apps return value checks (ac59d705) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

apps/s_cb.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -1181,8 +1181,10 @@ static int set_cert_cb(SSL ssl, void arg)

		print_chain_flags(bio_err, ssl, rv);
		if (rv & CERT_PKEY_VALID) {
		SSL_use_certificate(ssl, exc->cert);
		SSL_use_PrivateKey(ssl, exc->key);
		if(!SSL_use_certificate(ssl, exc->cert)
		\|\| !SSL_use_PrivateKey(ssl, exc->key)) {
		return 0;
		}
		/*
		* NB: we wouldn't normally do this as it is not efficient
		* building chains on each connection better to cache the chain

apps/s_client.c

+28 −8

Original line number	Diff line number	Diff line
		@@ -1259,8 +1259,11 @@ int MAIN(int argc, char **argv)
		if (sdebug)
		ssl_ctx_security_debug(ctx, bio_err, sdebug);

		if (vpm)
		SSL_CTX_set1_param(ctx, vpm);
		if (vpm && !SSL_CTX_set1_param(ctx, vpm)) {
		BIO_printf(bio_err, "Error setting verify params\n");
		ERR_print_errors(bio_err);
		goto end;
		}

		if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1, no_jpake)) {
		ERR_print_errors(bio_err);
		@@ -1299,8 +1302,14 @@ int MAIN(int argc, char **argv)
		}
		#endif
		#ifndef OPENSSL_NO_SRTP
		if (srtp_profiles != NULL)
		SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
		if (srtp_profiles != NULL) {
		/* Returns 0 on success!! */
		if(SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles)) {
		BIO_printf(bio_err, "Error setting SRTP profile\n");
		ERR_print_errors(bio_err);
		goto end;
		}
		}
		#endif
		if (exc)
		ssl_ctx_set_excert(ctx, exc);
		@@ -1318,16 +1327,23 @@ int MAIN(int argc, char **argv)
		BIO_printf(bio_err, "Error parsing -alpn argument\n");
		goto end;
		}
		SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
		/* Returns 0 on success!! */
		if(SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len)) {
		BIO_printf(bio_err, "Error setting ALPN\n");
		goto end;
		}
		OPENSSL_free(alpn);
		}
		#endif
		#ifndef OPENSSL_NO_TLSEXT
		for (i = 0; i < serverinfo_types_count; i++) {
		SSL_CTX_add_client_custom_ext(ctx,
		if(!SSL_CTX_add_client_custom_ext(ctx,
		serverinfo_types[i],
		NULL, NULL, NULL,
		serverinfo_cli_parse_cb, NULL);
		serverinfo_cli_parse_cb, NULL)) {
		BIO_printf(bio_err, "Warning: Unable to add custom extension %u. "
		"Skipping\n", serverinfo_types[i]);
		}
		}
		#endif

		@@ -1390,7 +1406,11 @@ int MAIN(int argc, char **argv)
		ERR_print_errors(bio_err);
		goto end;
		}
		SSL_set_session(con, sess);
		if(!SSL_set_session(con, sess)) {
		BIO_printf(bio_err, "Can't set session\n");
		ERR_print_errors(bio_err);
		goto end;
		}
		SSL_SESSION_free(sess);
		}

apps/s_server.c

+55 −18

Original line number	Diff line number	Diff line
		@@ -1723,8 +1723,14 @@ int MAIN(int argc, char *argv[])
		SSL_CTX_sess_set_cache_size(ctx, 128);

		#ifndef OPENSSL_NO_SRTP
		if (srtp_profiles != NULL)
		SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
		if (srtp_profiles != NULL) {
		/* Returns 0 on success!! */
		if(SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles)) {
		BIO_printf(bio_err, "Error setting SRTP profile\n");
		ERR_print_errors(bio_err);
		goto end;
		}
		}
		#endif

		if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) \|\|
		@@ -1733,8 +1739,11 @@ int MAIN(int argc, char *argv[])
		ERR_print_errors(bio_err);
		/* goto end; */
		}
		if (vpm)
		SSL_CTX_set1_param(ctx, vpm);
		if (vpm && !SSL_CTX_set1_param(ctx, vpm)) {
		BIO_printf(bio_err, "Error setting X509 params\n");
		ERR_print_errors(bio_err);
		goto end;
		}

		ssl_ctx_add_crls(ctx, crls, 0);
		if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
		@@ -1790,8 +1799,11 @@ int MAIN(int argc, char *argv[])
		(!SSL_CTX_set_default_verify_paths(ctx2))) {
		ERR_print_errors(bio_err);
		}
		if (vpm)
		SSL_CTX_set1_param(ctx2, vpm);
		if (vpm && !SSL_CTX_set1_param(ctx2, vpm)) {
		BIO_printf(bio_err, "Error setting X509 params\n");
		ERR_print_errors(bio_err);
		goto end;
		}

		ssl_ctx_add_crls(ctx2, crls, 0);
		if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
		@@ -1913,8 +1925,13 @@ int MAIN(int argc, char *argv[])
		#endif

		SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
		SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context,
		sizeof s_server_session_id_context);
		if(!SSL_CTX_set_session_id_context(ctx,
		(void *)&s_server_session_id_context,
		sizeof s_server_session_id_context)) {
		BIO_printf(bio_err, "error setting session id context\n");
		ERR_print_errors(bio_err);
		goto end;
		}

		/* Set DTLS cookie generation and verification callbacks */
		SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
		@@ -1923,9 +1940,13 @@ int MAIN(int argc, char *argv[])
		#ifndef OPENSSL_NO_TLSEXT
		if (ctx2) {
		SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
		SSL_CTX_set_session_id_context(ctx2,
		if(!SSL_CTX_set_session_id_context(ctx2,
		(void *)&s_server_session_id_context,
		sizeof s_server_session_id_context);
		sizeof s_server_session_id_context)) {
		BIO_printf(bio_err, "error setting session id context\n");
		ERR_print_errors(bio_err);
		goto end;
		}

		tlsextcbp.biodebug = bio_s_out;
		SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
		@@ -2130,10 +2151,18 @@ static int sv_body(char hostname, int s, int stype, unsigned char context)
		kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
		}
		#endif /* OPENSSL_NO_KRB5 */
		if (context)
		SSL_set_session_id_context(con, context, strlen((char *)context));
		if (context && !SSL_set_session_id_context(con, context,
		strlen((char *)context))) {
		BIO_printf(bio_err, "Error setting session id context\n");
		ret = -1;
		goto err;
		}
		}
		if(!SSL_clear(con)) {
		BIO_printf(bio_err, "Error clearing SSL connection\n");
		ret = -1;
		goto err;
		}
		SSL_clear(con);

		if (stype == SOCK_DGRAM) {

		@@ -2687,8 +2716,10 @@ static int www_body(char hostname, int s, int stype, unsigned char context)
		kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
		}
		#endif /* OPENSSL_NO_KRB5 */
		if (context)
		SSL_set_session_id_context(con, context, strlen((char *)context));
		if (context && !SSL_set_session_id_context(con, context,
		strlen((char *)context))) {
		goto err;
		}

		sbio = BIO_new_socket(s, BIO_NOCLOSE);
		if (s_nbio_test) {
		@@ -3033,8 +3064,11 @@ static int rev_body(char hostname, int s, int stype, unsigned char context)
		kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
		}
		#endif /* OPENSSL_NO_KRB5 */
		if (context)
		SSL_set_session_id_context(con, context, strlen((char *)context));
		if (context && !SSL_set_session_id_context(con, context,
		strlen((char *)context))) {
		ERR_print_errors(bio_err);
		goto err;
		}

		sbio = BIO_new_socket(s, BIO_NOCLOSE);
		SSL_set_bio(con, sbio, sbio);
		@@ -3230,7 +3264,10 @@ static int add_session(SSL ssl, SSL_SESSION session)
		return 0;
		}
		p = sess->der;
		i2d_SSL_SESSION(session, &p);
		if(i2d_SSL_SESSION(session, &p) < 0) {
		BIO_printf(bio_err, "Error encoding session\n");
		return 0;
		}

		sess->next = first;
		first = sess;

apps/s_time.c

+8 −4

Original line number	Diff line number	Diff line
		@@ -356,7 +356,8 @@ int MAIN(int argc, char **argv)

		if (st_bugs)
		SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
		SSL_CTX_set_cipher_list(tm_ctx, tm_cipher);
		if(!SSL_CTX_set_cipher_list(tm_ctx, tm_cipher))
		goto end;
		if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))
		goto end;

		@@ -405,7 +406,8 @@ int MAIN(int argc, char **argv)
		if (s_www_path != NULL) {
		BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
		s_www_path);
		SSL_write(scon, buf, strlen(buf));
		if(SSL_write(scon, buf, strlen(buf)) <= 0)
		goto end;
		while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
		bytes_read += i;
		}
		@@ -461,7 +463,8 @@ int MAIN(int argc, char **argv)

		if (s_www_path != NULL) {
		BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
		SSL_write(scon, buf, strlen(buf));
		if(SSL_write(scon, buf, strlen(buf)) <= 0)
		goto end;
		while (SSL_read(scon, buf, sizeof(buf)) > 0) ;
		}
		#ifdef NO_SHUTDOWN
		@@ -498,7 +501,8 @@ int MAIN(int argc, char **argv)
		if (s_www_path) {
		BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
		s_www_path);
		SSL_write(scon, buf, strlen(buf));
		if(SSL_write(scon, buf, strlen(buf)) <= 0)
		goto end;
		while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
		bytes_read += i;
		}

apps/sess_id.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -166,7 +166,10 @@ int MAIN(int argc, char **argv)
		BIO_printf(bio_err, "Context too long\n");
		goto end;
		}
		SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len);
		if(!SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len)) {
		BIO_printf(bio_err, "Error setting id context\n");
		goto end;
		}
		}

		if (!noout \|\| text) {

Admin message