From fbb41ae0ad1369d6fe8d6c72d2297270ad24f0e5 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 25 Feb 2000 00:23:48 +0000 Subject: [PATCH] Allow code which calls RSA temp key callback to cope with a failure. Fix typos in some error codes. --- CHANGES | 4 ++++ FAQ | 3 +++ crypto/err/openssl.ec | 4 ++-- ssl/s3_srvr.c | 6 ++++++ ssl/ssl.h | 1 + ssl/ssl_err.c | 1 + 6 files changed, 17 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 8ec551ab66..5cf2a6e373 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 2000] + *) Allow for the possibility of temp RSA key generation failure: + the code used to assume it always worked and crashed on failure. + [Steve Henson] + *) Fix potential buffer overrun problem in BIO_printf(). [Ulf Möller, using public domain code by Patrick Powell; problem pointed out by David Sacerdote ] diff --git a/FAQ b/FAQ index 832bb9d727..be4a38ab64 100644 --- a/FAQ +++ b/FAQ @@ -44,6 +44,9 @@ might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's predecessor, at . Much of this still applies to OpenSSL. +There is some documentation about certificate extensions and PKCS#12 +in doc/openssl.txt + The original SSLeay documentation is included in OpenSSL as doc/ssleay.txt. It may be useful when none of the other ressources help, but please note that it reflects the obsolete version SSLeay diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index a3f3989c12..e132ba3182 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -48,11 +48,11 @@ R SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 R SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 -R SSL_R_TLSV1_ALERT_EXPORT_RESTRICION 1060 +R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 -R SSL_R_TLSV1_ALERT_USER_CANCLED 1090 +R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 R RSAREF_R_CONTENT_ENCODING 0x0400 diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 7c6993643f..90806e2d99 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -955,6 +955,12 @@ static int ssl3_send_server_key_exchange(SSL *s) rsa=s->cert->rsa_tmp_cb(s, SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); + if(rsa == NULL) + { + al=SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY); + goto f_err; + } CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); cert->rsa_tmp=rsa; } diff --git a/ssl/ssl.h b/ssl/ssl.h index a8bec859a1..be2e3c72f4 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1372,6 +1372,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index c722544dd4..5618e34a30 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -255,6 +255,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"}, {SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"}, {SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"}, +{SSL_R_ERROR_GENERATING_TMP_RSA_KEY ,"error generating tmp rsa key"}, {SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"}, {SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"}, {SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"}, -- 2.34.1