Clean away extraneous library specific FETCH_FAILED reason codes

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13467)
author: Richard Levitte <levitte@openssl.org> 2020-11-20 23:07:56 +0100
committer: Richard Levitte <levitte@openssl.org> 2021-01-12 19:02:11 +0100
commit: 5a2d0ef36f4c130758a9d5e84f93004458e3ce60 (patch)
tree: b7030edbc51adfd768bcada35e6023fb347d268d /ssl
parent: d6d42cda5fbc05aeaadf8c760db60e9089e3609b (diff)
8 files changed, 27 insertions, 19 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index f1fb9dd987..02b0291dfa 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -251,7 +251,8 @@ int ssl3_setup_key_block(SSL *s)
 
     if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp,
                             0)) {
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        /* Error is already recorded */
+        SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
         return 0;
     }
 
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 39db31bee6..8aeef5ffb3 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -15,8 +15,6 @@
 #ifndef OPENSSL_NO_ERR
 
 static const ERR_STRING_DATA SSL_str_reasons[] = {
-    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ALGORITHM_FETCH_FAILED),
-    "algorithm fetch failed"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY),
     "application data after close notify"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE),
@@ -90,8 +88,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     "ciphersuite digest has changed"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH),
     "cipher code wrong length"},
-    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_OR_HASH_UNAVAILABLE),
-    "cipher or hash unavailable"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSED_LENGTH_TOO_LONG),
     "compressed length too long"},
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 009f370f97..a70f8bc53c 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -111,6 +111,18 @@ void ossl_statem_set_renegotiate(SSL *s)
     s->statem.request_state = TLS_ST_SW_HELLO_REQ;
 }
 
+void ossl_statem_send_fatal(SSL *s, int al)
+{
+    /* We shouldn't call SSLfatal() twice. Once is enough */
+    if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
+      return;
+    s->statem.in_init = 1;
+    s->statem.state = MSG_FLOW_ERROR;
+    if (al != SSL_AD_NO_ALERT
+            && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+}
+
 /*
  * Error reporting building block that's used instead of ERR_set_error().
  * In addition to what ERR_set_error() does, this puts the state machine
@@ -125,14 +137,7 @@ void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...)
     ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
     va_end(args);
 
-    /* We shouldn't call SSLfatal() twice. Once is enough */
-    if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
-      return;
-    s->statem.in_init = 1;
-    s->statem.state = MSG_FLOW_ERROR;
-    if (al != SSL_AD_NO_ALERT
-            && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    ossl_statem_send_fatal(s, al);
 }
 
 /*
diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
index 72d10dffcf..d435cfe704 100644
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@@ -132,8 +132,10 @@ __owur int ossl_statem_accept(SSL *s);
 __owur int ossl_statem_connect(SSL *s);
 void ossl_statem_clear(SSL *s);
 void ossl_statem_set_renegotiate(SSL *s);
+void ossl_statem_send_fatal(SSL *s, int al);
 void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...);
 # define SSL_AD_NO_ALERT    -1
+# define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al))
 # define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL)
 # define SSLfatal_data                                          \
     (ERR_new(),                                                 \
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 875ea59589..045db8265e 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2557,7 +2557,8 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
      */
     sha256 = EVP_MD_fetch(s->ctx->libctx, "SHA2-256", s->ctx->propq);
     if (sha256 == NULL) {
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_ALGORITHM_FETCH_FAILED);
+        /* Error is already recorded */
+        SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
         goto err;
     }
     /*
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index cc09a23960..597456ae83 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3776,7 +3776,8 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
                                               s->ctx->propq);
 
         if (cipher == NULL) {
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_ALGORITHM_FETCH_FAILED);
+            /* Error is already recorded */
+            SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
             goto err;
         }
 
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 8a403a1e14..b02961e0eb 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -539,7 +539,8 @@ int tls1_setup_key_block(SSL *s)
 
     if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, &mac_type,
                             &mac_secret_size, &comp, s->ext.use_etm)) {
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        /* Error is already recorded */
+        SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
         return 0;
     }
 
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index c53d374b69..62adddea26 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -383,7 +383,8 @@ int tls13_setup_key_block(SSL *s)
     s->session->cipher = s->s3.tmp.new_cipher;
     if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, NULL,
                             0)) {
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        /* Error is already recorded */
+        SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
         return 0;
     }
 
@@ -595,8 +596,8 @@ int tls13_change_cipher_state(SSL *s, int which)
              * it again
              */
             if (!ssl_cipher_get_evp_cipher(s->ctx, sslcipher, &cipher)) {
-                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
-                         SSL_R_ALGORITHM_FETCH_FAILED);
+                /* Error is already recorded */
+                SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
                 EVP_MD_CTX_free(mdctx);
                 goto err;
             }
author	Richard Levitte <levitte@openssl.org>	2020-11-20 23:07:56 +0100
committer	Richard Levitte <levitte@openssl.org>	2021-01-12 19:02:11 +0100
commit	5a2d0ef36f4c130758a9d5e84f93004458e3ce60 (patch)
tree	b7030edbc51adfd768bcada35e6023fb347d268d /ssl
parent	d6d42cda5fbc05aeaadf8c760db60e9089e3609b (diff)