summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--crypto/err/openssl.txt47
-rw-r--r--include/openssl/sslerr.h47
-rw-r--r--ssl/record/ssl3_buffer.c12
-rw-r--r--ssl/s3_enc.c120
-rw-r--r--ssl/s3_lib.c50
-rw-r--r--ssl/ssl_err.c76
-rw-r--r--ssl/ssl_lib.c94
-rw-r--r--ssl/ssl_locl.h17
-rw-r--r--ssl/ssl_sess.c46
-rw-r--r--ssl/statem/extensions.c256
-rw-r--r--ssl/statem/extensions_clnt.c475
-rw-r--r--ssl/statem/extensions_cust.c30
-rw-r--r--ssl/statem/extensions_srvr.c351
-rw-r--r--ssl/statem/statem.c46
-rw-r--r--ssl/statem/statem_clnt.c727
-rw-r--r--ssl/statem/statem_lib.c377
-rw-r--r--ssl/statem/statem_locl.h164
-rw-r--r--ssl/statem/statem_srvr.c1101
-rw-r--r--ssl/t1_enc.c87
-rw-r--r--ssl/t1_lib.c89
-rw-r--r--ssl/tls13_enc.c70
-rw-r--r--ssl/tls_srp.c6
-rw-r--r--test/tls13secretstest.c5
23 files changed, 2449 insertions, 1844 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 23c32fb850..a249524e60 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -965,9 +965,13 @@ SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:*
SSL_F_ADD_KEY_SHARE:512:add_key_share
SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list
SSL_F_CHECK_SUITEB_CIPHER_LIST:331:check_suiteb_cipher_list
+SSL_F_CONSTRUCT_CA_NAMES:552:construct_ca_names
+SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS:553:construct_key_exchange_tbs
SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH:539:create_synthetic_message_hash
SSL_F_CT_MOVE_SCTS:345:ct_move_scts
SSL_F_CT_STRICT:349:ct_strict
+SSL_F_CUSTOM_EXT_ADD:554:custom_ext_add
+SSL_F_CUSTOM_EXT_PARSE:555:custom_ext_parse
SSL_F_D2I_SSL_SESSION:103:d2i_SSL_SESSION
SSL_F_DANE_CTX_ENABLE:347:dane_ctx_enable
SSL_F_DANE_MTYPE_SET:393:dane_mtype_set
@@ -993,11 +997,15 @@ SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST:385:\
SSL_F_DTLS_GET_REASSEMBLED_MESSAGE:370:dtls_get_reassembled_message
SSL_F_DTLS_PROCESS_HELLO_VERIFY:386:dtls_process_hello_verify
SSL_F_EARLY_DATA_COUNT_OK:532:early_data_count_ok
+SSL_F_FINAL_EARLY_DATA:556:final_early_data
SSL_F_FINAL_EC_PT_FORMATS:485:final_ec_pt_formats
SSL_F_FINAL_EMS:486:final_ems
SSL_F_FINAL_KEY_SHARE:503:final_key_share
+SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen
SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate
+SSL_F_FINAL_SERVER_NAME:558:final_server_name
SSL_F_FINAL_SIG_ALGS:497:final_sig_algs
+SSL_F_GET_CERT_VERIFY_TBS_DATA:588:get_cert_verify_tbs_data
SSL_F_NSS_KEYLOG_INT:500:nss_keylog_int
SSL_F_OPENSSL_INIT_SSL:342:OPENSSL_init_ssl
SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION:436:*
@@ -1010,6 +1018,7 @@ SSL_F_PARSE_CA_NAMES:541:parse_ca_names
SSL_F_PROCESS_KEY_SHARE_EXT:439:*
SSL_F_READ_STATE_MACHINE:352:read_state_machine
SSL_F_SET_CLIENT_CIPHERSUITE:540:set_client_ciphersuite
+SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET:589:srp_generate_server_master_secret
SSL_F_SSL3_CHANGE_CIPHER_STATE:129:ssl3_change_cipher_state
SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM:130:ssl3_check_cert_and_algorithm
SSL_F_SSL3_CTRL:213:ssl3_ctrl
@@ -1017,6 +1026,7 @@ SSL_F_SSL3_CTX_CTRL:133:ssl3_ctx_ctrl
SSL_F_SSL3_DIGEST_CACHED_RECORDS:293:ssl3_digest_cached_records
SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC:292:ssl3_do_change_cipher_spec
SSL_F_SSL3_FINAL_FINISH_MAC:285:ssl3_final_finish_mac
+SSL_F_SSL3_FINISH_MAC:587:ssl3_finish_mac
SSL_F_SSL3_GENERATE_KEY_BLOCK:238:ssl3_generate_key_block
SSL_F_SSL3_GENERATE_MASTER_SECRET:388:ssl3_generate_master_secret
SSL_F_SSL3_GET_RECORD:143:ssl3_get_record
@@ -1087,15 +1097,18 @@ SSL_F_SSL_CTX_USE_SERVERINFO_EX:543:SSL_CTX_use_serverinfo_ex
SSL_F_SSL_CTX_USE_SERVERINFO_FILE:337:SSL_CTX_use_serverinfo_file
SSL_F_SSL_DANE_DUP:403:ssl_dane_dup
SSL_F_SSL_DANE_ENABLE:395:SSL_dane_enable
+SSL_F_SSL_DERIVE:590:ssl_derive
SSL_F_SSL_DO_CONFIG:391:ssl_do_config
SSL_F_SSL_DO_HANDSHAKE:180:SSL_do_handshake
SSL_F_SSL_DUP_CA_LIST:408:SSL_dup_CA_list
SSL_F_SSL_ENABLE_CT:402:SSL_enable_ct
+SSL_F_SSL_GENERATE_PKEY_GROUP:559:ssl_generate_pkey_group
SSL_F_SSL_GENERATE_SESSION_ID:547:ssl_generate_session_id
SSL_F_SSL_GET_NEW_SESSION:181:ssl_get_new_session
SSL_F_SSL_GET_PREV_SESSION:217:ssl_get_prev_session
SSL_F_SSL_GET_SERVER_CERT_INDEX:322:*
SSL_F_SSL_GET_SIGN_PKEY:183:*
+SSL_F_SSL_HANDSHAKE_HASH:560:ssl_handshake_hash
SSL_F_SSL_INIT_WBIO_BUFFER:184:ssl_init_wbio_buffer
SSL_F_SSL_KEY_UPDATE:515:SSL_key_update
SSL_F_SSL_LOAD_CLIENT_CA_FILE:185:SSL_load_client_CA_file
@@ -1103,6 +1116,7 @@ SSL_F_SSL_LOG_MASTER_SECRET:498:*
SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE:499:ssl_log_rsa_client_key_exchange
SSL_F_SSL_MODULE_INIT:392:ssl_module_init
SSL_F_SSL_NEW:186:SSL_new
+SSL_F_SSL_NEXT_PROTO_VALIDATE:565:ssl_next_proto_validate
SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT:300:*
SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT:302:*
SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT:310:*
@@ -1163,6 +1177,8 @@ SSL_F_STATE_MACHINE:353:state_machine
SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg
SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs
SSL_F_TLS13_CHANGE_CIPHER_STATE:440:tls13_change_cipher_state
+SSL_F_TLS13_GENERATE_SECRET:591:tls13_generate_secret
+SSL_F_TLS13_HKDF_EXPAND:561:tls13_hkdf_expand
SSL_F_TLS13_SETUP_KEY_BLOCK:441:tls13_setup_key_block
SSL_F_TLS1_CHANGE_CIPHER_STATE:209:tls1_change_cipher_state
SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS:341:*
@@ -1258,17 +1274,40 @@ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO:521:\
tls_early_post_process_client_hello
SSL_F_TLS_GET_MESSAGE_BODY:351:tls_get_message_body
SSL_F_TLS_GET_MESSAGE_HEADER:387:tls_get_message_header
+SSL_F_TLS_HANDLE_ALPN:562:tls_handle_alpn
+SSL_F_TLS_HANDLE_STATUS_REQUEST:563:tls_handle_status_request
+SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES:566:tls_parse_certificate_authorities
SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT:449:*
+SSL_F_TLS_PARSE_CTOS_ALPN:567:tls_parse_ctos_alpn
+SSL_F_TLS_PARSE_CTOS_EARLY_DATA:568:tls_parse_ctos_early_data
+SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS:569:tls_parse_ctos_ec_pt_formats
+SSL_F_TLS_PARSE_CTOS_EMS:570:tls_parse_ctos_ems
SSL_F_TLS_PARSE_CTOS_KEY_SHARE:463:tls_parse_ctos_key_share
+SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN:571:tls_parse_ctos_maxfragmentlen
SSL_F_TLS_PARSE_CTOS_PSK:505:tls_parse_ctos_psk
+SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES:572:tls_parse_ctos_psk_kex_modes
SSL_F_TLS_PARSE_CTOS_RENEGOTIATE:464:tls_parse_ctos_renegotiate
+SSL_F_TLS_PARSE_CTOS_SERVER_NAME:573:tls_parse_ctos_server_name
+SSL_F_TLS_PARSE_CTOS_SESSION_TICKET:574:tls_parse_ctos_session_ticket
+SSL_F_TLS_PARSE_CTOS_SIG_ALGS:575:tls_parse_ctos_sig_algs
+SSL_F_TLS_PARSE_CTOS_SRP:576:tls_parse_ctos_srp
+SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST:577:tls_parse_ctos_status_request
+SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS:578:tls_parse_ctos_supported_groups
SSL_F_TLS_PARSE_CTOS_USE_SRTP:465:tls_parse_ctos_use_srtp
+SSL_F_TLS_PARSE_STOC_ALPN:579:tls_parse_stoc_alpn
SSL_F_TLS_PARSE_STOC_COOKIE:534:tls_parse_stoc_cookie
SSL_F_TLS_PARSE_STOC_EARLY_DATA:538:tls_parse_stoc_early_data
SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO:528:*
+SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS:580:tls_parse_stoc_ec_pt_formats
SSL_F_TLS_PARSE_STOC_KEY_SHARE:445:tls_parse_stoc_key_share
+SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN:581:tls_parse_stoc_maxfragmentlen
+SSL_F_TLS_PARSE_STOC_NPN:582:tls_parse_stoc_npn
SSL_F_TLS_PARSE_STOC_PSK:502:tls_parse_stoc_psk
SSL_F_TLS_PARSE_STOC_RENEGOTIATE:448:tls_parse_stoc_renegotiate
+SSL_F_TLS_PARSE_STOC_SCT:564:tls_parse_stoc_sct
+SSL_F_TLS_PARSE_STOC_SERVER_NAME:583:tls_parse_stoc_server_name
+SSL_F_TLS_PARSE_STOC_SESSION_TICKET:584:tls_parse_stoc_session_ticket
+SSL_F_TLS_PARSE_STOC_STATUS_REQUEST:585:tls_parse_stoc_status_request
SSL_F_TLS_PARSE_STOC_USE_SRTP:446:tls_parse_stoc_use_srtp
SSL_F_TLS_POST_PROCESS_CLIENT_HELLO:378:tls_post_process_client_hello
SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE:384:\
@@ -1309,6 +1348,7 @@ SSL_F_TLS_PSK_DO_BINDER:506:tls_psk_do_binder
SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT:450:*
SSL_F_TLS_SETUP_HANDSHAKE:508:tls_setup_handshake
SSL_F_USE_CERTIFICATE_CHAIN_FILE:220:use_certificate_chain_file
+SSL_F_WRITE_STATE_MACHINE:586:write_state_machine
TS_F_DEF_SERIAL_CB:110:def_serial_cb
TS_F_DEF_TIME_CB:111:def_time_cb
TS_F_ESS_ADD_SIGNING_CERT:112:ess_add_signing_cert
@@ -2286,14 +2326,17 @@ SSL_R_BAD_DATA_RETURNED_BY_CALLBACK:106:bad data returned by callback
SSL_R_BAD_DECOMPRESSION:107:bad decompression
SSL_R_BAD_DH_VALUE:102:bad dh value
SSL_R_BAD_DIGEST_LENGTH:111:bad digest length
+SSL_R_BAD_EARLY_DATA:233:bad early data
SSL_R_BAD_ECC_CERT:304:bad ecc cert
SSL_R_BAD_ECPOINT:306:bad ecpoint
SSL_R_BAD_EXTENSION:110:bad extension
SSL_R_BAD_HANDSHAKE_LENGTH:332:bad handshake length
+SSL_R_BAD_HANDSHAKE_STATE:236:bad handshake state
SSL_R_BAD_HELLO_REQUEST:105:bad hello request
SSL_R_BAD_KEY_SHARE:108:bad key share
SSL_R_BAD_KEY_UPDATE:122:bad key update
SSL_R_BAD_LENGTH:271:bad length
+SSL_R_BAD_PACKET:240:bad packet
SSL_R_BAD_PACKET_LENGTH:115:bad packet length
SSL_R_BAD_PROTOCOL_VERSION_NUMBER:116:bad protocol version number
SSL_R_BAD_PSK:219:bad psk
@@ -2311,6 +2354,7 @@ SSL_R_BAD_WRITE_RETRY:127:bad write retry
SSL_R_BIO_NOT_SET:128:bio not set
SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:129:block cipher pad is wrong
SSL_R_BN_LIB:130:bn lib
+SSL_R_CALLBACK_FAILED:234:callback failed
SSL_R_CANNOT_CHANGE_CIPHER:109:cannot change cipher
SSL_R_CA_DN_LENGTH_MISMATCH:131:ca dn length mismatch
SSL_R_CA_KEY_TOO_SMALL:397:ca key too small
@@ -2380,6 +2424,7 @@ SSL_R_INCONSISTENT_EARLY_DATA_ALPN:222:inconsistent early data alpn
SSL_R_INCONSISTENT_EARLY_DATA_SNI:231:inconsistent early data sni
SSL_R_INCONSISTENT_EXTMS:104:inconsistent extms
SSL_R_INVALID_ALERT:205:invalid alert
+SSL_R_INVALID_CERTIFICATE_OR_ALG:238:invalid certificate or alg
SSL_R_INVALID_COMMAND:280:invalid command
SSL_R_INVALID_COMPRESSION_ALGORITHM:341:invalid compression algorithm
SSL_R_INVALID_CONFIGURATION_NAME:113:invalid configuration name
@@ -2409,6 +2454,7 @@ SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION:209:missing supported groups extension
SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
+SSL_R_NO_APPLICATION_PROTOCOL:235:no application protocol
SSL_R_NO_CERTIFICATES_RETURNED:176:no certificates returned
SSL_R_NO_CERTIFICATE_ASSIGNED:177:no certificate assigned
SSL_R_NO_CERTIFICATE_SET:179:no certificate set
@@ -2439,6 +2485,7 @@ SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
old session compression algorithm not returned
+SSL_R_OVERFLOW_ERROR:237:overflow error
SSL_R_PACKET_LENGTH_TOO_LONG:198:packet length too long
SSL_R_PARSE_TLSEXT:227:parse tlsext
SSL_R_PATH_TOO_LONG:270:path too long
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 3450b4cbe2..e99825fb27 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -26,9 +26,13 @@ int ERR_load_SSL_strings(void);
# define SSL_F_ADD_KEY_SHARE 512
# define SSL_F_BYTES_TO_CIPHER_LIST 519
# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331
+# define SSL_F_CONSTRUCT_CA_NAMES 552
+# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553
# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539
# define SSL_F_CT_MOVE_SCTS 345
# define SSL_F_CT_STRICT 349
+# define SSL_F_CUSTOM_EXT_ADD 554
+# define SSL_F_CUSTOM_EXT_PARSE 555
# define SSL_F_D2I_SSL_SESSION 103
# define SSL_F_DANE_CTX_ENABLE 347
# define SSL_F_DANE_MTYPE_SET 393
@@ -53,11 +57,15 @@ int ERR_load_SSL_strings(void);
# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370
# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386
# define SSL_F_EARLY_DATA_COUNT_OK 532
+# define SSL_F_FINAL_EARLY_DATA 556
# define SSL_F_FINAL_EC_PT_FORMATS 485
# define SSL_F_FINAL_EMS 486
# define SSL_F_FINAL_KEY_SHARE 503
+# define SSL_F_FINAL_MAXFRAGMENTLEN 557
# define SSL_F_FINAL_RENEGOTIATE 483
+# define SSL_F_FINAL_SERVER_NAME 558
# define SSL_F_FINAL_SIG_ALGS 497
+# define SSL_F_GET_CERT_VERIFY_TBS_DATA 588
# define SSL_F_NSS_KEYLOG_INT 500
# define SSL_F_OPENSSL_INIT_SSL 342
# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 436
@@ -70,6 +78,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_PROCESS_KEY_SHARE_EXT 439
# define SSL_F_READ_STATE_MACHINE 352
# define SSL_F_SET_CLIENT_CIPHERSUITE 540
+# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 589
# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
# define SSL_F_SSL3_CTRL 213
@@ -77,6 +86,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
# define SSL_F_SSL3_FINAL_FINISH_MAC 285
+# define SSL_F_SSL3_FINISH_MAC 587
# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388
# define SSL_F_SSL3_GET_RECORD 143
@@ -145,15 +155,18 @@ int ERR_load_SSL_strings(void);
# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337
# define SSL_F_SSL_DANE_DUP 403
# define SSL_F_SSL_DANE_ENABLE 395
+# define SSL_F_SSL_DERIVE 590
# define SSL_F_SSL_DO_CONFIG 391
# define SSL_F_SSL_DO_HANDSHAKE 180
# define SSL_F_SSL_DUP_CA_LIST 408
# define SSL_F_SSL_ENABLE_CT 402
+# define SSL_F_SSL_GENERATE_PKEY_GROUP 559
# define SSL_F_SSL_GENERATE_SESSION_ID 547
# define SSL_F_SSL_GET_NEW_SESSION 181
# define SSL_F_SSL_GET_PREV_SESSION 217
# define SSL_F_SSL_GET_SERVER_CERT_INDEX 322
# define SSL_F_SSL_GET_SIGN_PKEY 183
+# define SSL_F_SSL_HANDSHAKE_HASH 560
# define SSL_F_SSL_INIT_WBIO_BUFFER 184
# define SSL_F_SSL_KEY_UPDATE 515
# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
@@ -161,6 +174,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 499
# define SSL_F_SSL_MODULE_INIT 392
# define SSL_F_SSL_NEW 186
+# define SSL_F_SSL_NEXT_PROTO_VALIDATE 565
# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300
# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302
# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310
@@ -221,6 +235,8 @@ int ERR_load_SSL_strings(void);
# define SSL_F_TLS12_CHECK_PEER_SIGALG 333
# define SSL_F_TLS12_COPY_SIGALGS 533
# define SSL_F_TLS13_CHANGE_CIPHER_STATE 440
+# define SSL_F_TLS13_GENERATE_SECRET 591
+# define SSL_F_TLS13_HKDF_EXPAND 561
# define SSL_F_TLS13_SETUP_KEY_BLOCK 441
# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341
@@ -311,17 +327,40 @@ int ERR_load_SSL_strings(void);
# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 521
# define SSL_F_TLS_GET_MESSAGE_BODY 351
# define SSL_F_TLS_GET_MESSAGE_HEADER 387
+# define SSL_F_TLS_HANDLE_ALPN 562
+# define SSL_F_TLS_HANDLE_STATUS_REQUEST 563
+# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 566
# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449
+# define SSL_F_TLS_PARSE_CTOS_ALPN 567
+# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 568
+# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 569
+# define SSL_F_TLS_PARSE_CTOS_EMS 570
# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 463
+# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 571
# define SSL_F_TLS_PARSE_CTOS_PSK 505
+# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572
# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464
+# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 573
+# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 574
+# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 575
+# define SSL_F_TLS_PARSE_CTOS_SRP 576
+# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 577
+# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 578
# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465
+# define SSL_F_TLS_PARSE_STOC_ALPN 579
# define SSL_F_TLS_PARSE_STOC_COOKIE 534
# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538
# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528
+# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 580
# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445
+# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 581
+# define SSL_F_TLS_PARSE_STOC_NPN 582
# define SSL_F_TLS_PARSE_STOC_PSK 502
# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448
+# define SSL_F_TLS_PARSE_STOC_SCT 564
+# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 583
+# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 584
+# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 585
# define SSL_F_TLS_PARSE_STOC_USE_SRTP 446
# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378
# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384
@@ -361,6 +400,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 450
# define SSL_F_TLS_SETUP_HANDSHAKE 508
# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220
+# define SSL_F_WRITE_STATE_MACHINE 586
/*
* SSL reason codes.
@@ -376,14 +416,17 @@ int ERR_load_SSL_strings(void);
# define SSL_R_BAD_DECOMPRESSION 107
# define SSL_R_BAD_DH_VALUE 102
# define SSL_R_BAD_DIGEST_LENGTH 111
+# define SSL_R_BAD_EARLY_DATA 233
# define SSL_R_BAD_ECC_CERT 304
# define SSL_R_BAD_ECPOINT 306
# define SSL_R_BAD_EXTENSION 110
# define SSL_R_BAD_HANDSHAKE_LENGTH 332
+# define SSL_R_BAD_HANDSHAKE_STATE 236
# define SSL_R_BAD_HELLO_REQUEST 105
# define SSL_R_BAD_KEY_SHARE 108
# define SSL_R_BAD_KEY_UPDATE 122
# define SSL_R_BAD_LENGTH 271
+# define SSL_R_BAD_PACKET 240
# define SSL_R_BAD_PACKET_LENGTH 115
# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
# define SSL_R_BAD_PSK 219
@@ -401,6 +444,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_BIO_NOT_SET 128
# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
# define SSL_R_BN_LIB 130
+# define SSL_R_CALLBACK_FAILED 234
# define SSL_R_CANNOT_CHANGE_CIPHER 109
# define SSL_R_CA_DN_LENGTH_MISMATCH 131
# define SSL_R_CA_KEY_TOO_SMALL 397
@@ -467,6 +511,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231
# define SSL_R_INCONSISTENT_EXTMS 104
# define SSL_R_INVALID_ALERT 205
+# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238
# define SSL_R_INVALID_COMMAND 280
# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
# define SSL_R_INVALID_CONFIGURATION_NAME 113
@@ -496,6 +541,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311
# define SSL_R_NOT_ON_RECORD_BOUNDARY 182
+# define SSL_R_NO_APPLICATION_PROTOCOL 235
# define SSL_R_NO_CERTIFICATES_RETURNED 176
# define SSL_R_NO_CERTIFICATE_ASSIGNED 177
# define SSL_R_NO_CERTIFICATE_SET 179
@@ -524,6 +570,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_NULL_SSL_METHOD_PASSED 196
# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
+# define SSL_R_OVERFLOW_ERROR 237
# define SSL_R_PACKET_LENGTH_TOO_LONG 198
# define SSL_R_PARSE_TLSEXT 227
# define SSL_R_PATH_TOO_LONG 270
diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
index da23b36791..6d3a23273b 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -116,7 +116,9 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
p = OPENSSL_malloc(len);
if (p == NULL) {
s->rlayer.numwpipes = currpipe;
- goto err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
+ return 0;
}
memset(thiswb, 0, sizeof(SSL3_BUFFER));
thiswb->buf = p;
@@ -125,18 +127,16 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
}
return 1;
-
- err:
- SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
- return 0;
}
int ssl3_setup_buffers(SSL *s)
{
if (!ssl3_setup_read_buffer(s))
return 0;
- if (!ssl3_setup_write_buffer(s, 1, 0))
+ if (!ssl3_setup_write_buffer(s, 1, 0)) {
+ /* SSLfatal() already called */
return 0;
+ }
return 1;
}
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index f080f8a64e..c160533ac4 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -96,8 +96,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
m = s->s3->tmp.new_hash;
/* m == NULL will lead to a crash later */
if (!ossl_assert(m != NULL)) {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
- goto err2;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
}
#ifndef OPENSSL_NO_COMP
if (s->s3->tmp.new_compression == NULL)
@@ -107,20 +108,24 @@ int ssl3_change_cipher_state(SSL *s, int which)
#endif
if (which & SSL3_CC_READ) {
- if (s->enc_read_ctx != NULL)
+ if (s->enc_read_ctx != NULL) {
reuse_dd = 1;
- else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL)
+ } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+ ERR_R_MALLOC_FAILURE);
goto err;
- else
+ } else {
/*
* make sure it's initialised in case we exit later with an error
*/
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
+ }
dd = s->enc_read_ctx;
if (ssl_replace_hash(&s->read_hash, m) == NULL) {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
- goto err2;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
}
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
@@ -129,28 +134,33 @@ int ssl3_change_cipher_state(SSL *s, int which)
if (comp != NULL) {
s->expand = COMP_CTX_new(comp);
if (s->expand == NULL) {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
- SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_SSL3_CHANGE_CIPHER_STATE,
+ SSL_R_COMPRESSION_LIBRARY_ERROR);
+ goto err;
}
}
#endif
RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3->read_mac_secret[0]);
} else {
- if (s->enc_write_ctx != NULL)
+ if (s->enc_write_ctx != NULL) {
reuse_dd = 1;
- else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL)
+ } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+ ERR_R_MALLOC_FAILURE);
goto err;
- else
+ } else {
/*
* make sure it's initialised in case we exit later with an error
*/
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
+ }
dd = s->enc_write_ctx;
if (ssl_replace_hash(&s->write_hash, m) == NULL) {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
- goto err2;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
}
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
@@ -159,9 +169,10 @@ int ssl3_change_cipher_state(SSL *s, int which)
if (comp != NULL) {
s->compress = COMP_CTX_new(comp);
if (s->compress == NULL) {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
- SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_SSL3_CHANGE_CIPHER_STATE,
+ SSL_R_COMPRESSION_LIBRARY_ERROR);
+ goto err;
}
}
#endif
@@ -174,8 +185,11 @@ int ssl3_change_cipher_state(SSL *s, int which)
p = s->s3->tmp.key_block;
mdi = EVP_MD_size(m);
- if (mdi < 0)
- goto err2;
+ if (mdi < 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
i = mdi;
cl = EVP_CIPHER_key_length(c);
j = cl;
@@ -199,21 +213,23 @@ int ssl3_change_cipher_state(SSL *s, int which)
}
if (n > s->s3->tmp.key_block_length) {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
- goto err2;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
}
memcpy(mac_secret, ms, i);
- if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)))
- goto err2;
+ if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
OPENSSL_cleanse(exp_key, sizeof(exp_key));
OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return 1;
err:
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
- err2:
OPENSSL_cleanse(exp_key, sizeof(exp_key));
OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
return 0;
@@ -232,7 +248,8 @@ int ssl3_setup_key_block(SSL *s)
return 1;
if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) {
- SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
+ SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return 0;
}
@@ -253,8 +270,11 @@ int ssl3_setup_key_block(SSL *s)
ssl3_cleanup_key_block(s);
- if ((p = OPENSSL_malloc(num)) == NULL)
- goto err;
+ if ((p = OPENSSL_malloc(num)) == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
s->s3->tmp.key_block_length = num;
s->s3->tmp.key_block = p;
@@ -280,10 +300,6 @@ int ssl3_setup_key_block(SSL *s)
}
return ret;
-
- err:
- SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
- return 0;
}
void ssl3_cleanup_key_block(SSL *s)
@@ -323,16 +339,30 @@ void ssl3_free_digest_list(SSL *s)
int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len)
{
+ int ret;
+
if (s->s3->handshake_dgst == NULL) {
- int ret;
/* Note: this writes to a memory BIO so a failure is a fatal error */
- if (len > INT_MAX)
+ if (len > INT_MAX) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+ SSL_R_OVERFLOW_ERROR);
return 0;
+ }
ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len);
- return ret > 0 && ret == (int)len;
+ if (ret <= 0 || ret != (int)len) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
} else {
- return EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
+ ret = EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
+ if (!ret) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
}
+ return 1;
}
int ssl3_digest_cached_records(SSL *s, int keep)
@@ -344,21 +374,23 @@ int ssl3_digest_cached_records(SSL *s, int keep)
if (s->s3->handshake_dgst == NULL) {
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
if (hdatalen <= 0) {
- SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
- SSL_R_BAD_HANDSHAKE_LENGTH);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+ SSL_R_BAD_HANDSHAKE_LENGTH);
return 0;
}
s->s3->handshake_dgst = EVP_MD_CTX_new();
if (s->s3->handshake_dgst == NULL) {
- SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+ ERR_R_MALLOC_FAILURE);
return 0;
}
md = ssl_handshake_md(s);
if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
|| !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) {
- SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+ ERR_R_INTERNAL_ERROR);
return 0;
}
}
@@ -435,7 +467,8 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
size_t ret_secret_size = 0;
if (ctx == NULL) {
- SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET,
+ ERR_R_MALLOC_FAILURE);
return 0;
}
for (i = 0; i < 3; i++) {
@@ -453,7 +486,8 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
|| EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(ctx, buf, n) <= 0
|| EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
- SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
ret = 0;
break;
}
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index e71373d2bf..48fecd2605 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4590,8 +4590,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
s->s3->tmp.psk = NULL;
if (!s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,pskpms, pskpmslen,
- &s->session->master_key_length))
+ &s->session->master_key_length)) {
+ /* SSLfatal() already called */
goto err;
+ }
OPENSSL_clear_free(pskpms, pskpmslen);
#else
/* Should never happen */
@@ -4600,8 +4602,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
} else {
if (!s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key, pms, pmslen,
- &s->session->master_key_length))
+ &s->session->master_key_length)) {
+ /* SSLfatal() already called */
goto err;
+ }
}
ret = 1;
@@ -4641,28 +4645,42