ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Send TLS alerts for errors in TLS handshake building

This commit is contained in:
Martin Willi 2010-08-25 18:24:27 +02:00
parent ee88ddd6aa
commit a596006e3f
3 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/libtls/tls_fragmentation.c
View File

@ -330,6 +330,9 @@ static status_t build_handshake(private_tls_fragmentation_t *this)
return status;
}
/**
* Build TLS application data
*/
static status_t build_application(private_tls_fragmentation_t *this)
{
tls_writer_t *msg;

6
src/libtls/tls_peer.c
View File

@ -451,6 +451,7 @@ static status_t send_certificate(private_tls_peer_t *this,
if (!this->private)
{
DBG1(DBG_TLS, "no TLS peer certificate found for '%Y'", this->peer);
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return FAILED;
}
@ -510,6 +511,7 @@ static status_t send_key_exchange(private_tls_peer_t *this,
if (!rng)
{
DBG1(DBG_TLS, "no suitable RNG found for TLS premaster secret");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return FAILED;
}
rng->get_bytes(rng, sizeof(premaster) - 2, premaster + 2);
@ -535,6 +537,7 @@ static status_t send_key_exchange(private_tls_peer_t *this,
if (!public)
{
DBG1(DBG_TLS, "no TLS public key found for server '%Y'", this->server);
this->alert->add(this->alert, TLS_FATAL, TLS_CERTIFICATE_UNKNOWN);
return FAILED;
}
if (!public->encrypt(public, ENCRYPT_RSA_PKCS1,
@ -542,6 +545,7 @@ static status_t send_key_exchange(private_tls_peer_t *this,
{
public->destroy(public);
DBG1(DBG_TLS, "encrypting TLS premaster secret failed");
this->alert->add(this->alert, TLS_FATAL, TLS_BAD_CERTIFICATE);
return FAILED;
}
@ -566,6 +570,7 @@ static status_t send_certificate_verify(private_tls_peer_t *this,
!this->crypto->sign_handshake(this->crypto, this->private, writer))
{
DBG1(DBG_TLS, "creating TLS Certificate Verify signature failed");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return FAILED;
}
@ -586,6 +591,7 @@ static status_t send_finished(private_tls_peer_t *this,
if (!this->crypto->calculate_finished(this->crypto, "client finished", buf))
{
DBG1(DBG_TLS, "calculating client finished data failed");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return FAILED;
}

3
src/libtls/tls_server.c
View File

@ -414,6 +414,7 @@ static status_t send_server_hello(private_tls_server_t *this,
if (!rng)
{
DBG1(DBG_TLS, "no suitable RNG found to generate server random");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return FAILED;
}
rng->get_bytes(rng, sizeof(this->server_random) - 4, this->server_random + 4);
@ -456,6 +457,7 @@ static status_t send_certificate(private_tls_server_t *this,
if (!this->private)
{
DBG1(DBG_TLS, "no TLS server certificate found for '%Y'", this->server);
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return FAILED;
}
@ -563,6 +565,7 @@ static status_t send_finished(private_tls_server_t *this,
if (!this->crypto->calculate_finished(this->crypto, "server finished", buf))
{
DBG1(DBG_TLS, "calculating server finished data failed");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return FAILED;
}