From c5fd391e04d52a70c41343fc838a70b8d258034e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Jul 2014 14:05:52 +0200 Subject: [PATCH] Check return value of ssl_set_xxx() in programs --- programs/ssl/ssl_client2.c | 51 +++++++++++++++++++++++++------ programs/ssl/ssl_fork_server.c | 6 +++- programs/ssl/ssl_mail_client.c | 12 ++++++-- programs/ssl/ssl_pthread_server.c | 6 +++- programs/ssl/ssl_server.c | 6 +++- programs/ssl/ssl_server2.c | 33 +++++++++++++++----- programs/test/ssl_test.c | 6 +++- programs/x509/cert_app.c | 12 ++++++-- 8 files changed, 108 insertions(+), 24 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 4682ee5bc..87eadf81e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -855,17 +855,29 @@ int main( int argc, char *argv[] ) ssl_set_authmode( &ssl, opt.auth_mode ); #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) - ssl_set_max_frag_len( &ssl, opt.mfl_code ); + if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 ) + { + printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret ); + goto exit; + } #endif #if defined(POLARSSL_SSL_TRUNCATED_HMAC) if( opt.trunc_hmac != 0 ) - ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED ); + if( ( ret = ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED ) ) != 0 ) + { + printf( " failed\n ! ssl_set_truncated_hmac returned %d\n\n", ret ); + goto exit; + } #endif #if defined(POLARSSL_SSL_ALPN) if( opt.alpn_string != NULL ) - ssl_set_alpn_protocols( &ssl, alpn_list ); + if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 ) + { + printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret ); + goto exit; + } #endif ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); @@ -877,7 +889,11 @@ int main( int argc, char *argv[] ) ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); #if defined(POLARSSL_SSL_SESSION_TICKETS) - ssl_set_session_tickets( &ssl, opt.tickets ); + if( ( ret = ssl_set_session_tickets( &ssl, opt.tickets ) ) != 0 ) + { + printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret ); + goto exit; + } #endif if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) @@ -895,17 +911,30 @@ int main( int argc, char *argv[] ) if( strcmp( opt.crt_file, "none" ) != 0 && strcmp( opt.key_file, "none" ) != 0 ) { - ssl_set_own_cert( &ssl, &clicert, &pkey ); + if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 ) + { + printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret ); + goto exit; + } } #endif #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) - ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity, - strlen( opt.psk_identity ) ); + if( ( ret = ssl_set_psk( &ssl, psk, psk_len, + (const unsigned char *) opt.psk_identity, + strlen( opt.psk_identity ) ) ) != 0 ) + { + printf( " failed\n ! ssl_set_psk returned %d\n\n", ret ); + goto exit; + } #endif #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) - ssl_set_hostname( &ssl, opt.server_name ); + if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) + { + printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret ); + goto exit; + } #endif if( opt.min_version != -1 ) @@ -1130,7 +1159,11 @@ send_request: goto exit; } - ssl_set_session( &ssl, &saved_session ); + if( ( ret = ssl_set_session( &ssl, &saved_session ) ) != 0 ) + { + printf( " failed\n ! ssl_set_session returned %d\n\n", ret ); + goto exit; + } if( ( ret = net_connect( &server_fd, opt.server_name, opt.server_port ) ) != 0 ) diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 554be1f9f..d10a9e691 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -270,7 +270,11 @@ int main( int argc, char *argv[] ) net_send, &client_fd ); ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); - ssl_set_own_cert( &ssl, &srvcert, &pkey ); + if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 ) + { + printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret ); + goto exit; + } /* * 5. Handshake diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 455cca9b4..792e166fd 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -609,10 +609,18 @@ int main( int argc, char *argv[] ) ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); - ssl_set_own_cert( &ssl, &clicert, &pkey ); + if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 ) + { + printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret ); + goto exit; + } #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) - ssl_set_hostname( &ssl, opt.server_name ); + if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) + { + printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret ); + goto exit; + } #endif if( opt.mode == MODE_SSL_TLS ) diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 254505efa..3f390714b 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -173,7 +173,11 @@ static void *handle_ssl_connection( void *data ) #endif ssl_set_ca_chain( &ssl, thread_info->ca_chain, NULL, NULL ); - ssl_set_own_cert( &ssl, thread_info->server_cert, thread_info->server_key ); + if( ( ret = ssl_set_own_cert( &ssl, thread_info->server_cert, thread_info->server_key ) ) != 0 ) + { + printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret ); + goto exit; + } printf( " [ #%d ] ok\n", thread_id ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index fcc518c7c..545243d41 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -207,7 +207,11 @@ int main( int argc, char *argv[] ) #endif ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); - ssl_set_own_cert( &ssl, &srvcert, &pkey ); + if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 ) + { + printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret ); + goto exit; + } printf( " ok\n" ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c470363b4..371c90923 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -426,8 +426,7 @@ int sni_callback( void *p_info, ssl_context *ssl, if( name_len == strlen( cur->name ) && memcmp( name, cur->name, name_len ) == 0 ) { - ssl_set_own_cert( ssl, cur->cert, cur->key ); - return( 0 ); + return( ssl_set_own_cert( ssl, cur->cert, cur->key ) ); } cur = cur->next; @@ -1219,12 +1218,20 @@ int main( int argc, char *argv[] ) ssl_set_authmode( &ssl, opt.auth_mode ); #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) - ssl_set_max_frag_len( &ssl, opt.mfl_code ); + if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 ) + { + printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret ); + goto exit; + }; #endif #if defined(POLARSSL_SSL_ALPN) if( opt.alpn_string != NULL ) - ssl_set_alpn_protocols( &ssl, alpn_list ); + if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 ) + { + printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret ); + goto exit; + } #endif ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); @@ -1242,7 +1249,11 @@ int main( int argc, char *argv[] ) #endif #if defined(POLARSSL_SSL_SESSION_TICKETS) - ssl_set_session_tickets( &ssl, opt.tickets ); + if( ( ret = ssl_set_session_tickets( &ssl, opt.tickets ) ) != 0 ) + { + printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret ); + goto exit; + } if( opt.ticket_timeout != -1 ) ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout ); @@ -1279,9 +1290,17 @@ int main( int argc, char *argv[] ) ssl_set_ca_chain( &ssl, &cacert, NULL, NULL ); } if( key_cert_init ) - ssl_set_own_cert( &ssl, &srvcert, &pkey ); + if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 ) + { + printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret ); + goto exit; + } if( key_cert_init2 ) - ssl_set_own_cert( &ssl, &srvcert2, &pkey2 ); + if( ( ret = ssl_set_own_cert( &ssl, &srvcert2, &pkey2 ) ) != 0 ) + { + printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret ); + goto exit; + } #endif #if defined(POLARSSL_SNI) diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c index 069dc8a0d..7dcdcae82 100644 --- a/programs/test/ssl_test.c +++ b/programs/test/ssl_test.c @@ -265,7 +265,11 @@ static int ssl_test( struct options *opt ) ssl_set_endpoint( &ssl, SSL_IS_SERVER ); ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); - ssl_set_own_cert( &ssl, &srvcert, &pkey ); + if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 ) + { + printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret ); + goto exit; + } } ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 6023cde10..fae00d2e8 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -432,10 +432,18 @@ int main( int argc, char *argv[] ) ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); - ssl_set_own_cert( &ssl, &clicert, &pkey ); + if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 ) + { + printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret ); + goto exit; + } #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) - ssl_set_hostname( &ssl, opt.server_name ); + if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) + { + printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret ); + goto exit; + } #endif /*