Allow code which calls RSA temp key callback to cope

with a failure.

Fix typos in some error codes.

6 files changed, 17 insertions, 2 deletions

diff --git a/CHANGES b/CHANGES
index 8ec551ab66..5cf2a6e373 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 2000]
 
+  *) Allow for the possibility of temp RSA key generation failure:
+     the code used to assume it always worked and crashed on failure.
+     [Steve Henson]
+
   *) Fix potential buffer overrun problem in BIO_printf().
      [Ulf Möller, using public domain code by Patrick Powell; problem
       pointed out by David Sacerdote <das33@cornell.edu>]
diff --git a/FAQ b/FAQ
index 832bb9d727..be4a38ab64 100644
--- a/FAQ
+++ b/FAQ
@@ -44,6 +44,9 @@ might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
 predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>.  Much
 of this still applies to OpenSSL.
 
+There is some documentation about certificate extensions and PKCS#12
+in doc/openssl.txt
+
 The original SSLeay documentation is included in OpenSSL as
 doc/ssleay.txt.  It may be useful when none of the other ressources
 help, but please note that it reflects the obsolete version SSLeay
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index a3f3989c12..e132ba3182 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -48,11 +48,11 @@ R SSL_R_TLSV1_ALERT_UNKNOWN_CA			1048
 R SSL_R_TLSV1_ALERT_ACCESS_DENIED		1049
 R SSL_R_TLSV1_ALERT_DECODE_ERROR		1050
 R SSL_R_TLSV1_ALERT_DECRYPT_ERROR		1051
-R SSL_R_TLSV1_ALERT_EXPORT_RESTRICION		1060
+R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		1060
 R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		1070
 R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY	1071
 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR		1080
-R SSL_R_TLSV1_ALERT_USER_CANCLED		1090
+R SSL_R_TLSV1_ALERT_USER_CANCELLED		1090
 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		1100
 
 R RSAREF_R_CONTENT_ENCODING			0x0400
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 7c6993643f..90806e2d99 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -955,6 +955,12 @@ static int ssl3_send_server_key_exchange(SSL *s)
 				rsa=s->cert->rsa_tmp_cb(s,
 				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
 				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+				if(rsa == NULL)
+				{
+					al=SSL_AD_HANDSHAKE_FAILURE;
+					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+					goto f_err;
+				}
 				CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
 				cert->rsa_tmp=rsa;
 				}
diff --git a/ssl/ssl.h b/ssl/ssl.h
index a8bec859a1..be2e3c72f4 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1372,6 +1372,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
 #define SSL_R_DIGEST_CHECK_FAILED			 149
 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
+#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 1092
 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151
 #define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152
 #define SSL_R_EXTRA_DATA_IN_MESSAGE			 153
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index c722544dd4..5618e34a30 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -255,6 +255,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
 {SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
 {SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
+{SSL_R_ERROR_GENERATING_TMP_RSA_KEY      ,"error generating tmp rsa key"},
 {SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST     ,"error in received cipher list"},
 {SSL_R_EXCESSIVE_MESSAGE_SIZE            ,"excessive message size"},
 {SSL_R_EXTRA_DATA_IN_MESSAGE             ,"extra data in message"},