diff options
| -rw-r--r-- | ssl/d1_lib.c | 3 | ||||
| -rw-r--r-- | ssl/record/rec_layer_d1.c | 64 | ||||
| -rw-r--r-- | ssl/record/rec_layer_s3.c | 135 | ||||
| -rw-r--r-- | ssl/record/ssl3_buffer.c | 6 | ||||
| -rw-r--r-- | ssl/record/ssl3_record.c | 156 | ||||
| -rw-r--r-- | ssl/record/ssl3_record_tls13.c | 27 | ||||
| -rw-r--r-- | ssl/s3_enc.c | 91 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 54 | ||||
| -rw-r--r-- | ssl/ssl_cert.c | 5 | ||||
| -rw-r--r-- | ssl/ssl_conf.c | 13 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 50 | ||||
| -rw-r--r-- | ssl/ssl_mcnf.c | 17 | ||||
| -rw-r--r-- | ssl/ssl_sess.c | 24 | ||||
| -rw-r--r-- | ssl/statem/extensions.c | 109 | ||||
| -rw-r--r-- | ssl/statem/extensions_clnt.c | 353 | ||||
| -rw-r--r-- | ssl/statem/extensions_cust.c | 13 | ||||
| -rw-r--r-- | ssl/statem/extensions_srvr.c | 377 | ||||
| -rw-r--r-- | ssl/statem/statem.c | 60 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 607 | ||||
| -rw-r--r-- | ssl/statem/statem_dtls.c | 39 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 249 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 581 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 60 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 43 | ||||
| -rw-r--r-- | ssl/tls13_enc.c | 69 | ||||
| -rw-r--r-- | ssl/tls_srp.c | 28 | ||||
| -rw-r--r-- | test/tls13secretstest.c | 3 |
27 files changed, 1055 insertions, 2181 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 75a251b303..5ecf1d19fa 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -378,8 +378,7 @@ int dtls1_check_timeout_num(SSL *s) if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { /* fail the connection, enough alerts have been sent */ - SSLfatal(s, SSL_AD_NO_ALERT, 0, - SSL_R_READ_TIMEOUT_EXPIRED); + SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_READ_TIMEOUT_EXPIRED); return -1; } diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index ca9029f071..53ac5eebbc 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -154,8 +154,7 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) if (rdata == NULL || item == NULL) { OPENSSL_free(rdata); pitem_free(item); - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -263,9 +262,7 @@ int dtls1_process_buffered_records(SSL *s) * current record is from a different epoch. But that cannot * be the case because we already checked the epoch above */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } #ifndef OPENSSL_NO_SCTP @@ -359,8 +356,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -489,7 +485,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_APP_DATA_IN_HANDSHAKE); return -1; } @@ -560,8 +556,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, || !PACKET_get_1(&alert, &alert_level) || !PACKET_get_1(&alert, &alert_descr) || PACKET_remaining(&alert) != 0) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, - SSL_R_INVALID_ALERT); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT); return -1; } @@ -585,7 +580,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rlayer.alert_count++; if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_TOO_MANY_WARN_ALERTS); return -1; } @@ -610,21 +605,17 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return 0; } } else if (alert_level == SSL3_AL_FATAL) { - char tmp[16]; - s->rwstate = SSL_NOTHING; s->s3.fatal_alert = alert_descr; - SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_READ_BYTES, - SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); - ERR_add_error_data(2, "SSL alert number ", tmp); + SSLfatal_data(s, SSL_AD_NO_ALERT, + SSL_AD_REASON_OFFSET + alert_descr, + "SSL alert number %d", alert_descr); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL3_RECORD_set_read(rr); SSL_CTX_remove_session(s->session_ctx, s->session); return 0; } else { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_READ_BYTES, - SSL_R_UNKNOWN_ALERT_TYPE); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE); return -1; } @@ -708,8 +699,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * finished */ if (!ossl_assert(SSL_is_init_finished(s))) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -745,8 +735,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, switch (SSL3_RECORD_get_type(rr)) { default: - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, - SSL_R_UNEXPECTED_RECORD); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD); return -1; case SSL3_RT_CHANGE_CIPHER_SPEC: case SSL3_RT_ALERT: @@ -756,8 +745,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but * that should not happen when type != rr->type */ - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, ERR_R_INTERNAL_ERROR); return -1; case SSL3_RT_APPLICATION_DATA: /* @@ -773,8 +761,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->s3.in_read_app_data = 2; return -1; } else { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, - SSL_R_UNEXPECTED_RECORD); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD); return -1; } } @@ -791,8 +778,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, int i; if (!ossl_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_WRITE_BYTES, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } s->rwstate = SSL_NOTHING; @@ -818,8 +804,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * will happen with non blocking IO */ if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -835,8 +820,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, return 0; if (len > ssl_get_max_send_fragment(s)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, - SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); return 0; } @@ -851,7 +835,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, else { mac_size = EVP_MD_CTX_size(s->write_hash); if (mac_size < 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); return -1; } @@ -911,8 +895,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, /* first we compress */ if (s->compress != NULL) { if (!ssl3_do_compress(s, &wr)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, - SSL_R_COMPRESSION_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COMPRESSION_FAILURE); return -1; } } else { @@ -931,8 +914,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (!s->method->ssl3_enc->mac(s, &wr, &(p[SSL3_RECORD_get_length(&wr) + eivlen]), 1)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } SSL3_RECORD_add_length(&wr, mac_size); @@ -947,8 +929,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (s->method->ssl3_enc->enc(s, &wr, 1, 1, NULL, mac_size) < 1) { if (!ossl_statem_in_error(s)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); } return -1; } @@ -956,8 +937,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (SSL_WRITE_ETM(s) && mac_size != 0) { if (!s->method->ssl3_enc->mac(s, &wr, &(p[SSL3_RECORD_get_length(&wr)]), 1)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } SSL3_RECORD_add_length(&wr, mac_size); diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 19483ef8c3..0d9228c670 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -263,8 +263,7 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, if (n > rb->len - rb->offset) { /* does not happen */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -307,13 +306,12 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, SSL_set_shutdown(s, SSL_RECEIVED_SHUTDOWN); s->s3.warn_alert = SSL_AD_CLOSE_NOTIFY; } else { - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N, + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_UNEXPECTED_EOF_WHILE_READING); } } } else { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N, - SSL_R_READ_BIO_NOT_SET); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_READ_BIO_NOT_SET); ret = -1; } @@ -375,8 +373,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, */ if ((len < s->rlayer.wnum) || ((wb->left != 0) && (len < (s->rlayer.wnum + s->rlayer.wpend_tot)))) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES, - SSL_R_BAD_LENGTH); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_LENGTH); return -1; } @@ -584,8 +581,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, * We should have prevented this when we set max_pipelines so we * shouldn't get here */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } if (maxpipes == 0 @@ -600,8 +596,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, * We should have prevented this when we set/get the split and max send * fragments so we shouldn't get here */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -726,8 +721,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* TODO(siz_t): Convert me */ mac_size = EVP_MD_CTX_size(s->write_hash); if (mac_size < 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } } @@ -760,8 +754,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (prefix_len > (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { /* insufficient space */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } } @@ -797,8 +790,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (!WPACKET_init_static_len(&pkt[0], SSL3_BUFFER_get_buf(wb), SSL3_BUFFER_get_len(wb), 0) || !WPACKET_allocate_bytes(&pkt[0], align, NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } wpinited = 1; @@ -809,8 +801,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, SSL3_BUFFER_get_len(wb), 0) || !WPACKET_allocate_bytes(&pkt[0], SSL3_BUFFER_get_offset(wb) + prefix_len, NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } wpinited = 1; @@ -827,8 +818,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (!WPACKET_init_static_len(thispkt, SSL3_BUFFER_get_buf(wb), SSL3_BUFFER_get_len(wb), 0) || !WPACKET_allocate_bytes(thispkt, align, NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } wpinited++; @@ -907,8 +897,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, || (maxcomplen > 0 && !WPACKET_reserve_bytes(thispkt, maxcomplen, &compressdata)))) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -927,8 +916,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (s->compress != NULL) { if (!ssl3_do_compress(s, thiswr) || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - SSL_R_COMPRESSION_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COMPRESSION_FAILURE); goto err; } } else { @@ -936,8 +924,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, SSL3_RECORD_reset_data(&wr[j]); } else { if (!WPACKET_memcpy(thispkt, thiswr->input, thiswr->length)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } SSL3_RECORD_reset_input(&wr[j]); @@ -952,8 +939,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, size_t rlen, max_send_fragment; if (!WPACKET_put_bytes_u8(thispkt, type)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } SSL3_RECORD_add_length(thiswr, 1); @@ -986,7 +972,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (padding > max_padding) padding = max_padding; if (!WPACKET_memset(thispkt, 0, padding)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1006,8 +992,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } } @@ -1026,8 +1011,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * sub-packet */ || !WPACKET_get_length(thispkt, &len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1046,8 +1030,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, */ if (tls13_enc(s, wr, numpipes, 1, NULL, mac_size) < 1) { if (!ossl_statem_in_error(s)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); } goto err; } @@ -1056,8 +1039,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (s->method->ssl3_enc->enc(s, wr, numpipes, 1, NULL, mac_size) < 1) { if (!ossl_statem_in_error(s)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); } goto err; } @@ -1081,8 +1063,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, && !WPACKET_allocate_bytes(thispkt, thiswr->length - origlen, NULL))) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } if (SSL_WRITE_ETM(s) && mac_size != 0) { @@ -1090,8 +1071,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } SSL3_RECORD_add_length(thiswr, mac_size); @@ -1099,8 +1079,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (!WPACKET_get_length(thispkt, &len) || !WPACKET_close(thispkt)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1120,8 +1099,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } if (!WPACKET_finish(thispkt)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -1135,8 +1113,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, */ if (j > 0) { /* We should never be pipelining an empty fragment!! */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } *written = SSL3_RECORD_get_length(thiswr); @@ -1189,8 +1166,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) && (s->rlayer.wpend_buf != buf)) || (s->rlayer.wpend_type != type)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING, - SSL_R_BAD_WRITE_RETRY); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_WRITE_RETRY); return -1; } @@ -1227,8 +1203,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, if (i >= 0) tmpwrit = i; } else { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING, - SSL_R_BIO_NOT_SET); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BIO_NOT_SET); i = -1; } if (i > 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) { @@ -1307,8 +1282,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, && (type != SSL3_RT_HANDSHAKE)) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -1375,8 +1349,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer); if (num_recs == 0) { /* Shouldn't happen */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } } @@ -1395,7 +1368,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (s->rlayer.handshake_fragment_len > 0 && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE && SSL_IS_TLS13(s)) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA); return -1; } @@ -1413,7 +1386,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (s->s3.change_cipher_spec /* set when we receive ChangeCipherSpec, * reset by ssl3_get_finished */ && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); return -1; } @@ -1443,16 +1416,14 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, - SSL_R_APP_DATA_IN_HANDSHAKE); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_APP_DATA_IN_HANDSHAKE); return -1; } if (type == SSL3_RT_HANDSHAKE && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC && s->rlayer.handshake_fragment_len > 0) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, - SSL_R_CCS_RECEIVED_EARLY); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_CCS_RECEIVED_EARLY); return -1; } @@ -1530,8 +1501,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * initial ClientHello. Therefore |type| should always be equal to * |rr->type|. If not then something has gone horribly wrong */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return -1; } @@ -1544,8 +1514,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * if we are a server. */ s->version = rr->rec_version; - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, - SSL_R_UNEXPECTED_MESSAGE); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); return -1; } @@ -1564,8 +1533,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, || !PACKET_get_1(&alert, &alert_level) || !PACKET_get_1(&alert, &alert_descr) || PACKET_remaining(&alert) != 0) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, - SSL_R_INVALID_ALERT); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT); return -1; } @@ -1590,7 +1558,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rlayer.alert_count++; if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_TOO_MANY_WARN_ALERTS); return -1; } @@ -1607,14 +1575,11 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->shutdown |= SSL_RECEIVED_SHUTDOWN; return 0; } else if (alert_level == SSL3_AL_FATAL || is_tls13) { - char tmp[16]; - s->rwstate = SSL_NOTHING; s->s3.fatal_alert = alert_descr; - SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES, - SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); - ERR_add_error_data(2, "SSL alert number ", tmp); + SSLfatal_data(s, SSL_AD_NO_ALERT, + SSL_AD_REASON_OFFSET + alert_descr, + "SSL alert number %d", alert_descr); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL3_RECORD_set_read(rr); SSL_CTX_remove_session(s->session_ctx, s->session); @@ -1628,16 +1593,14 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * future we might have a renegotiation where we don't care if * the peer refused it where we carry on. */ - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL3_READ_BYTES, - SSL_R_NO_RENEGOTIATION); + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_RENEGOTIATION); return -1; } else if (alert_level == SSL3_AL_WARNING) { /* We ignore any other warning alert in TLSv1.2 and below */ goto start; } - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES, - SSL_R_UNKNOWN_ALERT_TYPE); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE); return -1; } @@ -1675,7 +1638,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); - SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES, + SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY); return -1; } @@ -1710,8 +1673,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, - SSL_R_CCS_RECEIVED_EARLY); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_CCS_RECEIVED_EARLY); return -1; } @@ -1771,8 +1733,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * no progress is being made and the peer continually sends unrecognised * record types, using up resources processing them. */ - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, - SSL_R_UNEXPECTED_RECORD); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD); return -1; case SSL3_RT_CHANGE_CIPHER_SPEC: case SSL3_RT_ALERT: @@ -1782,8 +1743,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but * that should not happen when type != rr->type */ - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, ERR_R_INTERNAL_ERROR); return -1; case SSL3_RT_APPLICATION_DATA: /* @@ -1814,8 +1774,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, SSL3_RECORD_set_read(rr); goto start; } else { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, - SSL_R_UNEXPECTED_RECORD); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD); return -1; } } diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 4ebb478ab2..861610a08b 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -66,8 +66,7 @@ int ssl3_setup_read_buffer(SSL *s) * We assume we're so doomed that we won't even be able to send an * alert. */ - SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_SETUP_READ_BUFFER, - ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_MALLOC_FAILURE); |