Convert the state machine code to use SSLfatal()

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4778)

1 files changed, 77 insertions, 43 deletions

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index f080f8a64e..c160533ac4 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -96,8 +96,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
     m = s->s3->tmp.new_hash;
     /* m == NULL will lead to a crash later */
     if (!ossl_assert(m != NULL)) {
-        SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-        goto err2;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
     }
 #ifndef OPENSSL_NO_COMP
     if (s->s3->tmp.new_compression == NULL)
@@ -107,20 +108,24 @@ int ssl3_change_cipher_state(SSL *s, int which)
 #endif
 
     if (which & SSL3_CC_READ) {
-        if (s->enc_read_ctx != NULL)
+        if (s->enc_read_ctx != NULL) {
             reuse_dd = 1;
-        else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL)
+        } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
             goto err;
-        else
+        } else {
             /*
              * make sure it's initialised in case we exit later with an error
              */
             EVP_CIPHER_CTX_reset(s->enc_read_ctx);
+        }
         dd = s->enc_read_ctx;
 
         if (ssl_replace_hash(&s->read_hash, m) == NULL) {
-            SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-            goto err2;
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
         }
 #ifndef OPENSSL_NO_COMP
         /* COMPRESS */
@@ -129,28 +134,33 @@ int ssl3_change_cipher_state(SSL *s, int which)
         if (comp != NULL) {
             s->expand = COMP_CTX_new(comp);
             if (s->expand == NULL) {
-                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
-                       SSL_R_COMPRESSION_LIBRARY_ERROR);
-                goto err2;
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                        SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err;
             }
         }
 #endif
         RECORD_LAYER_reset_read_sequence(&s->rlayer);
         mac_secret = &(s->s3->read_mac_secret[0]);
     } else {
-        if (s->enc_write_ctx != NULL)
+        if (s->enc_write_ctx != NULL) {
             reuse_dd = 1;
-        else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL)
+        } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
             goto err;
-        else
+        } else {
             /*
              * make sure it's initialised in case we exit later with an error
              */
             EVP_CIPHER_CTX_reset(s->enc_write_ctx);
+        }
         dd = s->enc_write_ctx;
         if (ssl_replace_hash(&s->write_hash, m) == NULL) {
-            SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-            goto err2;
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
         }
 #ifndef OPENSSL_NO_COMP
         /* COMPRESS */
@@ -159,9 +169,10 @@ int ssl3_change_cipher_state(SSL *s, int which)
         if (comp != NULL) {
             s->compress = COMP_CTX_new(comp);
             if (s->compress == NULL) {
-                SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
-                       SSL_R_COMPRESSION_LIBRARY_ERROR);
-                goto err2;
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                         SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err;
             }
         }
 #endif
@@ -174,8 +185,11 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
     p = s->s3->tmp.key_block;
     mdi = EVP_MD_size(m);
-    if (mdi < 0)
-        goto err2;
+    if (mdi < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
     i = mdi;
     cl = EVP_CIPHER_key_length(c);
     j = cl;
@@ -199,21 +213,23 @@ int ssl3_change_cipher_state(SSL *s, int which)
     }
 
     if (n > s->s3->tmp.key_block_length) {
-        SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-        goto err2;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
     }
 
     memcpy(mac_secret, ms, i);
 
-    if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)))
-        goto err2;
+    if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
 
     OPENSSL_cleanse(exp_key, sizeof(exp_key));
     OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
     return 1;
  err:
-    SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
- err2:
     OPENSSL_cleanse(exp_key, sizeof(exp_key));
     OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
     return 0;
@@ -232,7 +248,8 @@ int ssl3_setup_key_block(SSL *s)
         return 1;
 
     if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) {
-        SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
+                 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
         return 0;
     }
 
@@ -253,8 +270,11 @@ int ssl3_setup_key_block(SSL *s)
 
     ssl3_cleanup_key_block(s);
 
-    if ((p = OPENSSL_malloc(num)) == NULL)
-        goto err;
+    if ((p = OPENSSL_malloc(num)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
     s->s3->tmp.key_block_length = num;
     s->s3->tmp.key_block = p;
@@ -280,10 +300,6 @@ int ssl3_setup_key_block(SSL *s)
     }
 
     return ret;
-
- err:
-    SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
-    return 0;
 }
 
 void ssl3_cleanup_key_block(SSL *s)
@@ -323,16 +339,30 @@ void ssl3_free_digest_list(SSL *s)
 
 int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len)
 {
+    int ret;
+
     if (s->s3->handshake_dgst == NULL) {
-        int ret;
         /* Note: this writes to a memory BIO so a failure is a fatal error */
-        if (len > INT_MAX)
+        if (len > INT_MAX) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+                     SSL_R_OVERFLOW_ERROR);
             return 0;
+        }
         ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len);
-        return ret > 0 && ret == (int)len;
+        if (ret <= 0 || ret != (int)len) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
     } else {
-        return EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
+        ret = EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
+        if (!ret) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
     }
+    return 1;
 }
 
 int ssl3_digest_cached_records(SSL *s, int keep)
@@ -344,21 +374,23 @@ int ssl3_digest_cached_records(SSL *s, int keep)
     if (s->s3->handshake_dgst == NULL) {
         hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
         if (hdatalen <= 0) {
-            SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
-                   SSL_R_BAD_HANDSHAKE_LENGTH);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                     SSL_R_BAD_HANDSHAKE_LENGTH);
             return 0;
         }
 
         s->s3->handshake_dgst = EVP_MD_CTX_new();
         if (s->s3->handshake_dgst == NULL) {
-            SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                     ERR_R_MALLOC_FAILURE);
             return 0;
         }
 
         md = ssl_handshake_md(s);
         if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
             || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) {
-            SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                     ERR_R_INTERNAL_ERROR);
             return 0;
         }
     }
@@ -435,7 +467,8 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
     size_t ret_secret_size = 0;
 
     if (ctx == NULL) {
-        SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET,
+                 ERR_R_MALLOC_FAILURE);
         return 0;
     }
     for (i = 0; i < 3; i++) {
@@ -453,7 +486,8 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
             || EVP_DigestUpdate(ctx, p, len) <= 0
             || EVP_DigestUpdate(ctx, buf, n) <= 0
             || EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
-            SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
             ret = 0;
             break;
         }