582
		# define SSL_F_TLS_PARSE_STOC_PSK 502
		# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448
		# define SSL_F_TLS_PARSE_STOC_SCT 564
		# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 583
		# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 584
		# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 585
		# define SSL_F_TLS_PARSE_STOC_USE_SRTP 446
		# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378
		# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384
		@@ -361,6 +400,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 450
		# define SSL_F_TLS_SETUP_HANDSHAKE 508
		# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220
		# define SSL_F_WRITE_STATE_MACHINE 586

		/*
		* SSL reason codes.
		@@ -376,14 +416,17 @@ int ERR_load_SSL_strings(void);
		# define SSL_R_BAD_DECOMPRESSION 107
		# define SSL_R_BAD_DH_VALUE 102
		# define SSL_R_BAD_DIGEST_LENGTH 111
		# define SSL_R_BAD_EARLY_DATA 233
		# define SSL_R_BAD_ECC_CERT 304
		# define SSL_R_BAD_ECPOINT 306
		# define SSL_R_BAD_EXTENSION 110
		# define SSL_R_BAD_HANDSHAKE_LENGTH 332
		# define SSL_R_BAD_HANDSHAKE_STATE 236
		# define SSL_R_BAD_HELLO_REQUEST 105
		# define SSL_R_BAD_KEY_SHARE 108
		# define SSL_R_BAD_KEY_UPDATE 122
		# define SSL_R_BAD_LENGTH 271
		# define SSL_R_BAD_PACKET 240
		# define SSL_R_BAD_PACKET_LENGTH 115
		# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
		# define SSL_R_BAD_PSK 219
		@@ -401,6 +444,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_R_BIO_NOT_SET 128
		# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
		# define SSL_R_BN_LIB 130
		# define SSL_R_CALLBACK_FAILED 234
		# define SSL_R_CANNOT_CHANGE_CIPHER 109
		# define SSL_R_CA_DN_LENGTH_MISMATCH 131
		# define SSL_R_CA_KEY_TOO_SMALL 397
		@@ -467,6 +511,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231
		# define SSL_R_INCONSISTENT_EXTMS 104
		# define SSL_R_INVALID_ALERT 205
		# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238
		# define SSL_R_INVALID_COMMAND 280
		# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
		# define SSL_R_INVALID_CONFIGURATION_NAME 113
		@@ -496,6 +541,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_R_MISSING_TMP_DH_KEY 171
		# define SSL_R_MISSING_TMP_ECDH_KEY 311
		# define SSL_R_NOT_ON_RECORD_BOUNDARY 182
		# define SSL_R_NO_APPLICATION_PROTOCOL 235
		# define SSL_R_NO_CERTIFICATES_RETURNED 176
		# define SSL_R_NO_CERTIFICATE_ASSIGNED 177
		# define SSL_R_NO_CERTIFICATE_SET 179
		@@ -524,6 +570,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_R_NULL_SSL_METHOD_PASSED 196
		# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
		# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
		# define SSL_R_OVERFLOW_ERROR 237
		# define SSL_R_PACKET_LENGTH_TOO_LONG 198
		# define SSL_R_PARSE_TLSEXT 227
		# define SSL_R_PATH_TOO_LONG 270

ssl/record/ssl3_buffer.c

+6 −6

Original line number	Diff line number	Diff line
		@@ -116,7 +116,9 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
		p = OPENSSL_malloc(len);
		if (p == NULL) {
		s->rlayer.numwpipes = currpipe;
		goto err;
		SSLfatal(s, SSL_AD_INTERNAL_ERROR,
		SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
		return 0;
		}
		memset(thiswb, 0, sizeof(SSL3_BUFFER));
		thiswb->buf = p;
		@@ -125,18 +127,16 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
		}

		return 1;

		err:
		SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
		return 0;
		}

		int ssl3_setup_buffers(SSL *s)
		{
		if (!ssl3_setup_read_buffer(s))
		return 0;
		if (!ssl3_setup_write_buffer(s, 1, 0))
		if (!ssl3_setup_write_buffer(s, 1, 0)) {
		/* SSLfatal() already called */
		return 0;
		}
		return 1;
		}

ssl/s3_enc.c

+77 −43

File changed.

Preview size limit exceeded, changes collapsed.

ssl/s3_lib.c

+40 −10

Original line number	Diff line number	Diff line
		@@ -4590,8 +4590,10 @@ int ssl_generate_master_secret(SSL s, unsigned char pms, size_t pmslen,
		s->s3->tmp.psk = NULL;
		if (!s->method->ssl3_enc->generate_master_secret(s,
		s->session->master_key,pskpms, pskpmslen,
		&s->session->master_key_length))
		&s->session->master_key_length)) {
		/* SSLfatal() already called */
		goto err;
		}
		OPENSSL_clear_free(pskpms, pskpmslen);
		#else
		/* Should never happen */
		@@ -4600,9 +4602,11 @@ int ssl_generate_master_secret(SSL s, unsigned char pms, size_t pmslen,
		} else {
		if (!s->method->ssl3_enc->generate_master_secret(s,
		s->session->master_key, pms, pmslen,
		&s->session->master_key_length))
		&s->session->master_key_length)) {
		/* SSLfatal() already called */
		goto err;
		}
		}

		ret = 1;
		err:
		@@ -4641,28 +4645,42 @@ EVP_PKEY ssl_generate_pkey(EVP_PKEY pm)
		}
		#ifndef OPENSSL_NO_EC
		/* Generate a private key from a group ID */
		EVP_PKEY *ssl_generate_pkey_group(uint16_t id)
		EVP_PKEY ssl_generate_pkey_group(SSL s, uint16_t id)
		{
		EVP_PKEY_CTX *pctx = NULL;
		EVP_PKEY *pkey = NULL;
		const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
		uint16_t gtype;

		if (ginf == NULL)
		if (ginf == NULL) {
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
		ERR_R_INTERNAL_ERROR);
		goto err;
		}
		gtype = ginf->flags & TLS_CURVE_TYPE;
		if (gtype == TLS_CURVE_CUSTOM)
		pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
		else
		pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
		if (pctx == NULL)
		if (pctx == NULL) {
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
		ERR_R_MALLOC_FAILURE);
		goto err;
		if (EVP_PKEY_keygen_init(pctx) <= 0)
		}
		if (EVP_PKEY_keygen_init(pctx) <= 0) {
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
		ERR_R_EVP_LIB);
		goto err;
		}
		if (gtype != TLS_CURVE_CUSTOM
		&& EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
		&& EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
		ERR_R_EVP_LIB);
		goto err;
		}
		if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
		ERR_R_EVP_LIB);
		EVP_PKEY_free(pkey);
		pkey = NULL;
		}
		@@ -4718,25 +4736,37 @@ int ssl_derive(SSL s, EVP_PKEY privkey, EVP_PKEY *pubkey, int gensecret)
		size_t pmslen = 0;
		EVP_PKEY_CTX *pctx;

		if (privkey == NULL \|\| pubkey == NULL)
		if (privkey == NULL \|\| pubkey == NULL) {
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
		ERR_R_INTERNAL_ERROR);
		return 0;
		}

		pctx = EVP_PKEY_CTX_new(privkey, NULL);

		if (EVP_PKEY_derive_init(pctx) <= 0
		\|\| EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
		\|\| EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
		ERR_R_INTERNAL_ERROR);
		goto err;
		}

		pms = OPENSSL_malloc(pmslen);
		if (pms == NULL)
		if (pms == NULL) {
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
		ERR_R_MALLOC_FAILURE);
		goto err;
		}

		if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0)
		if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
		ERR_R_INTERNAL_ERROR);
		goto err;
		}

		if (gensecret) {
		/* SSLfatal() called as appropriate in the below functions */
		if (SSL_IS_TLS13(s)) {
		/*
		* If we are resuming then we already generated the early secret

Admin message