Allow code which calls RSA temp key callback to cope

with a failure.

Fix typos in some error codes.

diff --git a/CHANGES b/CHANGES
index 8ec551ab6617ff9d07cde64f5110ad521a00426d..5cf2a6e373c648b8f8243ef0d4f45b971cdd7bb4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 2000]
 
+  *) Allow for the possibility of temp RSA key generation failure:
+     the code used to assume it always worked and crashed on failure.
+     [Steve Henson]
+
   *) Fix potential buffer overrun problem in BIO_printf().
      [Ulf Möller, using public domain code by Patrick Powell; problem
       pointed out by David Sacerdote <das33@cornell.edu>]

diff --git a/FAQ b/FAQ
index 832bb9d72750b4bad9ec480934c4dfe07bdf5f24..be4a38ab64c6ec396e6384aae16479fec17ad6ba 100644 (file)
--- a/FAQ
+++ b/FAQ
@@ -44,6 +44,9 @@ might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
 predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>.  Much
 of this still applies to OpenSSL.
 
+There is some documentation about certificate extensions and PKCS#12
+in doc/openssl.txt
+
 The original SSLeay documentation is included in OpenSSL as
 doc/ssleay.txt.  It may be useful when none of the other ressources
 help, but please note that it reflects the obsolete version SSLeay

diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index a3f3989c12e25a34487438fcdb34c612b2d79590..e132ba31821a111f910fb6cc000b87ae496962c6 100644 (file)
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -48,11 +48,11 @@ R SSL_R_TLSV1_ALERT_UNKNOWN_CA                      1048
 R SSL_R_TLSV1_ALERT_ACCESS_DENIED              1049
 R SSL_R_TLSV1_ALERT_DECODE_ERROR               1050
 R SSL_R_TLSV1_ALERT_DECRYPT_ERROR              1051
-R SSL_R_TLSV1_ALERT_EXPORT_RESTRICION          1060
+R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION         1060
 R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION           1070
 R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY      1071
 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR             1080
-R SSL_R_TLSV1_ALERT_USER_CANCLED               1090
+R SSL_R_TLSV1_ALERT_USER_CANCELLED             1090
 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION           1100
 
 R RSAREF_R_CONTENT_ENCODING                    0x0400

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 7c6993643f0cfc84f676a3e653fe033f74e58347..90806e2d99bb6fcac411600c82429c786b407704 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -955,6 +955,12 @@ static int ssl3_send_server_key_exchange(SSL *s)
                                rsa=s->cert->rsa_tmp_cb(s,
                                      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
                                      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+                               if(rsa == NULL)
+                               {
+                                       al=SSL_AD_HANDSHAKE_FAILURE;
+                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+                                       goto f_err;
+                               }
                                CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
                                cert->rsa_tmp=rsa;
                                }

diff --git a/ssl/ssl.h b/ssl/ssl.h
index a8bec859a1268444be89b15ef725136b2f0c7fe1..be2e3c72f419fe24a292735bbb77262f3e6f08bb 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1372,6 +1372,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG           148
 #define SSL_R_DIGEST_CHECK_FAILED                       149
 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                         150
+#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY              1092
 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST             151
 #define SSL_R_EXCESSIVE_MESSAGE_SIZE                    152
 #define SSL_R_EXTRA_DATA_IN_MESSAGE                     153

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index c722544dd4bf3406c3a1f92d064466f663144e44..5618e34a308572601038b5ce2bab0b53c45ff249 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -255,6 +255,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
 {SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
 {SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
+{SSL_R_ERROR_GENERATING_TMP_RSA_KEY      ,"error generating tmp rsa key"},
 {SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST     ,"error in received cipher list"},
 {SSL_R_EXCESSIVE_MESSAGE_SIZE            ,"excessive message size"},
 {SSL_R_EXTRA_DATA_IN_MESSAGE             ,"extra data in message"},