Skip to content

O
openssl

cherrystories / openssl
与 Fork 源项目一致

从无法访问的项目Fork

通知 1
Star 0
Fork 0
O
openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 c48ffbcc 编写于 作者: R Richard Levitte
浏览文件
操作

SSL: refactor all SSLfatal() calls 

Since SSLfatal() doesn't take a function code any more, we drop that
argument everywhere.  Also, we convert all combinations of SSLfatal()
and ERR_add_data() to an SSLfatal_data() call.
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)
上级 e92519b5
展开全部 隐藏空白更改
内联 并排
Showing with 1055 addition and 2181 deletion
ssl/d1_lib.c
浏览文件 @ c48ffbcc
......@@ -378,8 +378,7 @@ int dtls1_check_timeout_num(SSL *s)
if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
/* fail the connection, enough alerts have been sent */
SSLfatal(s, SSL_AD_NO_ALERT, 0,
SSL_R_READ_TIMEOUT_EXPIRED);
SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_READ_TIMEOUT_EXPIRED);
return -1;
}
......
ssl/record/rec_layer_d1.c
浏览文件 @ c48ffbcc
......@@ -154,8 +154,7 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
if (rdata == NULL || item == NULL) {
OPENSSL_free(rdata);
pitem_free(item);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1;
}
......@@ -263,9 +262,7 @@ int dtls1_process_buffered_records(SSL *s)
* current record is from a different epoch. But that cannot
* be the case because we already checked the epoch above
*/
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
#ifndef OPENSSL_NO_SCTP
......@@ -359,8 +356,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
(type != SSL3_RT_HANDSHAKE)) ||
(peek && (type != SSL3_RT_APPLICATION_DATA))) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1;
}
......@@ -489,7 +485,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
*/
if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
(s->enc_read_ctx == NULL)) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
SSL_R_APP_DATA_IN_HANDSHAKE);
return -1;
}
......@@ -560,8 +556,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|| !PACKET_get_1(&alert, &alert_level)
|| !PACKET_get_1(&alert, &alert_descr)
|| PACKET_remaining(&alert) != 0) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
SSL_R_INVALID_ALERT);
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT);
return -1;
}
......@@ -585,7 +580,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->rlayer.alert_count++;
if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
SSL_R_TOO_MANY_WARN_ALERTS);
return -1;
}
......@@ -610,21 +605,17 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
return 0;
}
} else if (alert_level == SSL3_AL_FATAL) {
char tmp[16];
s->rwstate = SSL_NOTHING;
s->s3.fatal_alert = alert_descr;
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_READ_BYTES,
SSL_AD_REASON_OFFSET + alert_descr);
BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
ERR_add_error_data(2, "SSL alert number ", tmp);
SSLfatal_data(s, SSL_AD_NO_ALERT,
SSL_AD_REASON_OFFSET + alert_descr,
"SSL alert number %d", alert_descr);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL3_RECORD_set_read(rr);
SSL_CTX_remove_session(s->session_ctx, s->session);
return 0;
} else {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_READ_BYTES,
SSL_R_UNKNOWN_ALERT_TYPE);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE);
return -1;
}
......@@ -708,8 +699,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* finished
*/
if (!ossl_assert(SSL_is_init_finished(s))) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1;
}
......@@ -745,8 +735,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
switch (SSL3_RECORD_get_type(rr)) {
default:
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
SSL_R_UNEXPECTED_RECORD);
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD);
return -1;
case SSL3_RT_CHANGE_CIPHER_SPEC:
case SSL3_RT_ALERT:
......@@ -756,8 +745,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
* that should not happen when type != rr->type
*/
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, ERR_R_INTERNAL_ERROR);
return -1;
case SSL3_RT_APPLICATION_DATA:
/*
......@@ -773,8 +761,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->s3.in_read_app_data = 2;
return -1;
} else {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
SSL_R_UNEXPECTED_RECORD);
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD);
return -1;
}
}
......@@ -791,8 +778,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
int i;
if (!ossl_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_WRITE_BYTES,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1;
}
s->rwstate = SSL_NOTHING;
......@@ -818,8 +804,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
* will happen with non blocking IO
*/
if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
......@@ -835,8 +820,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
return 0;
if (len > ssl_get_max_send_fragment(s)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
return 0;
}
......@@ -851,7 +835,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
else {
mac_size = EVP_MD_CTX_size(s->write_hash);
if (mac_size < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
return -1;
}
......@@ -911,8 +895,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
/* first we compress */
if (s->compress != NULL) {
if (!ssl3_do_compress(s, &wr)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
SSL_R_COMPRESSION_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COMPRESSION_FAILURE);
return -1;
}
} else {
......@@ -931,8 +914,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
if (!s->method->ssl3_enc->mac(s, &wr,
&(p[SSL3_RECORD_get_length(&wr) + eivlen]),
1)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1;
}
SSL3_RECORD_add_length(&wr, mac_size);
......@@ -947,8 +929,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
if (s->method->ssl3_enc->enc(s, &wr, 1, 1, NULL, mac_size) < 1) {
if (!ossl_statem_in_error(s)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
}
return -1;
}
......@@ -956,8 +937,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
if (SSL_WRITE_ETM(s) && mac_size != 0) {
if (!s->method->ssl3_enc->mac(s, &wr,
&(p[SSL3_RECORD_get_length(&wr)]), 1)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return -1;
}
SSL3_RECORD_add_length(&wr, mac_size);
......
ssl/record/rec_layer_s3.c
浏览文件 @ c48ffbcc
此差异已折叠。
ssl/record/ssl3_buffer.c
浏览文件 @ c48ffbcc
......@@ -66,8 +66,7 @@ int ssl3_setup_read_buffer(SSL *s)
* We assume we're so doomed that we won't even be able to send an
* alert.
*/
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_SETUP_READ_BUFFER,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_MALLOC_FAILURE);
return 0;
}
b->buf = p;
......@@ -126,8 +125,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
* buffers. We assume we're so doomed that we won't even be able
* to send an alert.
*/
SSLfatal(s, SSL_AD_NO_ALERT,
SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
......
ssl/record/ssl3_record.c
浏览文件 @ c48ffbcc
此差异已折叠。
ssl/record/ssl3_record_tls13.c
浏览文件 @ c48ffbcc
......@@ -36,8 +36,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
if (n_recs != 1) {
/* Should not happen */
/* TODO(TLS1.3): Support pipelining */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
......@@ -72,8 +71,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
} else {
if (!ossl_assert(s->psksession != NULL
&& s->psksession->ext.max_early_data > 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
alg_enc = s->psksession->cipher->algorithm_enc;
......@@ -84,8 +82,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
* be NULL
*/
if (!ossl_assert(s->s3.tmp.new_cipher != NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
alg_enc = s->s3.tmp.new_cipher->algorithm_enc;
......@@ -98,8 +95,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
taglen = EVP_CCM_TLS_TAG_LEN;
if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen,
NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
} else if (alg_enc & SSL_AESGCM) {
......@@ -107,8 +103,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
} else if (alg_enc & SSL_CHACHA20) {
taglen = EVP_CHACHAPOLY_TLS_TAG_LEN;
} else {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
......@@ -125,8 +120,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
/* Set up IV */
if (ivlen < SEQ_NUM_SIZE) {
/* Should not happen */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
offset = ivlen - SEQ_NUM_SIZE;
......@@ -150,8 +144,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
|| (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
taglen,
rec->data + rec->length) <= 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
......@@ -163,8 +156,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
|| !WPACKET_get_total_written(&wpkt, &hdrlen)
|| hdrlen != SSL3_RT_HEADER_LENGTH
|| !WPACKET_finish(&wpkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
WPACKET_cleanup(&wpkt);
return 0;
}
......@@ -188,8 +180,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
/* Add the tag */
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
rec->data + rec->length) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
rec->length += taglen;
......
ssl/s3_enc.c
浏览文件 @ c48ffbcc
......@@ -34,16 +34,14 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
m5 = EVP_MD_CTX_new();
s1 = EVP_MD_CTX_new();
if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
k++;
if (k > sizeof(buf)) {
/* bug: 'buf' is too small for this ciphersuite */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -60,21 +58,18 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
|| !EVP_DigestUpdate(m5, s->session->master_key,
s->session->master_key_length)
|| !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
if ((int)(i + MD5_DIGEST_LENGTH) > num) {
if (!EVP_DigestFinal_ex(m5, smd, NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
memcpy(km, smd, (num - i));
} else {
if (!EVP_DigestFinal_ex(m5, km, NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
}
......@@ -109,8 +104,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
m = s->s3.tmp.new_hash;
/* m == NULL will lead to a crash later */
if (!ossl_assert(m != NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
#ifndef OPENSSL_NO_COMP
......@@ -124,8 +118,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
if (s->enc_read_ctx != NULL) {
reuse_dd = 1;
} else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
} else {
/*
......@@ -136,8 +129,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
dd = s->enc_read_ctx;
if (ssl_replace_hash(&s->read_hash, m) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
#ifndef OPENSSL_NO_COMP
......@@ -148,7 +140,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
s->expand = COMP_CTX_new(comp);
if (s->expand == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SSL3_CHANGE_CIPHER_STATE,
SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err;
}
......@@ -161,8 +152,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
if (s->enc_write_ctx != NULL) {
reuse_dd = 1;
} else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
} else {
/*
......@@ -172,8 +162,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
}
dd = s->enc_write_ctx;
if (ssl_replace_hash(&s->write_hash, m) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
#ifndef OPENSSL_NO_COMP
......@@ -184,7 +173,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
s->compress = COMP_CTX_new(comp);
if (s->compress == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SSL3_CHANGE_CIPHER_STATE,
SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err;
}
......@@ -200,8 +188,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
p = s->s3.tmp.key_block;
mdi = EVP_MD_size(m);
if (mdi < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
i = mdi;
......@@ -227,16 +214,14 @@ int ssl3_change_cipher_state(SSL *s, int which)
}
if (n > s->s3.tmp.key_block_length) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
memcpy(mac_secret, ms, i);
if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -266,8 +251,7 @@ int ssl3_setup_key_block(SSL *s)
if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp,
0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return 0;
}
......@@ -291,8 +275,7 @@ int ssl3_setup_key_block(SSL *s)
ssl3_cleanup_key_block(s);
if ((p = OPENSSL_malloc(num)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
return 0;
}
......@@ -335,8 +318,7 @@ int ssl3_init_finished_mac(SSL *s)
BIO *buf = BIO_new(BIO_s_mem());
if (buf == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
return 0;
}
ssl3_free_digest_list(s);
......@@ -365,21 +347,18 @@ int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len)
if (s->s3.handshake_dgst == NULL) {
/* Note: this writes to a memory BIO so a failure is a fatal error */
if (len > INT_MAX) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
SSL_R_OVERFLOW_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_OVERFLOW_ERROR);
return 0;
}
ret = BIO_write(s->s3.handshake_buffer, (void *)buf, (int)len);
if (ret <= 0 || ret != (int)len) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
} else {
ret = EVP_DigestUpdate(s->s3.handshake_dgst, buf, len);
if (!ret) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
}
......@@ -395,28 +374,25 @@ int ssl3_digest_cached_records(SSL *s, int keep)
if (s->s3.handshake_dgst == NULL) {
hdatalen = BIO_get_mem_data(s->s3.handshake_buffer, &hdata);
if (hdatalen <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
SSL_R_BAD_HANDSHAKE_LENGTH);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH);
return 0;
}
s->s3.handshake_dgst = EVP_MD_CTX_new();
if (s->s3.handshake_dgst == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
return 0;
}
md = ssl_handshake_md(s);
if (md == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_NO_SUITABLE_DIGEST_ALGORITHM);
return 0;
}
if (!EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL)
|| !EVP_DigestUpdate(s->s3.handshake_dgst, hdata, hdatalen)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
}
......@@ -450,28 +426,24 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
}
if (EVP_MD_CTX_type(s->s3.handshake_dgst) != NID_md5_sha1) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
SSL_R_NO_REQUIRED_DIGEST);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_REQUIRED_DIGEST);
return 0;
}
ctx = EVP_MD_CTX_new();
if (ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!EVP_MD_CTX_copy_ex(ctx, s->s3.handshake_dgst)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
ret = 0;
goto err;
}
ret = EVP_MD_CTX_size(ctx);
if (ret < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
ret = 0;
goto err;
}
......@@ -484,8 +456,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
if (EVP_DigestUpdate(ctx, sender, len) <= 0
|| EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0
|| EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
ret = 0;
}
}
......@@ -517,8 +488,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
size_t ret_secret_size = 0;
if (ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
return 0;
}
for (i = 0; i < 3; i++) {
......@@ -536,8 +506,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
|| EVP_DigestUpdate(ctx, p, len) <= 0
|| EVP_DigestUpdate(ctx, buf, n) <= 0
|| EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
ret = 0;
break;
}
......
ssl/s3_lib.c
浏览文件 @ c48ffbcc
......@@ -4755,8 +4755,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
EVP_PKEY *pkey = NULL;
if (ginf == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -4764,23 +4763,19 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
s->ctx->propq);
if (pctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_keygen_init(pctx) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
goto err;
}
if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
goto err;
}
if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
EVP_PKEY_free(pkey);
pkey = NULL;
}
......@@ -4810,8 +4805,7 @@ EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
if (EVP_PKEY_paramgen_init(pctx) <= 0)
goto err;
if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
goto err;
}
if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
......@@ -4859,8 +4853,7 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
EVP_PKEY_CTX *pctx;
if (privkey == NULL || pubkey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
......@@ -4869,8 +4862,7 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
if (EVP_PKEY_derive_init(pctx) <= 0
|| EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
|| EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -4881,14 +4873,12 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
pms = OPENSSL_malloc(pmslen);
if (pms == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -4920,8 +4910,7 @@ int ssl_decapsulate(SSL *s, EVP_PKEY *privkey,
EVP_PKEY_CTX *pctx;
if (privkey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DECAPSULATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
......@@ -4929,21 +4918,18 @@ int ssl_decapsulate(SSL *s, EVP_PKEY *privkey,
if (EVP_PKEY_decapsulate_init(pctx) <= 0
|| EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DECAPSULATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
pms = OPENSSL_malloc(pmslen);
if (pms == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DECAPSULATE,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DECAPSULATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -4974,8 +4960,7 @@ int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
EVP_PKEY_CTX *pctx;
if (pubkey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ENCAPSULATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
......@@ -4984,22 +4969,19 @@ int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
if (EVP_PKEY_encapsulate_init(pctx) <= 0
|| EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
|| pmslen == 0 || ctlen == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ENCAPSULATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
pms = OPENSSL_malloc(pmslen);
ct = OPENSSL_malloc(ctlen);
if (pms == NULL || ct == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ENCAPSULATE,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ENCAPSULATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......
ssl/ssl_cert.c
浏览文件 @ c48ffbcc
......@@ -902,10 +902,9 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
if (i > 0)
chain = X509_STORE_CTX_get1_chain(xs_ctx);
if (i <= 0) {
ERR_raise(ERR_LIB_SSL, SSL_R_CERTIFICATE_VERIFY_FAILED);
i = X509_STORE_CTX_get_error(xs_ctx);
ERR_add_error_data(2, "Verify error:",
X509_verify_cert_error_string(i));
ERR_raise_data(ERR_LIB_SSL, SSL_R_CERTIFICATE_VERIFY_FAILED,
"Verify error:%s", X509_verify_cert_error_string(i));
goto err;
}
......
ssl/ssl_conf.c
浏览文件 @ c48ffbcc
......@@ -872,17 +872,14 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
return 2;
if (rv == -2)
return -2;
if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) {
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_VALUE);
ERR_add_error_data(4, "cmd=", cmd, ", value=", value);
}
if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
ERR_raise_data(ERR_LIB_SSL, SSL_R_BAD_VALUE,
"cmd=%s, value=%s", cmd, value);
return 0;
}
if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) {
ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME);
ERR_add_error_data(2, "cmd=", cmd);
}
if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
ERR_raise_data(ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME, "cmd=%s", cmd);
return -2;
}
......
ssl/ssl_lib.c
浏览文件 @ c48ffbcc
......@@ -4753,8 +4753,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
int ret = 0;
if (hashleni < 0 || (size_t)hashleni > outlen) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -4764,8 +4763,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
|| EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -5185,8 +5183,7 @@ int ssl_validate_ct(SSL *s)
ctx = CT_POLICY_EVAL_CTX_new_ex(s->ctx->libctx, s->ctx->propq);
if (ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto end;
}
......@@ -5214,8 +5211,7 @@ int ssl_validate_ct(SSL *s)
* ought to correspond to an inability to carry out its duties.
*/
if (SCT_LIST_validate(scts, ctx) < 0) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
SSL_R_SCT_VERIFICATION_FAILED);
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_SCT_VERIFICATION_FAILED);
goto end;
}
......@@ -5223,8 +5219,7 @@ int ssl_validate_ct(SSL *s)
if (ret < 0)
ret = 0; /* This function returns 0 on failure */
if (!ret)
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
SSL_R_CALLBACK_FAILED);
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_CALLBACK_FAILED);
end:
CT_POLICY_EVAL_CTX_free(ctx);
......@@ -5466,8 +5461,7 @@ static int nss_keylog_int(const char *prefix,
prefix_len = strlen(prefix);
out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
ERR_R_MALLOC_FAILURE);
SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
return 0;
}
......@@ -5500,8 +5494,7 @@ int ssl_log_rsa_client_key_exchange(SSL *ssl,
size_t premaster_len)
{
if (encrypted_premaster_len < 8) {
SSLfatal(ssl, SSL_AD_INTERNAL_ERROR,
SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
......@@ -5536,14 +5529,12 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
if (PACKET_remaining(cipher_suites) == 0) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST,
SSL_R_NO_CIPHERS_SPECIFIED);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED);
return 0;
}
if (PACKET_remaining(cipher_suites) % n != 0) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
return 0;
}
......@@ -5567,8 +5558,7 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
s->s3.tmp.ciphers_raw = raw;
if (raw == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
return 0;
}
for (s->s3.tmp.ciphers_rawlen = 0;
......@@ -5580,8 +5570,7 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
TLS_CIPHER_LEN))
|| (leadbyte != 0
&& !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
SSL_R_BAD_PACKET);
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_PACKET);
OPENSSL_free(s->s3.tmp.ciphers_raw);
s->s3.tmp.ciphers_raw = NULL;
s->s3.tmp.ciphers_rawlen = 0;
......@@ -5592,8 +5581,7 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
}
} else if (!PACKET_memdup(cipher_suites, &s->s3.tmp.ciphers_raw,
&s->s3.tmp.ciphers_rawlen)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
return 1;
......@@ -5626,8 +5614,7 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
if (PACKET_remaining(cipher_suites) == 0) {
if (fatal)
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST,
SSL_R_NO_CIPHERS_SPECIFIED);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_NO_CIPHERS_SPECIFIED);
else
ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHERS_SPECIFIED);
return 0;
......@@ -5635,7 +5622,7 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
if (PACKET_remaining(cipher_suites) % n != 0) {
if (fatal)
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
SSLfatal(s, SSL_AD_DECODE_ERROR,
SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
else
ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
......@@ -5646,8 +5633,7 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
scsvs = sk_SSL_CIPHER_new_null();
if (sk == NULL || scsvs == NULL) {
if (fatal)
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
else
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
......@@ -5668,8 +5654,7 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
(!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
if (fatal)
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
else
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
......@@ -5678,8 +5663,7 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
}
if (PACKET_remaining(cipher_suites) > 0) {
if (fatal)
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
SSL_R_BAD_LENGTH);
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_LENGTH);
else
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
goto err;
......
ssl/ssl_mcnf.c
浏览文件 @ c48ffbcc
......@@ -39,10 +39,9 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
if (name == NULL && system)
name = "system_default";
if (!conf_ssl_name_find(name, &idx)) {
if (!system) {
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME);
ERR_add_error_data(2, "name=", name);
}
if (!system)
ERR_raise_data(ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME,
"name=%s", name);
goto err;
}
cmds = conf_ssl_get(idx, &name, &cmd_count);
......@@ -73,12 +72,10 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
conf_ssl_get_cmd(cmds, i, &cmdstr, &arg);
rv = SSL_CONF_cmd(cctx, cmdstr, arg);
if (rv <= 0) {
if (rv == -2)
ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_COMMAND);
else
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_VALUE);
ERR_add_error_data(6, "section=", name, ", cmd=", cmdstr,
", arg=", arg);
int errcode = rv == -2 ? SSL_R_UNKNOWN_COMMAND : SSL_R_BAD_VALUE;
ERR_raise_data(ERR_LIB_SSL, errcode,
"section=%s, cmd=%s, arg=%s", name, cmdstr, arg);
goto err;
}
}
......
ssl/ssl_sess.c
浏览文件 @ c48ffbcc
......@@ -294,8 +294,7 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
break;
default:
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
SSL_R_UNSUPPORTED_SSL_VERSION);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNSUPPORTED_SSL_VERSION);
return 0;
}
......@@ -333,7 +332,7 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
tmp = (int)ss->session_id_length;
if (!cb(s, ss->session_id, &tmp)) {
/* The callback failed */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
return 0;
}
......@@ -343,7 +342,7 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
*/
if (tmp == 0 || tmp > ss->session_id_length) {
/* The callback set an illegal length */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
return 0;
}
......@@ -351,8 +350,7 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
/* Finally, check for a conflict */
if (SSL_has_matching_session_id(s, ss->session_id,
(unsigned int)ss->session_id_length)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
SSL_R_SSL_SESSION_ID_CONFLICT);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_SSL_SESSION_ID_CONFLICT);
return 0;
}
......@@ -366,8 +364,7 @@ int ssl_get_new_session(SSL *s, int session)
SSL_SESSION *ss = NULL;
if ((ss = SSL_SESSION_new()) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
return 0;
}
......@@ -398,8 +395,7 @@ int ssl_get_new_session(SSL *s, int session)
}
if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
SSL_SESSION_free(ss);
return 0;
}
......@@ -527,8 +523,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
case SSL_TICKET_FATAL_ERR_MALLOC:
case SSL_TICKET_FATAL_ERR_OTHER:
fatal = 1;
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
case SSL_TICKET_NONE:
case SSL_TICKET_EMPTY:
......@@ -574,7 +569,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
* noticing).
*/
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION,
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
fatal = 1;
goto err;
......@@ -593,8 +588,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
if (ret->flags & SSL_SESS_FLAG_EXTMS) {
/* If old session includes extms, but new does not: abort handshake */
if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_GET_PREV_SESSION,
SSL_R_INCONSISTENT_EXTMS);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS);
fatal = 1;
goto err;
}
......
ssl/statem/extensions.c
浏览文件 @ c48ffbcc
......@@ -571,8 +571,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
num_exts = OSSL_NELEM(ext_defs) + (exts != NULL ? exts->meths_count : 0);
raw_extensions = OPENSSL_zalloc(num_exts * sizeof(*raw_extensions));
if (raw_extensions == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
return 0;
}
......@@ -584,8 +583,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
if (!PACKET_get_net_2(&extensions, &type) ||
!PACKET_get_length_prefixed_2(&extensions, &extension)) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS,
SSL_R_BAD_EXTENSION);
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
goto err;
}
/*
......@@ -598,8 +596,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
|| (type == TLSEXT_TYPE_psk
&& (context & SSL_EXT_CLIENT_HELLO) != 0
&& PACKET_remaining(&extensions) != 0)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_COLLECT_EXTENSIONS,
SSL_R_BAD_EXTENSION);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EXTENSION);
goto err;
}
idx = thisex - raw_extensions;
......@@ -631,7 +628,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
#endif
) {
SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION);
SSL_R_UNSOLICITED_EXTENSION);
goto err;
}
if (thisex != NULL) {
......@@ -810,16 +807,14 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
(SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0
&& !WPACKET_set_flags(pkt,
WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
if (reason != 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS,
reason);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, reason);
return 0;
}
}
......@@ -862,8 +857,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
}
if (!WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
......@@ -887,7 +881,7 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent)
if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
&& !sent) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE,
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
}
......@@ -899,7 +893,7 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent)
if (s->renegotiate
&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
&& !sent) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE,
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
}
......@@ -927,8 +921,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
int was_ticket = (SSL_get_options(s) & SSL_OP_NO_TICKET) == 0;
if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
......@@ -953,8 +946,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
OPENSSL_free(s->session->ext.hostname);
s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname);
if (s->session->ext.hostname == NULL && s->ext.hostname != NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
}
}
}
......@@ -988,13 +980,11 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
ss->ext.tick_lifetime_hint = 0;
ss->ext.tick_age_add = 0;
if (!ssl_generate_session_id(s, ss)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
} else {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
}
......@@ -1002,7 +992,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
switch (ret) {
case SSL_TLSEXT_ERR_ALERT_FATAL:
SSLfatal(s, altmp, SSL_F_FINAL_SERVER_NAME, SSL_R_CALLBACK_FAILED);
SSLfatal(s, altmp, SSL_R_CALLBACK_FAILED);
return 0;
case SSL_TLSEXT_ERR_ALERT_WARNING:
......@@ -1051,7 +1041,7 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
break;
}
if (i == s->ext.peer_ecpointformats_len) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EC_PT_FORMATS,
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
return 0;
}
......@@ -1183,8 +1173,7 @@ static int final_ems(SSL *s, unsigned int context, int sent)
*/
if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)
&& (s->s3.flags & TLS1_FLAGS_REQUIRED_EXTMS)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS,
SSL_R_INCONSISTENT_EXTMS);
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS);
return 0;
}
if (!s->server && s->hit) {
......@@ -1194,8 +1183,7 @@ static int final_ems(SSL *s, unsigned int context, int sent)
*/
if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) !=
!(s->session->flags & SSL_SESS_FLAG_EXTMS)) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS,
SSL_R_INCONSISTENT_EXTMS);
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS);
return 0;
}
}
......@@ -1222,9 +1210,7 @@ static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_certificate_authorities)
|| !WPACKET_start_sub_packet_u16(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
}
......@@ -1234,9 +1220,7 @@ static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
}
if (!WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
}
......@@ -1250,8 +1234,7 @@ static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
if (!parse_ca_names(s, pkt))
return 0;
if (PACKET_remaining(pkt) != 0) {
SSLfatal(s, SSL_AD_DECODE_ERROR,
SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES, SSL_R_BAD_EXTENSION);
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
return 0;
}
return 1;
......@@ -1270,7 +1253,7 @@ static int init_srtp(SSL *s, unsigned int context)
static int final_sig_algs(SSL *s, unsigned int context, int sent)
{
if (!sent && SSL_IS_TLS13(s) && !s->hit) {
SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_SIG_ALGS,
SSLfatal(s, TLS13_AD_MISSING_EXTENSION,
SSL_R_MISSING_SIGALGS_EXTENSION);
return 0;
}
......@@ -1304,8 +1287,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent)
&& (!s->hit
|| (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0)) {
/* Nothing left we can do - just fail */
SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_FINAL_KEY_SHARE,
SSL_R_NO_SUITABLE_KEY_SHARE);
SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_R_NO_SUITABLE_KEY_SHARE);
return 0;
}
/*
......@@ -1353,8 +1335,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent)
* previously sent HRR - so how can this be anything other
* than 0?
*/
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
s->hello_retry_request = SSL_HRR_PENDING;
......@@ -1399,7 +1380,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent)
/* Nothing left we can do - just fail */
SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE
: SSL_AD_MISSING_EXTENSION,
SSL_F_FINAL_KEY_SHARE, SSL_R_NO_SUITABLE_KEY_SHARE);
SSL_R_NO_SUITABLE_KEY_SHARE);
return 0;
}
......@@ -1411,8 +1392,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent)
* previously sent HRR - so how can this be anything other
* than 0?
*/
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
s->hello_retry_request = SSL_HRR_PENDING;
......@@ -1433,8 +1413,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent)
* processing).
*/
if (!sent && !tls13_generate_handshake_secret(s, NULL, 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
}
......@@ -1473,8 +1452,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
/* Ensure cast to size_t is safe */
if (!ossl_assert(hashsizei >= 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
hashsize = (size_t)hashsizei;
......@@ -1520,8 +1498,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
if (mctx == NULL
|| EVP_DigestInit_ex(mctx, md, NULL) <= 0
|| EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -1539,8 +1516,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
}
if (EVP_DigestInit_ex(mctx, md, NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -1557,8 +1533,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
hdatalen = hdatalen_l =
BIO_get_mem_data(s->s3.handshake_buffer, &hdata);
if (hdatalen_l <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
SSL_R_BAD_HANDSHAKE_LENGTH);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH);
goto err;
}
......@@ -1575,24 +1550,21 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
|| !PACKET_get_length_prefixed_3(&hashprefix, &msg)
|| !PACKET_forward(&hashprefix, 1)
|| !PACKET_get_length_prefixed_3(&hashprefix, &msg)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
hdatalen -= PACKET_remaining(&hashprefix);
}
if (EVP_DigestUpdate(mctx, hdata, hdatalen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
}
if (EVP_DigestUpdate(mctx, msgstart, binderoffset) <= 0
|| EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -1600,8 +1572,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
s->ctx->propq, finishedkey,
hashsize);
if (mackey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -1614,8 +1585,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
|| EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
|| EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
|| bindersize != hashsize) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -1625,8 +1595,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
/* HMAC keys can't do EVP_DigestVerify* - use CRYPTO_memcmp instead */
ret = (CRYPTO_memcmp(binderin, binderout, hashsize) == 0);
if (!ret)
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PSK_DO_BINDER,
SSL_R_BINDER_DOES_NOT_VERIFY);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BINDER_DOES_NOT_VERIFY);
}
err:
......@@ -1652,8 +1621,7 @@ static int final_early_data(SSL *s, unsigned int context, int sent)
* later realised that it shouldn't have done (e.g. inconsistent
* ALPN)
*/
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EARLY_DATA,
SSL_R_BAD_EARLY_DATA);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_EARLY_DATA);
return 0;
}
......@@ -1690,8 +1658,7 @@ static int final_maxfragmentlen(SSL *s, unsigned int context, int sent)
*/
if (s->server && s->hit && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
&& !sent ) {
SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_FINAL_MAXFRAGMENTLEN,
SSL_R_BAD_EXTENSION);
SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_R_BAD_EXTENSION);
return 0;
}
......
ssl/statem/extensions_clnt.c
浏览文件 @ c48ffbcc
此差异已折叠。
ssl/statem/extensions_cust.c
浏览文件 @ c48ffbcc
......@@ -139,8 +139,7 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
* extensions not sent in ClientHello.
*/
if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) {
SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_F_CUSTOM_EXT_PARSE,
SSL_R_BAD_EXTENSION);
SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION);
return 0;
}
}
......@@ -159,7 +158,7 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx,
&al, meth->parse_arg) <= 0) {
SSLfatal(s, al, SSL_F_CUSTOM_EXT_PARSE, SSL_R_BAD_EXTENSION);
SSLfatal(s, al, SSL_R_BAD_EXTENSION);
return 0;
}
......@@ -209,7 +208,7 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
meth->add_arg);
if (cb_retval < 0) {
SSLfatal(s, al, SSL_F_CUSTOM_EXT_ADD, SSL_R_CALLBACK_FAILED);
SSLfatal(s, al, SSL_R_CALLBACK_FAILED);
return 0; /* error */
}
if (cb_retval == 0)
......@@ -220,8 +219,7 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
|| !WPACKET_start_sub_packet_u16(pkt)
|| (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
|| !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
......@@ -229,8 +227,7 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
* We can't send duplicates: code logic should prevent this.
*/
if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
/*
......
ssl/statem/extensions_srvr.c
浏览文件 @ c48ffbcc
此差异已折叠。
ssl/statem/statem.c
浏览文件 @ c48ffbcc
......@@ -140,12 +140,11 @@ void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...)
* a fatal error state. We verify that we are, and set it if not (this would
* indicate a bug).
*/
#define check_fatal(s, f) \
#define check_fatal(s) \
do { \
if (!ossl_assert((s)->statem.in_init \
&& (s)->statem.state == MSG_FLOW_ERROR)) \
SSLfatal(s, SSL_AD_INTERNAL_ERROR, (f), \
SSL_R_MISSING_FATAL); \
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_MISSING_FATAL); \
} while (0)
/*
......@@ -362,33 +361,28 @@ static int state_machine(SSL *s, int server)
if (SSL_IS_DTLS(s)) {
if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
(server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) {
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
goto end;
}
} else {
if ((s->version >> 8) != SSL3_VERSION_MAJOR) {
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
goto end;
}
}
if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) {
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
goto end;
}
if (s->init_buf == NULL) {
if ((buf = BUF_MEM_new()) == NULL) {
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
goto end;
}
if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
goto end;
}
s->init_buf = buf;
......@@ -396,8 +390,7 @@ static int state_machine(SSL *s, int server)
}
if (!ssl3_setup_buffers(s)) {
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
goto end;
}
s->init_num = 0;
......@@ -415,8 +408,7 @@ static int state_machine(SSL *s, int server)
if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s)))
#endif
if (!ssl_init_wbio_buffer(s)) {
SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_INTERNAL_ERROR);
goto end;
}
......@@ -458,7 +450,7 @@ static int state_machine(SSL *s, int server)
}
} else {
/* Error */
check_fatal(s, SSL_F_STATE_MACHINE);
check_fatal(s);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
goto end;
}
......@@ -605,7 +597,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
return SUB_STATE_ERROR;
if (s->s3.tmp.message_size > max_message_size(s)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_READ_STATE_MACHINE,
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_R_EXCESSIVE_MESSAGE_SIZE);
return SUB_STATE_ERROR;
}
......@@ -615,8 +607,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
&& s->s3.tmp.message_size > 0
&& !grow_init_buf(s, s->s3.tmp.message_size
+ SSL3_HM_HEADER_LENGTH)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE,
ERR_R_BUF_LIB);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB);
return SUB_STATE_ERROR;
}
......@@ -635,8 +626,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
s->first_packet = 0;
if (!PACKET_buf_init(&pkt, s->init_msg, len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return SUB_STATE_ERROR;
}
ret = process_message(s, &pkt);
......@@ -646,7 +636,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
switch (ret) {
case MSG_PROCESS_ERROR:
check_fatal(s, SSL_F_READ_STATE_MACHINE);
check_fatal(s);
return SUB_STATE_ERROR;
case MSG_PROCESS_FINISHED_READING:
......@@ -670,7 +660,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
st->read_state_work = post_process_message(s, st->read_state_work);
switch (st->read_state_work) {
case WORK_ERROR:
check_fatal(s, SSL_F_READ_STATE_MACHINE);
check_fatal(s);
/* Fall through */
case WORK_MORE_A:
case WORK_MORE_B:
......@@ -691,8 +681,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
default:
/* Shouldn't happen */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return SUB_STATE_ERROR;
}
}
......@@ -807,7 +796,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
break;
case WRITE_TRAN_ERROR:
check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
check_fatal(s);
return SUB_STATE_ERROR;
}
break;
......@@ -815,7 +804,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
case WRITE_STATE_PRE_WORK:
switch (st->write_state_work = pre_work(s, st->write_state_work)) {
case WORK_ERROR:
check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
check_fatal(s);
/* Fall through */
case WORK_MORE_A:
case WORK_MORE_B:
......@@ -842,20 +831,18 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
if (!WPACKET_init(&pkt, s->init_buf)
|| !ssl_set_handshake_header(s, &pkt, mt)) {
WPACKET_cleanup(&pkt);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return SUB_STATE_ERROR;
}
if (confunc != NULL && !confunc(s, &pkt)) {
WPACKET_cleanup(&pkt);
check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
check_fatal(s);
return SUB_STATE_ERROR;
}
if (!ssl_close_construct_packet(s, &pkt, mt)
|| !WPACKET_finish(&pkt)) {
WPACKET_cleanup(&pkt);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return SUB_STATE_ERROR;
}
......@@ -876,7 +863,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
case WRITE_STATE_POST_WORK:
switch (st->write_state_work = post_work(s, st->write_state_work)) {
case WORK_ERROR:
check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
check_fatal(s);
/* Fall through */
case WORK_MORE_A:
case WORK_MORE_B:
......@@ -893,8 +880,7 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
break;
default:
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return SUB_STATE_ERROR;
}
}
......
ssl/statem/statem_clnt.c
浏览文件 @ c48ffbcc
此差异已折叠。
ssl/statem/statem_dtls.c
浏览文件 @ c48ffbcc
......@@ -426,8 +426,7 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
/* sanity checking */
if ((frag_off + frag_len) > msg_len
|| msg_len > dtls1_max_handshake_message_len(s)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_PREPROCESS_FRAGMENT,
SSL_R_EXCESSIVE_MESSAGE_SIZE);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE);
return 0;
}
......@@ -437,8 +436,7 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
* dtls_max_handshake_message_len(s) above
*/
if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PREPROCESS_FRAGMENT,
ERR_R_BUF_LIB);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB);
return 0;
}
......@@ -452,8 +450,7 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
* They must be playing with us! BTW, failure to enforce upper limit
* would open possibility for buffer overrun.
*/
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_PREPROCESS_FRAGMENT,
SSL_R_EXCESSIVE_MESSAGE_SIZE);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE);
return 0;
}
......@@ -768,7 +765,6 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
if (wire[0] != SSL3_MT_CCS) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,
SSL_R_BAD_CHANGE_CIPHER_SPEC);
goto f_err;
}
......@@ -784,8 +780,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
/* Handshake fails if message header is incomplete */
if (readbytes != DTLS1_HM_HEADER_LENGTH) {
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
......@@ -801,8 +796,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
* Fragments must not span records.
*/
if (frag_len > RECORD_LAYER_get_rrec_length(&s->rlayer)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_BAD_LENGTH);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_LENGTH);
goto f_err;
}
......@@ -841,9 +835,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
goto redo;
} else { /* Incorrectly formatted Hello request */
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,
SSL_R_UNEXPECTED_MESSAGE);
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
}
......@@ -878,8 +870,7 @@ static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
* to fail
*/
if (readbytes != frag_len) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_BAD_LENGTH);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_LENGTH);
goto f_err;
}
......@@ -913,9 +904,7 @@ int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
s->d1->next_handshake_write_seq++;
if (!WPACKET_put_bytes_u16(pkt, s->d1->handshake_write_seq)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
}
......@@ -936,8 +925,7 @@ WORK_STATE dtls_wait_for_dry(SSL *s)
/* read app data until dry event */
ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
if (ret < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS_WAIT_FOR_DRY,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return WORK_ERROR;
}
......@@ -950,8 +938,7 @@ WORK_STATE dtls_wait_for_dry(SSL *s)
*/
if (dtls_get_reassembled_message(s, &errtype, &len)) {
/* The call succeeded! This should never happen */
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS_WAIT_FOR_DRY,
SSL_R_UNEXPECTED_MESSAGE);
SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
return WORK_ERROR;
}
......@@ -968,8 +955,7 @@ WORK_STATE dtls_wait_for_dry(SSL *s)
int dtls1_read_failed(SSL *s, int code)
{
if (code > 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_DTLS1_READ_FAILED, ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
......@@ -1115,8 +1101,7 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
item = pqueue_find(s->d1->sent_messages, seq64be);
if (item == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_RETRANSMIT_MESSAGE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
*found = 0;
return 0;
}
......
ssl/statem/statem_lib.c
浏览文件 @ c48ffbcc
此差异已折叠。
ssl/statem/statem_srvr.c
浏览文件 @ c48ffbcc
此差异已折叠。
ssl/t1_enc.c
浏览文件 @ c48ffbcc
......@@ -40,8 +40,7 @@ static int tls1_PRF(SSL *s,
if (md == NULL) {
/* Should never happen */
if (fatal)
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
else
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
......@@ -78,8 +77,7 @@ static int tls1_PRF(SSL *s,
err:
if (fatal)
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
else
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
EVP_KDF_CTX_free(kctx);
......@@ -167,8 +165,7 @@ int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx,
*pprm = OSSL_PARAM_construct_end();
if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
......@@ -240,8 +237,7 @@ int tls1_change_cipher_state(SSL *s, int which)
if (s->enc_read_ctx != NULL) {
reuse_dd = 1;
} else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
} else {
/*
......@@ -252,8 +248,7 @@ int tls1_change_cipher_state(SSL *s, int which)
dd = s->enc_read_ctx;
mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
if (mac_ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
#ifndef OPENSSL_NO_COMP
......@@ -263,7 +258,6 @@ int tls1_change_cipher_state(SSL *s, int which)
s->expand = COMP_CTX_new(comp->method);
if (s->expand == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS1_CHANGE_CIPHER_STATE,
SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err;
}
......@@ -295,26 +289,21 @@ int tls1_change_cipher_state(SSL *s, int which)
if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) {
reuse_dd = 1;
} else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
dd = s->enc_write_ctx;
if (SSL_IS_DTLS(s)) {
mac_ctx = EVP_MD_CTX_new();
if (mac_ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
s->write_hash = mac_ctx;
} else {
mac_ctx = ssl_replace_hash(&s->write_hash, NULL);
if (mac_ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
}
......@@ -325,8 +314,7 @@ int tls1_change_cipher_state(SSL *s, int which)
s->compress = COMP_CTX_new(comp->method);
if (s->compress == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS1_CHANGE_CIPHER_STATE,
SSL_R_COMPRESSION_LIBRARY_ERROR);
SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err;
}
}
......@@ -369,8 +357,7 @@ int tls1_change_cipher_state(SSL *s, int which)
}
if (n > s->s3.tmp.key_block_length) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -394,8 +381,7 @@ int tls1_change_cipher_state(SSL *s, int which)
|| EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_name(m),
s->ctx->libctx, s->ctx->propq, mac_key) <= 0) {
EVP_PKEY_free(mac_key);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
EVP_PKEY_free(mac_key);
......@@ -410,8 +396,7 @@ int tls1_change_cipher_state(SSL *s, int which)
if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k,
iv)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
} else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) {
......@@ -426,14 +411,12 @@ int tls1_change_cipher_state(SSL *s, int which)
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv)
|| !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
} else {
if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
}
......@@ -441,8 +424,7 @@ int tls1_change_cipher_state(SSL *s, int which)
if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size
&& !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
(int)*mac_secret_size, mac_secret)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
if (EVP_CIPHER_provider(c) != NULL
......@@ -473,8 +455,7 @@ int tls1_change_cipher_state(SSL *s, int which)
bio = s->rbio;
if (!ossl_assert(bio != NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -487,8 +468,7 @@ int tls1_change_cipher_state(SSL *s, int which)
/* ktls doesn't support renegotiation */
if ((BIO_get_ktls_send(s->wbio) && (which & SSL3_CC_WRITE)) ||
(BIO_get_ktls_recv(s->rbio) && (which & SSL3_CC_READ))) {
SSLfatal(s, SSL_AD_NO_RENEGOTIATION, SSL_F_TLS1_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_NO_RENEGOTIATION, ERR_R_INTERNAL_ERROR);
goto err;
}
......@@ -559,8 +539,7 @@ int tls1_setup_key_block(SSL *s)
if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, &mac_type,
&mac_secret_size, &comp, s->ext.use_etm)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_SETUP_KEY_BLOCK,
SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return 0;
}
......@@ -576,8 +555,7 @@ int tls1_setup_key_block(SSL *s)
ssl3_cleanup_key_block(s);
if ((p = OPENSSL_malloc(num)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_SETUP_KEY_BLOCK,
ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
......
ssl/t1_lib.c
浏览文件 @ c48ffbcc
此差异已折叠。
ssl/tls13_enc.c
浏览文件 @ c48ffbcc
此差异已折叠。
ssl/tls_srp.c
浏览文件 @ c48ffbcc
......@@ -264,8 +264,7 @@ int srp_generate_server_master_secret(SSL *s)
tmp_len = BN_num_bytes(K);
if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
BN_bn2bin(K, tmp);
......@@ -293,16 +292,13 @@ int srp_generate_client_master_secret(SSL *s)
s->ctx->libctx, s->ctx->propq))
== NULL
|| s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s,
s->srp_ctx.SRP_cb_arg))
== NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET,
SSL_R_CALLBACK_FAILED);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED);
goto err;
}
if ((x = SRP_Calc_x_ex(s->srp_ctx.s, s->srp_ctx.login, passwd,
......@@ -312,15 +308,13 @@ int srp_generate_client_master_secret(SSL *s)
s->srp_ctx.a, u,
s->ctx->libctx,
s->ctx->propq)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
tmp_len = BN_num_bytes(K);
if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
BN_bn2bin(K, tmp);
......@@ -344,26 +338,22 @@ int srp_verify_server_param(SSL *s)
*/
if (BN_ucmp(srp->g, srp->N) >= 0 || BN_ucmp(srp->B, srp->N) >= 0
|| BN_is_zero(srp->B)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SRP_VERIFY_SERVER_PARAM,
SSL_R_BAD_DATA);
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_DATA);
return 0;
}
if (BN_num_bits(srp->N) < srp->strength) {
SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM,
SSL_R_INSUFFICIENT_SECURITY);
SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_R_INSUFFICIENT_SECURITY);
return 0;
}
if (srp->SRP_verify_param_callback) {
if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0) {
SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY,
SSL_F_SRP_VERIFY_SERVER_PARAM,
SSL_R_CALLBACK_FAILED);
SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_R_CALLBACK_FAILED);
return 0;
}
} else if (!SRP_check_known_gN_param(srp->g, srp->N)) {
SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM,
SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY,
SSL_R_INSUFFICIENT_SECURITY);
return 0;
}
......
test/tls13secretstest.c
浏览文件 @ c48ffbcc
......@@ -198,8 +198,7 @@ const EVP_MD *ssl_md(SSL_CTX *ctx, int idx)
return EVP_sha256();
}
void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
int line)
void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...)
{
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册