Improve some error messages if a digest is not available

author Matt Caswell <matt@openssl.org>

Thu, 27 Aug 2020 15:19:27 +0000 (16:19 +0100)

committer Pauli <paul.dale@oracle.com>

Sat, 29 Aug 2020 07:56:20 +0000 (17:56 +1000)
author Matt Caswell <matt@openssl.org>
Thu, 27 Aug 2020 15:19:27 +0000 (16:19 +0100)
committer Pauli <paul.dale@oracle.com>
Sat, 29 Aug 2020 07:56:20 +0000 (17:56 +1000)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt

index 43114dc5457f526e3299f0c036d82df28dc3bec8..643bf6b278310038d0aa1ff2ecc72c75c947a6a2 100644 (file)
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2710,8 +2710,8 @@ OCSP_R_UNKNOWN_MESSAGE_DIGEST:119:unknown message digest
  OCSP_R_UNKNOWN_NID:120:unknown nid
  OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE:129:unsupported requestorname type
  OSSL_DECODER_R_MISSING_GET_PARAMS:100:missing get params
-OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY:100:incorrect property query
  OSSL_ENCODER_R_ENCODER_NOT_FOUND:101:encoder not found
+OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY:100:incorrect property query
  OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE:107:ambiguous content type
  OSSL_STORE_R_BAD_PASSWORD_READ:115:bad password read
  OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC:113:error verifying pkcs12 mac
@@ -3297,6 +3297,7 @@ SSL_R_NO_SHARED_CIPHER:193:no shared cipher
  SSL_R_NO_SHARED_GROUPS:410:no shared groups
  SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS:376:no shared signature algorithms
  SSL_R_NO_SRTP_PROFILES:359:no srtp profiles
+SSL_R_NO_SUITABLE_DIGEST_ALGORITHM:297:no suitable digest algorithm
  SSL_R_NO_SUITABLE_KEY_SHARE:101:no suitable key share
  SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM:118:no suitable signature algorithm
  SSL_R_NO_VALID_SCTS:216:no valid scts
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h

index c15a17f96f27a8c0651bb20091c2281e149b1caa..d4ee837a1e3c8a06d1010fe3a7311fdfda9cb045 100644 (file)
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -634,6 +634,7 @@ int ERR_load_SSL_strings(void);
  # define SSL_R_NO_SHARED_GROUPS                           410
  # define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
  # define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_SUITABLE_DIGEST_ALGORITHM               297
  # define SSL_R_NO_SUITABLE_KEY_SHARE                      101
  # define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
  # define SSL_R_NO_VALID_SCTS                              216
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c

index bd668f317e22d4e70012d50cd9053cffc5036a35..bd90e059b53f43c849688038fbfd41b278cfc873 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -408,7 +408,12 @@ int ssl3_digest_cached_records(SSL *s, int keep)
          }
  
          md = ssl_handshake_md(s);
-        if (md == NULL || !EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL)
+        if (md == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                     SSL_R_NO_SUITABLE_DIGEST_ALGORITHM);
+            return 0;
+        }
+        if (!EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL)
              || !EVP_DigestUpdate(s->s3.handshake_dgst, hdata, hdatalen)) {
              SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
                       ERR_R_INTERNAL_ERROR);
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c

index f84b3f94d884d73f9c75c7b7bf8d0c060df7fc19..9f47a924f097822845388287d6381db4274dc153 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -300,6 +300,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS),
      "no shared signature algorithms"},
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_DIGEST_ALGORITHM),
+    "no suitable digest algorithm"},
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_KEY_SHARE),
      "no suitable key share"},
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM),
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c

index ff48759436f2d587a4f7050f271e4b1672cd419c..4c994dd3896a74fcbe52a96d5d07993b269b9171 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2356,7 +2356,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
  
          if (!tls1_lookup_md(s->ctx, s->s3.tmp.peer_sigalg, &md)) {
              SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
-                     ERR_R_INTERNAL_ERROR);
+                     SSL_R_NO_SUITABLE_DIGEST_ALGORITHM);
              goto err;
          }
          if (SSL_USE_SIGALGS(s))
author	Matt Caswell <matt@openssl.org>
	Thu, 27 Aug 2020 15:19:27 +0000 (16:19 +0100)
committer	Pauli <paul.dale@oracle.com>
	Sat, 29 Aug 2020 07:56:20 +0000 (17:56 +1000)
crypto/err/openssl.txt		patch \| blob \| blame \| history
include/openssl/sslerr.h		patch \| blob \| blame \| history
ssl/s3_enc.c		patch \| blob \| blame \| history
ssl/ssl_err.c		patch \| blob \| blame \| history
ssl/statem/statem_clnt.c		patch \| blob \| blame \| history