-/* $OpenBSD: ssl_stat.c,v 1.14 2017/05/07 04:22:24 beck Exp $ */
+/* $OpenBSD: ssl_stat.c,v 1.15 2021/06/11 17:29:48 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
const char *str;
switch (value & 0xff) {
- case SSL3_AD_CLOSE_NOTIFY:
+ case SSL_AD_CLOSE_NOTIFY:
str = "CN";
break;
- case SSL3_AD_UNEXPECTED_MESSAGE:
+ case SSL_AD_UNEXPECTED_MESSAGE:
str = "UM";
break;
- case SSL3_AD_BAD_RECORD_MAC:
+ case SSL_AD_BAD_RECORD_MAC:
str = "BM";
break;
- case SSL3_AD_DECOMPRESSION_FAILURE:
+ case SSL_AD_DECOMPRESSION_FAILURE:
str = "DF";
break;
- case SSL3_AD_HANDSHAKE_FAILURE:
+ case SSL_AD_HANDSHAKE_FAILURE:
str = "HF";
break;
- case SSL3_AD_NO_CERTIFICATE:
+ case SSL_AD_NO_CERTIFICATE:
str = "NC";
break;
- case SSL3_AD_BAD_CERTIFICATE:
+ case SSL_AD_BAD_CERTIFICATE:
str = "BC";
break;
- case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+ case SSL_AD_UNSUPPORTED_CERTIFICATE:
str = "UC";
break;
- case SSL3_AD_CERTIFICATE_REVOKED:
+ case SSL_AD_CERTIFICATE_REVOKED:
str = "CR";
break;
- case SSL3_AD_CERTIFICATE_EXPIRED:
+ case SSL_AD_CERTIFICATE_EXPIRED:
str = "CE";
break;
- case SSL3_AD_CERTIFICATE_UNKNOWN:
+ case SSL_AD_CERTIFICATE_UNKNOWN:
str = "CU";
break;
- case SSL3_AD_ILLEGAL_PARAMETER:
+ case SSL_AD_ILLEGAL_PARAMETER:
str = "IP";
break;
- case TLS1_AD_DECRYPTION_FAILED:
+ case SSL_AD_DECRYPTION_FAILED:
str = "DC";
break;
- case TLS1_AD_RECORD_OVERFLOW:
+ case SSL_AD_RECORD_OVERFLOW:
str = "RO";
break;
- case TLS1_AD_UNKNOWN_CA:
+ case SSL_AD_UNKNOWN_CA:
str = "CA";
break;
- case TLS1_AD_ACCESS_DENIED:
+ case SSL_AD_ACCESS_DENIED:
str = "AD";
break;
- case TLS1_AD_DECODE_ERROR:
+ case SSL_AD_DECODE_ERROR:
str = "DE";
break;
- case TLS1_AD_DECRYPT_ERROR:
+ case SSL_AD_DECRYPT_ERROR:
str = "CY";
break;
- case TLS1_AD_EXPORT_RESTRICTION:
+ case SSL_AD_EXPORT_RESTRICTION:
str = "ER";
break;
- case TLS1_AD_PROTOCOL_VERSION:
+ case SSL_AD_PROTOCOL_VERSION:
str = "PV";
break;
- case TLS1_AD_INSUFFICIENT_SECURITY:
+ case SSL_AD_INSUFFICIENT_SECURITY:
str = "IS";
break;
- case TLS1_AD_INTERNAL_ERROR:
+ case SSL_AD_INTERNAL_ERROR:
str = "IE";
break;
- case TLS1_AD_USER_CANCELLED:
+ case SSL_AD_USER_CANCELLED:
str = "US";
break;
- case TLS1_AD_NO_RENEGOTIATION:
+ case SSL_AD_NO_RENEGOTIATION:
str = "NR";
break;
- case TLS1_AD_UNSUPPORTED_EXTENSION:
+ case SSL_AD_UNSUPPORTED_EXTENSION:
str = "UE";
break;
- case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+ case SSL_AD_CERTIFICATE_UNOBTAINABLE:
str = "CO";
break;
- case TLS1_AD_UNRECOGNIZED_NAME:
+ case SSL_AD_UNRECOGNIZED_NAME:
str = "UN";
break;
- case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+ case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
str = "BR";
break;
- case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+ case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
str = "BH";
break;
- case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+ case SSL_AD_UNKNOWN_PSK_IDENTITY:
str = "UP";
break;
default:
const char *str;
switch (value & 0xff) {
- case SSL3_AD_CLOSE_NOTIFY:
+ case SSL_AD_CLOSE_NOTIFY:
str = "close notify";
break;
- case SSL3_AD_UNEXPECTED_MESSAGE:
+ case SSL_AD_UNEXPECTED_MESSAGE:
str = "unexpected_message";
break;
- case SSL3_AD_BAD_RECORD_MAC:
+ case SSL_AD_BAD_RECORD_MAC:
str = "bad record mac";
break;
- case SSL3_AD_DECOMPRESSION_FAILURE:
+ case SSL_AD_DECOMPRESSION_FAILURE:
str = "decompression failure";
break;
- case SSL3_AD_HANDSHAKE_FAILURE:
+ case SSL_AD_HANDSHAKE_FAILURE:
str = "handshake failure";
break;
- case SSL3_AD_NO_CERTIFICATE:
+ case SSL_AD_NO_CERTIFICATE:
str = "no certificate";
break;
- case SSL3_AD_BAD_CERTIFICATE:
+ case SSL_AD_BAD_CERTIFICATE:
str = "bad certificate";
break;
- case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+ case SSL_AD_UNSUPPORTED_CERTIFICATE:
str = "unsupported certificate";
break;
- case SSL3_AD_CERTIFICATE_REVOKED:
+ case SSL_AD_CERTIFICATE_REVOKED:
str = "certificate revoked";
break;
- case SSL3_AD_CERTIFICATE_EXPIRED:
+ case SSL_AD_CERTIFICATE_EXPIRED:
str = "certificate expired";
break;
- case SSL3_AD_CERTIFICATE_UNKNOWN:
+ case SSL_AD_CERTIFICATE_UNKNOWN:
str = "certificate unknown";
break;
- case SSL3_AD_ILLEGAL_PARAMETER:
+ case SSL_AD_ILLEGAL_PARAMETER:
str = "illegal parameter";
break;
- case TLS1_AD_DECRYPTION_FAILED:
+ case SSL_AD_DECRYPTION_FAILED:
str = "decryption failed";
break;
- case TLS1_AD_RECORD_OVERFLOW:
+ case SSL_AD_RECORD_OVERFLOW:
str = "record overflow";
break;
- case TLS1_AD_UNKNOWN_CA:
+ case SSL_AD_UNKNOWN_CA:
str = "unknown CA";
break;
- case TLS1_AD_ACCESS_DENIED:
+ case SSL_AD_ACCESS_DENIED:
str = "access denied";
break;
- case TLS1_AD_DECODE_ERROR:
+ case SSL_AD_DECODE_ERROR:
str = "decode error";
break;
- case TLS1_AD_DECRYPT_ERROR:
+ case SSL_AD_DECRYPT_ERROR:
str = "decrypt error";
break;
- case TLS1_AD_EXPORT_RESTRICTION:
+ case SSL_AD_EXPORT_RESTRICTION:
str = "export restriction";
break;
- case TLS1_AD_PROTOCOL_VERSION:
+ case SSL_AD_PROTOCOL_VERSION:
str = "protocol version";
break;
- case TLS1_AD_INSUFFICIENT_SECURITY:
+ case SSL_AD_INSUFFICIENT_SECURITY:
str = "insufficient security";
break;
- case TLS1_AD_INTERNAL_ERROR:
+ case SSL_AD_INTERNAL_ERROR:
str = "internal error";
break;
- case TLS1_AD_USER_CANCELLED:
+ case SSL_AD_USER_CANCELLED:
str = "user canceled";
break;
- case TLS1_AD_NO_RENEGOTIATION:
+ case SSL_AD_NO_RENEGOTIATION:
str = "no renegotiation";
break;
- case TLS1_AD_UNSUPPORTED_EXTENSION:
+ case SSL_AD_UNSUPPORTED_EXTENSION:
str = "unsupported extension";
break;
- case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+ case SSL_AD_CERTIFICATE_UNOBTAINABLE:
str = "certificate unobtainable";
break;
- case TLS1_AD_UNRECOGNIZED_NAME:
+ case SSL_AD_UNRECOGNIZED_NAME:
str = "unrecognized name";
break;
- case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+ case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
str = "bad certificate status response";
break;
- case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+ case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
str = "bad certificate hash value";
break;
- case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+ case SSL_AD_UNKNOWN_PSK_IDENTITY:
str = "unknown PSK identity";
break;
default:
-/* $OpenBSD: ssl_tlsext.c,v 1.94 2021/06/08 19:34:44 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.95 2021/06/11 17:29:48 jsing Exp $ */
/*
* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
CBS list, proto;
if (s->internal->alpn_client_proto_list == NULL) {
- *alert = TLS1_AD_UNSUPPORTED_EXTENSION;
+ *alert = SSL_AD_UNSUPPORTED_EXTENSION;
return 0;
}
return 1;
err:
- *alert = TLS1_AD_DECODE_ERROR;
+ *alert = SSL_AD_DECODE_ERROR;
return 0;
}
if ((groups = reallocarray(NULL, groups_len,
sizeof(uint16_t))) == NULL) {
- *alert = TLS1_AD_INTERNAL_ERROR;
+ *alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
return 1;
err:
- *alert = TLS1_AD_DECODE_ERROR;
+ *alert = SSL_AD_DECODE_ERROR;
return 0;
}
* https://support.f5.com/csp/article/K37345003
*/
if (!CBS_skip(cbs, CBS_len(cbs))) {
- *alert = TLS1_AD_INTERNAL_ERROR;
+ *alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
/* Must contain uncompressed (0) - RFC 8422, section 5.1.2. */
if (!CBS_contains_zero_byte(&ecpf)) {
SSLerror(s, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
- *alert = SSL3_AD_ILLEGAL_PARAMETER;
+ *alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
if (!s->internal->hit) {
if (!CBS_stow(&ecpf, &(SSI(s)->tlsext_ecpointformatlist),
&(SSI(s)->tlsext_ecpointformatlist_length))) {
- *alert = TLS1_AD_INTERNAL_ERROR;
+ *alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
}
S3I(s)->previous_server_finished_len != 0) ||
(S3I(s)->previous_client_finished_len != 0 &&
S3I(s)->previous_server_finished_len == 0)) {
- *alert = TLS1_AD_INTERNAL_ERROR;
+ *alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
* other implementations appear more tolerant.
*/
if (name_type != TLSEXT_NAMETYPE_host_name) {
- *alert = SSL3_AD_ILLEGAL_PARAMETER;
+ *alert = SSL_AD_ILLEGAL_PARAMETER;
goto err;
}
goto err;
if (!tlsext_sni_is_valid_hostname(&host_name)) {
- *alert = SSL3_AD_ILLEGAL_PARAMETER;
+ *alert = SSL_AD_ILLEGAL_PARAMETER;
goto err;
}
if (s->internal->hit || S3I(s)->hs.tls13.hrr) {
if (s->session->tlsext_hostname == NULL) {
- *alert = TLS1_AD_UNRECOGNIZED_NAME;
+ *alert = SSL_AD_UNRECOGNIZED_NAME;
goto err;
}
if (!CBS_mem_equal(&host_name, s->session->tlsext_hostname,
strlen(s->session->tlsext_hostname))) {
- *alert = TLS1_AD_UNRECOGNIZED_NAME;
+ *alert = SSL_AD_UNRECOGNIZED_NAME;
goto err;
}
} else {
if (s->session->tlsext_hostname != NULL)
goto err;
if (!CBS_strdup(&host_name, &s->session->tlsext_hostname)) {
- *alert = TLS1_AD_INTERNAL_ERROR;
+ *alert = SSL_AD_INTERNAL_ERROR;
goto err;
}
}
* therefore we allow only one entry.
*/
if (CBS_len(&server_name_list) != 0) {
- *alert = SSL3_AD_ILLEGAL_PARAMETER;
+ *alert = SSL_AD_ILLEGAL_PARAMETER;
goto err;
}
if (CBS_len(cbs) != 0)
tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) {
- *alert = TLS1_AD_UNRECOGNIZED_NAME;
+ *alert = SSL_AD_UNRECOGNIZED_NAME;
return 0;
}
if (s->internal->hit) {
if (s->session->tlsext_hostname == NULL) {
- *alert = TLS1_AD_UNRECOGNIZED_NAME;
+ *alert = SSL_AD_UNRECOGNIZED_NAME;
return 0;
}
if (strcmp(s->tlsext_hostname,
s->session->tlsext_hostname) != 0) {
- *alert = TLS1_AD_UNRECOGNIZED_NAME;
+ *alert = SSL_AD_UNRECOGNIZED_NAME;
return 0;
}
} else {
}
if ((s->session->tlsext_hostname =
strdup(s->tlsext_hostname)) == NULL) {
- *alert = TLS1_AD_INTERNAL_ERROR;
+ *alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
}
s->tlsext_status_type = -1;
if (!CBS_skip(cbs, CBS_len(cbs))) {
- *alert = TLS1_AD_INTERNAL_ERROR;
+ *alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
return 1;
}
} else {
if (s->tlsext_status_type == -1) {
- *alert = TLS1_AD_UNSUPPORTED_EXTENSION;
+ *alert = SSL_AD_UNSUPPORTED_EXTENSION;
return 0;
}
/* Set flag to expect CertificateStatus message */
if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs),
(int)CBS_len(cbs),
s->internal->tls_session_ticket_ext_cb_arg)) {
- *alert = TLS1_AD_INTERNAL_ERROR;
+ *alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
}
/* We need to signal that this was processed fully */
if (!CBS_skip(cbs, CBS_len(cbs))) {
- *alert = TLS1_AD_INTERNAL_ERROR;
+ *alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
if (!s->internal->tls_session_ticket_ext_cb(s, CBS_data(cbs),
(int)CBS_len(cbs),
s->internal->tls_session_ticket_ext_cb_arg)) {
- *alert = TLS1_AD_INTERNAL_ERROR;
+ *alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
}
if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0 || CBS_len(cbs) > 0) {
- *alert = TLS1_AD_UNSUPPORTED_EXTENSION;
+ *alert = SSL_AD_UNSUPPORTED_EXTENSION;
return 0;
}
projects / openbsd / commitdiff