diff options
-rw-r--r-- | crypto/err/openssl.txt | 47 | ||||
-rw-r--r-- | include/openssl/sslerr.h | 47 | ||||
-rw-r--r-- | ssl/record/ssl3_buffer.c | 12 | ||||
-rw-r--r-- | ssl/s3_enc.c | 120 | ||||
-rw-r--r-- | ssl/s3_lib.c | 50 | ||||
-rw-r--r-- | ssl/ssl_err.c | 76 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 94 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 17 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 46 | ||||
-rw-r--r-- | ssl/statem/extensions.c | 256 | ||||
-rw-r--r-- | ssl/statem/extensions_clnt.c | 475 | ||||
-rw-r--r-- | ssl/statem/extensions_cust.c | 30 | ||||
-rw-r--r-- | ssl/statem/extensions_srvr.c | 351 | ||||
-rw-r--r-- | ssl/statem/statem.c | 46 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 727 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 377 | ||||
-rw-r--r-- | ssl/statem/statem_locl.h | 164 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 1101 | ||||
-rw-r--r-- | ssl/t1_enc.c | 87 | ||||
-rw-r--r-- | ssl/t1_lib.c | 89 | ||||
-rw-r--r-- | ssl/tls13_enc.c | 70 | ||||
-rw-r--r-- | ssl/tls_srp.c | 6 | ||||
-rw-r--r-- | test/tls13secretstest.c | 5 |
23 files changed, 2449 insertions, 1844 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 23c32fb850..a249524e60 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -965,9 +965,13 @@ SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:* SSL_F_ADD_KEY_SHARE:512:add_key_share SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list SSL_F_CHECK_SUITEB_CIPHER_LIST:331:check_suiteb_cipher_list +SSL_F_CONSTRUCT_CA_NAMES:552:construct_ca_names +SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS:553:construct_key_exchange_tbs SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH:539:create_synthetic_message_hash SSL_F_CT_MOVE_SCTS:345:ct_move_scts SSL_F_CT_STRICT:349:ct_strict +SSL_F_CUSTOM_EXT_ADD:554:custom_ext_add +SSL_F_CUSTOM_EXT_PARSE:555:custom_ext_parse SSL_F_D2I_SSL_SESSION:103:d2i_SSL_SESSION SSL_F_DANE_CTX_ENABLE:347:dane_ctx_enable SSL_F_DANE_MTYPE_SET:393:dane_mtype_set @@ -993,11 +997,15 @@ SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST:385:\ SSL_F_DTLS_GET_REASSEMBLED_MESSAGE:370:dtls_get_reassembled_message SSL_F_DTLS_PROCESS_HELLO_VERIFY:386:dtls_process_hello_verify SSL_F_EARLY_DATA_COUNT_OK:532:early_data_count_ok +SSL_F_FINAL_EARLY_DATA:556:final_early_data SSL_F_FINAL_EC_PT_FORMATS:485:final_ec_pt_formats SSL_F_FINAL_EMS:486:final_ems SSL_F_FINAL_KEY_SHARE:503:final_key_share +SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate +SSL_F_FINAL_SERVER_NAME:558:final_server_name SSL_F_FINAL_SIG_ALGS:497:final_sig_algs +SSL_F_GET_CERT_VERIFY_TBS_DATA:588:get_cert_verify_tbs_data SSL_F_NSS_KEYLOG_INT:500:nss_keylog_int SSL_F_OPENSSL_INIT_SSL:342:OPENSSL_init_ssl SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION:436:* @@ -1010,6 +1018,7 @@ SSL_F_PARSE_CA_NAMES:541:parse_ca_names SSL_F_PROCESS_KEY_SHARE_EXT:439:* SSL_F_READ_STATE_MACHINE:352:read_state_machine SSL_F_SET_CLIENT_CIPHERSUITE:540:set_client_ciphersuite +SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET:589:srp_generate_server_master_secret SSL_F_SSL3_CHANGE_CIPHER_STATE:129:ssl3_change_cipher_state SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM:130:ssl3_check_cert_and_algorithm SSL_F_SSL3_CTRL:213:ssl3_ctrl @@ -1017,6 +1026,7 @@ SSL_F_SSL3_CTX_CTRL:133:ssl3_ctx_ctrl SSL_F_SSL3_DIGEST_CACHED_RECORDS:293:ssl3_digest_cached_records SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC:292:ssl3_do_change_cipher_spec SSL_F_SSL3_FINAL_FINISH_MAC:285:ssl3_final_finish_mac +SSL_F_SSL3_FINISH_MAC:587:ssl3_finish_mac SSL_F_SSL3_GENERATE_KEY_BLOCK:238:ssl3_generate_key_block SSL_F_SSL3_GENERATE_MASTER_SECRET:388:ssl3_generate_master_secret SSL_F_SSL3_GET_RECORD:143:ssl3_get_record @@ -1087,15 +1097,18 @@ SSL_F_SSL_CTX_USE_SERVERINFO_EX:543:SSL_CTX_use_serverinfo_ex SSL_F_SSL_CTX_USE_SERVERINFO_FILE:337:SSL_CTX_use_serverinfo_file SSL_F_SSL_DANE_DUP:403:ssl_dane_dup SSL_F_SSL_DANE_ENABLE:395:SSL_dane_enable +SSL_F_SSL_DERIVE:590:ssl_derive SSL_F_SSL_DO_CONFIG:391:ssl_do_config SSL_F_SSL_DO_HANDSHAKE:180:SSL_do_handshake SSL_F_SSL_DUP_CA_LIST:408:SSL_dup_CA_list SSL_F_SSL_ENABLE_CT:402:SSL_enable_ct +SSL_F_SSL_GENERATE_PKEY_GROUP:559:ssl_generate_pkey_group SSL_F_SSL_GENERATE_SESSION_ID:547:ssl_generate_session_id SSL_F_SSL_GET_NEW_SESSION:181:ssl_get_new_session SSL_F_SSL_GET_PREV_SESSION:217:ssl_get_prev_session SSL_F_SSL_GET_SERVER_CERT_INDEX:322:* SSL_F_SSL_GET_SIGN_PKEY:183:* +SSL_F_SSL_HANDSHAKE_HASH:560:ssl_handshake_hash SSL_F_SSL_INIT_WBIO_BUFFER:184:ssl_init_wbio_buffer SSL_F_SSL_KEY_UPDATE:515:SSL_key_update SSL_F_SSL_LOAD_CLIENT_CA_FILE:185:SSL_load_client_CA_file @@ -1103,6 +1116,7 @@ SSL_F_SSL_LOG_MASTER_SECRET:498:* SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE:499:ssl_log_rsa_client_key_exchange SSL_F_SSL_MODULE_INIT:392:ssl_module_init SSL_F_SSL_NEW:186:SSL_new +SSL_F_SSL_NEXT_PROTO_VALIDATE:565:ssl_next_proto_validate SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT:300:* SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT:302:* SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT:310:* @@ -1163,6 +1177,8 @@ SSL_F_STATE_MACHINE:353:state_machine SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs SSL_F_TLS13_CHANGE_CIPHER_STATE:440:tls13_change_cipher_state +SSL_F_TLS13_GENERATE_SECRET:591:tls13_generate_secret +SSL_F_TLS13_HKDF_EXPAND:561:tls13_hkdf_expand SSL_F_TLS13_SETUP_KEY_BLOCK:441:tls13_setup_key_block SSL_F_TLS1_CHANGE_CIPHER_STATE:209:tls1_change_cipher_state SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS:341:* @@ -1258,17 +1274,40 @@ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO:521:\ tls_early_post_process_client_hello SSL_F_TLS_GET_MESSAGE_BODY:351:tls_get_message_body SSL_F_TLS_GET_MESSAGE_HEADER:387:tls_get_message_header +SSL_F_TLS_HANDLE_ALPN:562:tls_handle_alpn +SSL_F_TLS_HANDLE_STATUS_REQUEST:563:tls_handle_status_request +SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES:566:tls_parse_certificate_authorities SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT:449:* +SSL_F_TLS_PARSE_CTOS_ALPN:567:tls_parse_ctos_alpn +SSL_F_TLS_PARSE_CTOS_EARLY_DATA:568:tls_parse_ctos_early_data +SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS:569:tls_parse_ctos_ec_pt_formats +SSL_F_TLS_PARSE_CTOS_EMS:570:tls_parse_ctos_ems SSL_F_TLS_PARSE_CTOS_KEY_SHARE:463:tls_parse_ctos_key_share +SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN:571:tls_parse_ctos_maxfragmentlen SSL_F_TLS_PARSE_CTOS_PSK:505:tls_parse_ctos_psk +SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES:572:tls_parse_ctos_psk_kex_modes SSL_F_TLS_PARSE_CTOS_RENEGOTIATE:464:tls_parse_ctos_renegotiate +SSL_F_TLS_PARSE_CTOS_SERVER_NAME:573:tls_parse_ctos_server_name +SSL_F_TLS_PARSE_CTOS_SESSION_TICKET:574:tls_parse_ctos_session_ticket +SSL_F_TLS_PARSE_CTOS_SIG_ALGS:575:tls_parse_ctos_sig_algs +SSL_F_TLS_PARSE_CTOS_SRP:576:tls_parse_ctos_srp +SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST:577:tls_parse_ctos_status_request +SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS:578:tls_parse_ctos_supported_groups SSL_F_TLS_PARSE_CTOS_USE_SRTP:465:tls_parse_ctos_use_srtp +SSL_F_TLS_PARSE_STOC_ALPN:579:tls_parse_stoc_alpn SSL_F_TLS_PARSE_STOC_COOKIE:534:tls_parse_stoc_cookie SSL_F_TLS_PARSE_STOC_EARLY_DATA:538:tls_parse_stoc_early_data SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO:528:* +SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS:580:tls_parse_stoc_ec_pt_formats SSL_F_TLS_PARSE_STOC_KEY_SHARE:445:tls_parse_stoc_key_share +SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN:581:tls_parse_stoc_maxfragmentlen +SSL_F_TLS_PARSE_STOC_NPN:582:tls_parse_stoc_npn SSL_F_TLS_PARSE_STOC_PSK:502:tls_parse_stoc_psk SSL_F_TLS_PARSE_STOC_RENEGOTIATE:448:tls_parse_stoc_renegotiate +SSL_F_TLS_PARSE_STOC_SCT:564:tls_parse_stoc_sct +SSL_F_TLS_PARSE_STOC_SERVER_NAME:583:tls_parse_stoc_server_name +SSL_F_TLS_PARSE_STOC_SESSION_TICKET:584:tls_parse_stoc_session_ticket +SSL_F_TLS_PARSE_STOC_STATUS_REQUEST:585:tls_parse_stoc_status_request SSL_F_TLS_PARSE_STOC_USE_SRTP:446:tls_parse_stoc_use_srtp SSL_F_TLS_POST_PROCESS_CLIENT_HELLO:378:tls_post_process_client_hello SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE:384:\ @@ -1309,6 +1348,7 @@ SSL_F_TLS_PSK_DO_BINDER:506:tls_psk_do_binder SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT:450:* SSL_F_TLS_SETUP_HANDSHAKE:508:tls_setup_handshake SSL_F_USE_CERTIFICATE_CHAIN_FILE:220:use_certificate_chain_file +SSL_F_WRITE_STATE_MACHINE:586:write_state_machine TS_F_DEF_SERIAL_CB:110:def_serial_cb TS_F_DEF_TIME_CB:111:def_time_cb TS_F_ESS_ADD_SIGNING_CERT:112:ess_add_signing_cert @@ -2286,14 +2326,17 @@ SSL_R_BAD_DATA_RETURNED_BY_CALLBACK:106:bad data returned by callback SSL_R_BAD_DECOMPRESSION:107:bad decompression SSL_R_BAD_DH_VALUE:102:bad dh value SSL_R_BAD_DIGEST_LENGTH:111:bad digest length +SSL_R_BAD_EARLY_DATA:233:bad early data SSL_R_BAD_ECC_CERT:304:bad ecc cert SSL_R_BAD_ECPOINT:306:bad ecpoint SSL_R_BAD_EXTENSION:110:bad extension SSL_R_BAD_HANDSHAKE_LENGTH:332:bad handshake length +SSL_R_BAD_HANDSHAKE_STATE:236:bad handshake state SSL_R_BAD_HELLO_REQUEST:105:bad hello request SSL_R_BAD_KEY_SHARE:108:bad key share SSL_R_BAD_KEY_UPDATE:122:bad key update SSL_R_BAD_LENGTH:271:bad length +SSL_R_BAD_PACKET:240:bad packet SSL_R_BAD_PACKET_LENGTH:115:bad packet length SSL_R_BAD_PROTOCOL_VERSION_NUMBER:116:bad protocol version number SSL_R_BAD_PSK:219:bad psk @@ -2311,6 +2354,7 @@ SSL_R_BAD_WRITE_RETRY:127:bad write retry SSL_R_BIO_NOT_SET:128:bio not set SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:129:block cipher pad is wrong SSL_R_BN_LIB:130:bn lib +SSL_R_CALLBACK_FAILED:234:callback failed SSL_R_CANNOT_CHANGE_CIPHER:109:cannot change cipher SSL_R_CA_DN_LENGTH_MISMATCH:131:ca dn length mismatch SSL_R_CA_KEY_TOO_SMALL:397:ca key too small @@ -2380,6 +2424,7 @@ SSL_R_INCONSISTENT_EARLY_DATA_ALPN:222:inconsistent early data alpn SSL_R_INCONSISTENT_EARLY_DATA_SNI:231:inconsistent early data sni SSL_R_INCONSISTENT_EXTMS:104:inconsistent extms SSL_R_INVALID_ALERT:205:invalid alert +SSL_R_INVALID_CERTIFICATE_OR_ALG:238:invalid certificate or alg SSL_R_INVALID_COMMAND:280:invalid command SSL_R_INVALID_COMPRESSION_ALGORITHM:341:invalid compression algorithm SSL_R_INVALID_CONFIGURATION_NAME:113:invalid configuration name @@ -2409,6 +2454,7 @@ SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION:209:missing supported groups extension SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary +SSL_R_NO_APPLICATION_PROTOCOL:235:no application protocol SSL_R_NO_CERTIFICATES_RETURNED:176:no certificates returned SSL_R_NO_CERTIFICATE_ASSIGNED:177:no certificate assigned SSL_R_NO_CERTIFICATE_SET:179:no certificate set @@ -2439,6 +2485,7 @@ SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\ old session compression algorithm not returned +SSL_R_OVERFLOW_ERROR:237:overflow error SSL_R_PACKET_LENGTH_TOO_LONG:198:packet length too long SSL_R_PARSE_TLSEXT:227:parse tlsext SSL_R_PATH_TOO_LONG:270:path too long diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 3450b4cbe2..e99825fb27 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -26,9 +26,13 @@ int ERR_load_SSL_strings(void); # define SSL_F_ADD_KEY_SHARE 512 # define SSL_F_BYTES_TO_CIPHER_LIST 519 # define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 +# define SSL_F_CONSTRUCT_CA_NAMES 552 +# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553 # define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539 # define SSL_F_CT_MOVE_SCTS 345 # define SSL_F_CT_STRICT 349 +# define SSL_F_CUSTOM_EXT_ADD 554 +# define SSL_F_CUSTOM_EXT_PARSE 555 # define SSL_F_D2I_SSL_SESSION 103 # define SSL_F_DANE_CTX_ENABLE 347 # define SSL_F_DANE_MTYPE_SET 393 @@ -53,11 +57,15 @@ int ERR_load_SSL_strings(void); # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 # define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 # define SSL_F_EARLY_DATA_COUNT_OK 532 +# define SSL_F_FINAL_EARLY_DATA 556 # define SSL_F_FINAL_EC_PT_FORMATS 485 # define SSL_F_FINAL_EMS 486 # define SSL_F_FINAL_KEY_SHARE 503 +# define SSL_F_FINAL_MAXFRAGMENTLEN 557 # define SSL_F_FINAL_RENEGOTIATE 483 +# define SSL_F_FINAL_SERVER_NAME 558 # define SSL_F_FINAL_SIG_ALGS 497 +# define SSL_F_GET_CERT_VERIFY_TBS_DATA 588 # define SSL_F_NSS_KEYLOG_INT 500 # define SSL_F_OPENSSL_INIT_SSL 342 # define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 436 @@ -70,6 +78,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_PROCESS_KEY_SHARE_EXT 439 # define SSL_F_READ_STATE_MACHINE 352 # define SSL_F_SET_CLIENT_CIPHERSUITE 540 +# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 589 # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 # define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 # define SSL_F_SSL3_CTRL 213 @@ -77,6 +86,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 # define SSL_F_SSL3_FINAL_FINISH_MAC 285 +# define SSL_F_SSL3_FINISH_MAC 587 # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 # define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 # define SSL_F_SSL3_GET_RECORD 143 @@ -145,15 +155,18 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 # define SSL_F_SSL_DANE_DUP 403 # define SSL_F_SSL_DANE_ENABLE 395 +# define SSL_F_SSL_DERIVE 590 # define SSL_F_SSL_DO_CONFIG 391 # define SSL_F_SSL_DO_HANDSHAKE 180 # define SSL_F_SSL_DUP_CA_LIST 408 # define SSL_F_SSL_ENABLE_CT 402 +# define SSL_F_SSL_GENERATE_PKEY_GROUP 559 # define SSL_F_SSL_GENERATE_SESSION_ID 547 # define SSL_F_SSL_GET_NEW_SESSION 181 # define SSL_F_SSL_GET_PREV_SESSION 217 # define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 # define SSL_F_SSL_GET_SIGN_PKEY 183 +# define SSL_F_SSL_HANDSHAKE_HASH 560 # define SSL_F_SSL_INIT_WBIO_BUFFER 184 # define SSL_F_SSL_KEY_UPDATE 515 # define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 @@ -161,6 +174,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 499 # define SSL_F_SSL_MODULE_INIT 392 # define SSL_F_SSL_NEW 186 +# define SSL_F_SSL_NEXT_PROTO_VALIDATE 565 # define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 # define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 # define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 @@ -221,6 +235,8 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 # define SSL_F_TLS12_COPY_SIGALGS 533 # define SSL_F_TLS13_CHANGE_CIPHER_STATE 440 +# define SSL_F_TLS13_GENERATE_SECRET 591 +# define SSL_F_TLS13_HKDF_EXPAND 561 # define SSL_F_TLS13_SETUP_KEY_BLOCK 441 # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 # define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 @@ -311,17 +327,40 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 521 # define SSL_F_TLS_GET_MESSAGE_BODY 351 # define SSL_F_TLS_GET_MESSAGE_HEADER 387 +# define SSL_F_TLS_HANDLE_ALPN 562 +# define SSL_F_TLS_HANDLE_STATUS_REQUEST 563 +# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 566 # define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449 +# define SSL_F_TLS_PARSE_CTOS_ALPN 567 +# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 568 +# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 569 +# define SSL_F_TLS_PARSE_CTOS_EMS 570 # define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 463 +# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 571 # define SSL_F_TLS_PARSE_CTOS_PSK 505 +# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572 # define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464 +# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 573 +# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 574 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 575 +# define SSL_F_TLS_PARSE_CTOS_SRP 576 +# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 577 +# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 578 # define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465 +# define SSL_F_TLS_PARSE_STOC_ALPN 579 # define SSL_F_TLS_PARSE_STOC_COOKIE 534 # define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538 # define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528 +# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 580 # define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445 +# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 581 +# define SSL_F_TLS_PARSE_STOC_NPN 582 # define SSL_F_TLS_PARSE_STOC_PSK 502 # define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448 +# define SSL_F_TLS_PARSE_STOC_SCT 564 +# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 583 +# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 584 +# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 585 # define SSL_F_TLS_PARSE_STOC_USE_SRTP 446 # define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378 # define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384 @@ -361,6 +400,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 450 # define SSL_F_TLS_SETUP_HANDSHAKE 508 # define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 +# define SSL_F_WRITE_STATE_MACHINE 586 /* * SSL reason codes. @@ -376,14 +416,17 @@ int ERR_load_SSL_strings(void); # define SSL_R_BAD_DECOMPRESSION 107 # define SSL_R_BAD_DH_VALUE 102 # define SSL_R_BAD_DIGEST_LENGTH 111 +# define SSL_R_BAD_EARLY_DATA 233 # define SSL_R_BAD_ECC_CERT 304 # define SSL_R_BAD_ECPOINT 306 # define SSL_R_BAD_EXTENSION 110 # define SSL_R_BAD_HANDSHAKE_LENGTH 332 +# define SSL_R_BAD_HANDSHAKE_STATE 236 # define SSL_R_BAD_HELLO_REQUEST 105 # define SSL_R_BAD_KEY_SHARE 108 # define SSL_R_BAD_KEY_UPDATE 122 # define SSL_R_BAD_LENGTH 271 +# define SSL_R_BAD_PACKET 240 # define SSL_R_BAD_PACKET_LENGTH 115 # define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 # define SSL_R_BAD_PSK 219 @@ -401,6 +444,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_BIO_NOT_SET 128 # define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 # define SSL_R_BN_LIB 130 +# define SSL_R_CALLBACK_FAILED 234 # define SSL_R_CANNOT_CHANGE_CIPHER 109 # define SSL_R_CA_DN_LENGTH_MISMATCH 131 # define SSL_R_CA_KEY_TOO_SMALL 397 @@ -467,6 +511,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 # define SSL_R_INCONSISTENT_EXTMS 104 # define SSL_R_INVALID_ALERT 205 +# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 # define SSL_R_INVALID_COMMAND 280 # define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 # define SSL_R_INVALID_CONFIGURATION_NAME 113 @@ -496,6 +541,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_ECDH_KEY 311 # define SSL_R_NOT_ON_RECORD_BOUNDARY 182 +# define SSL_R_NO_APPLICATION_PROTOCOL 235 # define SSL_R_NO_CERTIFICATES_RETURNED 176 # define SSL_R_NO_CERTIFICATE_ASSIGNED 177 # define SSL_R_NO_CERTIFICATE_SET 179 @@ -524,6 +570,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_NULL_SSL_METHOD_PASSED 196 # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +# define SSL_R_OVERFLOW_ERROR 237 # define SSL_R_PACKET_LENGTH_TOO_LONG 198 # define SSL_R_PARSE_TLSEXT 227 # define SSL_R_PATH_TOO_LONG 270 diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index da23b36791..6d3a23273b 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -116,7 +116,9 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) p = OPENSSL_malloc(len); if (p == NULL) { s->rlayer.numwpipes = currpipe; - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE); + return 0; } memset(thiswb, 0, sizeof(SSL3_BUFFER)); thiswb->buf = p; @@ -125,18 +127,16 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) } return 1; - - err: - SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE); - return 0; } int ssl3_setup_buffers(SSL *s) { if (!ssl3_setup_read_buffer(s)) return 0; - if (!ssl3_setup_write_buffer(s, 1, 0)) + if (!ssl3_setup_write_buffer(s, 1, 0)) { + /* SSLfatal() already called */ return 0; + } return 1; } diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index f080f8a64e..c160533ac4 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -96,8 +96,9 @@ int ssl3_change_cipher_state(SSL *s, int which) m = s->s3->tmp.new_hash; /* m == NULL will lead to a crash later */ if (!ossl_assert(m != NULL)) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } #ifndef OPENSSL_NO_COMP if (s->s3->tmp.new_compression == NULL) @@ -107,20 +108,24 @@ int ssl3_change_cipher_state(SSL *s, int which) #endif if (which & SSL3_CC_READ) { - if (s->enc_read_ctx != NULL) + if (s->enc_read_ctx != NULL) { reuse_dd = 1; - else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) + } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_MALLOC_FAILURE); goto err; - else + } else { /* * make sure it's initialised in case we exit later with an error */ EVP_CIPHER_CTX_reset(s->enc_read_ctx); + } dd = s->enc_read_ctx; if (ssl_replace_hash(&s->read_hash, m) == NULL) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } #ifndef OPENSSL_NO_COMP /* COMPRESS */ @@ -129,28 +134,33 @@ int ssl3_change_cipher_state(SSL *s, int which) if (comp != NULL) { s->expand = COMP_CTX_new(comp); if (s->expand == NULL) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, - SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL3_CHANGE_CIPHER_STATE, + SSL_R_COMPRESSION_LIBRARY_ERROR); + goto err; } } #endif RECORD_LAYER_reset_read_sequence(&s->rlayer); mac_secret = &(s->s3->read_mac_secret[0]); } else { - if (s->enc_write_ctx != NULL) + if (s->enc_write_ctx != NULL) { reuse_dd = 1; - else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) + } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_MALLOC_FAILURE); goto err; - else + } else { /* * make sure it's initialised in case we exit later with an error */ EVP_CIPHER_CTX_reset(s->enc_write_ctx); + } dd = s->enc_write_ctx; if (ssl_replace_hash(&s->write_hash, m) == NULL) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_MALLOC_FAILURE); + goto err; } #ifndef OPENSSL_NO_COMP /* COMPRESS */ @@ -159,9 +169,10 @@ int ssl3_change_cipher_state(SSL *s, int which) if (comp != NULL) { s->compress = COMP_CTX_new(comp); if (s->compress == NULL) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, - SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL3_CHANGE_CIPHER_STATE, + SSL_R_COMPRESSION_LIBRARY_ERROR); + goto err; } } #endif @@ -174,8 +185,11 @@ int ssl3_change_cipher_state(SSL *s, int which) p = s->s3->tmp.key_block; mdi = EVP_MD_size(m); - if (mdi < 0) - goto err2; + if (mdi < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; + } i = mdi; cl = EVP_CIPHER_key_length(c); j = cl; @@ -199,21 +213,23 @@ int ssl3_change_cipher_state(SSL *s, int which) } if (n > s->s3->tmp.key_block_length) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } memcpy(mac_secret, ms, i); - if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) - goto err2; + if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; + } OPENSSL_cleanse(exp_key, sizeof(exp_key)); OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); return 1; err: - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); - err2: OPENSSL_cleanse(exp_key, sizeof(exp_key)); OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); return 0; @@ -232,7 +248,8 @@ int ssl3_setup_key_block(SSL *s) return 1; if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) { - SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, + SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return 0; } @@ -253,8 +270,11 @@ int ssl3_setup_key_block(SSL *s) ssl3_cleanup_key_block(s); - if ((p = OPENSSL_malloc(num)) == NULL) - goto err; + if ((p = OPENSSL_malloc(num)) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, + ERR_R_MALLOC_FAILURE); + return 0; + } s->s3->tmp.key_block_length = num; s->s3->tmp.key_block = p; @@ -280,10 +300,6 @@ int ssl3_setup_key_block(SSL *s) } return ret; - - err: - SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); - return 0; } void ssl3_cleanup_key_block(SSL *s) @@ -323,16 +339,30 @@ void ssl3_free_digest_list(SSL *s) int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) { + int ret; + if (s->s3->handshake_dgst == NULL) { - int ret; /* Note: this writes to a memory BIO so a failure is a fatal error */ - if (len > INT_MAX) + if (len > INT_MAX) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, + SSL_R_OVERFLOW_ERROR); return 0; + } ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len); - return ret > 0 && ret == (int)len; + if (ret <= 0 || ret != (int)len) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, + ERR_R_INTERNAL_ERROR); + return 0; + } } else { - return EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); + ret = EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); + if (!ret) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, + ERR_R_INTERNAL_ERROR); + return 0; + } } + return 1; } int ssl3_digest_cached_records(SSL *s, int keep) @@ -344,21 +374,23 @@ int ssl3_digest_cached_records(SSL *s, int keep) if (s->s3->handshake_dgst == NULL) { hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); if (hdatalen <= 0) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, - SSL_R_BAD_HANDSHAKE_LENGTH); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, + SSL_R_BAD_HANDSHAKE_LENGTH); return 0; } s->s3->handshake_dgst = EVP_MD_CTX_new(); if (s->s3->handshake_dgst == NULL) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, + ERR_R_MALLOC_FAILURE); return 0; } md = ssl_handshake_md(s); if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL) || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, + ERR_R_INTERNAL_ERROR); return 0; } } @@ -435,7 +467,8 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, size_t ret_secret_size = 0; if (ctx == NULL) { - SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET, + ERR_R_MALLOC_FAILURE); return 0; } for (i = 0; i < 3; i++) { @@ -453,7 +486,8 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, || EVP_DigestUpdate(ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, buf, n) <= 0 || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { - SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); ret = 0; break; } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e71373d2bf..48fecd2605 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4590,8 +4590,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, s->s3->tmp.psk = NULL; if (!s->method->ssl3_enc->generate_master_secret(s, s->session->master_key,pskpms, pskpmslen, - &s->session->master_key_length)) + &s->session->master_key_length)) { + /* SSLfatal() already called */ goto err; + } OPENSSL_clear_free(pskpms, pskpmslen); #else /* Should never happen */ @@ -4600,8 +4602,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, } else { if (!s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, pms, pmslen, - &s->session->master_key_length)) + &s- |