diff options
author | Richard Levitte <levitte@openssl.org> | 2020-11-20 23:07:56 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2021-01-12 19:02:11 +0100 |
commit | 5a2d0ef36f4c130758a9d5e84f93004458e3ce60 (patch) | |
tree | b7030edbc51adfd768bcada35e6023fb347d268d /ssl | |
parent | d6d42cda5fbc05aeaadf8c760db60e9089e3609b (diff) |
Clean away extraneous library specific FETCH_FAILED reason codes
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13467)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_enc.c | 3 | ||||
-rw-r--r-- | ssl/ssl_err.c | 4 | ||||
-rw-r--r-- | ssl/statem/statem.c | 21 | ||||
-rw-r--r-- | ssl/statem/statem.h | 2 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 3 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 3 | ||||
-rw-r--r-- | ssl/t1_enc.c | 3 | ||||
-rw-r--r-- | ssl/tls13_enc.c | 7 |
8 files changed, 27 insertions, 19 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index f1fb9dd987..02b0291dfa 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -251,7 +251,8 @@ int ssl3_setup_key_block(SSL *s) if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp, 0)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); + /* Error is already recorded */ + SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); return 0; } diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 39db31bee6..8aeef5ffb3 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -15,8 +15,6 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA SSL_str_reasons[] = { - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ALGORITHM_FETCH_FAILED), - "algorithm fetch failed"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY), "application data after close notify"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE), @@ -90,8 +88,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "ciphersuite digest has changed"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_OR_HASH_UNAVAILABLE), - "cipher or hash unavailable"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSED_LENGTH_TOO_LONG), "compressed length too long"}, diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 009f370f97..a70f8bc53c 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -111,6 +111,18 @@ void ossl_statem_set_renegotiate(SSL *s) s->statem.request_state = TLS_ST_SW_HELLO_REQ; } +void ossl_statem_send_fatal(SSL *s, int al) +{ + /* We shouldn't call SSLfatal() twice. Once is enough */ + if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) + return; + s->statem.in_init = 1; + s->statem.state = MSG_FLOW_ERROR; + if (al != SSL_AD_NO_ALERT + && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID) + ssl3_send_alert(s, SSL3_AL_FATAL, al); +} + /* * Error reporting building block that's used instead of ERR_set_error(). * In addition to what ERR_set_error() does, this puts the state machine @@ -125,14 +137,7 @@ void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...) ERR_vset_error(ERR_LIB_SSL, reason, fmt, args); va_end(args); - /* We shouldn't call SSLfatal() twice. Once is enough */ - if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) - return; - s->statem.in_init = 1; - s->statem.state = MSG_FLOW_ERROR; - if (al != SSL_AD_NO_ALERT - && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID) - ssl3_send_alert(s, SSL3_AL_FATAL, al); + ossl_statem_send_fatal(s, al); } /* diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h index 72d10dffcf..d435cfe704 100644 --- a/ssl/statem/statem.h +++ b/ssl/statem/statem.h @@ -132,8 +132,10 @@ __owur int ossl_statem_accept(SSL *s); __owur int ossl_statem_connect(SSL *s); void ossl_statem_clear(SSL *s); void ossl_statem_set_renegotiate(SSL *s); +void ossl_statem_send_fatal(SSL *s, int al); void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...); # define SSL_AD_NO_ALERT -1 +# define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al)) # define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL) # define SSLfatal_data \ (ERR_new(), \ diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 875ea59589..045db8265e 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2557,7 +2557,8 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) */ sha256 = EVP_MD_fetch(s->ctx->libctx, "SHA2-256", s->ctx->propq); if (sha256 == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_ALGORITHM_FETCH_FAILED); + /* Error is already recorded */ + SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); goto err; } /* diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index cc09a23960..597456ae83 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3776,7 +3776,8 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, s->ctx->propq); if (cipher == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_ALGORITHM_FETCH_FAILED); + /* Error is already recorded */ + SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); goto err; } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 8a403a1e14..b02961e0eb 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -539,7 +539,8 @@ int tls1_setup_key_block(SSL *s) if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, &mac_type, &mac_secret_size, &comp, s->ext.use_etm)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); + /* Error is already recorded */ + SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); return 0; } diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index c53d374b69..62adddea26 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -383,7 +383,8 @@ int tls13_setup_key_block(SSL *s) s->session->cipher = s->s3.tmp.new_cipher; if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, NULL, 0)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); + /* Error is already recorded */ + SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); return 0; } @@ -595,8 +596,8 @@ int tls13_change_cipher_state(SSL *s, int which) * it again */ if (!ssl_cipher_get_evp_cipher(s->ctx, sslcipher, &cipher)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_R_ALGORITHM_FETCH_FAILED); + /* Error is already recorded */ + SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); EVP_MD_CTX_free(mdctx); goto err; } |