From db9592c1f723841586960912c387a925e4547a26 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 22 May 2020 14:11:43 +0100 Subject: [PATCH] Provider a better error message if we fail to copy parameters If EVP_PKEY_copy_parameters() failed in libssl we did not provide a very helpful error message. We provide a better one. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) --- crypto/err/openssl.txt | 1 + include/openssl/sslerr.h | 1 + ssl/ssl_err.c | 2 ++ ssl/statem/extensions_clnt.c | 2 +- ssl/statem/statem_srvr.c | 4 ++-- 5 files changed, 7 insertions(+), 3 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 40148e8a2c..515dfc3f11 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -3098,6 +3098,7 @@ SSL_R_CONNECTION_TYPE_NOT_SET:144:connection type not set SSL_R_CONTEXT_NOT_DANE_ENABLED:167:context not dane enabled SSL_R_COOKIE_GEN_CALLBACK_FAILURE:400:cookie gen callback failure SSL_R_COOKIE_MISMATCH:308:cookie mismatch +SSL_R_COPY_PARAMETERS_FAILED:296:copy parameters failed SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED:206:\ custom ext handler already installed SSL_R_DANE_ALREADY_ENABLED:172:dane already enabled diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index bbce792c72..c15a17f96f 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -525,6 +525,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 # define SSL_R_COOKIE_MISMATCH 308 +# define SSL_R_COPY_PARAMETERS_FAILED 296 # define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 # define SSL_R_DANE_ALREADY_ENABLED 172 # define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 30643c33b4..f84b3f94d8 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -109,6 +109,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_GEN_CALLBACK_FAILURE), "cookie gen callback failure"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_MISMATCH), "cookie mismatch"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COPY_PARAMETERS_FAILED), + "copy parameters failed"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED), "custom ext handler already installed"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_ALREADY_ENABLED), diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index c83e18e84d..dbdedad1ab 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1907,7 +1907,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, skey = EVP_PKEY_new(); if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, - ERR_R_MALLOC_FAILURE); + SSL_R_COPY_PARAMETERS_FAILED); return 0; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 036bfadbe5..d3913e1b7d 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3147,7 +3147,7 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt) ckey = EVP_PKEY_new(); if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE, - SSL_R_BN_LIB); + SSL_R_COPY_PARAMETERS_FAILED); goto err; } @@ -3216,7 +3216,7 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) ckey = EVP_PKEY_new(); if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, - ERR_R_EVP_LIB); + SSL_R_COPY_PARAMETERS_FAILED); goto err; } -- 2.34.1