From f63a17d66dec01c123630682e0b20450b34c086a Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 21 Nov 2017 17:18:43 +0000 Subject: Convert the state machine code to use SSLfatal() Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/4778) --- ssl/record/ssl3_buffer.c | 12 +- ssl/s3_enc.c | 120 +++-- ssl/s3_lib.c | 50 +- ssl/ssl_err.c | 76 +++ ssl/ssl_lib.c | 94 ++-- ssl/ssl_locl.h | 17 +- ssl/ssl_sess.c | 46 +- ssl/statem/extensions.c | 256 +++++----- ssl/statem/extensions_clnt.c | 475 ++++++++++-------- ssl/statem/extensions_cust.c | 30 +- ssl/statem/extensions_srvr.c | 351 ++++++++------ ssl/statem/statem.c | 46 +- ssl/statem/statem_clnt.c | 727 ++++++++++++++-------------- ssl/statem/statem_lib.c | 377 ++++++++------- ssl/statem/statem_locl.h | 164 ++++--- ssl/statem/statem_srvr.c | 1101 ++++++++++++++++++++++-------------------- ssl/t1_enc.c | 87 ++-- ssl/t1_lib.c | 89 ++-- ssl/tls13_enc.c | 70 ++- ssl/tls_srp.c | 6 +- 20 files changed, 2350 insertions(+), 1844 deletions(-) (limited to 'ssl') diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index da23b36791..6d3a23273b 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -116,7 +116,9 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) p = OPENSSL_malloc(len); if (p == NULL) { s->rlayer.numwpipes = currpipe; - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE); + return 0; } memset(thiswb, 0, sizeof(SSL3_BUFFER)); thiswb->buf = p; @@ -125,18 +127,16 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) } return 1; - - err: - SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE); - return 0; } int ssl3_setup_buffers(SSL *s) { if (!ssl3_setup_read_buffer(s)) return 0; - if (!ssl3_setup_write_buffer(s, 1, 0)) + if (!ssl3_setup_write_buffer(s, 1, 0)) { + /* SSLfatal() already called */ return 0; + } return 1; } diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index f080f8a64e..c160533ac4 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -96,8 +96,9 @@ int ssl3_change_cipher_state(SSL *s, int which) m = s->s3->tmp.new_hash; /* m == NULL will lead to a crash later */ if (!ossl_assert(m != NULL)) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } #ifndef OPENSSL_NO_COMP if (s->s3->tmp.new_compression == NULL) @@ -107,20 +108,24 @@ int ssl3_change_cipher_state(SSL *s, int which) #endif if (which & SSL3_CC_READ) { - if (s->enc_read_ctx != NULL) + if (s->enc_read_ctx != NULL) { reuse_dd = 1; - else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) + } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_MALLOC_FAILURE); goto err; - else + } else { /* * make sure it's initialised in case we exit later with an error */ EVP_CIPHER_CTX_reset(s->enc_read_ctx); + } dd = s->enc_read_ctx; if (ssl_replace_hash(&s->read_hash, m) == NULL) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } #ifndef OPENSSL_NO_COMP /* COMPRESS */ @@ -129,28 +134,33 @@ int ssl3_change_cipher_state(SSL *s, int which) if (comp != NULL) { s->expand = COMP_CTX_new(comp); if (s->expand == NULL) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, - SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL3_CHANGE_CIPHER_STATE, + SSL_R_COMPRESSION_LIBRARY_ERROR); + goto err; } } #endif RECORD_LAYER_reset_read_sequence(&s->rlayer); mac_secret = &(s->s3->read_mac_secret[0]); } else { - if (s->enc_write_ctx != NULL) + if (s->enc_write_ctx != NULL) { reuse_dd = 1; - else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) + } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_MALLOC_FAILURE); goto err; - else + } else { /* * make sure it's initialised in case we exit later with an error */ EVP_CIPHER_CTX_reset(s->enc_write_ctx); + } dd = s->enc_write_ctx; if (ssl_replace_hash(&s->write_hash, m) == NULL) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_MALLOC_FAILURE); + goto err; } #ifndef OPENSSL_NO_COMP /* COMPRESS */ @@ -159,9 +169,10 @@ int ssl3_change_cipher_state(SSL *s, int which) if (comp != NULL) { s->compress = COMP_CTX_new(comp); if (s->compress == NULL) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, - SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL3_CHANGE_CIPHER_STATE, + SSL_R_COMPRESSION_LIBRARY_ERROR); + goto err; } } #endif @@ -174,8 +185,11 @@ int ssl3_change_cipher_state(SSL *s, int which) p = s->s3->tmp.key_block; mdi = EVP_MD_size(m); - if (mdi < 0) - goto err2; + if (mdi < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; + } i = mdi; cl = EVP_CIPHER_key_length(c); j = cl; @@ -199,21 +213,23 @@ int ssl3_change_cipher_state(SSL *s, int which) } if (n > s->s3->tmp.key_block_length) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } memcpy(mac_secret, ms, i); - if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) - goto err2; + if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; + } OPENSSL_cleanse(exp_key, sizeof(exp_key)); OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); return 1; err: - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); - err2: OPENSSL_cleanse(exp_key, sizeof(exp_key)); OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); return 0; @@ -232,7 +248,8 @@ int ssl3_setup_key_block(SSL *s) return 1; if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) { - SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, + SSL_R_CIPHER_OR_HASH_UNAVAILABLE); return 0; } @@ -253,8 +270,11 @@ int ssl3_setup_key_block(SSL *s) ssl3_cleanup_key_block(s); - if ((p = OPENSSL_malloc(num)) == NULL) - goto err; + if ((p = OPENSSL_malloc(num)) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, + ERR_R_MALLOC_FAILURE); + return 0; + } s->s3->tmp.key_block_length = num; s->s3->tmp.key_block = p; @@ -280,10 +300,6 @@ int ssl3_setup_key_block(SSL *s) } return ret; - - err: - SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); - return 0; } void ssl3_cleanup_key_block(SSL *s) @@ -323,16 +339,30 @@ void ssl3_free_digest_list(SSL *s) int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) { + int ret; + if (s->s3->handshake_dgst == NULL) { - int ret; /* Note: this writes to a memory BIO so a failure is a fatal error */ - if (len > INT_MAX) + if (len > INT_MAX) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, + SSL_R_OVERFLOW_ERROR); return 0; + } ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len); - return ret > 0 && ret == (int)len; + if (ret <= 0 || ret != (int)len) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, + ERR_R_INTERNAL_ERROR); + return 0; + } } else { - return EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); + ret = EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); + if (!ret) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, + ERR_R_INTERNAL_ERROR); + return 0; + } } + return 1; } int ssl3_digest_cached_records(SSL *s, int keep) @@ -344,21 +374,23 @@ int ssl3_digest_cached_records(SSL *s, int keep) if (s->s3->handshake_dgst == NULL) { hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); if (hdatalen <= 0) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, - SSL_R_BAD_HANDSHAKE_LENGTH); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, + SSL_R_BAD_HANDSHAKE_LENGTH); return 0; } s->s3->handshake_dgst = EVP_MD_CTX_new(); if (s->s3->handshake_dgst == NULL) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, + ERR_R_MALLOC_FAILURE); return 0; } md = ssl_handshake_md(s); if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL) || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, + ERR_R_INTERNAL_ERROR); return 0; } } @@ -435,7 +467,8 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, size_t ret_secret_size = 0; if (ctx == NULL) { - SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET, + ERR_R_MALLOC_FAILURE); return 0; } for (i = 0; i < 3; i++) { @@ -453,7 +486,8 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, || EVP_DigestUpdate(ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, buf, n) <= 0 || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { - SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); ret = 0; break; } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e71373d2bf..48fecd2605 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4590,8 +4590,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, s->s3->tmp.psk = NULL; if (!s->method->ssl3_enc->generate_master_secret(s, s->session->master_key,pskpms, pskpmslen, - &s->session->master_key_length)) + &s->session->master_key_length)) { + /* SSLfatal() already called */ goto err; + } OPENSSL_clear_free(pskpms, pskpmslen); #else /* Should never happen */ @@ -4600,8 +4602,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, } else { if (!s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, pms, pmslen, - &s->session->master_key_length)) + &s->session->master_key_length)) { + /* SSLfatal() already called */ goto err; + } } ret = 1; @@ -4641,28 +4645,42 @@ EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm) } #ifndef OPENSSL_NO_EC /* Generate a private key from a group ID */ -EVP_PKEY *ssl_generate_pkey_group(uint16_t id) +EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id); uint16_t gtype; - if (ginf == NULL) + if (ginf == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, + ERR_R_INTERNAL_ERROR); goto err; + } gtype = ginf->flags & TLS_CURVE_TYPE; if (gtype == TLS_CURVE_CUSTOM) pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL); else pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); - if (pctx == NULL) + if (pctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, + ERR_R_MALLOC_FAILURE); goto err; - if (EVP_PKEY_keygen_init(pctx) <= 0) + } + if (EVP_PKEY_keygen_init(pctx) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, + ERR_R_EVP_LIB); goto err; + } if (gtype != TLS_CURVE_CUSTOM - && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) + && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, + ERR_R_EVP_LIB); goto err; + } if (EVP_PKEY_keygen(pctx, &pkey) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, + ERR_R_EVP_LIB); EVP_PKEY_free(pkey); pkey = NULL; } @@ -4718,25 +4736,37 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) size_t pmslen = 0; EVP_PKEY_CTX *pctx; - if (privkey == NULL || pubkey == NULL) + if (privkey == NULL || pubkey == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE, + ERR_R_INTERNAL_ERROR); return 0; + } pctx = EVP_PKEY_CTX_new(privkey, NULL); if (EVP_PKEY_derive_init(pctx) <= 0 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE, + ERR_R_INTERNAL_ERROR); goto err; } pms = OPENSSL_malloc(pmslen); - if (pms == NULL) + if (pms == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE, + ERR_R_MALLOC_FAILURE); goto err; + } - if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) + if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE, + ERR_R_INTERNAL_ERROR); goto err; + } if (gensecret) { + /* SSLfatal() called as appropriate in the below functions */ if (SSL_IS_TLS13(s)) { /* * If we are resuming then we already generated the early secret diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 17a2413fa4..998e8afafa 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -20,10 +20,15 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "bytes_to_cipher_list"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_CHECK_SUITEB_CIPHER_LIST, 0), "check_suiteb_cipher_list"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_CA_NAMES, 0), "construct_ca_names"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS, 0), + "construct_key_exchange_tbs"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH, 0), "create_synthetic_message_hash"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_MOVE_SCTS, 0), "ct_move_scts"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_STRICT, 0), "ct_strict"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CUSTOM_EXT_ADD, 0), "custom_ext_add"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CUSTOM_EXT_PARSE, 0), "custom_ext_parse"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_D2I_SSL_SESSION, 0), "d2i_SSL_SESSION"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_CTX_ENABLE, 0), "dane_ctx_enable"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_MTYPE_SET, 0), "dane_mtype_set"}, @@ -61,12 +66,18 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "dtls_process_hello_verify"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_EARLY_DATA_COUNT_OK, 0), "early_data_count_ok"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EARLY_DATA, 0), "final_early_data"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EC_PT_FORMATS, 0), "final_ec_pt_formats"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EMS, 0), "final_ems"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_KEY_SHARE, 0), "final_key_share"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_MAXFRAGMENTLEN, 0), + "final_maxfragmentlen"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_RENEGOTIATE, 0), "final_renegotiate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SERVER_NAME, 0), "final_server_name"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SIG_ALGS, 0), "final_sig_algs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_GET_CERT_VERIFY_TBS_DATA, 0), + "get_cert_verify_tbs_data"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_NSS_KEYLOG_INT, 0), "nss_keylog_int"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_OPENSSL_INIT_SSL, 0), "OPENSSL_init_ssl"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION, 0), ""}, @@ -82,6 +93,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_READ_STATE_MACHINE, 0), "read_state_machine"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SET_CLIENT_CIPHERSUITE, 0), "set_client_ciphersuite"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET, 0), + "srp_generate_server_master_secret"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CHANGE_CIPHER_STATE, 0), "ssl3_change_cipher_state"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 0), @@ -94,6 +107,7 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "ssl3_do_change_cipher_spec"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINAL_FINISH_MAC, 0), "ssl3_final_finish_mac"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINISH_MAC, 0), "ssl3_finish_mac"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GENERATE_KEY_BLOCK, 0), "ssl3_generate_key_block"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GENERATE_MASTER_SECRET, 0), @@ -206,10 +220,13 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "SSL_CTX_use_serverinfo_file"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DANE_DUP, 0), "ssl_dane_dup"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DANE_ENABLE, 0), "SSL_dane_enable"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DERIVE, 0), "ssl_derive"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DO_CONFIG, 0), "ssl_do_config"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DO_HANDSHAKE, 0), "SSL_do_handshake"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DUP_CA_LIST, 0), "SSL_dup_CA_list"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ENABLE_CT, 0), "SSL_enable_ct"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GENERATE_PKEY_GROUP, 0), + "ssl_generate_pkey_group"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GENERATE_SESSION_ID, 0), "ssl_generate_session_id"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_NEW_SESSION, 0), @@ -218,6 +235,7 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "ssl_get_prev_session"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_SERVER_CERT_INDEX, 0), ""}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_SIGN_PKEY, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_HANDSHAKE_HASH, 0), "ssl_handshake_hash"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_INIT_WBIO_BUFFER, 0), "ssl_init_wbio_buffer"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_KEY_UPDATE, 0), "SSL_key_update"}, @@ -228,6 +246,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "ssl_log_rsa_client_key_exchange"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_MODULE_INIT, 0), "ssl_module_init"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_NEW, 0), "SSL_new"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_NEXT_PROTO_VALIDATE, 0), + "ssl_next_proto_validate"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, 0), ""}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, 0), ""}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, 0), ""}, @@ -315,6 +335,9 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_COPY_SIGALGS, 0), "tls12_copy_sigalgs"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_CHANGE_CIPHER_STATE, 0), "tls13_change_cipher_state"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_GENERATE_SECRET, 0), + "tls13_generate_secret"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_HKDF_EXPAND, 0), "tls13_hkdf_expand"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_SETUP_KEY_BLOCK, 0), "tls13_setup_key_block"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_CHANGE_CIPHER_STATE, 0), @@ -478,24 +501,65 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "tls_get_message_body"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_GET_MESSAGE_HEADER, 0), "tls_get_message_header"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_HANDLE_ALPN, 0), "tls_handle_alpn"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_HANDLE_STATUS_REQUEST, 0), + "tls_handle_status_request"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES, 0), + "tls_parse_certificate_authorities"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_ALPN, 0), + "tls_parse_ctos_alpn"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EARLY_DATA, 0), + "tls_parse_ctos_early_data"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, 0), + "tls_parse_ctos_ec_pt_formats"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EMS, 0), "tls_parse_ctos_ems"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, 0), "tls_parse_ctos_key_share"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN, 0), + "tls_parse_ctos_maxfragmentlen"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK, 0), "tls_parse_ctos_psk"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES, 0), + "tls_parse_ctos_psk_kex_modes"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, 0), "tls_parse_ctos_renegotiate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SERVER_NAME, 0), + "tls_parse_ctos_server_name"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SESSION_TICKET, 0), + "tls_parse_ctos_session_ticket"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SIG_ALGS, 0), + "tls_parse_ctos_sig_algs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SRP, 0), "tls_parse_ctos_srp"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, 0), + "tls_parse_ctos_status_request"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS, 0), + "tls_parse_ctos_supported_groups"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_USE_SRTP, 0), "tls_parse_ctos_use_srtp"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_ALPN, 0), + "tls_parse_stoc_alpn"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_COOKIE, 0), "tls_parse_stoc_cookie"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EARLY_DATA, 0), "tls_parse_stoc_early_data"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, 0), + "tls_parse_stoc_ec_pt_formats"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_KEY_SHARE, 0), "tls_parse_stoc_key_share"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN, 0), + "tls_parse_stoc_maxfragmentlen"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_NPN, 0), "tls_parse_stoc_npn"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_PSK, 0), "tls_parse_stoc_psk"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, 0), "tls_parse_stoc_renegotiate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SCT, 0), "tls_parse_stoc_sct"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SERVER_NAME, 0), + "tls_parse_stoc_server_name"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SESSION_TICKET, 0), + "tls_parse_stoc_session_ticket"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, 0), + "tls_parse_stoc_status_request"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_USE_SRTP, 0), "tls_parse_stoc_use_srtp"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, 0), @@ -571,6 +635,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "tls_setup_handshake"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_USE_CERTIFICATE_CHAIN_FILE, 0), "use_certificate_chain_file"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_WRITE_STATE_MACHINE, 0), + "write_state_machine"}, {0, NULL} }; @@ -592,15 +658,19 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DECOMPRESSION), "bad decompression"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DH_VALUE), "bad dh value"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DIGEST_LENGTH), "bad digest length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EARLY_DATA), "bad early data"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECC_CERT), "bad ecc cert"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECPOINT), "bad ecpoint"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EXTENSION), "bad extension"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_LENGTH), "bad handshake length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_STATE), + "bad handshake state"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HELLO_REQUEST), "bad hello request"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_SHARE), "bad key share"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_UPDATE), "bad key update"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "bad length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET), "bad packet"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET_LENGTH), "bad packet length"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PROTOCOL_VERSION_NUMBER), "bad protocol version number"}, @@ -621,6 +691,7 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BN_LIB), "bn lib"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CALLBACK_FAILED), "callback failed"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_CHANGE_CIPHER), "cannot change cipher"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_LENGTH_MISMATCH), @@ -740,6 +811,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "inconsistent early data sni"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_ALERT), "invalid alert"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CERTIFICATE_OR_ALG), + "invalid certificate or alg"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMMAND), "invalid command"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"}, @@ -792,6 +865,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "missing tmp ecdh key"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY), "not on record boundary"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_APPLICATION_PROTOCOL), + "no application protocol"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_ASSIGNED), @@ -838,6 +913,7 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "old session cipher not returned"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OVERFLOW_ERROR), "overflow error"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PARSE_TLSEXT), "parse tlsext"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b1173f0c02..61ddf418e9 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4201,16 +4201,22 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, int hashleni = EVP_MD_CTX_size(hdgst); int ret = 0; - if (hashleni < 0 || (size_t)hashleni > outlen) + if (hashleni < 0 || (size_t)hashleni > outlen) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH, + ERR_R_INTERNAL_ERROR); goto err; + } ctx = EVP_MD_CTX_new(); if (ctx == NULL) goto err; if (!EVP_MD_CTX_copy_ex(ctx, hdgst) - || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) + || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH, + ERR_R_INTERNAL_ERROR); goto err; + } *hashlen = hashleni; @@ -4630,7 +4636,8 @@ int ssl_validate_ct(SSL *s) ctx = CT_POLICY_EVAL_CTX_new(); if (ctx == NULL) { - SSLerr(SSL_F_SSL_VALIDATE_CT, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT, + ERR_R_MALLOC_FAILURE); goto end; } @@ -4658,13 +4665,17 @@ int ssl_validate_ct(SSL *s) * ought to correspond to an inability to carry out its duties. */ if (SCT_LIST_validate(scts, ctx) < 0) { - SSLerr(SSL_F_SSL_VALIDATE_CT, SSL_R_SCT_VERIFICATION_FAILED); + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT, + SSL_R_SCT_VERIFICATION_FAILED); goto end; } ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg); if (ret < 0) ret = 0; /* This function returns 0 on failure */ + if (!ret) + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT, + SSL_R_CALLBACK_FAILED); end: CT_POLICY_EVAL_CTX_free(ctx); @@ -4899,7 +4910,8 @@ static int nss_keylog_int(const char *prefix, prefix_len = strlen(prefix); out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3; if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) { - SSLerr(SSL_F_NSS_KEYLOG_INT, ERR_R_MALLOC_FAILURE); + SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT, + ERR_R_MALLOC_FAILURE); return 0; } @@ -4932,7 +4944,8 @@ int ssl_log_rsa_client_key_exchange(SSL *ssl, size_t premaster_len) { if (encrypted_premaster_len < 8) { - SSLerr(SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); return 0; } @@ -4960,23 +4973,21 @@ int ssl_log_secret(SSL *ssl, #define SSLV2_CIPHER_LEN 3 -int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format, - int *al) +int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) { int n; n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN; if (PACKET_remaining(cipher_suites) == 0) { - SSLerr(SSL_F_SSL_CACHE_CIPHERLIST, SSL_R_NO_CIPHERS_SPECIFIED); - *al = SSL_AD_ILLEGAL_PARAMETER; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST, + SSL_R_NO_CIPHERS_SPECIFIED); return 0; } if (PACKET_remaining(cipher_suites) % n != 0) { - SSLerr(SSL_F_SSL_CACHE_CIPHERLIST, + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); - *al = SSL_AD_DECODE_ERROR; return 0; } @@ -5000,8 +5011,9 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format, raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN); s->s3->tmp.ciphers_raw = raw; if (raw == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, + ERR_R_MALLOC_FAILURE); + return 0; } for (s->s3->tmp.ciphers_rawlen = 0; PACKET_remaining(&sslv2ciphers) > 0; @@ -5012,41 +5024,40 @@ int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format, TLS_CIPHER_LEN)) || (leadbyte != 0 && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) { - *al = SSL_AD_DECODE_ERROR; + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, + SSL_R_BAD_PACKET); OPENSSL_free(s->s3->tmp.ciphers_raw); s->s3->tmp.ciphers_raw = NULL; s->s3->tmp.ciphers_rawlen = 0; - goto err; + return 0; } if (leadbyte == 0) s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN; } } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw, &s->s3->tmp.ciphers_rawlen)) { - *al = SSL_AD_INTERNAL_ERROR; - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, + ERR_R_INTERNAL_ERROR); + return 0; } return 1; - err: - return 0; } int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, int isv2format, STACK_OF(SSL_CIPHER) **sk, STACK_OF(SSL_CIPHER) **scsvs) { - int alert; PACKET pkt; if (!PACKET_buf_init(&pkt, bytes, len)) return 0; - return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, &alert); + return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0); } int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, STACK_OF(SSL_CIPHER) **skp, STACK_OF(SSL_CIPHER) **scsvs_out, - int sslv2format, int *al) + int sslv2format, int fatal) { const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk = NULL; @@ -5058,23 +5069,32 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN; if (PACKET_remaining(cipher_suites) == 0) { - SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED); - *al = SSL_AD_ILLEGAL_PARAMETER; + if (fatal) + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST, + SSL_R_NO_CIPHERS_SPECIFIED); + else + SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED); return 0; } if (PACKET_remaining(cipher_suites) % n != 0) { - SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, - SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); - *al = SSL_AD_DECODE_ERROR; + if (fatal) + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST, + SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); + else + SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, + SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return 0; } sk = sk_SSL_CIPHER_new_null(); scsvs = sk_SSL_CIPHER_new_null(); if (sk == NULL || scsvs == NULL) { - SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); - *al = SSL_AD_INTERNAL_ERROR; + if (fatal) + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST, + ERR_R_MALLOC_FAILURE); + else + SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); goto err; } @@ -5092,15 +5112,21 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, if (c != NULL) { if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) || (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) { - SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); - *al = SSL_AD_INTERNAL_ERROR; + if (fatal) + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + else + SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); goto err; } } } if (PACKET_remaining(cipher_suites) > 0) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH); + if (fatal) + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST, + SSL_R_BAD_LENGTH); + else + SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH); goto err; } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 5e1426aff7..2ec935bb81 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2132,7 +2132,7 @@ void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); __owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss); __owur int ssl_get_new_session(SSL *s, int session); -__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al); +__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); __owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); @@ -2144,12 +2144,11 @@ __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, **sorted, const char *rule_str, CERT *c); -__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, - int sslv2format, int *al); +__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format); __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, STACK_OF(SSL_CIPHER) **skp, STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, - int *al); + int fatal); void ssl_update_cache(SSL *s, int mode); __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, @@ -2231,7 +2230,7 @@ __owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen, __owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len); void ssl3_free_digest_list(SSL *s); __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, - CERT_PKEY *cpk, int *al); + CERT_PKEY *cpk); __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr); @@ -2386,7 +2385,7 @@ __owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, void tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *num_formats); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); -__owur EVP_PKEY *ssl_generate_pkey_group(uint16_t id); +__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id); __owur EVP_PKEY *ssl_generate_param_group(uint16_t id); # endif /* OPENSSL_NO_EC */ @@ -2444,7 +2443,7 @@ __owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee); __owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, int vfy); -int tls_choose_sigalg(SSL *s, int *al); +int tls_choose_sigalg(SSL *s, int fatalerrs); __owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); void ssl_clear_hash_ctx(EVP_MD_CTX **hash); @@ -2520,9 +2519,9 @@ void custom_ext_init(custom_ext_methods *meths); __owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, const unsigned char *ext_data, size_t ext_size, - X509 *x, size_t chainidx, int *al); + X509 *x, size_t chainidx); __owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, - size_t chainidx, int maxversion, int *al); + size_t chainidx, int maxversion); __owur int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index c8d1cc37e5..08c0037dfd 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -322,7 +322,8 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; break; default: - SSLerr(SSL_F_SSL_GENERATE_SESSION_ID, SSL_R_UNSUPPORTED_SSL_VERSION); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID, + SSL_R_UNSUPPORTED_SSL_VERSION); return 0; } @@ -360,8 +361,8 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) tmp = (int)ss->session_id_length; if (!cb(s, ss->session_id, &tmp)) { /* The callback failed */ - SSLerr(SSL_F_SSL_GENERATE_SESSION_ID, - SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID, + SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); return 0; } /* @@ -370,15 +371,16 @@ int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) */ if (tmp == 0 || tmp > ss->session_id_length) { /* The callback set an illegal length */ - SSLerr(SSL_F_SSL_GENERATE_SESSION_ID, - SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID, + SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); return 0; } ss->session_id_length = tmp; /* Finally, check for a conflict */ if (SSL_has_matching_session_id(s, ss->session_id, (unsigned int)ss->session_id_length)) { - SSLerr(SSL_F_SSL_GENERATE_SESSION_ID, SSL_R_SSL_SESSION_ID_CONFLICT); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID, + SSL_R_SSL_SESSION_ID_CONFLICT); return 0; } @@ -391,8 +393,11 @@ int ssl_get_new_session(SSL *s, int session) SSL_SESSION *ss = NULL; - if ((ss = SSL_SESSION_new()) == NULL) + if ((ss = SSL_SESSION_new()) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION, + ERR_R_MALLOC_FAILURE); return 0; + } /* If the context has a default timeout, use it */ if (s->session_ctx->session_timeout == 0) @@ -405,6 +410,7 @@ int ssl_get_new_session(SSL *s, int session) if (session) { if (!ssl_generate_session_id(s, ss)) { + /* SSLfatal() already called */ SSL_SESSION_free(ss); return 0; } @@ -412,7 +418,8 @@ int ssl_get_new_session(SSL *s, int session) if (s->ext.hostname) { ss->ext.hostname = OPENSSL_strdup(s->ext.hostname); if (ss->ext.hostname == NULL) { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION, + ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; } @@ -422,7 +429,8 @@ int ssl_get_new_session(SSL *s, int session) } if (s->sid_ctx_length > sizeof ss->sid_ctx) { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION, + ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; } @@ -456,7 +464,7 @@ int ssl_get_new_session(SSL *s, int session) * - Both for new and resumed sessions, s->ext.ticket_expected is set to 1 * if the server should issue a new session ticket (to 0 otherwise). */ -int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) +int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) { /* This is used only by servers. */ @@ -468,9 +476,9 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) if (SSL_IS_TLS13(s)) { if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes, SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts, - NULL, 0, al) + NULL, 0) || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO, - hello->pre_proc_exts, NULL, 0, al)) + hello->pre_proc_exts, NULL, 0)) return -1; ret = s->session; @@ -481,6 +489,8 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) case TICKET_FATAL_ERR_MALLOC: case TICKET_FATAL_ERR_OTHER: fatal = 1; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION, + ERR_R_INTERNAL_ERROR); goto err; case TICKET_NONE: case TICKET_EMPTY: @@ -584,8 +594,8 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) * noticing). */ - SSLerr(SSL_F_SSL_GET_PREV_SESSION, - SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION, + SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); fatal = 1; goto err; } @@ -604,8 +614,8 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) if (ret->flags & SSL_SESS_FLAG_EXTMS) { /* If old session includes extms, but new does not: abort handshake */ if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)) { - SSLerr(SSL_F_SSL_GET_PREV_SESSION, SSL_R_INCONSISTENT_EXTMS); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_GET_PREV_SESSION, + SSL_R_INCONSISTENT_EXTMS); fatal = 1; goto err; } @@ -640,10 +650,8 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) s->ext.ticket_expected = 1; } } - if (fatal) { - *al = SSL_AD_INTERNAL_ERROR; + if (fatal) return -1; - } return 0; } diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index a72859c873..062fc0438b 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -12,14 +12,11 @@ #include "../ssl_locl.h" #include "statem_locl.h" -static int final_renegotiate(SSL *s, unsigned int context, int sent, - int *al); +static int final_renegotiate(SSL *s, unsigned int context, int sent); static int init_server_name(SSL *s, unsigned int context); -static int final_server_name(SSL *s, unsigned int context, int sent, - int *al); +static int final_server_name(SSL *s, unsigned int context, int sent); #ifndef OPENSSL_NO_EC -static int final_ec_pt_formats(SSL *s, unsigned int context, int sent, - int *al); +static int final_ec_pt_formats(SSL *s, unsigned int context, int sent); #endif static int init_session_ticket(SSL *s, unsigned int context); #ifndef OPENSSL_NO_OCSP @@ -29,33 +26,32 @@ static int init_status_request(SSL *s, unsigned int context); static int init_npn(SSL *s, unsigned int context); #endif static int init_alpn(SSL *s, unsigned int context); -static int final_alpn(SSL *s, unsigned int context, int sent, int *al); +static int final_alpn(SSL *s, unsigned int context, int sent); static int init_sig_algs(SSL *s, unsigned int context); static int init_certificate_authorities(SSL *s, unsigned int context); static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, - size_t chainidx, - int *al); + size_t chainidx); static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx, int *al); + size_t chainidx); #ifndef OPENSSL_NO_SRP static int init_srp(SSL *s, unsigned int context); #endif static int init_etm(SSL *s, unsigned int context); static int init_ems(SSL *s, unsigned int context); -static int final_ems(SSL *s, unsigned int context, int sent, int *al); +static int final_ems(SSL *s, unsigned int context, int sent); static int init_psk_kex_modes(SSL *s, unsigned int context); #ifndef OPENSSL_NO_EC -static int final_key_share(SSL *s, unsigned int context, int sent, int *al); +static int final_key_share(SSL *s, unsigned int context, int sent); #endif #ifndef OPENSSL_NO_SRTP static int init_srtp(SSL *s, unsigned int context); #endif -static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al); -static int final_early_data(SSL *s, unsigned int context, int sent, int *al); -static int final_maxfragmentlen(SSL *s, unsigned int context, int sent, int *al); +static int final_sig_algs(SSL *s, unsigned int context, int sent); +static int final_early_data(SSL *s, unsigned int context, int sent); +static int final_maxfragmentlen(SSL *s, unsigned int context, int sent); /* Structure to define a built-in extension */ typedef struct extensions_definition_st { @@ -73,22 +69,22 @@ typedef struct extensions_definition_st { int (*init)(SSL *s, unsigned int context); /* Parse extension sent from client to server */ int (*parse_ctos)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx, int *al); + size_t chainidx); /* Parse extension send from server to client */ int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx, int *al); + size_t chainidx); /* Construct extension sent from server to client */ EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx, int *al); + X509 *x, size_t chainidx); /* Construct extension sent from client to server */ EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx, int *al); + X509 *x, size_t chainidx); /* * Finalise extension after parsing. Always called where an extensions was * initialised even if the extension was not present. |sent| is set to 1 if * the extension was seen, or 0 otherwise. */ - int (*final)(SSL *s, unsigned int context, int sent, int *al); + int (*final)(SSL *s, unsigned int context, int sent); } EXTENSION_DEFINITION; /* @@ -458,8 +454,7 @@ int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx) * extensions that we know about. We ignore others. */ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, - RAW_EXTENSION **res, int *al, size_t *len, - int init) + RAW_EXTENSION **res, size_t *len, int init) { PACKET extensions = *packet; size_t i = 0; @@ -480,8 +475,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, num_exts = OSSL_NELEM(ext_defs) + (exts != NULL ? exts->meths_count : 0); raw_extensions = OPENSSL_zalloc(num_exts * sizeof(*raw_extensions)); if (raw_extensions == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS, + ERR_R_MALLOC_FAILURE); return 0; } @@ -493,8 +488,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, if (!PACKET_get_net_2(&extensions, &type) || !PACKET_get_length_prefixed_2(&extensions, &extension)) { - SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_BAD_EXTENSION); - *al = SSL_AD_DECODE_ERROR; + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS, + SSL_R_BAD_EXTENSION); goto err; } /* @@ -507,8 +502,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, || (type == TLSEXT_TYPE_psk && (context & SSL_EXT_CLIENT_HELLO) != 0 && PACKET_remaining(&extensions) != 0)) { - SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_BAD_EXTENSION); - *al = SSL_AD_ILLEGAL_PARAMETER; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_COLLECT_EXTENSIONS, + SSL_R_BAD_EXTENSION); goto err; } idx = thisex - raw_extensions; @@ -534,8 +529,8 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, && type != TLSEXT_TYPE_renegotiate && type != TLSEXT_TYPE_signed_certificate_timestamp && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) { - SSLerr(SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION); - *al = SSL_AD_UNSUPPORTED_EXTENSION; + SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, + SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION); goto err; } if (thisex != NULL) { @@ -561,7 +556,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, if (thisexd->init != NULL && (thisexd->context & context) != 0 && extension_is_relevant(s, thisexd->context, context) && !thisexd->init(s, context)) { - *al = SSL_AD_INTERNAL_ERROR; + /* SSLfatal() already called */ goto err; } } @@ -589,11 +584,11 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, * this counted as success. */ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, - RAW_EXTENSION *exts, X509 *x, size_t chainidx, int *al) + RAW_EXTENSION *exts, X509 *x, size_t chainidx) { RAW_EXTENSION *currext = &exts[idx]; int (*parser)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx, int *al) = NULL; + size_t chainidx) = NULL; /* Skip if the extension is not present */ if (!currext->present) @@ -616,7 +611,7 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, parser = s->server ? extdef->parse_ctos : extdef->parse_stoc; if (parser != NULL) - return parser(s, &currext->data, context, x, chainidx, al); + return parser(s, &currext->data, context, x, chainidx); /* * If the parser is NULL we fall through to the custom extension @@ -625,13 +620,10 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, } /* Parse custom extensions */ - if (custom_ext_parse(s, context, currext->type, - PACKET_data(&currext->data), - PACKET_remaining(&currext->data), - x, chainidx, al) <= 0) - return 0; - - return 1; + return custom_ext_parse(s, context, currext->type, + PACKET_data(&currext->data), + PACKET_remaining(&currext->data), + x, chainidx); } /* @@ -643,7 +635,7 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, * failure, |*al| is populated with a suitable alert code. */ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, - size_t chainidx, int *al, int fin) + size_t chainidx, int fin) { size_t i, numexts = OSSL_NELEM(ext_defs); const EXTENSION_DEFINITION *thisexd; @@ -653,8 +645,10 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, /* Parse each extension in turn */ for (i = 0; i < numexts; i++) { - if (!tls_parse_extension(s, i, context, exts, x, chainidx, al)) + if (!tls_parse_extension(s, i, context, exts, x, chainidx)) { + /* SSLfatal() already called */ return 0; + } } if (fin) { @@ -665,8 +659,10 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) { if (thisexd->final != NULL && (thisexd->context & context) != 0 - && !thisexd->final(s, context, exts[i].present, al)) + && !thisexd->final(s, context, exts[i].present)) { + /* SSLfatal() already called */ return 0; + } } } @@ -702,23 +698,16 @@ int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx, * them to |pkt|. If this is an extension for a Certificate in a Certificate * message, then |x| will be set to the Certificate we are handling, and * |chainidx| will indicate the position in the chainidx we are processing (with - * 0 being the first in the chain). Returns 1 on success or 0 on failure. If a - * failure occurs then |al| is populated with a suitable alert code. On a + * 0 being the first in the chain). Returns 1 on success or 0 on failure. On a * failure construction stops at the first extension to fail to construct. */ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx, int *al) + X509 *x, size_t chainidx) { size_t i; - int min_version, max_version = 0, reason, tmpal; + int min_version, max_version = 0, reason; const EXTENSION_DEFINITION *thisexd; - /* - * Normally if something goes wrong during construction it's an internal - * error. We can always override this later. - */ - tmpal = SSL_AD_INTERNAL_ERROR; - if (!WPACKET_start_sub_packet_u16(pkt) /* * If extensions are of zero length then we don't even add the @@ -729,15 +718,17 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0 && !WPACKET_set_flags(pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) { - SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, ERR_R_INTERNAL_ERROR); - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS, + ERR_R_INTERNAL_ERROR); + return 0; } if ((context & SSL_EXT_CLIENT_HELLO) != 0) { reason = ssl_get_min_max_version(s, &min_version, &max_version); if (reason != 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, reason); - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS, + reason); + return 0; } } @@ -746,14 +737,14 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, /* On the server side with initialise during ClientHello parsing */ custom_ext_init(&s->cert->custext); } - if (!custom_ext_add(s, context, pkt, x, chainidx, max_version, &tmpal)) { - SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, ERR_R_INTERNAL_ERROR); - goto err; + if (!custom_ext_add(s, context, pkt, x, chainidx, max_version)) { + /* SSLfatal() already called */ + return 0; } for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) { EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context, - X509 *x, size_t chainidx, int *al); + X509 *x, size_t chainidx); EXT_RETURN ret; /* Skip if not relevant for our context */ @@ -766,9 +757,11 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, if (construct == NULL) continue; - ret = construct(s, pkt, context, x, chainidx, &tmpal); - if (ret == EXT_RETURN_FAIL) - goto err; + ret = construct(s, pkt, context, x, chainidx); + if (ret == EXT_RETURN_FAIL) { + /* SSLfatal() already called */ + return 0; + } if (ret == EXT_RETURN_SENT && (context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST @@ -777,15 +770,12 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, } if (!WPACKET_close(pkt)) { - SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, ERR_R_INTERNAL_ERROR); - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS, + ERR_R_INTERNAL_ERROR); + return 0; } return 1; - - err: - *al = tmpal; - return 0; } /* @@ -796,8 +786,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, * of a failure then |*al| is populated with a suitable error code. */ -static int final_renegotiate(SSL *s, unsigned int context, int sent, - int *al) +static int final_renegotiate(SSL *s, unsigned int context, int sent) { if (!s->server) { /* @@ -807,9 +796,8 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent, if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT) && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && !sent) { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_FINAL_RENEGOTIATE, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE, + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0; } @@ -820,9 +808,8 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent, if (s->renegotiate && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && !sent) { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_FINAL_RENEGOTIATE, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE, + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); return 0; } @@ -838,8 +825,7 @@ static int init_server_name(SSL *s, unsigned int context) return 1; } -static int final_server_name(SSL *s, unsigned int context, int sent, - int *al) +static int final_server_name(SSL *s, unsigned int context, int sent) { int ret = SSL_TLSEXT_ERR_NOACK, discard; int altmp = SSL_AD_UNRECOGNIZED_NAME; @@ -890,23 +876,25 @@ static int final_ser