[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Dec 8 16:49:27 UTC 2017
The branch master has been updated
via 921d84a0ad2e70ad91b6e1b06573e97162387f8a (commit)
via 5591a6132ea210b89813d18a852ec2f28b5e2486 (commit)
via c28533829395183eec027969c0c8d28574f2a3cc (commit)
via 99dd374055e9179eea082d4c37fd19ed8814fb22 (commit)
via 196f2cbb789333ee1ac1a1ec0de654c8bef4eb59 (commit)
from a0fda2cf2dac8bc0d309261b3aaf4027a188b08c (commit)
- Log -----------------------------------------------------------------
commit 921d84a0ad2e70ad91b6e1b06573e97162387f8a
Author: Matt Caswell <matt at openssl.org>
Date: Mon Dec 4 16:54:59 2017 +0000
Convert the remaining functions in the record layer to use SSLfatal()
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4841)
commit 5591a6132ea210b89813d18a852ec2f28b5e2486
Author: Matt Caswell <matt at openssl.org>
Date: Mon Dec 4 16:21:53 2017 +0000
Convert dlts1_write_bytes() to use SSLfatal()
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4841)
commit c28533829395183eec027969c0c8d28574f2a3cc
Author: Matt Caswell <matt at openssl.org>
Date: Mon Dec 4 16:16:37 2017 +0000
More record layer conversions to use SSLfatal()
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4841)
commit 99dd374055e9179eea082d4c37fd19ed8814fb22
Author: Matt Caswell <matt at openssl.org>
Date: Mon Dec 4 14:47:04 2017 +0000
Convert ssl3_read_bytes() to use SSLfatal()
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4841)
commit 196f2cbb789333ee1ac1a1ec0de654c8bef4eb59
Author: Matt Caswell <matt at openssl.org>
Date: Mon Dec 4 14:28:35 2017 +0000
Update ssl3_get_record() to use SSLfatal()
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4841)
-----------------------------------------------------------------------
Summary of changes:
crypto/err/openssl.txt | 2 +
include/openssl/sslerr.h | 2 +
ssl/d1_lib.c | 8 +-
ssl/record/rec_layer_d1.c | 156 +++++++++-------
ssl/record/rec_layer_s3.c | 252 ++++++++++++++++----------
ssl/record/record_locl.h | 2 +-
ssl/record/ssl3_buffer.c | 27 ++-
ssl/record/ssl3_record.c | 393 +++++++++++++++++++++++------------------
ssl/record/ssl3_record_tls13.c | 29 ++-
ssl/ssl_err.c | 2 +
ssl/statem/statem_dtls.c | 2 +-
11 files changed, 522 insertions(+), 353 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 932fc46..308abae 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1043,6 +1043,7 @@ SSL_F_SSL3_CTRL:213:ssl3_ctrl
SSL_F_SSL3_CTX_CTRL:133:ssl3_ctx_ctrl
SSL_F_SSL3_DIGEST_CACHED_RECORDS:293:ssl3_digest_cached_records
SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC:292:ssl3_do_change_cipher_spec
+SSL_F_SSL3_ENC:608:ssl3_enc
SSL_F_SSL3_FINAL_FINISH_MAC:285:ssl3_final_finish_mac
SSL_F_SSL3_FINISH_MAC:587:ssl3_finish_mac
SSL_F_SSL3_GENERATE_KEY_BLOCK:238:ssl3_generate_key_block
@@ -1197,6 +1198,7 @@ SSL_F_STATE_MACHINE:353:state_machine
SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg
SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs
SSL_F_TLS13_CHANGE_CIPHER_STATE:440:tls13_change_cipher_state
+SSL_F_TLS13_ENC:609:tls13_enc
SSL_F_TLS13_FINAL_FINISH_MAC:605:tls13_final_finish_mac
SSL_F_TLS13_GENERATE_SECRET:591:tls13_generate_secret
SSL_F_TLS13_HKDF_EXPAND:561:tls13_hkdf_expand
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index ef6b9dd..b54459b 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -97,6 +97,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_SSL3_CTX_CTRL 133
# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
+# define SSL_F_SSL3_ENC 608
# define SSL_F_SSL3_FINAL_FINISH_MAC 285
# define SSL_F_SSL3_FINISH_MAC 587
# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
@@ -249,6 +250,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_TLS12_CHECK_PEER_SIGALG 333
# define SSL_F_TLS12_COPY_SIGALGS 533
# define SSL_F_TLS13_CHANGE_CIPHER_STATE 440
+# define SSL_F_TLS13_ENC 609
# define SSL_F_TLS13_FINAL_FINISH_MAC 605
# define SSL_F_TLS13_GENERATE_SECRET 591
# define SSL_F_TLS13_HKDF_EXPAND 561
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 7f0fea5..f808512 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -378,7 +378,8 @@ int dtls1_check_timeout_num(SSL *s)
if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
/* fail the connection, enough alerts have been sent */
- SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
+ SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_CHECK_TIMEOUT_NUM,
+ SSL_R_READ_TIMEOUT_EXPIRED);
return -1;
}
@@ -397,8 +398,10 @@ int dtls1_handle_timeout(SSL *s)
else
dtls1_double_timeout(s);
- if (dtls1_check_timeout_num(s) < 0)
+ if (dtls1_check_timeout_num(s) < 0) {
+ /* SSLfatal() already called */
return -1;
+ }
s->d1->timeout.read_timeouts++;
if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
@@ -406,6 +409,7 @@ int dtls1_handle_timeout(SSL *s)
}
dtls1_start_timer(s);
+ /* Calls SSLfatal() if required */
return dtls1_retransmit_buffered_messages(s);
}
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index e49bc0c..ddb3a61 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -148,7 +148,8 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
if (rdata == NULL || item == NULL) {
OPENSSL_free(rdata);
pitem_free(item);
- SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD,
+ ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -175,7 +176,7 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
memset(&s->rlayer.rrec, 0, sizeof(s->rlayer.rrec));
if (!ssl3_setup_buffers(s)) {
- SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+ /* SSLfatal() already called */
OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata);
pitem_free(item);
@@ -184,7 +185,8 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
/* insert should not fail, since duplicates are dropped */
if (pqueue_insert(queue->q, item) == NULL) {
- SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD,
+ ERR_R_INTERNAL_ERROR);
OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata);
pitem_free(item);
@@ -258,8 +260,9 @@ int dtls1_process_buffered_records(SSL *s)
* current record is from a different epoch. But that cannot
* be the case because we already checked the epoch above
*/
- SSLerr(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS,
+ ERR_R_INTERNAL_ERROR);
return 0;
}
#ifndef OPENSSL_NO_SCTP
@@ -277,6 +280,10 @@ int dtls1_process_buffered_records(SSL *s)
}
if (!replayok || !dtls1_process_record(s, bitmap)) {
+ if (ossl_statem_in_error(s)) {
+ /* dtls1_process_record called SSLfatal() */
+ return -1;
+ }
/* dump this record */
rr->length = 0;
RECORD_LAYER_reset_packet_length(&s->rlayer);
@@ -284,8 +291,10 @@ int dtls1_process_buffered_records(SSL *s)
}
if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds),
- SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0)
+ SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0) {
+ /* SSLfatal() already called */
return 0;
+ }
}
}
@@ -331,21 +340,24 @@ int dtls1_process_buffered_records(SSL *s)
int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
size_t len, int peek, size_t *readbytes)
{
- int al, i, j, iret;
+ int i, j, iret;
size_t n;
SSL3_RECORD *rr;
void (*cb) (const SSL *ssl, int type2, int val) = NULL;
if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) {
/* Not initialized yet */
- if (!ssl3_setup_buffers(s))
+ if (!ssl3_setup_buffers(s)) {
+ /* SSLfatal() already called */
return -1;
+ }
}
if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
(type != SSL3_RT_HANDSHAKE)) ||
(peek && (type != SSL3_RT_APPLICATION_DATA))) {
- SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES,
+ ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -353,12 +365,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
{
/* type == SSL3_RT_APPLICATION_DATA */
i = s->handshake_func(s);
+ /* SSLfatal() already called if appropriate */
if (i < 0)
return i;
- if (i == 0) {
- SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+ if (i == 0)
return -1;
- }
}
start:
@@ -410,7 +421,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
iret = dtls1_get_record(s);
if (iret <= 0) {
iret = dtls1_read_failed(s, iret);
- /* anything other than a timeout is an error */
+ /*
+ * Anything other than a timeout is an error. SSLfatal() already
+ * called if appropriate.
+ */
if (iret <= 0)
return iret;
else
@@ -438,7 +452,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
*/
if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data),
SSL3_RECORD_get_seq_num(rr)) < 0) {
- SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ /* SSLfatal() already called */
return -1;
}
SSL3_RECORD_set_length(rr, 0);
@@ -469,9 +483,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
*/
if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
(s->enc_read_ctx == NULL)) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+ SSL_R_APP_DATA_IN_HANDSHAKE);
+ return -1;
}
if (recvd_type != NULL)
@@ -526,9 +540,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|| !PACKET_get_1(&alert, &alert_level)
|| !PACKET_get_1(&alert, &alert_descr)
|| PACKET_remaining(&alert) != 0) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_INVALID_ALERT);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+ SSL_R_INVALID_ALERT);
+ return -1;
}
if (s->msg_callback)
@@ -550,9 +564,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->rlayer.alert_count++;
if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+ SSL_R_TOO_MANY_WARN_ALERTS);
+ return -1;
}
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
@@ -579,16 +593,17 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->rwstate = SSL_NOTHING;
s->s3->fatal_alert = alert_descr;
- SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
- BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr);
+ SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_READ_BYTES,
+ SSL_AD_REASON_OFFSET + alert_descr);
+ BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
return 0;
} else {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
- goto f_err;
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_READ_BYTES,
+ SSL_R_UNKNOWN_ALERT_TYPE);
+ return -1;
}
goto start;
@@ -634,8 +649,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* here, then retransmit our CCS and FINISHED.
*/
if (msg_hdr.type == SSL3_MT_FINISHED) {
- if (dtls1_check_timeout_num(s) < 0)
+ if (dtls1_check_timeout_num(s) < 0) {
+ /* SSLfatal) already called */
return -1;
+ }
if (dtls1_retransmit_buffered_messages(s) <= 0) {
/* Fail if we encountered a fatal error */
@@ -653,21 +670,20 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* finished
*/
if (!ossl_assert(SSL_is_init_finished(s))) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
}
/* We found handshake data, so we're going back into init */
ossl_statem_set_in_init(s, 1);
i = s->handshake_func(s);
+ /* SSLfatal() called if appropriate */
if (i < 0)
return i;
- if (i == 0) {
- SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+ if (i == 0)
return -1;
- }
if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
@@ -691,9 +707,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
switch (SSL3_RECORD_get_type(rr)) {
default:
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+ SSL_R_UNEXPECTED_RECORD);
+ return -1;
case SSL3_RT_CHANGE_CIPHER_SPEC:
case SSL3_RT_ALERT:
case SSL3_RT_HANDSHAKE:
@@ -702,9 +718,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
* that should not happen when type != rr->type
*/
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
case SSL3_RT_APPLICATION_DATA:
/*
* At this point, we were expecting handshake data, but have
@@ -719,16 +735,12 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->s3->in_read_app_data = 2;
return -1;
} else {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+ SSL_R_UNEXPECTED_RECORD);
+ return -1;
}
}
/* not reached */
-
- f_err:
- ssl3_send_alert(s, SSL3_AL_FATAL, al);
- return -1;
}
/*
@@ -741,7 +753,8 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
int i;
if (!ossl_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH)) {
- SSLerr(SSL_F_DTLS1_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_WRITE_BYTES,
+ ERR_R_INTERNAL_ERROR);
return -1;
}
s->rwstate = SSL_NOTHING;
@@ -767,7 +780,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
* will happen with non blocking IO
*/
if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) {
- SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+ ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -783,7 +797,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
return 0;
if (len > ssl_get_max_send_fragment(s)) {
- SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+ SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
return 0;
}
@@ -797,8 +812,11 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
mac_size = 0;
else {
mac_size = EVP_MD_CTX_size(s->write_hash);
- if (mac_size < 0)
- goto err;
+ if (mac_size < 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+ SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
+ return -1;
+ }
}
p = SSL3_BUFFER_get_buf(wb) + prefix_len;
@@ -855,8 +873,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
/* first we compress */
if (s->compress != NULL) {
if (!ssl3_do_compress(s, &wr)) {
- SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE);
- goto err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+ SSL_R_COMPRESSION_FAILURE);
+ return -1;
}
} else {
memcpy(SSL3_RECORD_get_data(&wr), SSL3_RECORD_get_input(&wr),
@@ -873,8 +892,11 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
if (!SSL_WRITE_ETM(s) && mac_size != 0) {
if (!s->method->ssl3_enc->mac(s, &wr,
&(p[SSL3_RECORD_get_length(&wr) + eivlen]),
- 1))
- goto err;
+ 1)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
SSL3_RECORD_add_length(&wr, mac_size);
}
@@ -885,13 +907,21 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
if (eivlen)
SSL3_RECORD_add_length(&wr, eivlen);
- if (s->method->ssl3_enc->enc(s, &wr, 1, 1) < 1)
- goto err;
+ if (s->method->ssl3_enc->enc(s, &wr, 1, 1) < 1) {
+ if (!ossl_statem_in_error(s)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ }
+ return -1;
+ }
if (SSL_WRITE_ETM(s) && mac_size != 0) {
if (!s->method->ssl3_enc->mac(s, &wr,
- &(p[SSL3_RECORD_get_length(&wr)]), 1))
- goto err;
+ &(p[SSL3_RECORD_get_length(&wr)]), 1)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
SSL3_RECORD_add_length(&wr, mac_size);
}
@@ -940,10 +970,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
s->rlayer.wpend_type = type;
s->rlayer.wpend_ret = len;
- /* we now just need to write the buffer */
+ /* we now just need to write the buffer. Calls SSLfatal() as required. */
return ssl3_write_pending(s, type, buf, len, written);
- err:
- return -1;
}
DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index baae0de..5f01b04 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -187,8 +187,10 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
rb = &s->rlayer.rbuf;
if (rb->buf == NULL)
- if (!ssl3_setup_read_buffer(s))
+ if (!ssl3_setup_read_buffer(s)) {
+ /* SSLfatal() already called */
return -1;
+ }
left = rb->left;
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
@@ -259,8 +261,10 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
/* else we need to read more data */
- if (n > rb->len - rb->offset) { /* does not happen */
- SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR);
+ if (n > rb->len - rb->offset) {
+ /* does not happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
+ ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -293,7 +297,8 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
if (ret >= 0)
bioread = ret;
} else {
- SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
+ SSL_R_READ_BIO_NOT_SET);
ret = -1;
}
@@ -355,13 +360,16 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
*/
if ((len < s->rlayer.wnum)
|| ((wb->left != 0) && (len < (s->rlayer.wnum + s->rlayer.wpend_tot)))) {
- SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+ SSL_R_BAD_LENGTH);
return -1;
}
if (s->early_data_state == SSL_EARLY_DATA_WRITING
- && !early_data_count_ok(s, len, 0, NULL))
+ && !early_data_count_ok(s, len, 0, 1)) {
+ /* SSLfatal() already called */
return -1;
+ }
s->rlayer.wnum = 0;
@@ -373,10 +381,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)
&& s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) {
i = s->handshake_func(s);
+ /* SSLfatal() already called */
if (i < 0)
return i;
if (i == 0) {
- SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
return -1;
}
}
@@ -386,6 +394,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
* will happen with non blocking IO
*/
if (wb->left != 0) {
+ /* SSLfatal() already called if appropriate */
i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot,
&tmpwrit);
if (i <= 0) {
@@ -430,7 +439,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
packlen *= 4;
if (!ssl3_setup_write_buffer(s, 1, packlen)) {
- SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE);
+ /* SSLfatal() already called */
return -1;
}
} else if (tot == len) { /* done? */
@@ -451,6 +460,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
if (s->s3->alert_dispatch) {
i = s->method->ssl_dispatch_alert(s);
if (i <= 0) {
+ /* SSLfatal() already called if appropriate */
s->rlayer.wnum = tot;
return i;
}
@@ -506,6 +516,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
i = ssl3_write_pending(s, type, &buf[tot], nw, &tmpwrit);
if (i <= 0) {
+ /* SSLfatal() already called if appropriate */
if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
/* free jumbo buffer */
ssl3_release_write_buffer(s);
@@ -548,7 +559,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
* We should have prevented this when we set max_pipelines so we
* shouldn't get here
*/
- SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+ ERR_R_INTERNAL_ERROR);
return -1;
}
if (maxpipes == 0
@@ -563,7 +575,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
* We should have prevented this when we set/get the split and max send
* fragments so we shouldn't get here
*/
- SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+ ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -600,6 +613,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0,
&tmpwrit);
if (i <= 0) {
+ /* SSLfatal() already called if appropriate */
/* XXX should we ssl3_release_write_buffer if i<0? */
s->rlayer.wnum = tot;
return i;
@@ -651,20 +665,27 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* first check if there is a SSL3_BUFFER still being written out. This
* will happen with non blocking IO
*/
- if (RECORD_LAYER_write_pending(&s->rlayer))
+ if (RECORD_LAYER_write_pending(&s->rlayer)) {
+ /* Calls SSLfatal() as required */
return ssl3_write_pending(s, type, buf, totlen, written);
+ }
/* If we have an alert to send, lets send it */
if (s->s3->alert_dispatch) {
i = s->method->ssl_dispatch_alert(s);
- if (i <= 0)
+ if (i <= 0) {
+ /* SSLfatal() already called if appropriate */
return i;
+ }
/* if it went, fall through and send more stuff */
}
- if (s->rlayer.numwpipes < numpipes)
- if (!ssl3_setup_write_buffer(s, numpipes, 0))
+ if (s->rlayer.numwpipes < numpipes) {
+ if (!ssl3_setup_write_buffer(s, numpipes, 0)) {
+ /* SSLfatal() already called */
return -1;
+ }
+ }
if (totlen == 0 && !create_empty_fragment)
return 0;
@@ -678,8 +699,11 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
} else {
/* TODO(siz_t): Convert me */
mac_size = EVP_MD_CTX_size(s->write_hash);
- if (mac_size < 0)
+ if (mac_size < 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
+ }
}
/*
@@ -702,13 +726,16 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
int ret;
ret = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1, &prefix_len);
- if (ret <= 0)
+ if (ret <= 0) {
+ /* SSLfatal() already called if appropriate */
goto err;
+ }
if (prefix_len >
(SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
/* insufficient space */
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
}
@@ -731,7 +758,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if (!WPACKET_init_static_len(&pkt[0], SSL3_BUFFER_get_buf(wb),
SSL3_BUFFER_get_len(wb), 0)
|| !WPACKET_allocate_bytes(&pkt[0], align, NULL)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
wpinited = 1;
@@ -742,7 +770,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
SSL3_BUFFER_get_len(wb), 0)
|| !WPACKET_allocate_bytes(&pkt[0], SSL3_BUFFER_get_offset(wb)
+ prefix_len, NULL)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
wpinited = 1;
@@ -759,7 +788,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if (!WPACKET_init_static_len(thispkt, SSL3_BUFFER_get_buf(wb),
SSL3_BUFFER_get_len(wb), 0)
|| !WPACKET_allocate_bytes(thispkt, align, NULL)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
wpinited++;
@@ -824,7 +854,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|| (maxcomplen > 0
&& !WPACKET_reserve_bytes(thispkt, maxcomplen,
&compressdata))) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -843,12 +874,14 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if (s->compress != NULL) {
if (!ssl3_do_compress(s, thiswr)
|| !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ SSL_R_COMPRESSION_FAILURE);
goto err;
}
} else {
if (!WPACKET_memcpy(thispkt, thiswr->input, thiswr->length)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
SSL3_RECORD_reset_input(&wr[j]);
@@ -858,7 +891,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
size_t rlen, max_send_fragment;
if (!WPACKET_put_bytes_u8(thispkt, type)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
SSL3_RECORD_add_length(thiswr, 1);
@@ -891,7 +925,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if (padding > max_padding)
padding = max_padding;
if (!WPACKET_memset(thispkt, 0, padding)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
SSL3_RECORD_add_length(thiswr, padding);
@@ -910,7 +945,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
|| !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
}
@@ -927,7 +963,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* sub-packet
*/
|| !WPACKET_get_length(thispkt, &len)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -945,11 +982,21 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* We haven't actually negotiated the version yet, but we're trying to
* send early data - so we need to use the tls13enc function.
*/
- if (tls13_enc(s, wr, numpipes, 1) < 1)
+ if (tls13_enc(s, wr, numpipes, 1) < 1) {
+ if (!ossl_statem_in_error(s)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ }
goto err;
+ }
} else {
- if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1)
+ if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1) {
+ if (!ossl_statem_in_error(s)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ }
goto err;
+ }
}
for (j = 0; j < numpipes; j++) {
@@ -965,7 +1012,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|| (thiswr->length > origlen
&& !WPACKET_allocate_bytes(thispkt,
thiswr->length - origlen, NULL))) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
if (SSL_WRITE_ETM(s) && mac_size != 0) {
@@ -973,7 +1021,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
|| !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
SSL3_RECORD_add_length(thiswr, mac_size);
@@ -981,7 +1030,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if (!WPACKET_get_length(thispkt, &len)
|| !WPACKET_close(thispkt)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1001,7 +1051,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
}
if (!WPACKET_finish(thispkt)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1020,7 +1071,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
*/
if (j > 0) {
/* We should never be pipelining an empty fragment!! */
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
*written = SSL3_RECORD_get_length(thiswr);
@@ -1065,7 +1117,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
|| ((s->rlayer.wpend_buf != buf) &&
!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
|| (s->rlayer.wpend_type != type)) {
- SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING,
+ SSL_R_BAD_WRITE_RETRY);
return -1;
}
@@ -1087,7 +1140,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
if (i >= 0)
tmpwrit = i;
} else {
- SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING,
+ SSL_R_BIO_NOT_SET);
i = -1;
}
if (i > 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) {
@@ -1145,7 +1199,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
size_t len, int peek, size_t *readbytes)
{
- int al, i, j, ret;
+ int i, j, ret;
size_t n, curr_rec, num_recs, totalbytes;
SSL3_RECORD *rr;
SSL3_BUFFER *rbuf;
@@ -1155,15 +1209,18 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (!SSL3_BUFFER_is_initialised(rbuf)) {
/* Not initialized yet */
- if (!ssl3_setup_read_buffer(s))
+ if (!ssl3_setup_read_buffer(s)) {
+ /* SSLfatal() already called */
return -1;
+ }
}
if ((type && (type != SSL3_RT_APPLICATION_DATA)
&& (type != SSL3_RT_HANDSHAKE)) || (peek
&& (type !=
SSL3_RT_APPLICATION_DATA))) {
- SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+ ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -1200,12 +1257,11 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) {
/* type == SSL3_RT_APPLICATION_DATA */
i = s->handshake_func(s);
+ /* SSLfatal() already called */
if (i < 0)
return i;
- if (i == 0) {
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+ if (i == 0)
return -1;
- }
}
start:
s->rwstate = SSL_NOTHING;
@@ -1224,14 +1280,16 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* get new records if necessary */
if (num_recs == 0) {
ret = ssl3_get_record(s);
- if (ret <= 0)
+ if (ret <= 0) {
+ /* SSLfatal() already called if appropriate */
return ret;
+ }
num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
if (num_recs == 0) {
/* Shouldn't happen */
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
}
}
/* Skip over any records we have already read */
@@ -1259,9 +1317,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
* reset by ssl3_get_finished */
&& (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+ return -1;
}
/*
@@ -1289,17 +1347,17 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
*/
if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
(s->enc_read_ctx == NULL)) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_APP_DATA_IN_HANDSHAKE);
+ return -1;
}
if (type == SSL3_RT_HANDSHAKE
&& SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
&& s->rlayer.handshake_fragment_len > 0) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_CCS_RECEIVED_EARLY);
+ return -1;
}
if (recvd_type != NULL)
@@ -1374,9 +1432,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* initial ClientHello. Therefore |type| should always be equal to
* |rr->type|. If not then something has gone horribly wrong
*/
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
}
if (s->method->version == TLS_ANY_VERSION
@@ -1388,9 +1446,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* other than a ClientHello if we are a server.
*/
s->version = rr->rec_version;
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_UNEXPECTED_MESSAGE);
+ return -1;
}
/*
@@ -1463,9 +1521,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
|| !PACKET_get_1(&alert, &alert_level)
|| !PACKET_get_1(&alert, &alert_descr)
|| PACKET_remaining(&alert) != 0) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INVALID_ALERT);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_INVALID_ALERT);
+ return -1;
}
if (s->msg_callback)
@@ -1488,9 +1546,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
s->rlayer.alert_count++;
if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_TOO_MANY_WARN_ALERTS);
+ return -1;
}
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
@@ -1502,9 +1560,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* is user_cancelled - which we just ignore.
*/
if (SSL_IS_TLS13(s) && alert_descr != SSL_AD_USER_CANCELLED) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
- goto f_err;
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES,
+ SSL_R_UNKNOWN_ALERT_TYPE);
+ return -1;
}
/*
* This is a warning but we receive it if we requested
@@ -1515,26 +1573,27 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* the peer refused it where we carry on.
*/
if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_NO_RENEGOTIATION);
- goto f_err;
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_NO_RENEGOTIATION);
+ return -1;
}
} else if (alert_level == SSL3_AL_FATAL) {
char tmp[16];
s->rwstate = SSL_NOTHING;
s->s3->fatal_alert = alert_descr;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
- BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr);
+ SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES,
+ SSL_AD_REASON_OFFSET + alert_descr);
+ BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL3_RECORD_set_read(rr);
SSL_CTX_remove_session(s->session_ctx, s->session);
return 0;
} else {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
- goto f_err;
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES,
+ SSL_R_UNKNOWN_ALERT_TYPE);
+ return -1;
}
goto start;
@@ -1549,9 +1608,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_CCS_RECEIVED_EARLY);
+ return -1;
}
/*
@@ -1566,10 +1625,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
ossl_statem_set_in_init(s, 1);
i = s->handshake_func(s);
+ /* SSLfatal() already called if appropriate */
if (i < 0)
return i;
if (i == 0) {
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
return -1;
}
@@ -1610,9 +1669,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* no progress is being made and the peer continually sends unrecognised
* record types, using up resources processing them.
*/
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_UNEXPECTED_RECORD);
+ return -1;
case SSL3_RT_CHANGE_CIPHER_SPEC:
case SSL3_RT_ALERT:
case SSL3_RT_HANDSHAKE:
@@ -1621,9 +1680,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
* that should not happen when type != rr->type
*/
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
case SSL3_RT_APPLICATION_DATA:
/*
* At this point, we were expecting handshake data, but have
@@ -1646,21 +1705,18 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* record.
*/
if (!early_data_count_ok(s, rr->length,
- EARLY_DATA_CIPHERTEXT_OVERHEAD, &al))
- goto f_err;
+ EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+ /* SSLfatal() already called */
+ return -1;
+ }
SSL3_RECORD_set_read(rr);
goto start;
} else {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_UNEXPECTED_RECORD);
+ return -1;
}
}
- /* not reached */
-
- f_err:
- ssl3_send_alert(s, SSL3_AL_FATAL, al);
- return -1;
}
void ssl3_record_sequence_update(unsigned char *seq)
diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h
index fefb0df..c20f5fe 100644
--- a/ssl/record/record_locl.h
+++ b/ssl/record/record_locl.h
@@ -114,4 +114,4 @@ __owur int tls1_cbc_remove_padding(const SSL *s,
size_t block_size, size_t mac_size);
int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap);
__owur int dtls1_get_record(SSL *s);
-int early_data_count_ok(SSL *s, size_t length, size_t overhead, int *al);
+int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send);
diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
index 6d3a232..53bd4cb 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -60,18 +60,22 @@ int ssl3_setup_read_buffer(SSL *s)
#endif
if (b->default_len > len)
len = b->default_len;
- if ((p = OPENSSL_malloc(len)) == NULL)
- goto err;
+ if ((p = OPENSSL_malloc(len)) == NULL) {
+ /*
+ * We've got a malloc failure, and we're still initialising buffers.
+ * We assume we're so doomed that we won't even be able to send an
+ * alert.
+ */
+ SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_SETUP_READ_BUFFER,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
b->buf = p;
b->len = len;
}
RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
return 1;
-
- err:
- SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE);
- return 0;
}
int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
@@ -116,7 +120,12 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
p = OPENSSL_malloc(len);
if (p == NULL) {
s->rlayer.numwpipes = currpipe;
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ /*
+ * We've got a malloc failure, and we're still initialising
+ * buffers. We assume we're so doomed that we won't even be able
+ * to send an alert.
+ */
+ SSLfatal(s, SSL_AD_NO_ALERT,
SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -131,8 +140,10 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
int ssl3_setup_buffers(SSL *s)
{
- if (!ssl3_setup_read_buffer(s))
+ if (!ssl3_setup_read_buffer(s)) {
+ /* SSLfatal() already called */
return 0;
+ }
if (!ssl3_setup_write_buffer(s, 1, 0)) {
/* SSLfatal() already called */
return 0;
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 28a706f..213f001 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -101,7 +101,7 @@ static int ssl3_record_app_data_waiting(SSL *s)
return 1;
}
-int early_data_count_ok(SSL *s, size_t length, size_t overhead, int *al)
+int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send)
{
uint32_t max_early_data = s->max_early_data;
SSL_SESSION *sess = s->session;
@@ -114,7 +114,8 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int *al)
if (!s->server && sess->ext.max_early_data == 0) {
if (!ossl_assert(s->psksession != NULL
&& s->psksession->ext.max_early_data > 0)) {
- SSLerr(SSL_F_EARLY_DATA_COUNT_OK, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_EARLY_DATA_COUNT_OK,
+ ERR_R_INTERNAL_ERROR);
return 0;
}
sess = s->psksession;
@@ -124,9 +125,8 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int *al)
max_early_data = sess->ext.max_early_data;
if (max_early_data == 0) {
- if (al != NULL)
- *al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);
+ SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
+ SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);
return 0;
}
@@ -134,9 +134,8 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int *al)
max_early_data += overhead;
if (s->early_data_count + length > max_early_data) {
- if (al != NULL)
- *al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);
+ SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
+ SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);
return 0;
}
s->early_data_count += length;
@@ -168,8 +167,7 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int *al)
/* used only by ssl3_read_bytes */
int ssl3_get_record(SSL *s)
{
- int al;
- int enc_err, rret, ret = -1;
+ int enc_err, rret;
int i;
size_t more, n;
SSL3_RECORD *rr, *thisrr;
@@ -211,16 +209,16 @@ int ssl3_get_record(SSL *s)
p = RECORD_LAYER_get_packet(&s->rlayer);
if (!PACKET_buf_init(&pkt, RECORD_LAYER_get_packet(&s->rlayer),
RECORD_LAYER_get_packet_length(&s->rlayer))) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
}
sslv2pkt = pkt;
if (!PACKET_get_net_2_len(&sslv2pkt, &sslv2len)
|| !PACKET_get_1(&sslv2pkt, &type)) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
}
/*
* The first record received by the server may be a V2ClientHello.
@@ -244,15 +242,15 @@ int ssl3_get_record(SSL *s)
if (thisrr->length > SSL3_BUFFER_get_len(rbuf)
- SSL2_RT_HEADER_LENGTH) {
- al = SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
- goto f_err;
+ SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+ SSL_R_PACKET_LENGTH_TOO_LONG);
+ return -1;
}
if (thisrr->length < MIN_SSL2_RECORD_LEN) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+ SSL_R_LENGTH_TOO_SHORT);
+ return -1;
}
} else {
/* SSLv3+ style record */
@@ -264,9 +262,9 @@ int ssl3_get_record(SSL *s)
if (!PACKET_get_1(&pkt, &type)
|| !PACKET_get_net_2(&pkt, &version)
|| !PACKET_get_net_2_len(&pkt, &thisrr->length)) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
}
thisrr->type = type;
thisrr->rec_version = version;
@@ -280,7 +278,6 @@ int ssl3_get_record(SSL *s)
if (!s->first_packet && !SSL_IS_TLS13(s)
&& !s->hello_retry_request
&& version != (unsigned int)s->version) {
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
if ((s->version & 0xFF00) == (version & 0xFF00)
&& !s->enc_write_ctx && !s->write_hash) {
if (thisrr->type == SSL3_RT_ALERT) {
@@ -292,15 +289,18 @@ int ssl3_get_record(SSL *s)
* shouldn't send a fatal alert back. We'll just
* end.
*/
- goto err;
+ SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+ SSL_R_WRONG_VERSION_NUMBER);
+ return -1;
}
/*
* Send back error using their minor version number :-)
*/
s->version = (unsigned short)version;
}
- al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
+ SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL3_GET_RECORD,
+ SSL_R_WRONG_VERSION_NUMBER);
+ return -1;
}
if ((version >> 8) != SSL3_VERSION_MAJOR) {
@@ -312,38 +312,39 @@ int ssl3_get_record(SSL *s)
strncmp((char *)p, "POST ", 5) == 0 ||
strncmp((char *)p, "HEAD ", 5) == 0 ||
strncmp((char *)p, "PUT ", 4) == 0) {
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_HTTP_REQUEST);
- goto err;
+ SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+ SSL_R_HTTP_REQUEST);
+ return -1;
} else if (strncmp((char *)p, "CONNE", 5) == 0) {
- SSLerr(SSL_F_SSL3_GET_RECORD,
- SSL_R_HTTPS_PROXY_REQUEST);
- goto err;
+ SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+ SSL_R_HTTPS_PROXY_REQUEST);
+ return -1;
}
/* Doesn't look like TLS - don't send an alert */
- SSLerr(SSL_F_SSL3_GET_RECORD,
- SSL_R_WRONG_VERSION_NUMBER);
- goto err;
+ SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+ SSL_R_WRONG_VERSION_NUMBER);
+ return -1;
} else {
- SSLerr(SSL_F_SSL3_GET_RECORD,
- SSL_R_WRONG_VERSION_NUMBER);
- al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
+ SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+ SSL_F_SSL3_GET_RECORD,
+ SSL_R_WRONG_VERSION_NUMBER);
+ return -1;
}
}
if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL
&& thisrr->type != SSL3_RT_APPLICATION_DATA) {
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
- al = SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+ SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
+ return -1;
}
if (thisrr->length >
SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {
- al = SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
- goto f_err;
+ SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+ SSL_R_PACKET_LENGTH_TOO_LONG);
+ return -1;
}
}
@@ -352,9 +353,9 @@ int ssl3_get_record(SSL *s)
if (SSL_IS_TLS13(s)) {
if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) {
- al = SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
- goto f_err;
+ SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+ SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+ return -1;
}
} else {
size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
@@ -369,9 +370,9 @@ int ssl3_get_record(SSL *s)
#endif
if (thisrr->length > len) {
- al = SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
- goto f_err;
+ SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+ SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+ return -1;
}
}
@@ -452,27 +453,26 @@ int ssl3_get_record(SSL *s)
/* TODO(size_t): convert this to do size_t properly */
imac_size = EVP_MD_CTX_size(s->read_hash);
if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD, ERR_LIB_EVP);
- goto f_err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+ ERR_LIB_EVP);
+ return -1;
}
mac_size = (size_t)imac_size;
for (j = 0; j < num_recs; j++) {
thisrr = &rr[j];
if (thisrr->length < mac_size) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+ SSL_R_LENGTH_TOO_SHORT);
+ return -1;
}
thisrr->length -= mac_size;
mac = thisrr->data + thisrr->length;
i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );
if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) {
- al = SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_SSL3_GET_RECORD,
+ SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
- goto f_err;
+ return -1;
}
}
}
@@ -488,6 +488,10 @@ int ssl3_get_record(SSL *s)
* -1: if the padding is invalid
*/
if (enc_err == 0) {
+ if (ossl_statem_in_error(s)) {
+ /* SSLfatal() already got called */
+ return -1;
+ }
if (num_recs == 1 && ossl_statem_skip_early_data(s)) {
/*
* Valid early_data that we cannot decrypt might fail here as
@@ -497,8 +501,10 @@ int ssl3_get_record(SSL *s)
thisrr = &rr[0];
if (!early_data_count_ok(s, thisrr->length,
- EARLY_DATA_CIPHERTEXT_OVERHEAD, &al))
- goto f_err;
+ EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+ /* SSLfatal() already called */
+ return -1;
+ }
thisrr->length = 0;
thisrr->read = 1;
@@ -506,9 +512,9 @@ int ssl3_get_record(SSL *s)
RECORD_LAYER_reset_read_sequence(&s->rlayer);
return 1;
}
- al = SSL_AD_DECRYPTION_FAILED;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- goto f_err;
+ SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD,
+ SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+ return -1;
}
#ifdef SSL_DEBUG
printf("dec %"OSSLzu"\n", rr[0].length);
@@ -530,9 +536,9 @@ int ssl3_get_record(SSL *s)
mac_size = EVP_MD_CTX_size(s->read_hash);
if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
}
for (j = 0; j < num_recs; j++) {
@@ -547,9 +553,9 @@ int ssl3_get_record(SSL *s)
/* CBC records must have a padding length byte too. */
(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
thisrr->orig_len < mac_size + 1)) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+ SSL_R_LENGTH_TOO_SHORT);
+ return -1;
}
if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
@@ -561,9 +567,9 @@ int ssl3_get_record(SSL *s)
*/
mac = mac_tmp;
if (!ssl3_cbc_copy_mac(mac_tmp, thisrr, mac_size)) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
}
thisrr->length -= mac_size;
} else {
@@ -586,6 +592,10 @@ int ssl3_get_record(SSL *s)
}
if (enc_err < 0) {
+ if (ossl_statem_in_error(s)) {
+ /* We already called SSLfatal() */
+ return -1;
+ }
if (num_recs == 1 && ossl_statem_skip_early_data(s)) {
/*
* We assume this is unreadable early_data - we treat it like an
@@ -597,8 +607,10 @@ int ssl3_get_record(SSL *s)
* so we use the previously saved value
*/
if (!early_data_count_ok(s, first_rec_len,
- EARLY_DATA_CIPHERTEXT_OVERHEAD, &al))
- goto f_err;
+ EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+ /* SSLfatal() already called */
+ return -1;
+ }
thisrr = &rr[0];
thisrr->length = 0;
@@ -614,10 +626,9 @@ int ssl3_get_record(SSL *s)
* not reveal which kind of error occurred -- this might become
* visible to an attacker (e.g. via a logfile)
*/
- al = SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_SSL3_GET_RECORD,
- SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
- goto f_err;
+ SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
+ SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ return -1;
}
for (j = 0; j < num_recs; j++) {
@@ -626,14 +637,14 @@ int ssl3_get_record(SSL *s)
/* thisrr->length is now just compressed */
if (s->expand != NULL) {
if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
- al = SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
- goto f_err;
+ SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+ SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+ return -1;
}
if (!ssl3_do_uncompress(s, thisrr)) {
- al = SSL_AD_DECOMPRESSION_FAILURE;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_DECOMPRESSION);
- goto f_err;
+ SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE, SSL_F_SSL3_GET_RECORD,
+ SSL_R_BAD_DECOMPRESSION);
+ return -1;
}
}
@@ -642,9 +653,9 @@ int ssl3_get_record(SSL *s)
if (thisrr->length == 0
|| thisrr->type != SSL3_RT_APPLICATION_DATA) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+ SSL_R_BAD_RECORD_TYPE);
+ return -1;
}
/* Strip trailing padding */
@@ -657,9 +668,9 @@ int ssl3_get_record(SSL *s)
if (thisrr->type != SSL3_RT_APPLICATION_DATA
&& thisrr->type != SSL3_RT_ALERT
&& thisrr->type != SSL3_RT_HANDSHAKE) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+ SSL_R_BAD_RECORD_TYPE);
+ return -1;
}
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE,
@@ -674,23 +685,23 @@ int ssl3_get_record(SSL *s)
&& (thisrr->type == SSL3_RT_HANDSHAKE
|| thisrr->type == SSL3_RT_ALERT)
&& thisrr->length == 0) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_LENGTH);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+ SSL_R_BAD_LENGTH);
+ return -1;
}
if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
- al = SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
- goto f_err;
+ SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ return -1;
}
/* If received packet overflows current Max Fragment Length setting */
if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
&& thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
- al = SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
- goto f_err;
+ SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ return -1;
}
thisrr->off = 0;
@@ -707,9 +718,9 @@ int ssl3_get_record(SSL *s)
RECORD_LAYER_inc_empty_record_count(&s->rlayer);
if (RECORD_LAYER_get_empty_record_count(&s->rlayer)
> MAX_EMPTY_RECORDS) {
- al = SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_RECORD_TOO_SMALL);
- goto f_err;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+ SSL_R_RECORD_TOO_SMALL);
+ return -1;
}
} else {
RECORD_LAYER_reset_empty_record_count(&s->rlayer);
@@ -719,17 +730,14 @@ int ssl3_get_record(SSL *s)
if (s->early_data_state == SSL_EARLY_DATA_READING) {
thisrr = &rr[0];
if (thisrr->type == SSL3_RT_APPLICATION_DATA
- && !early_data_count_ok(s, thisrr->length, 0, &al))
- goto f_err;
+ && !early_data_count_ok(s, thisrr->length, 0, 0)) {
+ /* SSLfatal already called */
+ return -1;
+ }
}
RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs);
return 1;
-
- f_err:
- ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
- return ret;
}
int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
@@ -776,7 +784,8 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
}
/*-
- * ssl3_enc encrypts/decrypts |n_recs| records in |inrecs|
+ * ssl3_enc encrypts/decrypts |n_recs| records in |inrecs|. Will call
+ * SSLfatal() for internal errors, but not otherwise.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
@@ -851,8 +860,11 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)
if (EVP_MD_CTX_md(s->read_hash) != NULL) {
/* TODO(size_t): convert me */
imac_size = EVP_MD_CTX_size(s->read_hash);
- if (imac_size < 0)
+ if (imac_size < 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
+ }
mac_size = (size_t)imac_size;
}
if ((bs != 1) && !sending)
@@ -863,7 +875,8 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)
#define MAX_PADDING 256
/*-
- * tls1_enc encrypts/decrypts |n_recs| in |recs|.
+ * tls1_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for
+ * internal errors, but not otherwise.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
@@ -883,14 +896,18 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
int imac_size;
const EVP_CIPHER *enc;
- if (n_recs == 0)
+ if (n_recs == 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+ ERR_R_INTERNAL_ERROR);
return 0;
+ }
if (sending) {
if (EVP_MD_CTX_md(s->write_hash)) {
int n = EVP_MD_CTX_size(s->write_hash);
if (!ossl_assert(n >= 0)) {
- SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
}
}
@@ -913,10 +930,12 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
* we can't write into the input stream: Can this ever
* happen?? (steve)
*/
- SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
} else if (ssl_randbytes(s, recs[ctr].input, ivlen) <= 0) {
- SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
}
}
@@ -926,7 +945,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
if (EVP_MD_CTX_md(s->read_hash)) {
int n = EVP_MD_CTX_size(s->read_hash);
if (!ossl_assert(n >= 0)) {
- SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
}
}
@@ -953,7 +973,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
* We shouldn't have been called with pipeline data if the
* cipher doesn't support pipelining
*/
- SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+ SSL_R_PIPELINE_FAILURE);
return -1;
}
}
@@ -991,8 +1012,11 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
buf[ctr][12] = (unsigned char)(recs[ctr].length & 0xff);
pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD,
EVP_AEAD_TLS1_AAD_LEN, buf[ctr]);
- if (pad <= 0)
+ if (pad <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
+ }
if (sending) {
reclen[ctr] += pad;
@@ -1004,8 +1028,11 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
/* Add weird padding of upto 256 bytes */
- if (padnum > MAX_PADDING)
+ if (padnum > MAX_PADDING) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
+ }
/* we need to add 'padnum' padding bytes of value padval */
padval = (unsigned char)(padnum - 1);
for (loop = reclen[ctr]; loop < reclen[ctr] + padnum; loop++)
@@ -1028,7 +1055,9 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
}
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,
(int)n_recs, data) <= 0) {
- SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+ SSL_R_PIPELINE_FAILURE);
+ return -1;
}
/* Set the input buffers */
for (ctr = 0; ctr < n_recs; ctr++) {
@@ -1038,7 +1067,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
(int)n_recs, data) <= 0
|| EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS,
(int)n_recs, reclen) <= 0) {
- SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+ SSL_R_PIPELINE_FAILURE);
return -1;
}
}
@@ -1051,6 +1081,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
? (tmpr < 0)
: (tmpr == 0))
return -1; /* AEAD can fail to verify MAC */
+
if (sending == 0) {
if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) {
for (ctr = 0; ctr < n_recs; ctr++) {
@@ -1070,8 +1101,11 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
ret = 1;
if (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) {
imac_size = EVP_MD_CTX_size(s->read_hash);
- if (imac_size < 0)
+ if (imac_size < 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
+ }
mac_size = (size_t)imac_size;
}
if ((bs != 1) && !sending) {
@@ -1518,7 +1552,7 @@ int ssl3_cbc_copy_mac(unsigned char *out,
int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
{
- int i, al;
+ int i;
int enc_err;
SSL_SESSION *sess;
SSL3_RECORD *rr;
@@ -1549,9 +1583,9 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
/* check is not needed I believe */
if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
- al = SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
- goto f_err;
+ SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
+ SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+ return 0;
}
/* decrypt in place in 'rr->input' */
@@ -1562,23 +1596,22 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
unsigned char *mac;
mac_size = EVP_MD_CTX_size(s->read_hash);
if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
}
if (rr->orig_len < mac_size) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+ SSL_R_LENGTH_TOO_SHORT);
+ return 0;
}
rr->length -= mac_size;
mac = rr->data + rr->length;
i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) {
- al = SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,
+ SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_DTLS1_PROCESS_RECORD,
SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
- goto f_err;
+ return 0;
}
}
@@ -1590,10 +1623,14 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
* -1: if the padding is invalid
*/
if (enc_err == 0) {
+ if (ossl_statem_in_error(s)) {
+ /* SSLfatal() got called */
+ return 0;
+ }
/* For DTLS we simply ignore bad packets. */
rr->length = 0;
RECORD_LAYER_reset_packet_length(&s->rlayer);
- goto err;
+ return 0;
}
#ifdef SSL_DEBUG
printf("dec %ld\n", rr->length);
@@ -1615,15 +1652,15 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
/* TODO(size_t): Convert this to do size_t properly */
imac_size = EVP_MD_CTX_size(s->read_hash);
if (imac_size < 0) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD, ERR_LIB_EVP);
- goto f_err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+ ERR_LIB_EVP);
+ return 0;
}
mac_size = (size_t)imac_size;
if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
}
/*
@@ -1636,9 +1673,9 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
/* CBC records must have a padding length byte too. */
(EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
rr->orig_len < mac_size + 1)) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+ SSL_R_LENGTH_TOO_SHORT);
+ return 0;
}
if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
@@ -1650,9 +1687,9 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
*/
mac = mac_tmp;
if (!ssl3_cbc_copy_mac(mac_tmp, rr, mac_size)) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
}
rr->length -= mac_size;
} else {
@@ -1677,28 +1714,27 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
/* decryption failed, silently discard message */
rr->length = 0;
RECORD_LAYER_reset_packet_length(&s->rlayer);
- goto err;
+ return 0;
}
/* r->length is now just compressed */
if (s->expand != NULL) {
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
- al = SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,
- SSL_R_COMPRESSED_LENGTH_TOO_LONG);
- goto f_err;
+ SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
+ SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+ return 0;
}
if (!ssl3_do_uncompress(s, rr)) {
- al = SSL_AD_DECOMPRESSION_FAILURE;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
- goto f_err;
+ SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE,
+ SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
+ return 0;
}
}
if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
- al = SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
- goto f_err;
+ SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ return 0;
}
rr->off = 0;
@@ -1718,11 +1754,6 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
dtls1_record_bitmap_update(s, bitmap);
return 1;
-
- f_err:
- ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
- return 0;
}
/*
@@ -1760,8 +1791,10 @@ int dtls1_get_record(SSL *s)
* The epoch may have changed. If so, process all the pending records.
* This is a non-blocking operation.
*/
- if (!dtls1_process_buffered_records(s))
+ if (!dtls1_process_buffered_records(s)) {
+ /* SSLfatal() already called */
return -1;
+ }
/* if we're renegotiating, then there may be buffered records */
if (dtls1_get_processed_record(s))
@@ -1775,8 +1808,10 @@ int dtls1_get_record(SSL *s)
rret = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1, &n);
/* read timeout is handled by dtls1_read_bytes */
- if (rret <= 0)
+ if (rret <= 0) {
+ /* SSLfatal() already called if appropriate */
return rret; /* error or non-blocking */
+ }
/* this packet contained a partial record, dump it */
if (RECORD_LAYER_get_packet_length(&s->rlayer) !=
@@ -1852,6 +1887,10 @@ int dtls1_get_record(SSL *s)
rret = ssl3_read_n(s, more, more, 1, 1, &n);
/* this packet contained a partial record, dump it */
if (rret <= 0 || n != more) {
+ if (ossl_statem_in_error(s)) {
+ /* ssl3_read_n() called SSLfatal() */
+ return -1;
+ }
rr->length = 0;
RECORD_LAYER_reset_packet_length(&s->rlayer);
goto again;
@@ -1901,10 +1940,12 @@ int dtls1_get_record(SSL *s)
*/
if (is_next_epoch) {
if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) {
- if (dtls1_buffer_record
- (s, &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)),
- rr->seq_num) < 0)
+ if (dtls1_buffer_record (s,
+ &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)),
+ rr->seq_num) < 0) {
+ /* SSLfatal() already called */
return -1;
+ }
}
rr->length = 0;
RECORD_LAYER_reset_packet_length(&s->rlayer);
@@ -1912,6 +1953,10 @@ int dtls1_get_record(SSL *s)
}
if (!dtls1_process_record(s, bitmap)) {
+ if (ossl_statem_in_error(s)) {
+ /* dtls1_process_record() called SSLfatal */
+ return -1;
+ }
rr->length = 0;
RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
goto again; /* get another record */
diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
index 696cc37..f1e1667 100644
--- a/ssl/record/ssl3_record_tls13.c
+++ b/ssl/record/ssl3_record_tls13.c
@@ -12,7 +12,8 @@
#include "internal/cryptlib.h"
/*-
- * tls13_enc encrypts/decrypts |n_recs| in |recs|.
+ * tls13_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for
+ * internal errors, but not otherwise.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
@@ -35,6 +36,8 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
if (n_recs != 1) {
/* Should not happen */
/* TODO(TLS1.3): Support pipelining */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -62,8 +65,11 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
alg_enc = s->session->cipher->algorithm_enc;
} else {
if (!ossl_assert(s->psksession != NULL
- && s->psksession->ext.max_early_data > 0))
+ && s->psksession->ext.max_early_data > 0)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
+ }
alg_enc = s->psksession->cipher->algorithm_enc;
}
} else {
@@ -71,8 +77,11 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
* To get here we must have selected a ciphersuite - otherwise ctx would
* be NULL
*/
- if (!ossl_assert(s->s3->tmp.new_cipher != NULL))
+ if (!ossl_assert(s->s3->tmp.new_cipher != NULL)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
+ }
alg_enc = s->s3->tmp.new_cipher->algorithm_enc;
}
@@ -82,13 +91,18 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
else
taglen = EVP_CCM_TLS_TAG_LEN;
if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen,
- NULL) <= 0)
+ NULL) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
+ }
} else if (alg_enc & SSL_AESGCM) {
taglen = EVP_GCM_TLS_TAG_LEN;
} else if (alg_enc & SSL_CHACHA20) {
taglen = EVP_CHACHAPOLY_TLS_TAG_LEN;
} else {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -105,6 +119,8 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
/* Set up IV */
if (ivlen < SEQ_NUM_SIZE) {
/* Should not happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
}
offset = ivlen - SEQ_NUM_SIZE;
@@ -137,8 +153,11 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
if (sending) {
/* Add the tag */
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
- rec->data + rec->length) <= 0)
+ rec->data + rec->length) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+ ERR_R_INTERNAL_ERROR);
return -1;
+ }
rec->length += taglen;
}
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 7710ef0..7b201e0 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -128,6 +128,7 @@ static const ERR_STRING_DATA SSL_str_functs[] = {
"ssl3_digest_cached_records"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, 0),
"ssl3_do_change_cipher_spec"},
+ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_ENC, 0), "ssl3_enc"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINAL_FINISH_MAC, 0),
"ssl3_final_finish_mac"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINISH_MAC, 0), "ssl3_finish_mac"},
@@ -362,6 +363,7 @@ static const ERR_STRING_DATA SSL_str_functs[] = {
{ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_COPY_SIGALGS, 0), "tls12_copy_sigalgs"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_CHANGE_CIPHER_STATE, 0),
"tls13_change_cipher_state"},
+ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_ENC, 0), "tls13_enc"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_FINAL_FINISH_MAC, 0),
"tls13_final_finish_mac"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_GENERATE_SECRET, 0),
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index d19fe0a..8604d5b 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -944,7 +944,7 @@ int dtls1_read_failed(SSL *s, int code)
return 0;
}
- if (!dtls1_is_timer_expired(s)) {
+ if (!dtls1_is_timer_expired(s) || ossl_statem_in_error(s)) {
/*
* not a timeout, none of our business, let higher layers handle
* this. in fact it's probably an error
More information about the openssl-commits
mailing list