diff options
author | Richard Levitte <levitte@openssl.org> | 2020-11-04 14:39:57 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-11-11 12:12:23 +0100 |
commit | c48ffbcca1d0213c6bcbe85de7bb5dd23c76438d (patch) | |
tree | bcc8cd093087c7c10c681f343e4b072588430416 /ssl/s3_enc.c | |
parent | e92519b5a6ad5fa1ca36316dd9256e65dcb2c6db (diff) |
SSL: refactor all SSLfatal() calls
Since SSLfatal() doesn't take a function code any more, we drop that
argument everywhere. Also, we convert all combinations of SSLfatal()
and ERR_add_data() to an SSLfatal_data() call.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)
Diffstat (limited to 'ssl/s3_enc.c')
-rw-r--r-- | ssl/s3_enc.c | 91 |
1 files changed, 30 insertions, 61 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index bd90e059b5..f1fb9dd987 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -34,16 +34,14 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) m5 = EVP_MD_CTX_new(); s1 = EVP_MD_CTX_new(); if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, - ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; } for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { k++; if (k > sizeof(buf)) { /* bug: 'buf' is too small for this ciphersuite */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -60,21 +58,18 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) || !EVP_DigestUpdate(m5, s->session->master_key, s->session->master_key_length) || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } if ((int)(i + MD5_DIGEST_LENGTH) > num) { if (!EVP_DigestFinal_ex(m5, smd, NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } memcpy(km, smd, (num - i)); } else { if (!EVP_DigestFinal_ex(m5, km, NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } } @@ -109,8 +104,7 @@ int ssl3_change_cipher_state(SSL *s, int which) m = s->s3.tmp.new_hash; /* m == NULL will lead to a crash later */ if (!ossl_assert(m != NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } #ifndef OPENSSL_NO_COMP @@ -124,8 +118,7 @@ int ssl3_change_cipher_state(SSL *s, int which) if (s->enc_read_ctx != NULL) { reuse_dd = 1; } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, - ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; } else { /* @@ -136,8 +129,7 @@ int ssl3_change_cipher_state(SSL *s, int which) dd = s->enc_read_ctx; if (ssl_replace_hash(&s->read_hash, m) == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } #ifndef OPENSSL_NO_COMP @@ -148,7 +140,6 @@ int ssl3_change_cipher_state(SSL *s, int which) s->expand = COMP_CTX_new(comp); if (s->expand == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_SSL3_CHANGE_CIPHER_STATE, SSL_R_COMPRESSION_LIBRARY_ERROR); goto err; } @@ -161,8 +152,7 @@ int ssl3_change_cipher_state(SSL *s, int which) if (s->enc_write_ctx != NULL) { reuse_dd = 1; } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, - ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; } else { /* @@ -172,8 +162,7 @@ int ssl3_change_cipher_state(SSL *s, int which) } dd = s->enc_write_ctx; if (ssl_replace_hash(&s->write_hash, m) == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, - ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; } #ifndef OPENSSL_NO_COMP @@ -184,7 +173,6 @@ int ssl3_change_cipher_state(SSL *s, int which) s->compress = COMP_CTX_new(comp); if (s->compress == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_SSL3_CHANGE_CIPHER_STATE, SSL_R_COMPRESSION_LIBRARY_ERROR); goto err; } @@ -200,8 +188,7 @@ int ssl3_change_cipher_state(SSL *s, int which) p = s->s3.tmp.key_block; mdi = EVP_MD_size(m); if (mdi < 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } i = mdi; @@ -227,16 +214,14 @@ int ssl3_change_cipher_state(SSL *s, int which) } if (n > s->s3.tmp.key_block_length) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } memcpy(mac_secret, ms, i); if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -266,8 +251,7 @@ int ssl3_setup_key_block(SSL *s) if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp, 0)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, - SSL_R_CIPHER_OR_HASH_UNAVAILABLE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return 0; } @@ -291,8 +275,7 @@ int ssl3_setup_key_block(SSL *s) ssl3_cleanup_key_block(s); if ((p = OPENSSL_malloc(num)) == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, - ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); return 0; } @@ -335,8 +318,7 @@ int ssl3_init_finished_mac(SSL *s) BIO *buf = BIO_new(BIO_s_mem()); if (buf == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC, - ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); return 0; } ssl3_free_digest_list(s); @@ -365,21 +347,18 @@ int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) if (s->s3.handshake_dgst == NULL) { /* Note: this writes to a memory BIO so a failure is a fatal error */ if (len > INT_MAX) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, - SSL_R_OVERFLOW_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_OVERFLOW_ERROR); return 0; } ret = BIO_write(s->s3.handshake_buffer, (void *)buf, (int)len); if (ret <= 0 || ret != (int)len) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } } else { ret = EVP_DigestUpdate(s->s3.handshake_dgst, buf, len); if (!ret) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } } @@ -395,28 +374,25 @@ int ssl3_digest_cached_records(SSL *s, int keep) if (s->s3.handshake_dgst == NULL) { hdatalen = BIO_get_mem_data(s->s3.handshake_buffer, &hdata); if (hdatalen <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, - SSL_R_BAD_HANDSHAKE_LENGTH); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH); return 0; } s->s3.handshake_dgst = EVP_MD_CTX_new(); if (s->s3.handshake_dgst == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, - ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); return 0; } md = ssl_handshake_md(s); if (md == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); return 0; } if (!EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL) || !EVP_DigestUpdate(s->s3.handshake_dgst, hdata, hdatalen)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } } @@ -450,28 +426,24 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, } if (EVP_MD_CTX_type(s->s3.handshake_dgst) != NID_md5_sha1) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, - SSL_R_NO_REQUIRED_DIGEST); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_REQUIRED_DIGEST); return 0; } ctx = EVP_MD_CTX_new(); if (ctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, - ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); return 0; } if (!EVP_MD_CTX_copy_ex(ctx, s->s3.handshake_dgst)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); ret = 0; goto err; } ret = EVP_MD_CTX_size(ctx); if (ret < 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); ret = 0; goto err; } @@ -484,8 +456,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, if (EVP_DigestUpdate(ctx, sender, len) <= 0 || EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0 || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); ret = 0; } } @@ -517,8 +488,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, size_t ret_secret_size = 0; if (ctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET, - ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); return 0; } for (i = 0; i < 3; i++) { @@ -536,8 +506,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, || EVP_DigestUpdate(ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, buf, n) <= 0 || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); ret = 0; break; } |