提交 4752c5de 编写于 作者: M Matt Caswell

Replace some usage of SSLerr with SSLfatal()

This is an initial step towards using SSLfatal() everywhere. Initially in
this commit and in subsequent commits we focus on the state machine code.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4778)
上级 1f359471
...@@ -298,7 +298,8 @@ int ssl3_init_finished_mac(SSL *s) ...@@ -298,7 +298,8 @@ int ssl3_init_finished_mac(SSL *s)
BIO *buf = BIO_new(BIO_s_mem()); BIO *buf = BIO_new(BIO_s_mem());
if (buf == NULL) { if (buf == NULL) {
SSLerr(SSL_F_SSL3_INIT_FINISHED_MAC, ERR_R_MALLOC_FAILURE); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC,
ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
ssl3_free_digest_list(s); ssl3_free_digest_list(s);
......
...@@ -86,8 +86,8 @@ int tls_setup_handshake(SSL *s) ...@@ -86,8 +86,8 @@ int tls_setup_handshake(SSL *s)
* ClientHello. * ClientHello.
*/ */
if (ssl_get_min_max_version(s, &ver_min, &ver_max) != 0) { if (ssl_get_min_max_version(s, &ver_min, &ver_max) != 0) {
SSLerr(SSL_F_TLS_SETUP_HANDSHAKE, ERR_R_INTERNAL_ERROR); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_SETUP_HANDSHAKE,
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
...@@ -104,10 +104,10 @@ int tls_setup_handshake(SSL *s) ...@@ -104,10 +104,10 @@ int tls_setup_handshake(SSL *s)
break; break;
} }
if (!ok) { if (!ok) {
SSLerr(SSL_F_TLS_SETUP_HANDSHAKE, SSL_R_NO_CIPHERS_AVAILABLE); SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_SETUP_HANDSHAKE,
SSL_R_NO_CIPHERS_AVAILABLE);
ERR_add_error_data(1, "No ciphers enabled for max supported " ERR_add_error_data(1, "No ciphers enabled for max supported "
"SSL/TLS version"); "SSL/TLS version");
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return 0; return 0;
} }
if (SSL_IS_FIRST_HANDSHAKE(s)) { if (SSL_IS_FIRST_HANDSHAKE(s)) {
...@@ -125,9 +125,8 @@ int tls_setup_handshake(SSL *s) ...@@ -125,9 +125,8 @@ int tls_setup_handshake(SSL *s)
* Server attempting to renegotiate with client that doesn't * Server attempting to renegotiate with client that doesn't
* support secure renegotiation. * support secure renegotiation.
*/ */
SSLerr(SSL_F_TLS_SETUP_HANDSHAKE, SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_SETUP_HANDSHAKE,
SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return 0; return 0;
} else { } else {
/* N.B. s->ctx may not equal s->session_ctx */ /* N.B. s->ctx may not equal s->session_ctx */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册