Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
4fa88861
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
4fa88861
编写于
7月 08, 2016
作者:
M
Matt Caswell
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update error codes following tls_process_key_exchange() refactor
Reviewed-by:
N
Richard Levitte
<
levitte@openssl.org
>
上级
e1e588ac
变更
3
显示空白变更内容
内联
并排
Showing
3 changed file
with
32 addition
and
23 deletion
+32
-23
include/openssl/ssl.h
include/openssl/ssl.h
+4
-0
ssl/ssl_err.c
ssl/ssl_err.c
+5
-0
ssl/statem/statem_clnt.c
ssl/statem/statem_clnt.c
+23
-23
未找到文件。
include/openssl/ssl.h
浏览文件 @
4fa88861
...
...
@@ -2246,6 +2246,10 @@ void ERR_load_SSL_strings(void);
# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367
# define SSL_F_TLS_PROCESS_SERVER_DONE 368
# define SSL_F_TLS_PROCESS_SERVER_HELLO 369
# define SSL_F_TLS_PROCESS_SKE_DHE 419
# define SSL_F_TLS_PROCESS_SKE_ECDHE 420
# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421
# define SSL_F_TLS_PROCESS_SKE_SRP 422
# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220
/* Reason codes. */
...
...
ssl/ssl_err.c
浏览文件 @
4fa88861
...
...
@@ -295,6 +295,11 @@ static ERR_STRING_DATA SSL_str_functs[] = {
"tls_process_server_certificate"
},
{
ERR_FUNC
(
SSL_F_TLS_PROCESS_SERVER_DONE
),
"tls_process_server_done"
},
{
ERR_FUNC
(
SSL_F_TLS_PROCESS_SERVER_HELLO
),
"tls_process_server_hello"
},
{
ERR_FUNC
(
SSL_F_TLS_PROCESS_SKE_DHE
),
"tls_process_ske_dhe"
},
{
ERR_FUNC
(
SSL_F_TLS_PROCESS_SKE_ECDHE
),
"tls_process_ske_ecdhe"
},
{
ERR_FUNC
(
SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE
),
"tls_process_ske_psk_preamble"
},
{
ERR_FUNC
(
SSL_F_TLS_PROCESS_SKE_SRP
),
"tls_process_ske_srp"
},
{
ERR_FUNC
(
SSL_F_USE_CERTIFICATE_CHAIN_FILE
),
"use_certificate_chain_file"
},
{
0
,
NULL
}
...
...
ssl/statem/statem_clnt.c
浏览文件 @
4fa88861
...
...
@@ -1311,7 +1311,7 @@ static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al)
if
(
!
PACKET_get_length_prefixed_2
(
pkt
,
&
psk_identity_hint
))
{
*
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
SSL_R_LENGTH_MISMATCH
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_PSK_PREAMBL
E
,
SSL_R_LENGTH_MISMATCH
);
return
0
;
}
...
...
@@ -1323,7 +1323,7 @@ static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al)
*/
if
(
PACKET_remaining
(
&
psk_identity_hint
)
>
PSK_MAX_IDENTITY_LEN
)
{
*
al
=
SSL_AD_HANDSHAKE_FAILURE
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
SSL_R_DATA_LENGTH_TOO_LONG
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_PSK_PREAMBL
E
,
SSL_R_DATA_LENGTH_TOO_LONG
);
return
0
;
}
...
...
@@ -1338,7 +1338,7 @@ static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al)
return
1
;
#else
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_PSK_PREAMBL
E
,
ERR_R_INTERNAL_ERROR
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
return
0
;
#endif
...
...
@@ -1354,7 +1354,7 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
||
!
PACKET_get_length_prefixed_1
(
pkt
,
&
salt
)
||
!
PACKET_get_length_prefixed_2
(
pkt
,
&
server_pub
))
{
*
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANGE
,
SSL_R_LENGTH_MISMATCH
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_SRP
,
SSL_R_LENGTH_MISMATCH
);
return
0
;
}
...
...
@@ -1371,13 +1371,13 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
BN_bin2bn
(
PACKET_data
(
&
server_pub
),
PACKET_remaining
(
&
server_pub
),
NULL
))
==
NULL
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANGE
,
ERR_R_BN_LIB
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_SRP
,
ERR_R_BN_LIB
);
return
0
;
}
if
(
!
srp_verify_server_param
(
s
,
al
))
{
*
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANGE
,
SSL_R_BAD_SRP_PARAMETERS
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_SRP
,
SSL_R_BAD_SRP_PARAMETERS
);
return
0
;
}
...
...
@@ -1387,7 +1387,7 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
return
1
;
#else
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_SRP
,
ERR_R_INTERNAL_ERROR
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
return
0
;
#endif
...
...
@@ -1406,7 +1406,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
||
!
PACKET_get_length_prefixed_2
(
pkt
,
&
generator
)
||
!
PACKET_get_length_prefixed_2
(
pkt
,
&
pub_key
))
{
*
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
SSL_R_LENGTH_MISMATCH
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_DH
E
,
SSL_R_LENGTH_MISMATCH
);
return
0
;
}
...
...
@@ -1415,7 +1415,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
if
(
peer_tmp
==
NULL
||
dh
==
NULL
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
ERR_R_MALLOC_FAILURE
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_DH
E
,
ERR_R_MALLOC_FAILURE
);
goto
err
;
}
...
...
@@ -1426,39 +1426,39 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
NULL
);
if
(
p
==
NULL
||
g
==
NULL
||
bnpub_key
==
NULL
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
ERR_R_BN_LIB
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_DH
E
,
ERR_R_BN_LIB
);
goto
err
;
}
if
(
BN_is_zero
(
p
)
||
BN_is_zero
(
g
)
||
BN_is_zero
(
bnpub_key
))
{
*
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
SSL_R_BAD_DH_VALUE
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_DH
E
,
SSL_R_BAD_DH_VALUE
);
goto
err
;
}
if
(
!
DH_set0_pqg
(
dh
,
p
,
NULL
,
g
))
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
ERR_R_BN_LIB
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_DH
E
,
ERR_R_BN_LIB
);
goto
err
;
}
p
=
g
=
NULL
;
if
(
!
DH_set0_key
(
dh
,
bnpub_key
,
NULL
))
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
ERR_R_BN_LIB
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_DH
E
,
ERR_R_BN_LIB
);
goto
err
;
}
bnpub_key
=
NULL
;
if
(
!
ssl_security
(
s
,
SSL_SECOP_TMP_DH
,
DH_security_bits
(
dh
),
0
,
dh
))
{
*
al
=
SSL_AD_HANDSHAKE_FAILURE
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
SSL_R_DH_KEY_TOO_SMALL
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_DH
E
,
SSL_R_DH_KEY_TOO_SMALL
);
goto
err
;
}
if
(
EVP_PKEY_assign_DH
(
peer_tmp
,
dh
)
==
0
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
ERR_R_EVP_LIB
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_DH
E
,
ERR_R_EVP_LIB
);
goto
err
;
}
...
...
@@ -1483,7 +1483,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
return
0
;
#else
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_DH
E
,
ERR_R_INTERNAL_ERROR
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
return
0
;
#endif
...
...
@@ -1504,7 +1504,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
*/
if
(
!
PACKET_get_bytes
(
pkt
,
&
ecparams
,
3
))
{
*
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
SSL_R_LENGTH_TOO_SHORT
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_ECDH
E
,
SSL_R_LENGTH_TOO_SHORT
);
return
0
;
}
/*
...
...
@@ -1513,14 +1513,14 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
*/
if
(
!
tls1_check_curve
(
s
,
ecparams
,
3
))
{
*
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
SSL_R_WRONG_CURVE
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_ECDH
E
,
SSL_R_WRONG_CURVE
);
return
0
;
}
curve_nid
=
tls1_ec_curve_id2nid
(
*
(
ecparams
+
2
));
if
(
curve_nid
==
0
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_ECDH
E
,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS
);
return
0
;
}
...
...
@@ -1532,7 +1532,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
||
EVP_PKEY_CTX_set_ec_paramgen_curve_nid
(
pctx
,
curve_nid
)
<=
0
||
EVP_PKEY_paramgen
(
pctx
,
&
s
->
s3
->
peer_tmp
)
<=
0
)
{
*
al
=
SSL_AD_INTERNAL_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
ERR_R_EVP_LIB
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_ECDH
E
,
ERR_R_EVP_LIB
);
EVP_PKEY_CTX_free
(
pctx
);
return
0
;
}
...
...
@@ -1541,7 +1541,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
if
(
!
PACKET_get_length_prefixed_1
(
pkt
,
&
encoded_pt
))
{
*
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
SSL_R_LENGTH_MISMATCH
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_ECDH
E
,
SSL_R_LENGTH_MISMATCH
);
return
0
;
}
...
...
@@ -1549,7 +1549,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
PACKET_data
(
&
encoded_pt
),
PACKET_remaining
(
&
encoded_pt
),
NULL
)
==
0
)
{
*
al
=
SSL_AD_DECODE_ERROR
;
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
SSL_R_BAD_ECPOINT
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_ECDH
E
,
SSL_R_BAD_ECPOINT
);
return
0
;
}
...
...
@@ -1566,7 +1566,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
return
1
;
#else
SSLerr
(
SSL_F_TLS_PROCESS_
KEY_EXCHANG
E
,
ERR_R_INTERNAL_ERROR
);
SSLerr
(
SSL_F_TLS_PROCESS_
SKE_ECDH
E
,
ERR_R_INTERNAL_ERROR
);
*
al
=
SSL_AD_INTERNAL_ERROR
;
return
0
;
#endif
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录