wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix make update issues

Browse source 
Various functions got renamed. We need to rename the error codes too.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell 2016-12-07 23:50:55 +00:00
parent ecc2f938cf
commit 7fe97c077b
5 changed files with 218 additions and 205 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

100
include/openssl/ssl.h
View file

@ -2103,6 +2103,9 @@ int ERR_load_SSL_strings(void);
# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385
# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370
# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386
# define SSL_F_FINAL_EC_PT_FORMATS 485
# define SSL_F_FINAL_EMS 486
# define SSL_F_FINAL_RENEGOTIATE 483
# define SSL_F_OPENSSL_INIT_SSL 342
# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 436
# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 430
@ -2265,62 +2268,65 @@ int ERR_load_SSL_strings(void);
# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407
# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409
# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410
# define SSL_F_TLS_CONSTRUCT_CLIENT_ALPN 466
# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355
# define SSL_F_TLS_CONSTRUCT_CLIENT_EC_PT_FORMATS 467
# define SSL_F_TLS_CONSTRUCT_CLIENT_EMS 468
# define SSL_F_TLS_CONSTRUCT_CLIENT_ETM 469
# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356
# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357
# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_SHARE 470
# define SSL_F_TLS_CONSTRUCT_CLIENT_NPN 471
# define SSL_F_TLS_CONSTRUCT_CLIENT_PADDING 472
# define SSL_F_TLS_CONSTRUCT_CLIENT_RENEGOTIATE 473
# define SSL_F_TLS_CONSTRUCT_CLIENT_SCT 474
# define SSL_F_TLS_CONSTRUCT_CLIENT_SERVER_NAME 475
# define SSL_F_TLS_CONSTRUCT_CLIENT_SESSION_TICKET 476
# define SSL_F_TLS_CONSTRUCT_CLIENT_SIG_ALGS 477
# define SSL_F_TLS_CONSTRUCT_CLIENT_SRP 478
# define SSL_F_TLS_CONSTRUCT_CLIENT_STATUS_REQUEST 479
# define SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_GROUPS 480
# define SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_VERSIONS 481
# define SSL_F_TLS_CONSTRUCT_CLIENT_USE_SRTP 482
# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358
# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 484
# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 487
# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 488
# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 489
# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 466
# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 355
# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 467
# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 468
# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 469
# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 356
# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 357
# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 470
# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 471
# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 472
# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473
# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474
# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475
# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 476
# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 477
# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 478
# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 479
# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 480
# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 481
# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 482
# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 358
# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 443
# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 447
# define SSL_F_TLS_CONSTRUCT_FINISHED 359
# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373
# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428
# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426
# define SSL_F_TLS_CONSTRUCT_SERVER_ALPN 451
# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374
# define SSL_F_TLS_CONSTRUCT_SERVER_CRYPTOPRO_BUG 452
# define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375
# define SSL_F_TLS_CONSTRUCT_SERVER_EC_PT_FORMATS 453
# define SSL_F_TLS_CONSTRUCT_SERVER_EMS 454
# define SSL_F_TLS_CONSTRUCT_SERVER_ETM 455
# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376
# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 377
# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_SHARE 456
# define SSL_F_TLS_CONSTRUCT_SERVER_NEXT_PROTO_NEG 457
# define SSL_F_TLS_CONSTRUCT_SERVER_RENEGOTIATE 458
# define SSL_F_TLS_CONSTRUCT_SERVER_SERVER_NAME 459
# define SSL_F_TLS_CONSTRUCT_SERVER_SESSION_TICKET 460
# define SSL_F_TLS_CONSTRUCT_SERVER_STATUS_REQUEST 461
# define SSL_F_TLS_CONSTRUCT_SERVER_USE_SRTP 462
# define SSL_F_TLS_EXT_FINAL_ 484
# define SSL_F_TLS_EXT_FINAL_EC_PT_FORMATS 485
# define SSL_F_TLS_EXT_FINAL_EMS 486
# define SSL_F_TLS_EXT_FINAL_RENEGOTIATE 483
# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 490
# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 491
# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 492
# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 451
# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 374
# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 452
# define SSL_F_TLS_CONSTRUCT_STOC_DONE 375
# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 453
# define SSL_F_TLS_CONSTRUCT_STOC_EMS 454
# define SSL_F_TLS_CONSTRUCT_STOC_ETM 455
# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 376
# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 377
# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 456
# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 457
# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 458
# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 459
# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 460
# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 461
# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 462
# define SSL_F_TLS_GET_MESSAGE_BODY 351
# define SSL_F_TLS_GET_MESSAGE_HEADER 387
# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449
# define SSL_F_TLS_PARSE_CLIENT_KEY_SHARE 445
# define SSL_F_TLS_PARSE_CLIENT_RENEGOTIATE 448
# define SSL_F_TLS_PARSE_CLIENT_USE_SRTP 446
# define SSL_F_TLS_PARSE_SERVER_KEY_SHARE 463
# define SSL_F_TLS_PARSE_SERVER_RENEGOTIATE 464
# define SSL_F_TLS_PARSE_SERVER_USE_SRTP 465
# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 463
# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464
# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465
# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445
# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448
# define SSL_F_TLS_PARSE_STOC_USE_SRTP 446
# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378
# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384
# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360

137
ssl/ssl_err.c
View file

@ -49,6 +49,9 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE),
"dtls_get_reassembled_message"},
{ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"},
{ERR_FUNC(SSL_F_FINAL_EC_PT_FORMATS), "final_ec_pt_formats"},
{ERR_FUNC(SSL_F_FINAL_EMS), "final_ems"},
{ERR_FUNC(SSL_F_FINAL_RENEGOTIATE), "final_renegotiate"},
{ERR_FUNC(SSL_F_OPENSSL_INIT_SSL), "OPENSSL_init_ssl"},
{ERR_FUNC(SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION),
"ossl_statem_client13_read_transition"},
@ -265,42 +268,48 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"tls_construct_cke_psk_preamble"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_RSA), "tls_construct_cke_rsa"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_SRP), "tls_construct_cke_srp"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_ALPN), "tls_construct_client_alpn"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE),
"tls_construct_client_certificate"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_EC_PT_FORMATS),
"tls_construct_client_ec_pt_formats"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_EMS), "tls_construct_client_ems"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_ETM), "tls_construct_client_etm"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO),
"tls_construct_client_hello"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE),
"tls_construct_client_key_exchange"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_SHARE),
"tls_construct_client_key_share"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_NPN), "tls_construct_client_npn"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_PADDING),
"tls_construct_client_padding"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_RENEGOTIATE),
"tls_construct_client_renegotiate"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SCT), "tls_construct_client_sct"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SERVER_NAME),
"tls_construct_client_server_name"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SESSION_TICKET),
"tls_construct_client_session_ticket"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SIG_ALGS),
"tls_construct_client_sig_algs"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SRP), "tls_construct_client_srp"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_STATUS_REQUEST),
"tls_construct_client_status_request"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_GROUPS),
"tls_construct_client_supported_groups"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_VERSIONS),
"tls_construct_client_supported_versions"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_USE_SRTP),
"tls_construct_client_use_srtp"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY),
"tls_construct_client_verify"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_ALPN), "tls_construct_ctos_alpn"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE),
"TLS_CONSTRUCT_CTOS_CERTIFICATE"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS),
"tls_construct_ctos_ec_pt_formats"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_EMS), "tls_construct_ctos_ems"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_ETM), "tls_construct_ctos_etm"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_HELLO), "TLS_CONSTRUCT_CTOS_HELLO"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE),
"TLS_CONSTRUCT_CTOS_KEY_EXCHANGE"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE),
"tls_construct_ctos_key_share"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_NPN), "tls_construct_ctos_npn"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_PADDING),
"tls_construct_ctos_padding"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE),
"tls_construct_ctos_renegotiate"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_SCT), "tls_construct_ctos_sct"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME),
"tls_construct_ctos_server_name"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET),
"tls_construct_ctos_session_ticket"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS),
"tls_construct_ctos_sig_algs"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_SRP), "tls_construct_ctos_srp"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST),
"tls_construct_ctos_status_request"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS),
"tls_construct_ctos_supported_groups"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS),
"tls_construct_ctos_supported_versions"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP),
"tls_construct_ctos_use_srtp"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_CTOS_VERIFY), "TLS_CONSTRUCT_CTOS_VERIFY"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS),
"tls_construct_encrypted_extensions"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_EXTENSIONS), "tls_construct_extensions"},
@ -310,53 +319,51 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET),
"tls_construct_new_session_ticket"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEXT_PROTO), "tls_construct_next_proto"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_ALPN), "tls_construct_server_alpn"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
"tls_construct_server_certificate"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CRYPTOPRO_BUG),
"tls_construct_server_cryptopro_bug"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_EC_PT_FORMATS),
"tls_construct_server_ec_pt_formats"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_EMS), "tls_construct_server_ems"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_ETM), "tls_construct_server_etm"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_HELLO),
"tls_construct_server_hello"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE),
"tls_construct_server_key_exchange"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_KEY_SHARE),
"tls_construct_server_key_share"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_NEXT_PROTO_NEG),
"tls_construct_server_next_proto_neg"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_RENEGOTIATE),
"tls_construct_server_renegotiate"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_SERVER_NAME),
"tls_construct_server_server_name"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_SESSION_TICKET),
"tls_construct_server_session_ticket"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_STATUS_REQUEST),
"tls_construct_server_status_request"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_USE_SRTP),
"tls_construct_server_use_srtp"},
{ERR_FUNC(SSL_F_TLS_EXT_FINAL_), "tls_ext_final_ems"},
{ERR_FUNC(SSL_F_TLS_EXT_FINAL_EC_PT_FORMATS),
"tls_ext_final_ec_pt_formats"},
{ERR_FUNC(SSL_F_TLS_EXT_FINAL_EMS), "tls_ext_final_ems"},
{ERR_FUNC(SSL_F_TLS_EXT_FINAL_RENEGOTIATE), "tls_ext_final_renegotiate"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_ALPN), "tls_construct_stoc_alpn"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE),
"TLS_CONSTRUCT_STOC_CERTIFICATE"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG),
"tls_construct_stoc_cryptopro_bug"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_DONE), "TLS_CONSTRUCT_STOC_DONE"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS),
"tls_construct_stoc_ec_pt_formats"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_EMS), "tls_construct_stoc_ems"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_ETM), "tls_construct_stoc_etm"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_HELLO), "TLS_CONSTRUCT_STOC_HELLO"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE),
"TLS_CONSTRUCT_STOC_KEY_EXCHANGE"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE),
"tls_construct_stoc_key_share"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG),
"tls_construct_stoc_next_proto_neg"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE),
"tls_construct_stoc_renegotiate"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME),
"tls_construct_stoc_server_name"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET),
"tls_construct_stoc_session_ticket"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST),
"tls_construct_stoc_status_request"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP),
"tls_construct_stoc_use_srtp"},
{ERR_FUNC(SSL_F_TLS_GET_MESSAGE_BODY), "tls_get_message_body"},
{ERR_FUNC(SSL_F_TLS_GET_MESSAGE_HEADER), "tls_get_message_header"},
{ERR_FUNC(SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT),
"tls_parse_clienthello_tlsext"},
{ERR_FUNC(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE),
"tls_parse_client_key_share"},
{ERR_FUNC(SSL_F_TLS_PARSE_CLIENT_RENEGOTIATE),
"tls_parse_client_renegotiate"},
{ERR_FUNC(SSL_F_TLS_PARSE_CLIENT_USE_SRTP), "tls_parse_client_use_srtp"},
{ERR_FUNC(SSL_F_TLS_PARSE_SERVER_KEY_SHARE),
"tls_parse_server_key_share"},
{ERR_FUNC(SSL_F_TLS_PARSE_SERVER_RENEGOTIATE),
"tls_parse_server_renegotiate"},
{ERR_FUNC(SSL_F_TLS_PARSE_SERVER_USE_SRTP), "tls_parse_server_use_srtp"},
{ERR_FUNC(SSL_F_TLS_PARSE_CTOS_KEY_SHARE), "tls_parse_ctos_key_share"},
{ERR_FUNC(SSL_F_TLS_PARSE_CTOS_RENEGOTIATE),
"tls_parse_ctos_renegotiate"},
{ERR_FUNC(SSL_F_TLS_PARSE_CTOS_USE_SRTP), "tls_parse_ctos_use_srtp"},
{ERR_FUNC(SSL_F_TLS_PARSE_STOC_KEY_SHARE), "tls_parse_stoc_key_share"},
{ERR_FUNC(SSL_F_TLS_PARSE_STOC_RENEGOTIATE),
"tls_parse_stoc_renegotiate"},
{ERR_FUNC(SSL_F_TLS_PARSE_STOC_USE_SRTP), "tls_parse_stoc_use_srtp"},
{ERR_FUNC(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO),
"tls_post_process_client_hello"},
{ERR_FUNC(SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE),

8
ssl/statem/extensions.c
View file

@ -652,7 +652,7 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent,
&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
&& !sent) {
*al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_EXT_FINAL_RENEGOTIATE,
SSLerr(SSL_F_FINAL_RENEGOTIATE,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
}
@ -665,7 +665,7 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent,
&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
&& !sent) {
*al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_EXT_FINAL_RENEGOTIATE,
SSLerr(SSL_F_FINAL_RENEGOTIATE,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
}
@ -745,7 +745,7 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent,
break;
}
if (i == s->session->tlsext_ecpointformatlist_length) {
SSLerr(SSL_F_TLS_EXT_FINAL_EC_PT_FORMATS,
SSLerr(SSL_F_FINAL_EC_PT_FORMATS,
SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
return 0;
}
@ -889,7 +889,7 @@ static int final_ems(SSL *s, unsigned int context, int sent, int *al)
if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) !=
!(s->session->flags & SSL_SESS_FLAG_EXTMS)) {
*al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_EXT_FINAL_EMS, SSL_R_INCONSISTENT_EXTMS);
SSLerr(SSL_F_FINAL_EMS, SSL_R_INCONSISTENT_EXTMS);
return 0;
}
}

110
ssl/statem/extensions_clnt.c
View file

@ -23,7 +23,7 @@ int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, int *al)
|| !WPACKET_sub_memcpy_u8(pkt, s->s3->previous_client_finished,
s->s3->previous_client_finished_len)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_RENEGOTIATE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -46,7 +46,7 @@ int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, int *al)
strlen(s->tlsext_hostname))
|| !WPACKET_close(pkt)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SERVER_NAME, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -70,7 +70,7 @@ int tls_construct_ctos_srp(SSL *s, WPACKET *pkt, int *al)
strlen(s->srp_ctx.login))
|| !WPACKET_close(pkt)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SRP, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SRP, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -121,7 +121,7 @@ int tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, int *al)
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -143,7 +143,7 @@ int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, int *al)
/* TODO(TLS1.3): Add support for DHE groups */
pcurves = s->tlsext_supportedgroupslist;
if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_GROUPS,
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
ERR_R_INTERNAL_ERROR);
return 0;
}
@ -153,7 +153,7 @@ int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, int *al)
/* Sub-packet for supported_groups extension */
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_start_sub_packet_u16(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_GROUPS,
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
ERR_R_INTERNAL_ERROR);
return 0;
}
@ -162,14 +162,14 @@ int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, int *al)
if (tls_curve_allowed(s, pcurves, SSL_SECOP_CURVE_SUPPORTED)) {
if (!WPACKET_put_bytes_u8(pkt, pcurvestmp[0])
|| !WPACKET_put_bytes_u8(pkt, pcurvestmp[1])) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_GROUPS,
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
ERR_R_INTERNAL_ERROR);
return 0;
}
}
}
if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_GROUPS,
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
ERR_R_INTERNAL_ERROR);
return 0;
}
@ -193,7 +193,7 @@ int tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, int *al)
ticklen = s->tlsext_session_ticket->length;
s->session->tlsext_tick = OPENSSL_malloc(ticklen);
if (s->session->tlsext_tick == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SESSION_TICKET,
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET,
ERR_R_INTERNAL_ERROR);
return 0;
}
@ -210,7 +210,7 @@ int tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, int *al)
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
|| !WPACKET_sub_memcpy_u16(pkt, s->session->tlsext_tick, ticklen)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -234,7 +234,7 @@ int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, int *al)
|| !tls12_copy_sigalgs(s, pkt, salg, salglen)
|| !WPACKET_close(pkt)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SIG_ALGS, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -255,7 +255,7 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, int *al)
|| !WPACKET_put_bytes_u8(pkt, TLSEXT_STATUSTYPE_ocsp)
/* Sub-packet for the ids */
|| !WPACKET_start_sub_packet_u16(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
return 0;
}
for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
@ -267,14 +267,14 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, int *al)
/* Sub-packet for an individual id */
|| !WPACKET_sub_allocate_bytes_u16(pkt, idlen, &idbytes)
|| i2d_OCSP_RESPID(id, &idbytes) != idlen) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_STATUS_REQUEST,
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
ERR_R_INTERNAL_ERROR);
return 0;
}
}
if (!WPACKET_close(pkt)
|| !WPACKET_start_sub_packet_u16(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
return 0;
}
if (s->tlsext_ocsp_exts) {
@ -282,20 +282,20 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, int *al)
int extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
if (extlen < 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_STATUS_REQUEST,
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
ERR_R_INTERNAL_ERROR);
return 0;
}
if (!WPACKET_allocate_bytes(pkt, extlen, &extbytes)
|| i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &extbytes)
!= extlen) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_STATUS_REQUEST,
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
ERR_R_INTERNAL_ERROR);
return 0;
}
}
if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -315,7 +315,7 @@ int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, int *al)
*/
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
|| !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_NPN, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_NPN, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -341,7 +341,7 @@ int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, int *al)
|| !WPACKET_sub_memcpy_u16(pkt, s->alpn_client_proto_list,
s->alpn_client_proto_list_len)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_ALPN, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_ALPN, ERR_R_INTERNAL_ERROR);
return 0;
}
s->s3->alpn_sent = 1;
@ -364,7 +364,7 @@ int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, int *al)
|| !WPACKET_start_sub_packet_u16(pkt)
/* Sub-packet for the protection profile list */
|| !WPACKET_start_sub_packet_u16(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_USE_SRTP, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -374,7 +374,7 @@ int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, int *al)
sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
if (prof == NULL || !WPACKET_put_bytes_u16(pkt, prof->id)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_USE_SRTP, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, ERR_R_INTERNAL_ERROR);
return 0;
}
}
@ -382,7 +382,7 @@ int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, int *al)
/* Add an empty use_mki value */
|| !WPACKET_put_bytes_u8(pkt, 0)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_USE_SRTP, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -397,7 +397,7 @@ int tls_construct_ctos_etm(SSL *s, WPACKET *pkt, int *al)
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac)
|| !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_ETM, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_ETM, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -412,7 +412,7 @@ int tls_construct_ctos_sct(SSL *s, WPACKET *pkt, int *al)
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signed_certificate_timestamp)
|| !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SCT, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SCT, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -424,7 +424,7 @@ int tls_construct_ctos_ems(SSL *s, WPACKET *pkt, int *al)
{
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
|| !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_EMS, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_EMS, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -438,14 +438,14 @@ int tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, int *al)
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_start_sub_packet_u8(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_VERSIONS,
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
return 0;
}
reason = ssl_get_client_min_max_version(s, &min_version, &max_version);
if (reason != 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_VERSIONS, reason);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, reason);
return 0;
}
@ -458,18 +458,18 @@ int tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, int *al)
/* TODO(TLS1.3): Remove this first if clause prior to release!! */
if (currv == TLS1_3_VERSION) {
if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_VERSIONS,
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
return 0;
}
} else if (!WPACKET_put_bytes_u16(pkt, currv)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_VERSIONS,
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
return 0;
}
}
if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_VERSIONS,
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
return 0;
}
@ -489,13 +489,13 @@ int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, int *al)
|| !WPACKET_start_sub_packet_u16(pkt)
/* KeyShare list sub-packet */
|| !WPACKET_start_sub_packet_u16(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return 0;
}
pcurves = s->tlsext_supportedgroupslist;
if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -514,7 +514,7 @@ int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, int *al)
if (s->s3->tmp.pkey != NULL) {
/* Shouldn't happen! */
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -522,7 +522,7 @@ int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, int *al)
curve_id = (pcurves[0] << 8) | pcurves[1];
key_share_key = ssl_generate_pkey_curve(curve_id);
if (key_share_key == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_SHARE, ERR_R_EVP_LIB);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, ERR_R_EVP_LIB);
return 0;
}
@ -530,7 +530,7 @@ int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, int *al)
encodedlen = EVP_PKEY_get1_tls_encodedpoint(key_share_key,
&encodedPoint);
if (encodedlen == 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_SHARE, ERR_R_EC_LIB);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, ERR_R_EC_LIB);
EVP_PKEY_free(key_share_key);
return 0;
}
@ -538,7 +538,7 @@ int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, int *al)
/* Create KeyShareEntry */
if (!WPACKET_put_bytes_u16(pkt, curve_id)
|| !WPACKET_sub_memcpy_u16(pkt, encodedPoint, encodedlen)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR);
EVP_PKEY_free(key_share_key);
OPENSSL_free(encodedPoint);
return 0;
@ -556,7 +556,7 @@ int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, int *al)
}
if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -581,7 +581,7 @@ int tls_construct_ctos_padding(SSL *s, WPACKET *pkt, int *al)
* appear last.
*/
if (!WPACKET_get_total_written(pkt, &hlen)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_PADDING, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PADDING, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -600,7 +600,7 @@ int tls_construct_ctos_padding(SSL *s, WPACKET *pkt, int *al)
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_padding)
|| !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_PADDING, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PADDING, ERR_R_INTERNAL_ERROR);
return 0;
}
memset(padbytes, 0, hlen);
@ -625,7 +625,7 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, int *al)
/* Parse the length byte */
if (!PACKET_get_1_len(pkt, &ilen)) {
SSLerr(SSL_F_TLS_PARSE_SERVER_RENEGOTIATE,
SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
@ -633,7 +633,7 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, int *al)
/* Consistency check */
if (PACKET_remaining(pkt) != ilen) {
SSLerr(SSL_F_TLS_PARSE_SERVER_RENEGOTIATE,
SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
@ -641,7 +641,7 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, int *al)
/* Check that the extension matches */
if (ilen != expected_len) {
SSLerr(SSL_F_TLS_PARSE_SERVER_RENEGOTIATE,
SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
@ -650,7 +650,7 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, int *al)
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len)
|| memcmp(data, s->s3->previous_client_finished,
s->s3->previous_client_finished_len) != 0) {
SSLerr(SSL_F_TLS_PARSE_SERVER_RENEGOTIATE,
SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
@ -659,7 +659,7 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, int *al)
if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len)
|| memcmp(data, s->s3->previous_server_finished,
s->s3->previous_server_finished_len) != 0) {
SSLerr(SSL_F_TLS_PARSE_SERVER_RENEGOTIATE,
SSLerr(SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
@ -919,7 +919,7 @@ int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, int *al)
|| !PACKET_get_net_2(pkt, &id)
|| !PACKET_get_1(pkt, &mki)
|| PACKET_remaining(pkt) != 0) {
SSLerr(SSL_F_TLS_PARSE_SERVER_USE_SRTP,
SSLerr(SSL_F_TLS_PARSE_STOC_USE_SRTP,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
return 0;
@ -927,7 +927,7 @@ int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, int *al)
if (mki != 0) {
/* Must be no MKI, since we never offer one */
SSLerr(SSL_F_TLS_PARSE_SERVER_USE_SRTP, SSL_R_BAD_SRTP_MKI_VALUE);
SSLerr(SSL_F_TLS_PARSE_STOC_USE_SRTP, SSL_R_BAD_SRTP_MKI_VALUE);
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
@ -935,7 +935,7 @@ int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, int *al)
/* Throw an error if the server gave us an unsolicited extension */
clnt = SSL_get_srtp_profiles(s);
if (clnt == NULL) {
SSLerr(SSL_F_TLS_PARSE_SERVER_USE_SRTP, SSL_R_NO_SRTP_PROFILES);
SSLerr(SSL_F_TLS_PARSE_STOC_USE_SRTP, SSL_R_NO_SRTP_PROFILES);
*al = SSL_AD_DECODE_ERROR;
return 0;
}
@ -954,7 +954,7 @@ int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, int *al)
}
}
SSLerr(SSL_F_TLS_PARSE_SERVER_USE_SRTP,
SSLerr(SSL_F_TLS_PARSE_STOC_USE_SRTP,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
return 0;
@ -990,13 +990,13 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, int *al)
/* Sanity check */
if (ckey == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_SERVER_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return 0;
}
if (!PACKET_get_net_2(pkt, &group_id)) {
*al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PARSE_SERVER_KEY_SHARE, SSL_R_LENGTH_MISMATCH);
SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_LENGTH_MISMATCH);
return 0;
}
@ -1006,33 +1006,33 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, int *al)
* key_share!
*/
*al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PARSE_SERVER_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
return 0;
}
if (!PACKET_as_length_prefixed_2(pkt, &encoded_pt)
|| PACKET_remaining(&encoded_pt) == 0) {
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PARSE_SERVER_KEY_SHARE, SSL_R_LENGTH_MISMATCH);
SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_LENGTH_MISMATCH);
return 0;
}
skey = ssl_generate_pkey(ckey);
if (skey == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_SERVER_KEY_SHARE, ERR_R_MALLOC_FAILURE);
SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt))) {
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PARSE_SERVER_KEY_SHARE, SSL_R_BAD_ECPOINT);
SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_ECPOINT);
return 0;
}
if (ssl_derive(s, ckey, skey, 1) == 0) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_SERVER_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
EVP_PKEY_free(skey);
return 0;
}

68
ssl/statem/extensions_srvr.c
View file

@ -22,7 +22,7 @@ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, int *al)
/* Parse the length byte */
if (!PACKET_get_1(pkt, &ilen)
|| !PACKET_get_bytes(pkt, &data, ilen)) {
SSLerr(SSL_F_TLS_PARSE_CLIENT_RENEGOTIATE,
SSLerr(SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
SSL_R_RENEGOTIATION_ENCODING_ERR);
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;
@ -30,7 +30,7 @@ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, int *al)
/* Check that the extension matches */
if (ilen != s->s3->previous_client_finished_len) {
SSLerr(SSL_F_TLS_PARSE_CLIENT_RENEGOTIATE,
SSLerr(SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
@ -38,7 +38,7 @@ int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, int *al)
if (memcmp(data, s->s3->previous_client_finished,
s->s3->previous_client_finished_len)) {
SSLerr(SSL_F_TLS_PARSE_CLIENT_RENEGOTIATE,
SSLerr(SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
SSL_R_RENEGOTIATION_MISMATCH);
*al = SSL_AD_HANDSHAKE_FAILURE;
return 0;
@ -387,7 +387,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, int *al)
/* Pull off the length of the cipher suite list and check it is even */
if (!PACKET_get_net_2(pkt, &ct) || (ct & 1) != 0
|| !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
SSLerr(SSL_F_TLS_PARSE_CLIENT_USE_SRTP,
SSLerr(SSL_F_TLS_PARSE_CTOS_USE_SRTP,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
return 0;
@ -400,7 +400,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, int *al)
while (PACKET_remaining(&subpkt)) {
if (!PACKET_get_net_2(&subpkt, &id)) {
SSLerr(SSL_F_TLS_PARSE_CLIENT_USE_SRTP,
SSLerr(SSL_F_TLS_PARSE_CTOS_USE_SRTP,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
return 0;
@ -426,7 +426,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, int *al)
/* Now extract the MKI value as a sanity check, but discard it for now */
if (!PACKET_get_1(pkt, &mki_len)) {
SSLerr(SSL_F_TLS_PARSE_CLIENT_USE_SRTP,
SSLerr(SSL_F_TLS_PARSE_CTOS_USE_SRTP,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
*al = SSL_AD_DECODE_ERROR;
return 0;
@ -434,7 +434,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, int *al)
if (!PACKET_forward(pkt, mki_len)
|| PACKET_remaining(pkt)) {
SSLerr(SSL_F_TLS_PARSE_CLIENT_USE_SRTP, SSL_R_BAD_SRTP_MKI_VALUE);
SSLerr(SSL_F_TLS_PARSE_CTOS_USE_SRTP, SSL_R_BAD_SRTP_MKI_VALUE);
*al = SSL_AD_DECODE_ERROR;
return 0;
}
@ -500,20 +500,20 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, int *al)
/* Sanity check */
if (s->s3->peer_tmp != NULL) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return 0;
}
if (!PACKET_as_length_prefixed_2(pkt, &key_share_list)) {
*al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, SSL_R_LENGTH_MISMATCH);
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_LENGTH_MISMATCH);
return 0;
}
/* Get our list of supported curves */
if (!tls1_get_curvelist(s, 0, &srvrcurves, &srvr_num_curves)) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -524,7 +524,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, int *al)
*/
if (!tls1_get_curvelist(s, 1, &clntcurves, &clnt_num_curves)) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -533,7 +533,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, int *al)
|| !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt)
|| PACKET_remaining(&encoded_pt) == 0) {
*al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE,
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
SSL_R_LENGTH_MISMATCH);
return 0;
}
@ -548,7 +548,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, int *al)
/* Check if this share is in supported_groups sent from client */
if (!check_in_list(s, group_id, clntcurves, clnt_num_curves, 0)) {
*al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
return 0;
}
@ -562,7 +562,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, int *al)
if (group_nid == 0) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE,
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0;
}
@ -573,7 +573,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, int *al)
if (key == NULL || !EVP_PKEY_set_type(key, group_nid)) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, ERR_R_EVP_LIB);
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_EVP_LIB);
EVP_PKEY_free(key);
return 0;
}
@ -588,7 +588,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, int *al)
group_nid) <= 0
|| EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, ERR_R_EVP_LIB);
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_EVP_LIB);
EVP_PKEY_CTX_free(pctx);
return 0;
}
@ -601,7 +601,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, int *al)
PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt))) {
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, SSL_R_BAD_ECPOINT);
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_ECPOINT);
return 0;
}
@ -666,7 +666,7 @@ int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, int *al)
s->s3->previous_server_finished_len)
|| !WPACKET_close(pkt)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_RENEGOTIATE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -681,7 +681,7 @@ int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, int *al)
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
|| !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_SERVER_NAME, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -706,7 +706,7 @@ int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, int *al)
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_sub_memcpy_u8(pkt, plist, plistlen)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -723,7 +723,7 @@ int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, int *al)
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
|| !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -738,7 +738,7 @@ int tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, int *al)
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
|| !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -764,7 +764,7 @@ int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, int *al)
if (ret == SSL_TLSEXT_ERR_OK) {
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
|| !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_NEXT_PROTO_NEG,
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG,
ERR_R_INTERNAL_ERROR);
return 0;
}
@ -788,7 +788,7 @@ int tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, int *al)
s->s3->alpn_selected_len)
|| !WPACKET_close(pkt)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_ALPN, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_ALPN, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -807,7 +807,7 @@ int tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, int *al)
|| !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id)
|| !WPACKET_put_bytes_u8(pkt, 0)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_USE_SRTP, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -834,7 +834,7 @@ int tls_construct_stoc_etm(SSL *s, WPACKET *pkt, int *al)
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac)
|| !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_ETM, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_ETM, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -848,7 +848,7 @@ int tls_construct_stoc_ems(SSL *s, WPACKET *pkt, int *al)
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
|| !WPACKET_put_bytes_u16(pkt, 0)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_EMS, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EMS, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -865,34 +865,34 @@ int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, int *al)
return 1;
if (ckey == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return 0;
}
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_put_bytes_u16(pkt, s->s3->group_id)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return 0;
}
skey = ssl_generate_pkey(ckey);
if (skey == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_SHARE, ERR_R_MALLOC_FAILURE);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_MALLOC_FAILURE);
return 0;
}
/* Generate encoding of server key */
encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint);
if (encoded_pt_len == 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_SHARE, ERR_R_EC_LIB);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_EC_LIB);
EVP_PKEY_free(skey);
return 0;
}
if (!WPACKET_sub_memcpy_u16(pkt, encodedPoint, encoded_pt_len)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
EVP_PKEY_free(skey);
OPENSSL_free(encodedPoint);
return 0;
@ -902,7 +902,7 @@ int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, int *al)
/* This causes the crypto state to be updated based on the derived keys */
s->s3->tmp.pkey = skey;
if (ssl_derive(s, skey, ckey, 1) == 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_SHARE, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -926,7 +926,7 @@ int tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, int *al)
return 1;
if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_CRYPTOPRO_BUG, ERR_R_INTERNAL_ERROR);
SSLerr(SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG, ERR_R_INTERNAL_ERROR);
return 0;
}