Loading include/openssl/ssl.h +6 −0 Original line number Diff line number Diff line Loading @@ -2203,6 +2203,12 @@ void ERR_load_SSL_strings(void); # define SSL_F_TLS1_SET_SERVER_SIGALGS 335 # define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 # define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 # define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 # define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 # define SSL_F_TLS_CONSTRUCT_CKE_GOST 406 # define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407 # define SSL_F_TLS_CONSTRUCT_CKE_RSA 409 # define SSL_F_TLS_CONSTRUCT_CKE_SRP 410 # define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355 # define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356 # define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357 Loading ssl/ssl_err.c +7 −0 Original line number Diff line number Diff line Loading @@ -231,6 +231,13 @@ static ERR_STRING_DATA SSL_str_functs[] = { "tls_client_key_exchange_post_work"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST), "tls_construct_certificate_request"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_DHE), "tls_construct_cke_dhe"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_ECDHE), "tls_construct_cke_ecdhe"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_GOST), "tls_construct_cke_gost"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE), "tls_construct_cke_psk_preamble"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_RSA), "tls_construct_cke_rsa"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_SRP), "tls_construct_cke_srp"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE), "tls_construct_client_certificate"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO), Loading ssl/statem/statem_clnt.c +30 −49 Original line number Diff line number Diff line Loading @@ -2030,8 +2030,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, size_t psklen = 0; if (s->psk_client_callback == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, SSL_R_PSK_NO_CLIENT_CB); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, SSL_R_PSK_NO_CLIENT_CB); *al = SSL_AD_INTERNAL_ERROR; goto err; } Loading @@ -2043,12 +2042,11 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); *al = SSL_AD_HANDSHAKE_FAILURE; goto err; } else if (psklen == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, SSL_R_PSK_IDENTITY_NOT_FOUND); *al = SSL_AD_HANDSHAKE_FAILURE; goto err; Loading @@ -2056,8 +2054,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, identitylen = strlen(identity); if (identitylen > PSK_MAX_IDENTITY_LEN) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); *al = SSL_AD_HANDSHAKE_FAILURE; goto err; } Loading @@ -2065,7 +2062,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, tmppsk = OPENSSL_memdup(psk, psklen); tmpidentity = OPENSSL_strdup(identity); if (tmppsk == NULL || tmpidentity == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE); *al = SSL_AD_INTERNAL_ERROR; goto err; } Loading @@ -2092,7 +2089,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, return ret; #else SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif Loading @@ -2112,23 +2109,20 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al) /* * We should always have a server certificate with SSL_kRSA. */ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR); return 0; } pkey = X509_get0_pubkey(s->session->peer); if (EVP_PKEY_get0_RSA(pkey) == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR); return 0; } pmslen = SSL_MAX_MASTER_KEY_LENGTH; pms = OPENSSL_malloc(pmslen); if (pms == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_MALLOC_FAILURE); *al = SSL_AD_INTERNAL_ERROR; return 0; } Loading @@ -2146,13 +2140,11 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al) pctx = EVP_PKEY_CTX_new(pkey, NULL); if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0 || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_EVP_LIB); goto err; } if (EVP_PKEY_encrypt(pctx, *p, &enclen, pms, pmslen) <= 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, SSL_R_BAD_RSA_ENCRYPT); goto err; } *len = enclen; Loading Loading @@ -2181,7 +2173,7 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al) return 0; #else SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif Loading @@ -2196,16 +2188,14 @@ static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al) skey = s->s3->peer_tmp; if (skey == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); return 0; } ckey = ssl_generate_pkey(skey, NID_undef); dh_clnt = EVP_PKEY_get0_DH(ckey); if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); EVP_PKEY_free(ckey); return 0; } Loading @@ -2220,7 +2210,7 @@ static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al) return 1; #else SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif Loading @@ -2235,15 +2225,14 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al) skey = s->s3->peer_tmp; if ((skey == NULL) || EVP_PKEY_get0_EC_KEY(skey) == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR); return 0; } ckey = ssl_generate_pkey(skey, NID_undef); if (ssl_derive(s, ckey, skey) == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EVP_LIB); goto err; } Loading @@ -2253,7 +2242,7 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al) &encodedPoint, NULL); if (encoded_pt_len == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EC_LIB); goto err; } Loading @@ -2277,7 +2266,7 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al) EVP_PKEY_free(ckey); return 0; #else SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif Loading Loading @@ -2306,7 +2295,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) peer_cert = s->session->peer; if (!peer_cert) { *al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); return 0; } Loading @@ -2314,8 +2303,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL); if (pkey_ctx == NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE); return 0; } /* Loading @@ -2329,8 +2317,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) pms = OPENSSL_malloc(pmslen); if (pms == NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE); return 0; } Loading @@ -2338,8 +2325,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) /* Generate session key */ || RAND_bytes(pms, pmslen) <= 0) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); goto err; }; /* Loading Loading @@ -2368,8 +2354,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) SSL3_RANDOM_SIZE) <= 0 || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); goto err; } EVP_MD_CTX_free(ukm_hash); Loading @@ -2377,8 +2362,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG); goto err; } /* Make GOST keytransport blob message */ Loading @@ -2389,8 +2373,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) msglen = 255; if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG); goto err; } if (msglen >= 0x80) { Loading Loading @@ -2419,7 +2402,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) EVP_MD_CTX_free(ukm_hash); return 0; #else SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif Loading @@ -2435,21 +2418,19 @@ static int tls_construct_cke_srp(SSL *s, unsigned char **p, int *len, int *al) BN_bn2bin(s->srp_ctx.A, *p); *len += 2; } else { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR); return 0; } OPENSSL_free(s->session->srp_username); s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login); if (s->session->srp_username == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_MALLOC_FAILURE); return 0; } return 1; #else SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif Loading Loading
include/openssl/ssl.h +6 −0 Original line number Diff line number Diff line Loading @@ -2203,6 +2203,12 @@ void ERR_load_SSL_strings(void); # define SSL_F_TLS1_SET_SERVER_SIGALGS 335 # define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 # define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 # define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 # define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 # define SSL_F_TLS_CONSTRUCT_CKE_GOST 406 # define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407 # define SSL_F_TLS_CONSTRUCT_CKE_RSA 409 # define SSL_F_TLS_CONSTRUCT_CKE_SRP 410 # define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355 # define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356 # define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357 Loading
ssl/ssl_err.c +7 −0 Original line number Diff line number Diff line Loading @@ -231,6 +231,13 @@ static ERR_STRING_DATA SSL_str_functs[] = { "tls_client_key_exchange_post_work"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST), "tls_construct_certificate_request"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_DHE), "tls_construct_cke_dhe"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_ECDHE), "tls_construct_cke_ecdhe"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_GOST), "tls_construct_cke_gost"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE), "tls_construct_cke_psk_preamble"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_RSA), "tls_construct_cke_rsa"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_SRP), "tls_construct_cke_srp"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE), "tls_construct_client_certificate"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO), Loading
ssl/statem/statem_clnt.c +30 −49 Original line number Diff line number Diff line Loading @@ -2030,8 +2030,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, size_t psklen = 0; if (s->psk_client_callback == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, SSL_R_PSK_NO_CLIENT_CB); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, SSL_R_PSK_NO_CLIENT_CB); *al = SSL_AD_INTERNAL_ERROR; goto err; } Loading @@ -2043,12 +2042,11 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); *al = SSL_AD_HANDSHAKE_FAILURE; goto err; } else if (psklen == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, SSL_R_PSK_IDENTITY_NOT_FOUND); *al = SSL_AD_HANDSHAKE_FAILURE; goto err; Loading @@ -2056,8 +2054,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, identitylen = strlen(identity); if (identitylen > PSK_MAX_IDENTITY_LEN) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); *al = SSL_AD_HANDSHAKE_FAILURE; goto err; } Loading @@ -2065,7 +2062,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, tmppsk = OPENSSL_memdup(psk, psklen); tmpidentity = OPENSSL_strdup(identity); if (tmppsk == NULL || tmpidentity == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE); *al = SSL_AD_INTERNAL_ERROR; goto err; } Loading @@ -2092,7 +2089,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, return ret; #else SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif Loading @@ -2112,23 +2109,20 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al) /* * We should always have a server certificate with SSL_kRSA. */ SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR); return 0; } pkey = X509_get0_pubkey(s->session->peer); if (EVP_PKEY_get0_RSA(pkey) == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR); return 0; } pmslen = SSL_MAX_MASTER_KEY_LENGTH; pms = OPENSSL_malloc(pmslen); if (pms == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_MALLOC_FAILURE); *al = SSL_AD_INTERNAL_ERROR; return 0; } Loading @@ -2146,13 +2140,11 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al) pctx = EVP_PKEY_CTX_new(pkey, NULL); if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0 || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_EVP_LIB); goto err; } if (EVP_PKEY_encrypt(pctx, *p, &enclen, pms, pmslen) <= 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, SSL_R_BAD_RSA_ENCRYPT); goto err; } *len = enclen; Loading Loading @@ -2181,7 +2173,7 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al) return 0; #else SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif Loading @@ -2196,16 +2188,14 @@ static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al) skey = s->s3->peer_tmp; if (skey == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); return 0; } ckey = ssl_generate_pkey(skey, NID_undef); dh_clnt = EVP_PKEY_get0_DH(ckey); if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); EVP_PKEY_free(ckey); return 0; } Loading @@ -2220,7 +2210,7 @@ static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al) return 1; #else SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif Loading @@ -2235,15 +2225,14 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al) skey = s->s3->peer_tmp; if ((skey == NULL) || EVP_PKEY_get0_EC_KEY(skey) == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR); return 0; } ckey = ssl_generate_pkey(skey, NID_undef); if (ssl_derive(s, ckey, skey) == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EVP_LIB); goto err; } Loading @@ -2253,7 +2242,7 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al) &encodedPoint, NULL); if (encoded_pt_len == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EC_LIB); goto err; } Loading @@ -2277,7 +2266,7 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al) EVP_PKEY_free(ckey); return 0; #else SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif Loading Loading @@ -2306,7 +2295,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) peer_cert = s->session->peer; if (!peer_cert) { *al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); return 0; } Loading @@ -2314,8 +2303,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL); if (pkey_ctx == NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE); return 0; } /* Loading @@ -2329,8 +2317,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) pms = OPENSSL_malloc(pmslen); if (pms == NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE); return 0; } Loading @@ -2338,8 +2325,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) /* Generate session key */ || RAND_bytes(pms, pmslen) <= 0) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); goto err; }; /* Loading Loading @@ -2368,8 +2354,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) SSL3_RANDOM_SIZE) <= 0 || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); goto err; } EVP_MD_CTX_free(ukm_hash); Loading @@ -2377,8 +2362,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG); goto err; } /* Make GOST keytransport blob message */ Loading @@ -2389,8 +2373,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) msglen = 255; if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG); goto err; } if (msglen >= 0x80) { Loading Loading @@ -2419,7 +2402,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) EVP_MD_CTX_free(ukm_hash); return 0; #else SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif Loading @@ -2435,21 +2418,19 @@ static int tls_construct_cke_srp(SSL *s, unsigned char **p, int *len, int *al) BN_bn2bin(s->srp_ctx.A, *p); *len += 2; } else { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR); return 0; } OPENSSL_free(s->session->srp_username); s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login); if (s->session->srp_username == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_MALLOC_FAILURE); return 0; } return 1; #else SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif Loading
Richard Levitte <levitte@openssl.org>Richard Levitte <levitte@openssl.org>