Allow code which calls RSA temp key callback to cope

with a failure. Fix typos in some error codes.

Allow code which calls RSA temp key callback to cope
with a failure. Fix typos in some error codes.
fbb41ae0 · Dr. Stephen Henson · 766d78c8 · fbb41ae0 · fbb41ae0 · fbb41ae0
Showing with 17 addition and 2 deletion

CHANGES CHANGES +4 -0

FAQ FAQ +3 -0

crypto/err/openssl.ec crypto/err/openssl.ec +2 -2

ssl/s3_srvr.c ssl/s3_srvr.c +6 -0

ssl/ssl.h ssl/ssl.h +1 -0

ssl/ssl_err.c ssl/ssl_err.c +1 -0

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@

 Changes between 0.9.4 and 0.9.5  [xx XXX 2000]

+  *) Allow for the possibility of temp RSA key generation failure:
+     the code used to assume it always worked and crashed on failure.
+     [Steve Henson]
+
  *) Fix potential buffer overrun problem in BIO_printf().
     [Ulf Möller, using public domain code by Patrick Powell; problem
      pointed out by David Sacerdote <das33@cornell.edu>]

--- a/FAQ
+++ b/FAQ
@@ -44,6 +44,9 @@ might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
 predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>.  Much
 of this still applies to OpenSSL.

+There is some documentation about certificate extensions and PKCS#12
+in doc/openssl.txt
+
 The original SSLeay documentation is included in OpenSSL as
 doc/ssleay.txt.  It may be useful when none of the other ressources
 help, but please note that it reflects the obsolete version SSLeay

--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -48,11 +48,11 @@ R SSL_R_TLSV1_ALERT_UNKNOWN_CA			1048
 R SSL_R_TLSV1_ALERT_ACCESS_DENIED		1049
 R SSL_R_TLSV1_ALERT_DECODE_ERROR		1050
 R SSL_R_TLSV1_ALERT_DECRYPT_ERROR		1051
-R SSL_R_TLSV1_ALERT_EXPORT_RESTRICION		1060
+R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		1060
 R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		1070
 R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY	1071
 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR		1080
-R SSL_R_TLSV1_ALERT_USER_CANCLED		1090
+R SSL_R_TLSV1_ALERT_USER_CANCELLED		1090
 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		1100

 R RSAREF_R_CONTENT_ENCODING			0x0400

--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -955,6 +955,12 @@ static int ssl3_send_server_key_exchange(SSL *s)
 				rsa=s->cert->rsa_tmp_cb(s,
 				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
 				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+				if(rsa == NULL)
+				{
+					al=SSL_AD_HANDSHAKE_FAILURE;
+					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+					goto f_err;
+				}
 				CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
 				cert->rsa_tmp=rsa;
 				}

--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1372,6 +1372,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
 #define SSL_R_DIGEST_CHECK_FAILED			 149
 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
+#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 1092
 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151
 #define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152
 #define SSL_R_EXTRA_DATA_IN_MESSAGE			 153

--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -255,6 +255,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
 {SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
 {SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
+{SSL_R_ERROR_GENERATING_TMP_RSA_KEY      ,"error generating tmp rsa key"},
 {SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST     ,"error in received cipher list"},
 {SSL_R_EXCESSIVE_MESSAGE_SIZE            ,"excessive message size"},
 {SSL_R_EXTRA_DATA_IN_MESSAGE             ,"extra data in message"},