summaryrefslogtreecommitdiffstats
path: root/ssl/tls13_enc.c
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2020-11-04 14:39:57 +0100
committerRichard Levitte <levitte@openssl.org>2020-11-11 12:12:23 +0100
commitc48ffbcca1d0213c6bcbe85de7bb5dd23c76438d (patch)
treebcc8cd093087c7c10c681f343e4b072588430416 /ssl/tls13_enc.c
parente92519b5a6ad5fa1ca36316dd9256e65dcb2c6db (diff)
SSL: refactor all SSLfatal() calls
Since SSLfatal() doesn't take a function code any more, we drop that argument everywhere. Also, we convert all combinations of SSLfatal() and ERR_add_data() to an SSLfatal_data() call. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13316)
Diffstat (limited to 'ssl/tls13_enc.c')
-rw-r--r--ssl/tls13_enc.c69
1 files changed, 22 insertions, 47 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 628ec63efe..c53d374b69 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -64,8 +64,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
if (labellen > TLS13_MAX_LABEL_LEN) {
if (fatal) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
} else {
/*
* Probably we have been called from SSL_export_keying_material(),
@@ -91,8 +90,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
EVP_KDF_CTX_free(kctx);
WPACKET_cleanup(&pkt);
if (fatal)
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
else
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
@@ -114,8 +112,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
if (ret != 0) {
if (fatal)
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
else
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
}
@@ -201,16 +198,14 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);
if (kctx == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
mdleni = EVP_MD_size(md);
/* Ensure cast to size_t is safe */
if (!ossl_assert(mdleni >= 0)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
EVP_KDF_CTX_free(kctx);
return 0;
}
@@ -231,8 +226,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
if (mctx == NULL
|| EVP_DigestInit_ex(mctx, md, NULL) <= 0
|| EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
EVP_MD_CTX_free(mctx);
EVP_KDF_CTX_free(kctx);
return 0;
@@ -268,8 +262,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
|| EVP_KDF_derive(kctx, outsecret, mdlen) <= 0;
if (ret != 0)
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
EVP_KDF_CTX_free(kctx);
if (prevsecret == preextractsec)
@@ -323,8 +316,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
OSSL_PARAM params[4], *p = params;
if (hmac == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_FINAL_FINISH_MAC,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -367,8 +359,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
|| !EVP_MAC_update(ctx, hash, hashlen)
/* outsize as per sizeof(peer_finish_md) */
|| !EVP_MAC_final(ctx, out, &hashlen, EVP_MAX_MD_SIZE * 2)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_FINAL_FINISH_MAC,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -392,8 +383,7 @@ int tls13_setup_key_block(SSL *s)
s->session->cipher = s->s3.tmp.new_cipher;
if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, NULL,
0)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SETUP_KEY_BLOCK,
- SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
return 0;
}
@@ -420,8 +410,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
/* Ensure cast to size_t is safe */
if (!ossl_assert(hashleni >= 0)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
- ERR_R_EVP_LIB);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
return 0;
}
hashlen = (size_t)hashleni;
@@ -447,8 +436,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
/* We must be doing early data with out-of-band PSK */
algenc = s->psksession->cipher->algorithm_enc;
} else {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
- ERR_R_EVP_LIB);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
return 0;
}
if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8))
@@ -471,8 +459,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
|| (taglen != 0 && !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG,
taglen, NULL))
|| EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
- ERR_R_EVP_LIB);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
return 0;
}
@@ -526,8 +513,7 @@ int tls13_change_cipher_state(SSL *s, int which)
} else {
s->enc_read_ctx = EVP_CIPHER_CTX_new();
if (s->enc_read_ctx == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
}
@@ -542,8 +528,7 @@ int tls13_change_cipher_state(SSL *s, int which)
} else {
s->enc_write_ctx = EVP_CIPHER_CTX_new();
if (s->enc_write_ctx == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
}
@@ -569,9 +554,7 @@ int tls13_change_cipher_state(SSL *s, int which)
handlen = BIO_get_mem_data(s->s3.handshake_buffer, &hdata);
if (handlen <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS13_CHANGE_CIPHER_STATE,
- SSL_R_BAD_HANDSHAKE_LENGTH);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH);
goto err;
}
@@ -586,16 +569,13 @@ int tls13_change_cipher_state(SSL *s, int which)
if (!ossl_assert(s->psksession != NULL
&& s->max_early_data ==
s->psksession->ext.max_early_data)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS13_CHANGE_CIPHER_STATE,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
sslcipher = SSL_SESSION_get0_cipher(s->psksession);
}
if (sslcipher == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS13_CHANGE_CIPHER_STATE, SSL_R_BAD_PSK);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_PSK);
goto err;
}
@@ -606,8 +586,7 @@ int tls13_change_cipher_state(SSL *s, int which)
*/
mdctx = EVP_MD_CTX_new();
if (mdctx == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -617,7 +596,6 @@ int tls13_change_cipher_state(SSL *s, int which)
*/
if (!ssl_cipher_get_evp_cipher(s->ctx, sslcipher, &cipher)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS13_CHANGE_CIPHER_STATE,
SSL_R_ALGORITHM_FETCH_FAILED);
EVP_MD_CTX_free(mdctx);
goto err;
@@ -627,8 +605,7 @@ int tls13_change_cipher_state(SSL *s, int which)
if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL)
|| !EVP_DigestUpdate(mdctx, hdata, handlen)
|| !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
EVP_MD_CTX_free(mdctx);
goto err;
}
@@ -641,8 +618,7 @@ int tls13_change_cipher_state(SSL *s, int which)
hashval, hashlen,
s->early_exporter_master_secret, hashlen,
1)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -801,8 +777,7 @@ int tls13_change_cipher_state(SSL *s, int which)
bio = s->wbio;
if (!ossl_assert(bio != NULL)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_CHANGE_CIPHER_STATE,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-19 12:43:36 +0000