Allow code which calls RSA temp key callback to cope
authorDr. Stephen Henson <steve@openssl.org>
Fri, 25 Feb 2000 00:23:48 +0000 (00:23 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 25 Feb 2000 00:23:48 +0000 (00:23 +0000)
with a failure.

Fix typos in some error codes.

CHANGES
FAQ
crypto/err/openssl.ec
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl_err.c

diff --git a/CHANGES b/CHANGES
index 8ec551a..5cf2a6e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 2000]
 
+  *) Allow for the possibility of temp RSA key generation failure:
+     the code used to assume it always worked and crashed on failure.
+     [Steve Henson]
+
   *) Fix potential buffer overrun problem in BIO_printf().
      [Ulf Möller, using public domain code by Patrick Powell; problem
       pointed out by David Sacerdote <das33@cornell.edu>]
diff --git a/FAQ b/FAQ
index 832bb9d..be4a38a 100644 (file)
--- a/FAQ
+++ b/FAQ
@@ -44,6 +44,9 @@ might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
 predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>.  Much
 of this still applies to OpenSSL.
 
+There is some documentation about certificate extensions and PKCS#12
+in doc/openssl.txt
+
 The original SSLeay documentation is included in OpenSSL as
 doc/ssleay.txt.  It may be useful when none of the other ressources
 help, but please note that it reflects the obsolete version SSLeay
index a3f3989..e132ba3 100644 (file)
@@ -48,11 +48,11 @@ R SSL_R_TLSV1_ALERT_UNKNOWN_CA                      1048
 R SSL_R_TLSV1_ALERT_ACCESS_DENIED              1049
 R SSL_R_TLSV1_ALERT_DECODE_ERROR               1050
 R SSL_R_TLSV1_ALERT_DECRYPT_ERROR              1051
-R SSL_R_TLSV1_ALERT_EXPORT_RESTRICION          1060
+R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION         1060
 R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION           1070
 R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY      1071
 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR             1080
-R SSL_R_TLSV1_ALERT_USER_CANCLED               1090
+R SSL_R_TLSV1_ALERT_USER_CANCELLED             1090
 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION           1100
 
 R RSAREF_R_CONTENT_ENCODING                    0x0400
index 7c69936..90806e2 100644 (file)
@@ -955,6 +955,12 @@ static int ssl3_send_server_key_exchange(SSL *s)
                                rsa=s->cert->rsa_tmp_cb(s,
                                      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
                                      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+                               if(rsa == NULL)
+                               {
+                                       al=SSL_AD_HANDSHAKE_FAILURE;
+                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+                                       goto f_err;
+                               }
                                CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
                                cert->rsa_tmp=rsa;
                                }
index a8bec85..be2e3c7 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1372,6 +1372,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG           148
 #define SSL_R_DIGEST_CHECK_FAILED                       149
 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                         150
+#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY              1092
 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST             151
 #define SSL_R_EXCESSIVE_MESSAGE_SIZE                    152
 #define SSL_R_EXTRA_DATA_IN_MESSAGE                     153
index c722544..5618e34 100644 (file)
@@ -255,6 +255,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
 {SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
 {SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
+{SSL_R_ERROR_GENERATING_TMP_RSA_KEY      ,"error generating tmp rsa key"},
 {SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST     ,"error in received cipher list"},
 {SSL_R_EXCESSIVE_MESSAGE_SIZE            ,"excessive message size"},
 {SSL_R_EXTRA_DATA_IN_MESSAGE             ,"extra data in message"},