From 2c4db439d235b68478d90c450289d2d0ba418547 Mon Sep 17 00:00:00 2001
From: B Stack <bgstack15@gmail.com>
Date: Wed, 18 Mar 2020 08:59:09 -0400
Subject: add upstream 10.21

---
 zen/open_ssl.cpp | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

(limited to 'zen/open_ssl.cpp')

diff --git a/zen/open_ssl.cpp b/zen/open_ssl.cpp
index dc9c8a19..b823f8ca 100644
--- a/zen/open_ssl.cpp
+++ b/zen/open_ssl.cpp
@@ -322,8 +322,8 @@ std::string createSignature(const std::string& message, EVP_PKEY* privateKey) //
                               reinterpret_cast<unsigned char*>(&signature[0]), //unsigned char* sigret,
                               &sigLen) != 1)                                   //size_t* siglen
         throw SysError(formatLastOpenSSLError(L"EVP_DigestSignFinal"));
-    signature.resize(sigLen);
 
+    signature.resize(sigLen);
     return signature;
 }
 
@@ -373,7 +373,7 @@ void zen::verifySignature(const std::string& message, const std::string& signatu
 
 namespace
 {
-std::wstring formatSslErrorRaw(int ec)
+std::wstring formatSslErrorCode(int ec)
 {
     switch (ec)
     {
@@ -388,12 +388,15 @@ std::wstring formatSslErrorRaw(int ec)
             ZEN_CHECK_CASE_FOR_CONSTANT(SSL_ERROR_WANT_ACCEPT);
             ZEN_CHECK_CASE_FOR_CONSTANT(SSL_ERROR_WANT_ASYNC);
             ZEN_CHECK_CASE_FOR_CONSTANT(SSL_ERROR_WANT_ASYNC_JOB);
+            ZEN_CHECK_CASE_FOR_CONSTANT(SSL_ERROR_WANT_CLIENT_HELLO_CB);
+
+        default:
+            return replaceCpy<std::wstring>(L"SSL error %x", L"%x", numberTo<std::wstring>(ec));
     }
-    return L"Unknown SSL error: " + numberTo<std::wstring>(ec);
 }
 
 
-std::wstring formatX509ErrorRaw(long ec)
+std::wstring formatX509ErrorCode(long ec)
 {
     switch (ec)
     {
@@ -473,8 +476,10 @@ std::wstring formatX509ErrorRaw(long ec)
             ZEN_CHECK_CASE_FOR_CONSTANT(X509_V_ERR_OCSP_VERIFY_NEEDED);
             ZEN_CHECK_CASE_FOR_CONSTANT(X509_V_ERR_OCSP_VERIFY_FAILED);
             ZEN_CHECK_CASE_FOR_CONSTANT(X509_V_ERR_OCSP_CERT_UNKNOWN);
+
+        default:
+            return replaceCpy<std::wstring>(L"X509 error %x", L"%x", numberTo<std::wstring>(ec));
     }
-    return L"Unknown X509 error: " + numberTo<std::wstring>(ec);
 }
 }
 
@@ -487,7 +492,7 @@ public:
     {
         ZEN_ON_SCOPE_FAIL(cleanup(); /*destructor call would lead to member double clean-up!!!*/);
 
-        ctx_ = ::SSL_CTX_new(TLS_client_method());
+        ctx_ = ::SSL_CTX_new(::TLS_client_method());
         if (!ctx_)
             throw SysError(formatLastOpenSSLError(L"SSL_CTX_new"));
 
@@ -526,13 +531,13 @@ public:
 
         const int rv = ::SSL_connect(ssl_); //implicitly calls SSL_set_connect_state()
         if (rv != 1)
-            throw SysError(formatLastOpenSSLError(L"SSL_connect") + L" " + formatSslErrorRaw(::SSL_get_error(ssl_, rv)));
+            throw SysError(formatLastOpenSSLError(L"SSL_connect") + L' ' + formatSslErrorCode(::SSL_get_error(ssl_, rv)));
 
         if (caCertFilePath)
         {
             const long verifyResult = ::SSL_get_verify_result(ssl_);
             if (verifyResult != X509_V_OK)
-                throw SysError(formatSystemError(L"SSL_get_verify_result", formatX509ErrorRaw(verifyResult), L""));
+                throw SysError(formatSystemError(L"SSL_get_verify_result", formatX509ErrorCode(verifyResult), L""));
         }
     }
 
@@ -554,7 +559,7 @@ public:
     size_t tryRead(void* buffer, size_t bytesToRead) //throw SysError; may return short, only 0 means EOF!
     {
         if (bytesToRead == 0) //"read() with a count of 0 returns zero" => indistinguishable from end of file! => check!
-            throw std::logic_error("Contract violation! " + std::string(__FILE__) + ":" + numberTo<std::string>(__LINE__));
+            throw std::logic_error("Contract violation! " + std::string(__FILE__) + ':' + numberTo<std::string>(__LINE__));
 
         size_t bytesReceived = 0;
         const int rv = ::SSL_read_ex(ssl_, buffer, bytesToRead, &bytesReceived);
@@ -564,7 +569,7 @@ public:
             if (sslError == SSL_ERROR_ZERO_RETURN || //EOF + close_notify alert
                 (sslError == SSL_ERROR_SYSCALL && ::ERR_peek_last_error() == 0)) //EOF: only expected for HTTP/1.0
                 return 0;
-            throw SysError(formatLastOpenSSLError(L"SSL_read_ex") + L" " + formatSslErrorRaw(sslError));
+            throw SysError(formatLastOpenSSLError(L"SSL_read_ex") + L' ' + formatSslErrorCode(sslError));
         }
         assert(bytesReceived > 0); //SSL_read_ex() considers EOF an error!
         if (bytesReceived > bytesToRead) //better safe than sorry
@@ -576,12 +581,12 @@ public:
     size_t tryWrite(const void* buffer, size_t bytesToWrite) //throw SysError; may return short! CONTRACT: bytesToWrite > 0
     {
         if (bytesToWrite == 0)
-            throw std::logic_error("Contract violation! " + std::string(__FILE__) + ":" + numberTo<std::string>(__LINE__));
+            throw std::logic_error("Contract violation! " + std::string(__FILE__) + ':' + numberTo<std::string>(__LINE__));
 
         size_t bytesWritten = 0;
         const int rv = ::SSL_write_ex(ssl_, buffer, bytesToWrite, &bytesWritten);
         if (rv != 1)
-            throw SysError(formatLastOpenSSLError(L"SSL_write_ex") + L" " + formatSslErrorRaw(::SSL_get_error(ssl_, rv)));
+            throw SysError(formatLastOpenSSLError(L"SSL_write_ex") + L' ' + formatSslErrorCode(::SSL_get_error(ssl_, rv)));
 
         if (bytesWritten > bytesToWrite)
             throw SysError(L"SSL_write_ex: buffer overflow.");
@@ -759,7 +764,7 @@ std::string zen::convertPuttyKeyToPkix(const std::string& keyStream, const std::
 
     auto numToBeString = [](size_t n) -> std::string
     {
-        static_assert(usingLittleEndian()&& sizeof(n) >= 4);
+        static_assert(usingLittleEndian() && sizeof(n) >= 4);
         const char* numStr = reinterpret_cast<const char*>(&n);
         return { numStr[3], numStr[2], numStr[1], numStr[0] }; //big endian!
     };
-- 
cgit