diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 185c3cb885b4c7d46d8de0c826d125d2885ca40c..2e899cd38df7d8182d77f39975e7d542ff79b209 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2165,7 +2165,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376 # define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 377 # define SSL_F_TLS_GET_MESSAGE_BODY 351 -# define SSL_F_TLS_GET_MESSAGE_HEADER 350 +# define SSL_F_TLS_GET_MESSAGE_HEADER 387 # define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378 # define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384 # define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360 @@ -2294,8 +2294,8 @@ void ERR_load_SSL_strings(void); # define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 # define SSL_R_INVALID_TRUST 279 # define SSL_R_LENGTH_MISMATCH 159 -# define SSL_R_LENGTH_TOO_LONG 102 # define SSL_R_LENGTH_TOO_SHORT 160 +# define SSL_R_LENGTH_TOO_LONG 404 # define SSL_R_LIBRARY_BUG 274 # define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 # define SSL_R_MISSING_DH_DSA_CERT 162 diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 4fa73ba779579566b4ef377e8a8c41c60a813635..dbba36bc9e54c4c50e4dce344efc6278b9df564f 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1242,7 +1242,7 @@ enum MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) /* Get the session-id. */ if (!PACKET_get_length_prefixed_1(pkt, &session_id)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH); goto f_err; } session_id_len = PACKET_remaining(&session_id); @@ -1254,7 +1254,7 @@ enum MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) } if (!PACKET_get_bytes(pkt, &cipherchars, TLS_CIPHER_LEN)) { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH); al = SSL_AD_DECODE_ERROR; goto f_err; } @@ -1374,7 +1374,7 @@ enum MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) /* lets get the compression algorithm */ /* COMPRESSION */ if (!PACKET_get_1(pkt, &compression)) { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH); al = SSL_AD_DECODE_ERROR; goto f_err; } @@ -1642,7 +1642,7 @@ enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) if (alg_k & SSL_PSK) { PACKET psk_identity_hint; if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); goto f_err; } @@ -1676,7 +1676,7 @@ enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) || !PACKET_get_length_prefixed_2(pkt, &generator) || !PACKET_get_length_prefixed_1(pkt, &salt) || !PACKET_get_length_prefixed_2(pkt, &server_pub)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); goto f_err; } @@ -1692,7 +1692,7 @@ enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) || (s->srp_ctx.B = BN_bin2bn(PACKET_data(&server_pub), PACKET_remaining(&server_pub), NULL)) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB); goto err; } @@ -1718,12 +1718,12 @@ enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) if (!PACKET_get_length_prefixed_2(pkt, &mod) || !PACKET_get_length_prefixed_2(pkt, &exp)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); goto f_err; } if ((rsa = RSA_new()) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto err; } @@ -1731,7 +1731,7 @@ enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) rsa->n)) == NULL || (rsa->e = BN_bin2bn(PACKET_data(&exp), PACKET_remaining(&exp), rsa->e)) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB); goto err; } @@ -1756,12 +1756,12 @@ enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) if (!PACKET_get_length_prefixed_2(pkt, &prime) || !PACKET_get_length_prefixed_2(pkt, &generator) || !PACKET_get_length_prefixed_2(pkt, &pub_key)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); goto f_err; } if ((dh = DH_new()) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_DH_LIB); goto err; } @@ -1772,12 +1772,12 @@ enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) || (dh->pub_key = BN_bin2bn(PACKET_data(&pub_key), PACKET_remaining(&pub_key), NULL)) == NULL) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB); goto err; } if (BN_is_zero(dh->p) || BN_is_zero(dh->g) || BN_is_zero(dh->pub_key)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_VALUE); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_DH_VALUE); goto f_err; } @@ -1813,7 +1813,7 @@ enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) * ECParameters in this case is just three bytes. */ if (!PACKET_get_bytes(pkt, &ecparams, 3)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } /* @@ -1821,7 +1821,7 @@ enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) * invalid curve. ECParameters is 3 bytes. */ if (!tls1_check_curve(s, ecparams, 3)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_CURVE); goto f_err; } @@ -1861,13 +1861,13 @@ enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) } if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); goto f_err; } if (EC_POINT_oct2point(group, srvr_ecpoint, PACKET_data(&encoded_pt), PACKET_remaining(&encoded_pt), bn_ctx) == 0) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_ECPOINT); goto f_err; } @@ -1911,7 +1911,7 @@ enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) PACKET_remaining(&save_param_start) - PACKET_remaining(pkt))) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto f_err; } @@ -1919,7 +1919,7 @@ enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) unsigned char *sigalgs; int rv; if (!PACKET_get_bytes(pkt, &sigalgs, 2)) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } rv = tls12_check_peer_sigalg(&md, s, sigalgs, pkey); @@ -1937,7 +1937,7 @@ enum MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) if (!PACKET_get_length_prefixed_2(pkt, &signature) || PACKET_remaining(pkt) != 0) { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); goto f_err; } j = EVP_PKEY_size(pkey); @@ -2178,7 +2178,7 @@ enum MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) || !PACKET_get_net_2(pkt, &ticklen) || PACKET_remaining(pkt) != ticklen) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); goto f_err; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index f135f9a737303909650296d24efe626d2a79f12b..8abedc0be6e9b22e757ea2fa1bc9a246b89dfe13 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -956,7 +956,7 @@ int dtls_construct_hello_verify_request(SSL *s) s->ctx->app_gen_cookie_cb(s, s->d1->cookie, &(s->d1->cookie_len)) == 0 || s->d1->cookie_len > 255) { - SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, + SSLerr(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); ossl_statem_set_error(s); return 0; @@ -1145,7 +1145,8 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) || !PACKET_get_sub_packet(pkt, &challenge, challenge_len) /* No extensions. */ || PACKET_remaining(pkt) != 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, + SSL_R_RECORD_LENGTH_MISMATCH); al = SSL_AD_DECODE_ERROR; goto f_err; } @@ -1157,7 +1158,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (!PACKET_copy_bytes(&challenge, s->s3->client_random + SSL3_RANDOM_SIZE - challenge_len, challenge_len)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); al = SSL_AD_INTERNAL_ERROR; goto f_err; } @@ -1169,14 +1170,14 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (!PACKET_copy_bytes(pkt, s->s3->client_random, SSL3_RANDOM_SIZE) || !PACKET_get_length_prefixed_1(pkt, &session_id)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); goto f_err; } if (SSL_IS_DTLS(s)) { if (!PACKET_get_length_prefixed_1(pkt, &cookie)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); goto f_err; } /* @@ -1193,7 +1194,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (!PACKET_get_length_prefixed_2(pkt, &cipher_suites) || !PACKET_get_length_prefixed_1(pkt, &compression)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); goto f_err; } /* Could be empty. */ @@ -1253,7 +1254,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookie), PACKET_remaining(&cookie)) == 0) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; /* else cookie verification succeeded */ @@ -1262,7 +1263,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } else if (!PACKET_equal(&cookie, s->d1->cookie, s->d1->cookie_len)) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; } s->d1->cookie_verified = 1; @@ -1274,7 +1275,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) s->version = DTLS1_2_VERSION; s->method = DTLSv1_2_server_method(); } else if (tls1_suiteb(s)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE); s->version = s->client_version; al = SSL_AD_PROTOCOL_VERSION; @@ -1284,7 +1285,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) s->version = DTLS1_VERSION; s->method = DTLSv1_server_method(); } else { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); s->version = s->client_version; al = SSL_AD_PROTOCOL_VERSION; @@ -1325,7 +1326,7 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) * to reuse it */ al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_REQUIRED_CIPHER_MISSING); goto f_err; } @@ -1340,14 +1341,14 @@ enum MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) if (j >= complen) { /* no compress */ al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED); goto f_err; } /* TLS extensions */ if (s->version >= SSL3_VERSION) { if (!ssl_parse_clienthello_tlsext(s, &extensions)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_PARSE_TLSEXT); goto err; } } @@ -2313,7 +2314,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) } if (!PACKET_strndup(&psk_identity, &s->session->psk_identity)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); al = SSL_AD_INTERNAL_ERROR; goto f_err; } @@ -2407,7 +2408,8 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) enc_premaster = orig; } else { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, + SSL_R_LENGTH_MISMATCH); goto f_err; } } @@ -2421,7 +2423,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) */ if (RSA_size(rsa) < SSL_MAX_MASTER_KEY_LENGTH) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, RSA_R_KEY_SIZE_TOO_SMALL); goto f_err; } @@ -2429,7 +2431,7 @@ enum MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) rsa_decrypt = OPENSSL_malloc(RSA_size(rsa)); if (rsa_decrypt == NULL) { al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto f_err; }