diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata index 44509584..7b63bc8e 100644 --- a/crypto/err/ssl.errordata +++ b/crypto/err/ssl.errordata @@ -117,6 +117,7 @@ SSL,191,PATH_TOO_LONG SSL,192,PEER_DID_NOT_RETURN_A_CERTIFICATE SSL,193,PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE SSL,267,PRE_SHARED_KEY_MUST_BE_LAST +SSL,287,PRIVATE_KEY_OPERATION_FAILED SSL,194,PROTOCOL_IS_SHUTDOWN SSL,271,PSK_IDENTITY_BINDER_COUNT_MISMATCH SSL,195,PSK_IDENTITY_NOT_FOUND diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index a1b6fa79..249fce13 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -4697,6 +4697,7 @@ OPENSSL_EXPORT bool SSL_apply_handback(SSL *ssl, Span handback); #define SSL_R_HANDSHAKE_NOT_COMPLETE 284 #define SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI 285 #define SSL_R_SERVER_ECHOED_INVALID_SESSION_ID 286 +#define SSL_R_PRIVATE_KEY_OPERATION_FAILED 287 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc index 134ad561..33cc720a 100644 --- a/ssl/ssl_privkey.cc +++ b/ssl/ssl_privkey.cc @@ -205,6 +205,9 @@ enum ssl_private_key_result_t ssl_private_key_sign( ret = ssl->cert->key_method->sign(ssl, out, out_len, max_out, sigalg, in.data(), in.size()); } + if (ret == ssl_private_key_failure) { + OPENSSL_PUT_ERROR(SSL, SSL_R_PRIVATE_KEY_OPERATION_FAILED); + } hs->pending_private_key_op = ret == ssl_private_key_retry; return ret; } @@ -241,6 +244,9 @@ enum ssl_private_key_result_t ssl_private_key_decrypt(SSL_HANDSHAKE *hs, ret = ssl->cert->key_method->decrypt(ssl, out, out_len, max_out, in.data(), in.size()); } + if (ret == ssl_private_key_failure) { + OPENSSL_PUT_ERROR(SSL, SSL_R_PRIVATE_KEY_OPERATION_FAILED); + } hs->pending_private_key_op = ret == ssl_private_key_retry; return ret; }