Split TLS server functions (e27f234a) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

include/openssl/ssl.h

+12 −0

Original line number	Diff line number	Diff line
		@@ -2104,20 +2104,32 @@ void ERR_load_SSL_strings(void);
		# define SSL_F_TLS1_SETUP_KEY_BLOCK 211
		# define SSL_F_TLS1_SET_SERVER_SIGALGS 335
		# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354
		# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372
		# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355
		# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356
		# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357
		# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358
		# define SSL_F_TLS_CONSTRUCT_FINISHED 359
		# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373
		# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374
		# define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375
		# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376
		# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 377
		# define SSL_F_TLS_GET_MESSAGE_BODY 351
		# define SSL_F_TLS_GET_MESSAGE_HEADER 350
		# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378
		# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360
		# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361
		# define SSL_F_TLS_PROCESS_CERT_STATUS 362
		# define SSL_F_TLS_PROCESS_CERT_VERIFY 379
		# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363
		# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380
		# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381
		# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382
		# define SSL_F_TLS_PROCESS_FINISHED 364
		# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365
		# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366
		# define SSL_F_TLS_PROCESS_NEXT_PROTO 383
		# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367
		# define SSL_F_TLS_PROCESS_SERVER_DONE 368
		# define SSL_F_TLS_PROCESS_SERVER_HELLO 369

ssl/d1_srvr.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -317,7 +317,8 @@ int dtls1_accept(SSL *s)
		goto end;
		dtls1_stop_timer(s);

		if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
		if (!s->d1->cookie_verified
		&& (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
		s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
		else
		s->state = SSL3_ST_SW_SRVR_HELLO_A;
		@@ -599,7 +600,7 @@ int dtls1_accept(SSL *s)
		s->state = SSL3_ST_SR_CERT_VRFY_A;
		s->init_num = 0;

		if (ret == 2) {
		if (s->no_cert_verify) {
		/*
		* For the ECDH ciphersuites when the client sends its ECDH
		* pub key in a certificate, the CertificateVerify message is

ssl/s3_srvr.c

+1078 −900

File changed.

Preview size limit exceeded, changes collapsed.

ssl/ssl_err.c

+19 −0

Original line number	Diff line number	Diff line
		@@ -339,6 +339,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
		{ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS), "tls1_set_server_sigalgs"},
		{ERR_FUNC(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK),
		"tls_client_key_exchange_post_work"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST),
		"tls_construct_certificate_request"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE),
		"tls_construct_client_certificate"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO), "tls_construct_client_hello"},
		@@ -347,19 +349,36 @@ static ERR_STRING_DATA SSL_str_functs[] = {
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY),
		"tls_construct_client_verify"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST),
		"tls_construct_hello_request"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
		"tls_construct_server_certificate"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_HELLO), "tls_construct_server_hello"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE),
		"tls_construct_server_key_exchange"},
		{ERR_FUNC(SSL_F_TLS_GET_MESSAGE_BODY), "tls_get_message_body"},
		{ERR_FUNC(SSL_F_TLS_GET_MESSAGE_HEADER), "tls_get_message_header"},
		{ERR_FUNC(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO),
		"tls_post_process_client_hello"},
		{ERR_FUNC(SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE),
		"tls_prepare_client_certificate"},
		{ERR_FUNC(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST),
		"tls_process_certificate_request"},
		{ERR_FUNC(SSL_F_TLS_PROCESS_CERT_STATUS), "tls_process_cert_status"},
		{ERR_FUNC(SSL_F_TLS_PROCESS_CERT_VERIFY), "tls_process_cert_verify"},
		{ERR_FUNC(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC),
		"tls_process_change_cipher_spec"},
		{ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE),
		"tls_process_client_certificate"},
		{ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_HELLO), "tls_process_client_hello"},
		{ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE),
		"tls_process_client_key_exchange"},
		{ERR_FUNC(SSL_F_TLS_PROCESS_FINISHED), "tls_process_finished"},
		{ERR_FUNC(SSL_F_TLS_PROCESS_KEY_EXCHANGE), "tls_process_key_exchange"},
		{ERR_FUNC(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET),
		"tls_process_new_session_ticket"},
		{ERR_FUNC(SSL_F_TLS_PROCESS_NEXT_PROTO), "tls_process_next_proto"},
		{ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE),
		"tls_process_server_certificate"},
		{ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_DONE), "tls_process_server_done"},

ssl/ssl_lib.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -228,6 +228,7 @@ int SSL_clear(SSL *s)
		s->init_buf = NULL;
		clear_ciphers(s);
		s->first_packet = 0;
		s->no_cert_verify = 0;

		/*
		* Check to see if we were changed into a different method, if so, revert

Admin message