root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Make error reason for disallowed legacy sigalg more specific 

The internal error reason is confusing and indicating an error
in OpenSSL and not a configuration problem.

Fixes #19867

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19875)

(cherry picked from commit 97b8db1af2)
This commit is contained in:
Tomas Mraz 2022-12-09 13:27:02 +01:00 committed by Pauli
parent bb3a931f86
commit f92b294563
5 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/err/openssl.txt
View File

@ -1367,6 +1367,8 @@ SSL_R_INVALID_SESSION_ID:999:invalid session id
SSL_R_INVALID_SRP_USERNAME:357:invalid srp username SSL_R_INVALID_SRP_USERNAME:357:invalid srp username
SSL_R_INVALID_STATUS_RESPONSE:328:invalid status response SSL_R_INVALID_STATUS_RESPONSE:328:invalid status response
SSL_R_INVALID_TICKET_KEYS_LENGTH:325:invalid ticket keys length SSL_R_INVALID_TICKET_KEYS_LENGTH:325:invalid ticket keys length
SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED:333:\
legacy sigalg disallowed or unsupported
SSL_R_LENGTH_MISMATCH:159:length mismatch SSL_R_LENGTH_MISMATCH:159:length mismatch
SSL_R_LENGTH_TOO_LONG:404:length too long SSL_R_LENGTH_TOO_LONG:404:length too long
SSL_R_LENGTH_TOO_SHORT:160:length too short SSL_R_LENGTH_TOO_SHORT:160:length too short

1
include/openssl/sslerr.h
View File

@ -150,6 +150,7 @@
# define SSL_R_INVALID_SRP_USERNAME 357 # define SSL_R_INVALID_SRP_USERNAME 357
# define SSL_R_INVALID_STATUS_RESPONSE 328 # define SSL_R_INVALID_STATUS_RESPONSE 328
# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 # define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
# define SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED 333
# define SSL_R_LENGTH_MISMATCH 159 # define SSL_R_LENGTH_MISMATCH 159
# define SSL_R_LENGTH_TOO_LONG 404 # define SSL_R_LENGTH_TOO_LONG 404
# define SSL_R_LENGTH_TOO_SHORT 160 # define SSL_R_LENGTH_TOO_SHORT 160

2
ssl/ssl_err.c
View File

@ -225,6 +225,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"invalid status response"}, "invalid status response"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH), {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH),
"invalid ticket keys length"}, "invalid ticket keys length"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED),
"legacy sigalg disallowed or unsupported"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "length mismatch"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "length mismatch"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_LONG), "length too long"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_LONG), "length too long"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "length too short"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "length too short"},

3
ssl/statem/statem_clnt.c
View File

@ -2251,7 +2251,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
goto err; goto err;
} }
} else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED);
goto err; goto err;
} }

3
ssl/statem/statem_lib.c
View File

@ -442,7 +442,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
goto err; goto err;
} }
} else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED);
goto err; goto err;
} }