Check return value of ssl_set_xxx() in programs
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 4682ee5..87eadf8 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -855,17 +855,29 @@
ssl_set_authmode( &ssl, opt.auth_mode );
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
- ssl_set_max_frag_len( &ssl, opt.mfl_code );
+ if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret );
+ goto exit;
+ }
#endif
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != 0 )
- ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED );
+ if( ( ret = ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_truncated_hmac returned %d\n\n", ret );
+ goto exit;
+ }
#endif
#if defined(POLARSSL_SSL_ALPN)
if( opt.alpn_string != NULL )
- ssl_set_alpn_protocols( &ssl, alpn_list );
+ if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret );
+ goto exit;
+ }
#endif
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
@@ -877,7 +889,11 @@
ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd );
#if defined(POLARSSL_SSL_SESSION_TICKETS)
- ssl_set_session_tickets( &ssl, opt.tickets );
+ if( ( ret = ssl_set_session_tickets( &ssl, opt.tickets ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret );
+ goto exit;
+ }
#endif
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
@@ -895,17 +911,30 @@
if( strcmp( opt.crt_file, "none" ) != 0 &&
strcmp( opt.key_file, "none" ) != 0 )
{
- ssl_set_own_cert( &ssl, &clicert, &pkey );
+ if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
}
#endif
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
- ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity,
- strlen( opt.psk_identity ) );
+ if( ( ret = ssl_set_psk( &ssl, psk, psk_len,
+ (const unsigned char *) opt.psk_identity,
+ strlen( opt.psk_identity ) ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_psk returned %d\n\n", ret );
+ goto exit;
+ }
#endif
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
- ssl_set_hostname( &ssl, opt.server_name );
+ if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
+ goto exit;
+ }
#endif
if( opt.min_version != -1 )
@@ -1130,7 +1159,11 @@
goto exit;
}
- ssl_set_session( &ssl, &saved_session );
+ if( ( ret = ssl_set_session( &ssl, &saved_session ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_session returned %d\n\n", ret );
+ goto exit;
+ }
if( ( ret = net_connect( &server_fd, opt.server_name,
opt.server_port ) ) != 0 )
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 554be1f..d10a9e6 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -270,7 +270,11 @@
net_send, &client_fd );
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
- ssl_set_own_cert( &ssl, &srvcert, &pkey );
+ if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
/*
* 5. Handshake
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 455cca9..792e166 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -609,10 +609,18 @@
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
- ssl_set_own_cert( &ssl, &clicert, &pkey );
+ if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
- ssl_set_hostname( &ssl, opt.server_name );
+ if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
+ goto exit;
+ }
#endif
if( opt.mode == MODE_SSL_TLS )
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 254505e..3f39071 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -173,7 +173,11 @@
#endif
ssl_set_ca_chain( &ssl, thread_info->ca_chain, NULL, NULL );
- ssl_set_own_cert( &ssl, thread_info->server_cert, thread_info->server_key );
+ if( ( ret = ssl_set_own_cert( &ssl, thread_info->server_cert, thread_info->server_key ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
printf( " [ #%d ] ok\n", thread_id );
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index fcc518c..545243d 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -207,7 +207,11 @@
#endif
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
- ssl_set_own_cert( &ssl, &srvcert, &pkey );
+ if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
printf( " ok\n" );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index c470363..371c909 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -426,8 +426,7 @@
if( name_len == strlen( cur->name ) &&
memcmp( name, cur->name, name_len ) == 0 )
{
- ssl_set_own_cert( ssl, cur->cert, cur->key );
- return( 0 );
+ return( ssl_set_own_cert( ssl, cur->cert, cur->key ) );
}
cur = cur->next;
@@ -1219,12 +1218,20 @@
ssl_set_authmode( &ssl, opt.auth_mode );
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
- ssl_set_max_frag_len( &ssl, opt.mfl_code );
+ if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret );
+ goto exit;
+ };
#endif
#if defined(POLARSSL_SSL_ALPN)
if( opt.alpn_string != NULL )
- ssl_set_alpn_protocols( &ssl, alpn_list );
+ if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret );
+ goto exit;
+ }
#endif
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
@@ -1242,7 +1249,11 @@
#endif
#if defined(POLARSSL_SSL_SESSION_TICKETS)
- ssl_set_session_tickets( &ssl, opt.tickets );
+ if( ( ret = ssl_set_session_tickets( &ssl, opt.tickets ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret );
+ goto exit;
+ }
if( opt.ticket_timeout != -1 )
ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout );
@@ -1279,9 +1290,17 @@
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
}
if( key_cert_init )
- ssl_set_own_cert( &ssl, &srvcert, &pkey );
+ if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
if( key_cert_init2 )
- ssl_set_own_cert( &ssl, &srvcert2, &pkey2 );
+ if( ( ret = ssl_set_own_cert( &ssl, &srvcert2, &pkey2 ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
#endif
#if defined(POLARSSL_SNI)
diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c
index 069dc8a..7dcdcae 100644
--- a/programs/test/ssl_test.c
+++ b/programs/test/ssl_test.c
@@ -265,7 +265,11 @@
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
- ssl_set_own_cert( &ssl, &srvcert, &pkey );
+ if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
}
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 6023cde..fae00d2 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -432,10 +432,18 @@
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
- ssl_set_own_cert( &ssl, &clicert, &pkey );
+ if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
+ goto exit;
+ }
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
- ssl_set_hostname( &ssl, opt.server_name );
+ if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
+ {
+ printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
+ goto exit;
+ }
#endif
/*
