From 4fa88861eed81915f45c48d4ebd7b5bf3a51963b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 8 Jul 2016 15:48:26 +0100 Subject: [PATCH] Update error codes following tls_process_key_exchange() refactor Reviewed-by: Richard Levitte --- include/openssl/ssl.h | 4 ++++ ssl/ssl_err.c | 5 +++++ ssl/statem/statem_clnt.c | 46 ++++++++++++++++++++-------------------- 3 files changed, 32 insertions(+), 23 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 7cf8e510da..3a6cd4c5f9 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2246,6 +2246,10 @@ void ERR_load_SSL_strings(void); # define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367 # define SSL_F_TLS_PROCESS_SERVER_DONE 368 # define SSL_F_TLS_PROCESS_SERVER_HELLO 369 +# define SSL_F_TLS_PROCESS_SKE_DHE 419 +# define SSL_F_TLS_PROCESS_SKE_ECDHE 420 +# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421 +# define SSL_F_TLS_PROCESS_SKE_SRP 422 # define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 /* Reason codes. */ diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 34da5f2c53..aed91e3b00 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -295,6 +295,11 @@ static ERR_STRING_DATA SSL_str_functs[] = { "tls_process_server_certificate"}, {ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_DONE), "tls_process_server_done"}, {ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_HELLO), "tls_process_server_hello"}, + {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_DHE), "tls_process_ske_dhe"}, + {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_ECDHE), "tls_process_ske_ecdhe"}, + {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE), + "tls_process_ske_psk_preamble"}, + {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_SRP), "tls_process_ske_srp"}, {ERR_FUNC(SSL_F_USE_CERTIFICATE_CHAIN_FILE), "use_certificate_chain_file"}, {0, NULL} diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 1b184ac282..b0f508c6c2 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1311,7 +1311,7 @@ static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al) if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) { *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, SSL_R_LENGTH_MISMATCH); return 0; } @@ -1323,7 +1323,7 @@ static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al) */ if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) { *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); + SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, SSL_R_DATA_LENGTH_TOO_LONG); return 0; } @@ -1338,7 +1338,7 @@ static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al) return 1; #else - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif @@ -1354,7 +1354,7 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) || !PACKET_get_length_prefixed_1(pkt, &salt) || !PACKET_get_length_prefixed_2(pkt, &server_pub)) { *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, SSL_R_LENGTH_MISMATCH); return 0; } @@ -1371,13 +1371,13 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) BN_bin2bn(PACKET_data(&server_pub), PACKET_remaining(&server_pub), NULL)) == NULL) { *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, ERR_R_BN_LIB); return 0; } if (!srp_verify_server_param(s, al)) { *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_SRP_PARAMETERS); + SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, SSL_R_BAD_SRP_PARAMETERS); return 0; } @@ -1387,7 +1387,7 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) return 1; #else - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif @@ -1406,7 +1406,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) || !PACKET_get_length_prefixed_2(pkt, &generator) || !PACKET_get_length_prefixed_2(pkt, &pub_key)) { *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_LENGTH_MISMATCH); return 0; } @@ -1415,7 +1415,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) if (peer_tmp == NULL || dh == NULL) { *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_MALLOC_FAILURE); goto err; } @@ -1426,39 +1426,39 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) NULL); if (p == NULL || g == NULL || bnpub_key == NULL) { *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB); goto err; } if (BN_is_zero(p) || BN_is_zero(g) || BN_is_zero(bnpub_key)) { *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_DH_VALUE); + SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_BAD_DH_VALUE); goto err; } if (!DH_set0_pqg(dh, p, NULL, g)) { *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB); goto err; } p = g = NULL; if (!DH_set0_key(dh, bnpub_key, NULL)) { *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB); goto err; } bnpub_key = NULL; if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) { *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_DH_KEY_TOO_SMALL); + SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_DH_KEY_TOO_SMALL); goto err; } if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) { *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB); + SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_EVP_LIB); goto err; } @@ -1483,7 +1483,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) return 0; #else - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif @@ -1504,7 +1504,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) */ if (!PACKET_get_bytes(pkt, &ecparams, 3)) { *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); + SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_LENGTH_TOO_SHORT); return 0; } /* @@ -1513,14 +1513,14 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) */ if (!tls1_check_curve(s, ecparams, 3)) { *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_CURVE); + SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_WRONG_CURVE); return 0; } curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2)); if (curve_nid == 0) { *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, + SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; } @@ -1532,7 +1532,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, curve_nid) <= 0 || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) { *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB); + SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB); EVP_PKEY_CTX_free(pctx); return 0; } @@ -1541,7 +1541,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) { *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_LENGTH_MISMATCH); return 0; } @@ -1549,7 +1549,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) PACKET_data(&encoded_pt), PACKET_remaining(&encoded_pt), NULL) == 0) { *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_ECPOINT); + SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_BAD_ECPOINT); return 0; } @@ -1566,7 +1566,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) return 1; #else - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_INTERNAL_ERROR); *al = SSL_AD_INTERNAL_ERROR; return 0; #endif -- 2.34.1