summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2021-02-20 14:14:16 +0000
committertb <>2021-02-20 14:14:16 +0000
commit71a74e2825163f66183fabda55e360049ddb0c59 (patch)
tree4711b2f00b14a9f314d4174890c0e42da068c594 /src
parent84ff83dc51954d11a1087ab0c40817d06ac77b85 (diff)
downloadopenbsd-71a74e2825163f66183fabda55e360049ddb0c59.tar.gz
openbsd-71a74e2825163f66183fabda55e360049ddb0c59.tar.bz2
openbsd-71a74e2825163f66183fabda55e360049ddb0c59.zip
Rename f_err into fatal_err.
discussed with jsing
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_both.c16
-rw-r--r--src/lib/libssl/d1_pkt.c24
-rw-r--r--src/lib/libssl/ssl_both.c20
-rw-r--r--src/lib/libssl/ssl_clnt.c120
-rw-r--r--src/lib/libssl/ssl_lib.c8
-rw-r--r--src/lib/libssl/ssl_pkt.c40
-rw-r--r--src/lib/libssl/ssl_srvr.c138
7 files changed, 183 insertions, 183 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index ba4e9edd8d..06a8585e10 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.66 2021/01/26 14:22:19 jsing Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.67 2021/02/20 14:14:16 tb Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -391,7 +391,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
391 if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { 391 if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
392 al = SSL_AD_UNEXPECTED_MESSAGE; 392 al = SSL_AD_UNEXPECTED_MESSAGE;
393 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 393 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
394 goto f_err; 394 goto fatal_err;
395 } 395 }
396 *ok = 1; 396 *ok = 1;
397 s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; 397 s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
@@ -433,7 +433,7 @@ again:
433 s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; 433 s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
434 return s->internal->init_num; 434 return s->internal->init_num;
435 435
436f_err: 436 fatal_err:
437 ssl3_send_alert(s, SSL3_AL_FATAL, al); 437 ssl3_send_alert(s, SSL3_AL_FATAL, al);
438 *ok = 0; 438 *ok = 0;
439 return -1; 439 return -1;
@@ -776,7 +776,7 @@ again:
776 dtls1_get_message_header(wire, &msg_hdr) == 0) { 776 dtls1_get_message_header(wire, &msg_hdr) == 0) {
777 al = SSL_AD_UNEXPECTED_MESSAGE; 777 al = SSL_AD_UNEXPECTED_MESSAGE;
778 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 778 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
779 goto f_err; 779 goto fatal_err;
780 } 780 }
781 781
782 /* 782 /*
@@ -818,12 +818,12 @@ again:
818 { 818 {
819 al = SSL_AD_UNEXPECTED_MESSAGE; 819 al = SSL_AD_UNEXPECTED_MESSAGE;
820 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 820 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
821 goto f_err; 821 goto fatal_err;
822 } 822 }
823 } 823 }
824 824
825 if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max))) 825 if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
826 goto f_err; 826 goto fatal_err;
827 827
828 /* XDTLS: ressurect this when restart is in place */ 828 /* XDTLS: ressurect this when restart is in place */
829 S3I(s)->hs.state = stn; 829 S3I(s)->hs.state = stn;
@@ -849,7 +849,7 @@ again:
849 if (i != (int)frag_len) { 849 if (i != (int)frag_len) {
850 al = SSL3_AD_ILLEGAL_PARAMETER; 850 al = SSL3_AD_ILLEGAL_PARAMETER;
851 SSLerror(s, SSL3_AD_ILLEGAL_PARAMETER); 851 SSLerror(s, SSL3_AD_ILLEGAL_PARAMETER);
852 goto f_err; 852 goto fatal_err;
853 } 853 }
854 854
855 *ok = 1; 855 *ok = 1;
@@ -863,7 +863,7 @@ again:
863 s->internal->init_num = frag_len; 863 s->internal->init_num = frag_len;
864 return frag_len; 864 return frag_len;
865 865
866f_err: 866 fatal_err:
867 ssl3_send_alert(s, SSL3_AL_FATAL, al); 867 ssl3_send_alert(s, SSL3_AL_FATAL, al);
868 s->internal->init_num = 0; 868 s->internal->init_num = 0;
869 869
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index ebf04e3292..7f4261e47e 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.92 2021/02/08 17:17:02 jsing Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.93 2021/02/20 14:14:16 tb Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -328,7 +328,7 @@ dtls1_process_record(SSL *s)
328 else if (alert_desc == SSL_AD_BAD_RECORD_MAC) 328 else if (alert_desc == SSL_AD_BAD_RECORD_MAC)
329 SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); 329 SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
330 330
331 goto f_err; 331 goto fatal_err;
332 } 332 }
333 333
334 rr->data = out; 334 rr->data = out;
@@ -339,7 +339,7 @@ dtls1_process_record(SSL *s)
339 339
340 return (1); 340 return (1);
341 341
342 f_err: 342 fatal_err:
343 ssl3_send_alert(s, SSL3_AL_FATAL, alert_desc); 343 ssl3_send_alert(s, SSL3_AL_FATAL, alert_desc);
344 err: 344 err:
345 return (0); 345 return (0);
@@ -635,7 +635,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
635 !tls12_record_layer_read_protected(s->internal->rl)) { 635 !tls12_record_layer_read_protected(s->internal->rl)) {
636 al = SSL_AD_UNEXPECTED_MESSAGE; 636 al = SSL_AD_UNEXPECTED_MESSAGE;
637 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); 637 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
638 goto f_err; 638 goto fatal_err;
639 } 639 }
640 640
641 if (len <= 0) 641 if (len <= 0)
@@ -698,7 +698,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
698 /* Not certain if this is the right error handling */ 698 /* Not certain if this is the right error handling */
699 al = SSL_AD_UNEXPECTED_MESSAGE; 699 al = SSL_AD_UNEXPECTED_MESSAGE;
700 SSLerror(s, SSL_R_UNEXPECTED_RECORD); 700 SSLerror(s, SSL_R_UNEXPECTED_RECORD);
701 goto f_err; 701 goto fatal_err;
702 } 702 }
703 703
704 if (dest_maxlen > 0) { 704 if (dest_maxlen > 0) {
@@ -735,7 +735,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
735 (D1I(s)->handshake_fragment[3] != 0)) { 735 (D1I(s)->handshake_fragment[3] != 0)) {
736 al = SSL_AD_DECODE_ERROR; 736 al = SSL_AD_DECODE_ERROR;
737 SSLerror(s, SSL_R_BAD_HELLO_REQUEST); 737 SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
738 goto f_err; 738 goto fatal_err;
739 } 739 }
740 740
741 /* no need to check sequence number on HELLO REQUEST messages */ 741 /* no need to check sequence number on HELLO REQUEST messages */
@@ -821,7 +821,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
821 } else { 821 } else {
822 al = SSL_AD_ILLEGAL_PARAMETER; 822 al = SSL_AD_ILLEGAL_PARAMETER;
823 SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE); 823 SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
824 goto f_err; 824 goto fatal_err;
825 } 825 }
826 826
827 goto start; 827 goto start;
@@ -847,7 +847,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
847 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { 847 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
848 al = SSL_AD_DECODE_ERROR; 848 al = SSL_AD_DECODE_ERROR;
849 SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); 849 SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
850 goto f_err; 850 goto fatal_err;
851 } 851 }
852 852
853 rr->length = 0; 853 rr->length = 0;
@@ -941,7 +941,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
941 } 941 }
942 al = SSL_AD_UNEXPECTED_MESSAGE; 942 al = SSL_AD_UNEXPECTED_MESSAGE;
943 SSLerror(s, SSL_R_UNEXPECTED_RECORD); 943 SSLerror(s, SSL_R_UNEXPECTED_RECORD);
944 goto f_err; 944 goto fatal_err;
945 case SSL3_RT_CHANGE_CIPHER_SPEC: 945 case SSL3_RT_CHANGE_CIPHER_SPEC:
946 case SSL3_RT_ALERT: 946 case SSL3_RT_ALERT:
947 case SSL3_RT_HANDSHAKE: 947 case SSL3_RT_HANDSHAKE:
@@ -950,7 +950,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
950 * should not happen when type != rr->type */ 950 * should not happen when type != rr->type */
951 al = SSL_AD_UNEXPECTED_MESSAGE; 951 al = SSL_AD_UNEXPECTED_MESSAGE;
952 SSLerror(s, ERR_R_INTERNAL_ERROR); 952 SSLerror(s, ERR_R_INTERNAL_ERROR);
953 goto f_err; 953 goto fatal_err;
954 case SSL3_RT_APPLICATION_DATA: 954 case SSL3_RT_APPLICATION_DATA:
955 /* At this point, we were expecting handshake data, 955 /* At this point, we were expecting handshake data,
956 * but have application data. If the library was 956 * but have application data. If the library was
@@ -972,12 +972,12 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
972 } else { 972 } else {
973 al = SSL_AD_UNEXPECTED_MESSAGE; 973 al = SSL_AD_UNEXPECTED_MESSAGE;
974 SSLerror(s, SSL_R_UNEXPECTED_RECORD); 974 SSLerror(s, SSL_R_UNEXPECTED_RECORD);
975 goto f_err; 975 goto fatal_err;
976 } 976 }
977 } 977 }
978 /* not reached */ 978 /* not reached */
979 979
980 f_err: 980 fatal_err:
981 ssl3_send_alert(s, SSL3_AL_FATAL, al); 981 ssl3_send_alert(s, SSL3_AL_FATAL, al);
982 err: 982 err:
983 return (-1); 983 return (-1);
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index ee69f9a121..6ce127fb0b 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_both.c,v 1.23 2021/01/07 15:32:59 jsing Exp $ */ 1/* $OpenBSD: ssl_both.c,v 1.24 2021/02/20 14:14:16 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -256,7 +256,7 @@ ssl3_get_finished(SSL *s, int a, int b)
256 if (!S3I(s)->change_cipher_spec) { 256 if (!S3I(s)->change_cipher_spec) {
257 al = SSL_AD_UNEXPECTED_MESSAGE; 257 al = SSL_AD_UNEXPECTED_MESSAGE;
258 SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS); 258 SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
259 goto f_err; 259 goto fatal_err;
260 } 260 }
261 S3I(s)->change_cipher_spec = 0; 261 S3I(s)->change_cipher_spec = 0;
262 262
@@ -265,7 +265,7 @@ ssl3_get_finished(SSL *s, int a, int b)
265 if (n < 0) { 265 if (n < 0) {
266 al = SSL_AD_DECODE_ERROR; 266 al = SSL_AD_DECODE_ERROR;
267 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); 267 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
268 goto f_err; 268 goto fatal_err;
269 } 269 }
270 270
271 CBS_init(&cbs, s->internal->init_msg, n); 271 CBS_init(&cbs, s->internal->init_msg, n);
@@ -274,13 +274,13 @@ ssl3_get_finished(SSL *s, int a, int b)
274 CBS_len(&cbs) != md_len) { 274 CBS_len(&cbs) != md_len) {
275 al = SSL_AD_DECODE_ERROR; 275 al = SSL_AD_DECODE_ERROR;
276 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH); 276 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
277 goto f_err; 277 goto fatal_err;
278 } 278 }
279 279
280 if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) { 280 if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) {
281 al = SSL_AD_DECRYPT_ERROR; 281 al = SSL_AD_DECRYPT_ERROR;
282 SSLerror(s, SSL_R_DIGEST_CHECK_FAILED); 282 SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
283 goto f_err; 283 goto fatal_err;
284 } 284 }
285 285
286 /* Copy finished so we can use it for renegotiation checks. */ 286 /* Copy finished so we can use it for renegotiation checks. */
@@ -296,7 +296,7 @@ ssl3_get_finished(SSL *s, int a, int b)
296 } 296 }
297 297
298 return (1); 298 return (1);
299f_err: 299 fatal_err:
300 ssl3_send_alert(s, SSL3_AL_FATAL, al); 300 ssl3_send_alert(s, SSL3_AL_FATAL, al);
301 return (0); 301 return (0);
302} 302}
@@ -450,7 +450,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
450 if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { 450 if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
451 al = SSL_AD_UNEXPECTED_MESSAGE; 451 al = SSL_AD_UNEXPECTED_MESSAGE;
452 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 452 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
453 goto f_err; 453 goto fatal_err;
454 } 454 }
455 *ok = 1; 455 *ok = 1;
456 s->internal->init_msg = s->internal->init_buf->data + 4; 456 s->internal->init_msg = s->internal->init_buf->data + 4;
@@ -502,7 +502,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
502 if ((mt >= 0) && (*p != mt)) { 502 if ((mt >= 0) && (*p != mt)) {
503 al = SSL_AD_UNEXPECTED_MESSAGE; 503 al = SSL_AD_UNEXPECTED_MESSAGE;
504 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 504 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
505 goto f_err; 505 goto fatal_err;
506 } 506 }
507 507
508 CBS_init(&cbs, p, 4); 508 CBS_init(&cbs, p, 4);
@@ -516,7 +516,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
516 if (l > (unsigned long)max) { 516 if (l > (unsigned long)max) {
517 al = SSL_AD_ILLEGAL_PARAMETER; 517 al = SSL_AD_ILLEGAL_PARAMETER;
518 SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE); 518 SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE);
519 goto f_err; 519 goto fatal_err;
520 } 520 }
521 if (l && !BUF_MEM_grow_clean(s->internal->init_buf, l + 4)) { 521 if (l && !BUF_MEM_grow_clean(s->internal->init_buf, l + 4)) {
522 SSLerror(s, ERR_R_BUF_LIB); 522 SSLerror(s, ERR_R_BUF_LIB);
@@ -564,7 +564,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
564 *ok = 1; 564 *ok = 1;
565 return (s->internal->init_num); 565 return (s->internal->init_num);
566 566
567f_err: 567 fatal_err:
568 ssl3_send_alert(s, SSL3_AL_FATAL, al); 568 ssl3_send_alert(s, SSL3_AL_FATAL, al);
569err: 569err:
570 *ok = 0; 570 *ok = 0;
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 29d488c12c..8ef3648f6c 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.81 2021/02/20 14:03:50 tb Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.82 2021/02/20 14:14:16 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -826,14 +826,14 @@ ssl3_get_dtls_hello_verify(SSL *s)
826 SSLerror(s, SSL_R_WRONG_SSL_VERSION); 826 SSLerror(s, SSL_R_WRONG_SSL_VERSION);
827 s->version = (s->version & 0xff00) | (ssl_version & 0xff); 827 s->version = (s->version & 0xff00) | (ssl_version & 0xff);
828 al = SSL_AD_PROTOCOL_VERSION; 828 al = SSL_AD_PROTOCOL_VERSION;
829 goto f_err; 829 goto fatal_err;
830 } 830 }
831 831
832 if (!CBS_write_bytes(&cookie, D1I(s)->cookie, 832 if (!CBS_write_bytes(&cookie, D1I(s)->cookie,
833 sizeof(D1I(s)->cookie), &cookie_len)) { 833 sizeof(D1I(s)->cookie), &cookie_len)) {
834 D1I(s)->cookie_len = 0; 834 D1I(s)->cookie_len = 0;
835 al = SSL_AD_ILLEGAL_PARAMETER; 835 al = SSL_AD_ILLEGAL_PARAMETER;
836 goto f_err; 836 goto fatal_err;
837 } 837 }
838 D1I(s)->cookie_len = cookie_len; 838 D1I(s)->cookie_len = cookie_len;
839 D1I(s)->send_cookie = 1; 839 D1I(s)->send_cookie = 1;
@@ -842,7 +842,7 @@ ssl3_get_dtls_hello_verify(SSL *s)
842 842
843 decode_err: 843 decode_err:
844 al = SSL_AD_DECODE_ERROR; 844 al = SSL_AD_DECODE_ERROR;
845 f_err: 845 fatal_err:
846 ssl3_send_alert(s, SSL3_AL_FATAL, al); 846 ssl3_send_alert(s, SSL3_AL_FATAL, al);
847 return -1; 847 return -1;
848} 848}
@@ -882,7 +882,7 @@ ssl3_get_server_hello(SSL *s)
882 /* Already sent a cookie. */ 882 /* Already sent a cookie. */
883 al = SSL_AD_UNEXPECTED_MESSAGE; 883 al = SSL_AD_UNEXPECTED_MESSAGE;
884 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); 884 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
885 goto f_err; 885 goto fatal_err;
886 } 886 }
887 } 887 }
888 } 888 }
@@ -890,7 +890,7 @@ ssl3_get_server_hello(SSL *s)
890 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) { 890 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {
891 al = SSL_AD_UNEXPECTED_MESSAGE; 891 al = SSL_AD_UNEXPECTED_MESSAGE;
892 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); 892 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
893 goto f_err; 893 goto fatal_err;
894 } 894 }
895 895
896 if (!CBS_get_u16(&cbs, &server_version)) 896 if (!CBS_get_u16(&cbs, &server_version))
@@ -905,7 +905,7 @@ ssl3_get_server_hello(SSL *s)
905 SSLerror(s, SSL_R_WRONG_SSL_VERSION); 905 SSLerror(s, SSL_R_WRONG_SSL_VERSION);
906 s->version = (s->version & 0xff00) | (server_version & 0xff); 906 s->version = (s->version & 0xff00) | (server_version & 0xff);
907 al = SSL_AD_PROTOCOL_VERSION; 907 al = SSL_AD_PROTOCOL_VERSION;
908 goto f_err; 908 goto fatal_err;
909 } 909 }
910 s->version = server_version; 910 s->version = server_version;
911 911
@@ -938,13 +938,13 @@ ssl3_get_server_hello(SSL *s)
938 sizeof(tls13_downgrade_12))) { 938 sizeof(tls13_downgrade_12))) {
939 al = SSL_AD_ILLEGAL_PARAMETER; 939 al = SSL_AD_ILLEGAL_PARAMETER;
940 SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); 940 SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
941 goto f_err; 941 goto fatal_err;
942 } 942 }
943 if (CBS_mem_equal(&server_random, tls13_downgrade_11, 943 if (CBS_mem_equal(&server_random, tls13_downgrade_11,
944 sizeof(tls13_downgrade_11))) { 944 sizeof(tls13_downgrade_11))) {
945 al = SSL_AD_ILLEGAL_PARAMETER; 945 al = SSL_AD_ILLEGAL_PARAMETER;
946 SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); 946 SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
947 goto f_err; 947 goto fatal_err;
948 } 948 }
949 } 949 }
950 950
@@ -955,7 +955,7 @@ ssl3_get_server_hello(SSL *s)
955 if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) { 955 if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
956 al = SSL_AD_ILLEGAL_PARAMETER; 956 al = SSL_AD_ILLEGAL_PARAMETER;
957 SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG); 957 SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
958 goto f_err; 958 goto fatal_err;
959 } 959 }
960 960
961 /* Cipher suite. */ 961 /* Cipher suite. */
@@ -987,7 +987,7 @@ ssl3_get_server_hello(SSL *s)
987 /* actually a client application bug */ 987 /* actually a client application bug */
988 al = SSL_AD_ILLEGAL_PARAMETER; 988 al = SSL_AD_ILLEGAL_PARAMETER;
989 SSLerror(s, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); 989 SSLerror(s, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
990 goto f_err; 990 goto fatal_err;
991 } 991 }
992 s->s3->flags |= SSL3_FLAGS_CCS_OK; 992 s->s3->flags |= SSL3_FLAGS_CCS_OK;
993 s->internal->hit = 1; 993 s->internal->hit = 1;
@@ -1000,7 +1000,7 @@ ssl3_get_server_hello(SSL *s)
1000 if (s->session->session_id_length > 0) { 1000 if (s->session->session_id_length > 0) {
1001 if (!ssl_get_new_session(s, 0)) { 1001 if (!ssl_get_new_session(s, 0)) {
1002 al = SSL_AD_INTERNAL_ERROR; 1002 al = SSL_AD_INTERNAL_ERROR;
1003 goto f_err; 1003 goto fatal_err;
1004 } 1004 }
1005 } 1005 }
1006 1006
@@ -1019,7 +1019,7 @@ ssl3_get_server_hello(SSL *s)
1019 if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) { 1019 if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) {
1020 al = SSL_AD_ILLEGAL_PARAMETER; 1020 al = SSL_AD_ILLEGAL_PARAMETER;
1021 SSLerror(s, SSL_R_UNKNOWN_CIPHER_RETURNED); 1021 SSLerror(s, SSL_R_UNKNOWN_CIPHER_RETURNED);
1022 goto f_err; 1022 goto fatal_err;
1023 } 1023 }
1024 1024
1025 /* TLS v1.2 only ciphersuites require v1.2 or later. */ 1025 /* TLS v1.2 only ciphersuites require v1.2 or later. */
@@ -1027,14 +1027,14 @@ ssl3_get_server_hello(SSL *s)
1027 (TLS1_get_version(s) < TLS1_2_VERSION)) { 1027 (TLS1_get_version(s) < TLS1_2_VERSION)) {
1028 al = SSL_AD_ILLEGAL_PARAMETER; 1028 al = SSL_AD_ILLEGAL_PARAMETER;
1029 SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); 1029 SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
1030 goto f_err; 1030 goto fatal_err;
1031 } 1031 }
1032 1032
1033 if (!ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) { 1033 if (!ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) {
1034 /* we did not say we would use this cipher */ 1034 /* we did not say we would use this cipher */
1035 al = SSL_AD_ILLEGAL_PARAMETER; 1035 al = SSL_AD_ILLEGAL_PARAMETER;
1036 SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); 1036 SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
1037 goto f_err; 1037 goto fatal_err;
1038 } 1038 }
1039 1039
1040 /* 1040 /*
@@ -1047,7 +1047,7 @@ ssl3_get_server_hello(SSL *s)
1047 if (s->internal->hit && (s->session->cipher_id != cipher->id)) { 1047 if (s->internal->hit && (s->session->cipher_id != cipher->id)) {
1048 al = SSL_AD_ILLEGAL_PARAMETER; 1048 al = SSL_AD_ILLEGAL_PARAMETER;
1049 SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 1049 SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
1050 goto f_err; 1050 goto fatal_err;
1051 } 1051 }
1052 S3I(s)->hs.new_cipher = cipher; 1052 S3I(s)->hs.new_cipher = cipher;
1053 1053
@@ -1068,12 +1068,12 @@ ssl3_get_server_hello(SSL *s)
1068 if (compression_method != 0) { 1068 if (compression_method != 0) {
1069 al = SSL_AD_ILLEGAL_PARAMETER; 1069 al = SSL_AD_ILLEGAL_PARAMETER;
1070 SSLerror(s, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 1070 SSLerror(s, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
1071 goto f_err; 1071 goto fatal_err;
1072 } 1072 }
1073 1073
1074 if (!tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)) { 1074 if (!tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)) {
1075 SSLerror(s, SSL_R_PARSE_TLSEXT); 1075 SSLerror(s, SSL_R_PARSE_TLSEXT);
1076 goto f_err; 1076 goto fatal_err;
1077 } 1077 }
1078 1078
1079 /* 1079 /*
@@ -1088,7 +1088,7 @@ ssl3_get_server_hello(SSL *s)
1088 !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) { 1088 !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
1089 al = SSL_AD_HANDSHAKE_FAILURE; 1089 al = SSL_AD_HANDSHAKE_FAILURE;
1090 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 1090 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1091 goto f_err; 1091 goto fatal_err;
1092 } 1092 }
1093 1093
1094 if (ssl_check_serverhello_tlsext(s) <= 0) { 1094 if (ssl_check_serverhello_tlsext(s) <= 0) {
@@ -1102,7 +1102,7 @@ ssl3_get_server_hello(SSL *s)
1102 /* wrong packet length */ 1102 /* wrong packet length */
1103 al = SSL_AD_DECODE_ERROR; 1103 al = SSL_AD_DECODE_ERROR;
1104 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1104 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1105 f_err: 1105 fatal_err:
1106 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1106 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1107 err: 1107 err:
1108 return (-1); 1108 return (-1);
@@ -1133,7 +1133,7 @@ ssl3_get_server_certificate(SSL *s)
1133 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { 1133 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
1134 al = SSL_AD_UNEXPECTED_MESSAGE; 1134 al = SSL_AD_UNEXPECTED_MESSAGE;
1135 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); 1135 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
1136 goto f_err; 1136 goto fatal_err;
1137 } 1137 }
1138 1138
1139 1139
@@ -1153,7 +1153,7 @@ ssl3_get_server_certificate(SSL *s)
1153 CBS_len(&cbs) != 0) { 1153 CBS_len(&cbs) != 0) {
1154 al = SSL_AD_DECODE_ERROR; 1154 al = SSL_AD_DECODE_ERROR;
1155 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1155 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1156 goto f_err; 1156 goto fatal_err;
1157 } 1157 }
1158 1158
1159 while (CBS_len(&cert_list) > 0) { 1159 while (CBS_len(&cert_list) > 0) {
@@ -1164,7 +1164,7 @@ ssl3_get_server_certificate(SSL *s)
1164 if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) { 1164 if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
1165 al = SSL_AD_DECODE_ERROR; 1165 al = SSL_AD_DECODE_ERROR;
1166 SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); 1166 SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
1167 goto f_err; 1167 goto fatal_err;
1168 } 1168 }
1169 1169
1170 q = CBS_data(&cert); 1170 q = CBS_data(&cert);
@@ -1172,12 +1172,12 @@ ssl3_get_server_certificate(SSL *s)
1172 if (x == NULL) { 1172 if (x == NULL) {
1173 al = SSL_AD_BAD_CERTIFICATE; 1173 al = SSL_AD_BAD_CERTIFICATE;
1174 SSLerror(s, ERR_R_ASN1_LIB); 1174 SSLerror(s, ERR_R_ASN1_LIB);
1175 goto f_err; 1175 goto fatal_err;
1176 } 1176 }
1177 if (q != CBS_data(&cert) + CBS_len(&cert)) { 1177 if (q != CBS_data(&cert) + CBS_len(&cert)) {
1178 al = SSL_AD_DECODE_ERROR; 1178 al = SSL_AD_DECODE_ERROR;
1179 SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); 1179 SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
1180 goto f_err; 1180 goto fatal_err;
1181 } 1181 }
1182 if (!sk_X509_push(sk, x)) { 1182 if (!sk_X509_push(sk, x)) {
1183 SSLerror(s, ERR_R_MALLOC_FAILURE); 1183 SSLerror(s, ERR_R_MALLOC_FAILURE);
@@ -1190,7 +1190,7 @@ ssl3_get_server_certificate(SSL *s)
1190 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) { 1190 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
1191 al = ssl_verify_alarm_type(s->verify_result); 1191 al = ssl_verify_alarm_type(s->verify_result);
1192 SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED); 1192 SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED);
1193 goto f_err; 1193 goto fatal_err;
1194 1194
1195 } 1195 }
1196 ERR_clear_error(); /* but we keep s->verify_result */ 1196 ERR_clear_error(); /* but we keep s->verify_result */
@@ -1216,7 +1216,7 @@ ssl3_get_server_certificate(SSL *s)
1216 x = NULL; 1216 x = NULL;
1217 al = SSL3_AL_FATAL; 1217 al = SSL3_AL_FATAL;
1218 SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); 1218 SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1219 goto f_err; 1219 goto fatal_err;
1220 } 1220 }
1221 1221
1222 i = ssl_cert_type(x, pkey); 1222 i = ssl_cert_type(x, pkey);
@@ -1224,7 +1224,7 @@ ssl3_get_server_certificate(SSL *s)
1224 x = NULL; 1224 x = NULL;
1225 al = SSL3_AL_FATAL; 1225 al = SSL3_AL_FATAL;
1226 SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE); 1226 SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1227 goto f_err; 1227 goto fatal_err;
1228 } 1228 }
1229 1229
1230 sc->peer_cert_type = i; 1230 sc->peer_cert_type = i;
@@ -1250,7 +1250,7 @@ ssl3_get_server_certificate(SSL *s)
1250 /* wrong packet length */ 1250 /* wrong packet length */
1251 al = SSL_AD_DECODE_ERROR; 1251 al = SSL_AD_DECODE_ERROR;
1252 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1252 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1253 f_err: 1253 fatal_err:
1254 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1254 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1255 } 1255 }
1256 err: 1256 err:
@@ -1408,7 +1408,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
1408 !CBS_get_u16(cbs, &curve_id)) { 1408 !CBS_get_u16(cbs, &curve_id)) {
1409 al = SSL_AD_DECODE_ERROR; 1409 al = SSL_AD_DECODE_ERROR;
1410 SSLerror(s, SSL_R_LENGTH_TOO_SHORT); 1410 SSLerror(s, SSL_R_LENGTH_TOO_SHORT);
1411 goto f_err; 1411 goto fatal_err;
1412 } 1412 }
1413 1413
1414 /* 1414 /*
@@ -1418,13 +1418,13 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
1418 if (tls1_check_curve(s, curve_id) != 1) { 1418 if (tls1_check_curve(s, curve_id) != 1) {
1419 al = SSL_AD_DECODE_ERROR; 1419 al = SSL_AD_DECODE_ERROR;
1420 SSLerror(s, SSL_R_WRONG_CURVE); 1420 SSLerror(s, SSL_R_WRONG_CURVE);
1421 goto f_err; 1421 goto fatal_err;
1422 } 1422 }
1423 1423
1424 if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) { 1424 if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) {
1425 al = SSL_AD_INTERNAL_ERROR; 1425 al = SSL_AD_INTERNAL_ERROR;
1426 SSLerror(s, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); 1426 SSLerror(s, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1427 goto f_err; 1427 goto fatal_err;
1428 } 1428 }
1429 1429
1430 if (!CBS_get_u8_length_prefixed(cbs, &public)) 1430 if (!CBS_get_u8_length_prefixed(cbs, &public))
@@ -1457,7 +1457,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
1457 al = SSL_AD_DECODE_ERROR; 1457 al = SSL_AD_DECODE_ERROR;
1458 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1458 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1459 1459
1460 f_err: 1460 fatal_err:
1461 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1461 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1462 1462
1463 err: 1463 err:
@@ -1503,7 +1503,7 @@ ssl3_get_server_key_exchange(SSL *s)
1503 if (alg_k & (SSL_kDHE|SSL_kECDHE)) { 1503 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
1504 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 1504 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
1505 al = SSL_AD_UNEXPECTED_MESSAGE; 1505 al = SSL_AD_UNEXPECTED_MESSAGE;
1506 goto f_err; 1506 goto fatal_err;
1507 } 1507 }
1508 1508
1509 S3I(s)->tmp.reuse_message = 1; 1509 S3I(s)->tmp.reuse_message = 1;
@@ -1538,7 +1538,7 @@ ssl3_get_server_key_exchange(SSL *s)
1538 } else if (alg_k != 0) { 1538 } else if (alg_k != 0) {
1539 al = SSL_AD_UNEXPECTED_MESSAGE; 1539 al = SSL_AD_UNEXPECTED_MESSAGE;
1540 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 1540 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
1541 goto f_err; 1541 goto fatal_err;
1542 } 1542 }
1543 1543
1544 param_len -= CBS_len(&cbs); 1544 param_len -= CBS_len(&cbs);
@@ -1557,17 +1557,17 @@ ssl3_get_server_key_exchange(SSL *s)
1557 tls12_sigalgs_len)) == NULL) { 1557 tls12_sigalgs_len)) == NULL) {
1558 SSLerror(s, SSL_R_UNKNOWN_DIGEST); 1558 SSLerror(s, SSL_R_UNKNOWN_DIGEST);
1559 al = SSL_AD_DECODE_ERROR; 1559 al = SSL_AD_DECODE_ERROR;
1560 goto f_err; 1560 goto fatal_err;
1561 } 1561 }
1562 if ((md = sigalg->md()) == NULL) { 1562 if ((md = sigalg->md()) == NULL) {
1563 SSLerror(s, SSL_R_UNKNOWN_DIGEST); 1563 SSLerror(s, SSL_R_UNKNOWN_DIGEST);
1564 al = SSL_AD_DECODE_ERROR; 1564 al = SSL_AD_DECODE_ERROR;
1565 goto f_err; 1565 goto fatal_err;
1566 } 1566 }
1567 if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) { 1567 if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) {
1568 SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); 1568 SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
1569 al = SSL_AD_DECODE_ERROR; 1569 al = SSL_AD_DECODE_ERROR;
1570 goto f_err; 1570 goto fatal_err;
1571 } 1571 }
1572 } else if (pkey->type == EVP_PKEY_RSA) { 1572 } else if (pkey->type == EVP_PKEY_RSA) {
1573 sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); 1573 sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
@@ -1576,7 +1576,7 @@ ssl3_get_server_key_exchange(SSL *s)
1576 } else { 1576 } else {
1577 SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); 1577 SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
1578 al = SSL_AD_DECODE_ERROR; 1578 al = SSL_AD_DECODE_ERROR;
1579 goto f_err; 1579 goto fatal_err;
1580 } 1580 }
1581 md = sigalg->md(); 1581 md = sigalg->md();
1582 1582
@@ -1585,7 +1585,7 @@ ssl3_get_server_key_exchange(SSL *s)
1585 if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { 1585 if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
1586 al = SSL_AD_DECODE_ERROR; 1586 al = SSL_AD_DECODE_ERROR;
1587 SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH); 1587 SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH);
1588 goto f_err; 1588 goto fatal_err;
1589 } 1589 }
1590 1590
1591 if (!EVP_DigestVerifyInit(&md_ctx, &pctx, md, NULL, pkey)) 1591 if (!EVP_DigestVerifyInit(&md_ctx, &pctx, md, NULL, pkey))
@@ -1607,7 +1607,7 @@ ssl3_get_server_key_exchange(SSL *s)
1607 CBS_len(&signature)) <= 0) { 1607 CBS_len(&signature)) <= 0) {
1608 al = SSL_AD_DECRYPT_ERROR; 1608 al = SSL_AD_DECRYPT_ERROR;
1609 SSLerror(s, SSL_R_BAD_SIGNATURE); 1609 SSLerror(s, SSL_R_BAD_SIGNATURE);
1610 goto f_err; 1610 goto fatal_err;
1611 } 1611 }
1612 } else { 1612 } else {
1613 /* aNULL does not need public keys. */ 1613 /* aNULL does not need public keys. */
@@ -1620,7 +1620,7 @@ ssl3_get_server_key_exchange(SSL *s)
1620 if (CBS_len(&cbs) != 0) { 1620 if (CBS_len(&cbs) != 0) {
1621 al = SSL_AD_DECODE_ERROR; 1621 al = SSL_AD_DECODE_ERROR;
1622 SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); 1622 SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE);
1623 goto f_err; 1623 goto fatal_err;
1624 } 1624 }
1625 1625
1626 EVP_PKEY_free(pkey); 1626 EVP_PKEY_free(pkey);
@@ -1632,7 +1632,7 @@ ssl3_get_server_key_exchange(SSL *s)
1632 al = SSL_AD_DECODE_ERROR; 1632 al = SSL_AD_DECODE_ERROR;
1633 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1633 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1634 1634
1635 f_err: 1635 fatal_err:
1636 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1636 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1637 1637
1638 err: 1638 err:
@@ -1818,13 +1818,13 @@ ssl3_get_new_session_ticket(SSL *s)
1818 if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { 1818 if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
1819 al = SSL_AD_UNEXPECTED_MESSAGE; 1819 al = SSL_AD_UNEXPECTED_MESSAGE;
1820 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); 1820 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
1821 goto f_err; 1821 goto fatal_err;
1822 } 1822 }
1823 1823
1824 if (n < 0) { 1824 if (n < 0) {
1825 al = SSL_AD_DECODE_ERROR; 1825 al = SSL_AD_DECODE_ERROR;
1826 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1826 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1827 goto f_err; 1827 goto fatal_err;
1828 } 1828 }
1829 1829
1830 CBS_init(&cbs, s->internal->init_msg, n); 1830 CBS_init(&cbs, s->internal->init_msg, n);
@@ -1836,7 +1836,7 @@ ssl3_get_new_session_ticket(SSL *s)
1836 CBS_len(&cbs) != 0) { 1836 CBS_len(&cbs) != 0) {
1837 al = SSL_AD_DECODE_ERROR; 1837 al = SSL_AD_DECODE_ERROR;
1838 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1838 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1839 goto f_err; 1839 goto fatal_err;
1840 } 1840 }
1841 s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint; 1841 s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint;
1842 1842
@@ -1867,7 +1867,7 @@ ssl3_get_new_session_ticket(SSL *s)
1867 EVP_sha256(), NULL); 1867 EVP_sha256(), NULL);
1868 ret = 1; 1868 ret = 1;
1869 return (ret); 1869 return (ret);
1870 f_err: 1870 fatal_err:
1871 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1871 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1872 err: 1872 err:
1873 return (-1); 1873 return (-1);
@@ -1891,7 +1891,7 @@ ssl3_get_cert_status(SSL *s)
1891 /* need at least status type + length */ 1891 /* need at least status type + length */
1892 al = SSL_AD_DECODE_ERROR; 1892 al = SSL_AD_DECODE_ERROR;
1893 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1893 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1894 goto f_err; 1894 goto fatal_err;
1895 } 1895 }
1896 1896
1897 CBS_init(&cert_status, s->internal->init_msg, n); 1897 CBS_init(&cert_status, s->internal->init_msg, n);
@@ -1900,27 +1900,27 @@ ssl3_get_cert_status(SSL *s)
1900 /* need at least status type + length */ 1900 /* need at least status type + length */
1901 al = SSL_AD_DECODE_ERROR; 1901 al = SSL_AD_DECODE_ERROR;
1902 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1902 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1903 goto f_err; 1903 goto fatal_err;
1904 } 1904 }
1905 1905
1906 if (status_type != TLSEXT_STATUSTYPE_ocsp) { 1906 if (status_type != TLSEXT_STATUSTYPE_ocsp) {
1907 al = SSL_AD_DECODE_ERROR; 1907 al = SSL_AD_DECODE_ERROR;
1908 SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE); 1908 SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE);
1909 goto f_err; 1909 goto fatal_err;
1910 } 1910 }
1911 1911
1912 if (!CBS_get_u24_length_prefixed(&cert_status, &response) || 1912 if (!CBS_get_u24_length_prefixed(&cert_status, &response) ||
1913 CBS_len(&cert_status) != 0) { 1913 CBS_len(&cert_status) != 0) {
1914 al = SSL_AD_DECODE_ERROR; 1914 al = SSL_AD_DECODE_ERROR;
1915 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1915 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1916 goto f_err; 1916 goto fatal_err;
1917 } 1917 }
1918 1918
1919 if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp, 1919 if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,
1920 &s->internal->tlsext_ocsp_resp_len)) { 1920 &s->internal->tlsext_ocsp_resp_len)) {
1921 al = SSL_AD_INTERNAL_ERROR; 1921 al = SSL_AD_INTERNAL_ERROR;
1922 SSLerror(s, ERR_R_MALLOC_FAILURE); 1922 SSLerror(s, ERR_R_MALLOC_FAILURE);
1923 goto f_err; 1923 goto fatal_err;
1924 } 1924 }
1925 1925
1926 if (s->ctx->internal->tlsext_status_cb) { 1926 if (s->ctx->internal->tlsext_status_cb) {
@@ -1930,16 +1930,16 @@ ssl3_get_cert_status(SSL *s)
1930 if (ret == 0) { 1930 if (ret == 0) {
1931 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 1931 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1932 SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE); 1932 SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
1933 goto f_err; 1933 goto fatal_err;
1934 } 1934 }
1935 if (ret < 0) { 1935 if (ret < 0) {
1936 al = SSL_AD_INTERNAL_ERROR; 1936 al = SSL_AD_INTERNAL_ERROR;
1937 SSLerror(s, ERR_R_MALLOC_FAILURE); 1937 SSLerror(s, ERR_R_MALLOC_FAILURE);
1938 goto f_err; 1938 goto fatal_err;
1939 } 1939 }
1940 } 1940 }
1941 return (1); 1941 return (1);
1942 f_err: 1942 fatal_err:
1943 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1943 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1944 return (-1); 1944 return (-1);
1945} 1945}
@@ -2742,7 +2742,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2742 sc->peer_pkeys[idx].x509, s) == 0) { 2742 sc->peer_pkeys[idx].x509, s) == 0) {
2743 /* check failed */ 2743 /* check failed */
2744 SSLerror(s, SSL_R_BAD_ECC_CERT); 2744 SSLerror(s, SSL_R_BAD_ECC_CERT);
2745 goto f_err; 2745 goto fatal_err;
2746 } else { 2746 } else {
2747 return (1); 2747 return (1);
2748 } 2748 }
@@ -2754,20 +2754,20 @@ ssl3_check_cert_and_algorithm(SSL *s)
2754 /* Check that we have a certificate if we require one. */ 2754 /* Check that we have a certificate if we require one. */
2755 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { 2755 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
2756 SSLerror(s, SSL_R_MISSING_RSA_SIGNING_CERT); 2756 SSLerror(s, SSL_R_MISSING_RSA_SIGNING_CERT);
2757 goto f_err; 2757 goto fatal_err;
2758 } 2758 }
2759 if ((alg_k & SSL_kRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) { 2759 if ((alg_k & SSL_kRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
2760 SSLerror(s, SSL_R_MISSING_RSA_ENCRYPTING_CERT); 2760 SSLerror(s, SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2761 goto f_err; 2761 goto fatal_err;
2762 } 2762 }
2763 if ((alg_k & SSL_kDHE) && 2763 if ((alg_k & SSL_kDHE) &&
2764 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { 2764 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
2765 SSLerror(s, SSL_R_MISSING_DH_KEY); 2765 SSLerror(s, SSL_R_MISSING_DH_KEY);
2766 goto f_err; 2766 goto fatal_err;
2767 } 2767 }
2768 2768
2769 return (1); 2769 return (1);
2770 f_err: 2770 fatal_err:
2771 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2771 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2772 err: 2772 err:
2773 return (0); 2773 return (0);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 6a182f2e3b..33aca33c92 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.247 2021/02/20 09:43:29 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.248 2021/02/20 14:14:16 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1600,7 +1600,7 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1600 result = client; 1600 result = client;
1601 status = OPENSSL_NPN_NO_OVERLAP; 1601 status = OPENSSL_NPN_NO_OVERLAP;
1602 1602
1603found: 1603 found:
1604 *out = (unsigned char *) result + 1; 1604 *out = (unsigned char *) result + 1;
1605 *outlen = result[0]; 1605 *outlen = result[0];
1606 return (status); 1606 return (status);
@@ -1942,9 +1942,9 @@ SSL_CTX_new(const SSL_METHOD *meth)
1942 ret->internal->options |= SSL_OP_LEGACY_SERVER_CONNECT; 1942 ret->internal->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1943 1943
1944 return (ret); 1944 return (ret);
1945err: 1945 err:
1946 SSLerrorx(ERR_R_MALLOC_FAILURE); 1946 SSLerrorx(ERR_R_MALLOC_FAILURE);
1947err2: 1947 err2:
1948 SSL_CTX_free(ret); 1948 SSL_CTX_free(ret);
1949 return (NULL); 1949 return (NULL);
1950} 1950}
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 1e0bd83d09..894064c817 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.35 2021/02/08 17:18:39 jsing Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.36 2021/02/20 14:14:16 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -377,7 +377,7 @@ ssl3_get_record(SSL *s)
377 } 377 }
378 SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); 378 SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
379 al = SSL_AD_PROTOCOL_VERSION; 379 al = SSL_AD_PROTOCOL_VERSION;
380 goto f_err; 380 goto fatal_err;
381 } 381 }
382 382
383 if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) { 383 if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
@@ -388,7 +388,7 @@ ssl3_get_record(SSL *s)
388 if (rr->length > rb->len - SSL3_RT_HEADER_LENGTH) { 388 if (rr->length > rb->len - SSL3_RT_HEADER_LENGTH) {
389 al = SSL_AD_RECORD_OVERFLOW; 389 al = SSL_AD_RECORD_OVERFLOW;
390 SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG); 390 SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);
391 goto f_err; 391 goto fatal_err;
392 } 392 }
393 } 393 }
394 394
@@ -419,7 +419,7 @@ ssl3_get_record(SSL *s)
419 SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); 419 SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
420 420
421 al = alert_desc; 421 al = alert_desc;
422 goto f_err; 422 goto fatal_err;
423 } 423 }
424 424
425 rr->data = out; 425 rr->data = out;
@@ -450,7 +450,7 @@ ssl3_get_record(SSL *s)
450 450
451 return (1); 451 return (1);
452 452
453 f_err: 453 fatal_err:
454 ssl3_send_alert(s, SSL3_AL_FATAL, al); 454 ssl3_send_alert(s, SSL3_AL_FATAL, al);
455 err: 455 err:
456 return (ret); 456 return (ret);
@@ -760,7 +760,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
760 } 760 }
761 } 761 }
762 762
763start: 763 start:
764 /* 764 /*
765 * Do not process more than three consecutive records, otherwise the 765 * Do not process more than three consecutive records, otherwise the
766 * peer can cause us to loop indefinitely. Instead, return with an 766 * peer can cause us to loop indefinitely. Instead, return with an
@@ -798,7 +798,7 @@ start:
798 && (rr->type != SSL3_RT_HANDSHAKE)) { 798 && (rr->type != SSL3_RT_HANDSHAKE)) {
799 al = SSL_AD_UNEXPECTED_MESSAGE; 799 al = SSL_AD_UNEXPECTED_MESSAGE;
800 SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); 800 SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
801 goto f_err; 801 goto fatal_err;
802 } 802 }
803 803
804 /* If the other end has shut down, throw anything we read away 804 /* If the other end has shut down, throw anything we read away
@@ -818,7 +818,7 @@ start:
818 !tls12_record_layer_read_protected(s->internal->rl)) { 818 !tls12_record_layer_read_protected(s->internal->rl)) {
819 al = SSL_AD_UNEXPECTED_MESSAGE; 819 al = SSL_AD_UNEXPECTED_MESSAGE;
820 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); 820 SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
821 goto f_err; 821 goto fatal_err;
822 } 822 }
823 823
824 if (len <= 0) 824 if (len <= 0)
@@ -900,7 +900,7 @@ start:
900 (S3I(s)->handshake_fragment[3] != 0)) { 900 (S3I(s)->handshake_fragment[3] != 0)) {
901 al = SSL_AD_DECODE_ERROR; 901 al = SSL_AD_DECODE_ERROR;
902 SSLerror(s, SSL_R_BAD_HELLO_REQUEST); 902 SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
903 goto f_err; 903 goto fatal_err;
904 } 904 }
905 905
906 if (s->internal->msg_callback) 906 if (s->internal->msg_callback)
@@ -944,7 +944,7 @@ start:
944 S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO && 944 S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO &&
945 (s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) { 945 (s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) {
946 al = SSL_AD_NO_RENEGOTIATION; 946 al = SSL_AD_NO_RENEGOTIATION;
947 goto f_err; 947 goto fatal_err;
948 } 948 }
949 /* If we are a server and get a client hello when renegotiation isn't 949 /* If we are a server and get a client hello when renegotiation isn't
950 * allowed send back a no renegotiation alert and carry on. 950 * allowed send back a no renegotiation alert and carry on.
@@ -999,7 +999,7 @@ start:
999 else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { 999 else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
1000 al = SSL_AD_HANDSHAKE_FAILURE; 1000 al = SSL_AD_HANDSHAKE_FAILURE;
1001 SSLerror(s, SSL_R_NO_RENEGOTIATION); 1001 SSLerror(s, SSL_R_NO_RENEGOTIATION);
1002 goto f_err; 1002 goto fatal_err;
1003 } 1003 }
1004 } else if (alert_level == SSL3_AL_FATAL) { 1004 } else if (alert_level == SSL3_AL_FATAL) {
1005 s->internal->rwstate = SSL_NOTHING; 1005 s->internal->rwstate = SSL_NOTHING;
@@ -1013,7 +1013,7 @@ start:
1013 } else { 1013 } else {
1014 al = SSL_AD_ILLEGAL_PARAMETER; 1014 al = SSL_AD_ILLEGAL_PARAMETER;
1015 SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE); 1015 SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
1016 goto f_err; 1016 goto fatal_err;
1017 } 1017 }
1018 1018
1019 goto start; 1019 goto start;
@@ -1033,21 +1033,21 @@ start:
1033 (rr->data[0] != SSL3_MT_CCS)) { 1033 (rr->data[0] != SSL3_MT_CCS)) {
1034 al = SSL_AD_ILLEGAL_PARAMETER; 1034 al = SSL_AD_ILLEGAL_PARAMETER;
1035 SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); 1035 SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
1036 goto f_err; 1036 goto fatal_err;
1037 } 1037 }
1038 1038
1039 /* Check we have a cipher to change to */ 1039 /* Check we have a cipher to change to */
1040 if (S3I(s)->hs.new_cipher == NULL) { 1040 if (S3I(s)->hs.new_cipher == NULL) {
1041 al = SSL_AD_UNEXPECTED_MESSAGE; 1041 al = SSL_AD_UNEXPECTED_MESSAGE;
1042 SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); 1042 SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
1043 goto f_err; 1043 goto fatal_err;
1044 } 1044 }
1045 1045
1046 /* Check that we should be receiving a Change Cipher Spec. */ 1046 /* Check that we should be receiving a Change Cipher Spec. */
1047 if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { 1047 if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
1048 al = SSL_AD_UNEXPECTED_MESSAGE; 1048 al = SSL_AD_UNEXPECTED_MESSAGE;
1049 SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); 1049 SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
1050 goto f_err; 1050 goto fatal_err;
1051 } 1051 }
1052 s->s3->flags &= ~SSL3_FLAGS_CCS_OK; 1052 s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
1053 1053
@@ -1108,7 +1108,7 @@ start:
1108 } 1108 }
1109 al = SSL_AD_UNEXPECTED_MESSAGE; 1109 al = SSL_AD_UNEXPECTED_MESSAGE;
1110 SSLerror(s, SSL_R_UNEXPECTED_RECORD); 1110 SSLerror(s, SSL_R_UNEXPECTED_RECORD);
1111 goto f_err; 1111 goto fatal_err;
1112 case SSL3_RT_CHANGE_CIPHER_SPEC: 1112 case SSL3_RT_CHANGE_CIPHER_SPEC:
1113 case SSL3_RT_ALERT: 1113 case SSL3_RT_ALERT:
1114 case SSL3_RT_HANDSHAKE: 1114 case SSL3_RT_HANDSHAKE:
@@ -1117,7 +1117,7 @@ start:
1117 * should not happen when type != rr->type */ 1117 * should not happen when type != rr->type */
1118 al = SSL_AD_UNEXPECTED_MESSAGE; 1118 al = SSL_AD_UNEXPECTED_MESSAGE;
1119 SSLerror(s, ERR_R_INTERNAL_ERROR); 1119 SSLerror(s, ERR_R_INTERNAL_ERROR);
1120 goto f_err; 1120 goto fatal_err;
1121 case SSL3_RT_APPLICATION_DATA: 1121 case SSL3_RT_APPLICATION_DATA:
1122 /* At this point, we were expecting handshake data, 1122 /* At this point, we were expecting handshake data,
1123 * but have application data. If the library was 1123 * but have application data. If the library was
@@ -1139,14 +1139,14 @@ start:
1139 } else { 1139 } else {
1140 al = SSL_AD_UNEXPECTED_MESSAGE; 1140 al = SSL_AD_UNEXPECTED_MESSAGE;
1141 SSLerror(s, SSL_R_UNEXPECTED_RECORD); 1141 SSLerror(s, SSL_R_UNEXPECTED_RECORD);
1142 goto f_err; 1142 goto fatal_err;
1143 } 1143 }
1144 } 1144 }
1145 /* not reached */ 1145 /* not reached */
1146 1146
1147f_err: 1147 fatal_err:
1148 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1148 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1149err: 1149 err:
1150 return (-1); 1150 return (-1);
1151} 1151}
1152 1152
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 0408dab660..15dda5108c 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.93 2021/02/20 14:03:50 tb Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.94 2021/02/20 14:14:16 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -827,7 +827,7 @@ ssl3_get_client_hello(SSL *s)
827 if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) { 827 if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
828 al = SSL_AD_ILLEGAL_PARAMETER; 828 al = SSL_AD_ILLEGAL_PARAMETER;
829 SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG); 829 SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
830 goto f_err; 830 goto fatal_err;
831 } 831 }
832 if (SSL_is_dtls(s)) { 832 if (SSL_is_dtls(s)) {
833 if (!CBS_get_u8_length_prefixed(&cbs, &cookie)) 833 if (!CBS_get_u8_length_prefixed(&cbs, &cookie))
@@ -855,7 +855,7 @@ ssl3_get_client_hello(SSL *s)
855 } 855 }
856 SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); 856 SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
857 al = SSL_AD_PROTOCOL_VERSION; 857 al = SSL_AD_PROTOCOL_VERSION;
858 goto f_err; 858 goto fatal_err;
859 } 859 }
860 s->client_version = client_version; 860 s->client_version = client_version;
861 s->version = shared_version; 861 s->version = shared_version;
@@ -912,7 +912,7 @@ ssl3_get_client_hello(SSL *s)
912 if (i == 1) { /* previous session */ 912 if (i == 1) { /* previous session */
913 s->internal->hit = 1; 913 s->internal->hit = 1;
914 } else if (i == -1) 914 } else if (i == -1)
915 goto f_err; 915 goto fatal_err;
916 else { 916 else {
917 /* i == 0 */ 917 /* i == 0 */
918 if (!ssl_get_new_session(s, 1)) 918 if (!ssl_get_new_session(s, 1))
@@ -929,7 +929,7 @@ ssl3_get_client_hello(SSL *s)
929 if (CBS_len(&cookie) > sizeof(D1I(s)->rcvd_cookie)) { 929 if (CBS_len(&cookie) > sizeof(D1I(s)->rcvd_cookie)) {
930 al = SSL_AD_DECODE_ERROR; 930 al = SSL_AD_DECODE_ERROR;
931 SSLerror(s, SSL_R_COOKIE_MISMATCH); 931 SSLerror(s, SSL_R_COOKIE_MISMATCH);
932 goto f_err; 932 goto fatal_err;
933 } 933 }
934 934
935 /* Verify the cookie if appropriate option is set. */ 935 /* Verify the cookie if appropriate option is set. */
@@ -947,7 +947,7 @@ ssl3_get_client_hello(SSL *s)
947 D1I(s)->rcvd_cookie, cookie_len) == 0) { 947 D1I(s)->rcvd_cookie, cookie_len) == 0) {
948 al = SSL_AD_HANDSHAKE_FAILURE; 948 al = SSL_AD_HANDSHAKE_FAILURE;
949 SSLerror(s, SSL_R_COOKIE_MISMATCH); 949 SSLerror(s, SSL_R_COOKIE_MISMATCH);
950 goto f_err; 950 goto fatal_err;
951 } 951 }
952 /* else cookie verification succeeded */ 952 /* else cookie verification succeeded */
953 /* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */ 953 /* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */
@@ -956,7 +956,7 @@ ssl3_get_client_hello(SSL *s)
956 /* default verification */ 956 /* default verification */
957 al = SSL_AD_HANDSHAKE_FAILURE; 957 al = SSL_AD_HANDSHAKE_FAILURE;
958 SSLerror(s, SSL_R_COOKIE_MISMATCH); 958 SSLerror(s, SSL_R_COOKIE_MISMATCH);
959 goto f_err; 959 goto fatal_err;
960 } 960 }
961 cookie_valid = 1; 961 cookie_valid = 1;
962 } 962 }
@@ -967,7 +967,7 @@ ssl3_get_client_hello(SSL *s)
967 /* we need a cipher if we are not resuming a session */ 967 /* we need a cipher if we are not resuming a session */
968 al = SSL_AD_ILLEGAL_PARAMETER; 968 al = SSL_AD_ILLEGAL_PARAMETER;
969 SSLerror(s, SSL_R_NO_CIPHERS_SPECIFIED); 969 SSLerror(s, SSL_R_NO_CIPHERS_SPECIFIED);
970 goto f_err; 970 goto fatal_err;
971 } 971 }
972 972
973 if (CBS_len(&cipher_suites) > 0) { 973 if (CBS_len(&cipher_suites) > 0) {
@@ -996,7 +996,7 @@ ssl3_get_client_hello(SSL *s)
996 */ 996 */
997 al = SSL_AD_ILLEGAL_PARAMETER; 997 al = SSL_AD_ILLEGAL_PARAMETER;
998 SSLerror(s, SSL_R_REQUIRED_CIPHER_MISSING); 998 SSLerror(s, SSL_R_REQUIRED_CIPHER_MISSING);
999 goto f_err; 999 goto fatal_err;
1000 } 1000 }
1001 } 1001 }
1002 1002
@@ -1010,18 +1010,18 @@ ssl3_get_client_hello(SSL *s)
1010 if (comp_null == 0) { 1010 if (comp_null == 0) {
1011 al = SSL_AD_DECODE_ERROR; 1011 al = SSL_AD_DECODE_ERROR;
1012 SSLerror(s, SSL_R_NO_COMPRESSION_SPECIFIED); 1012 SSLerror(s, SSL_R_NO_COMPRESSION_SPECIFIED);
1013 goto f_err; 1013 goto fatal_err;
1014 } 1014 }
1015 1015
1016 if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, &cbs, &al)) { 1016 if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, &cbs, &al)) {
1017 SSLerror(s, SSL_R_PARSE_TLSEXT); 1017 SSLerror(s, SSL_R_PARSE_TLSEXT);
1018 goto f_err; 1018 goto fatal_err;
1019 } 1019 }
1020 1020
1021 if (!S3I(s)->renegotiate_seen && s->internal->renegotiate) { 1021 if (!S3I(s)->renegotiate_seen && s->internal->renegotiate) {
1022 al = SSL_AD_HANDSHAKE_FAILURE; 1022 al = SSL_AD_HANDSHAKE_FAILURE;
1023 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 1023 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1024 goto f_err; 1024 goto fatal_err;
1025 } 1025 }
1026 1026
1027 if (ssl_check_clienthello_tlsext_early(s) <= 0) { 1027 if (ssl_check_clienthello_tlsext_early(s) <= 0) {
@@ -1078,7 +1078,7 @@ ssl3_get_client_hello(SSL *s)
1078 if (pref_cipher == NULL) { 1078 if (pref_cipher == NULL) {
1079 al = SSL_AD_HANDSHAKE_FAILURE; 1079 al = SSL_AD_HANDSHAKE_FAILURE;
1080 SSLerror(s, SSL_R_NO_SHARED_CIPHER); 1080 SSLerror(s, SSL_R_NO_SHARED_CIPHER);
1081 goto f_err; 1081 goto fatal_err;
1082 } 1082 }
1083 1083
1084 s->session->cipher = pref_cipher; 1084 s->session->cipher = pref_cipher;
@@ -1099,7 +1099,7 @@ ssl3_get_client_hello(SSL *s)
1099 if (ciphers == NULL) { 1099 if (ciphers == NULL) {
1100 al = SSL_AD_ILLEGAL_PARAMETER; 1100 al = SSL_AD_ILLEGAL_PARAMETER;
1101 SSLerror(s, SSL_R_NO_CIPHERS_PASSED); 1101 SSLerror(s, SSL_R_NO_CIPHERS_PASSED);
1102 goto f_err; 1102 goto fatal_err;
1103 } 1103 }
1104 ciphers = NULL; 1104 ciphers = NULL;
1105 c = ssl3_choose_cipher(s, s->session->ciphers, 1105 c = ssl3_choose_cipher(s, s->session->ciphers,
@@ -1108,7 +1108,7 @@ ssl3_get_client_hello(SSL *s)
1108 if (c == NULL) { 1108 if (c == NULL) {
1109 al = SSL_AD_HANDSHAKE_FAILURE; 1109 al = SSL_AD_HANDSHAKE_FAILURE;
1110 SSLerror(s, SSL_R_NO_SHARED_CIPHER); 1110 SSLerror(s, SSL_R_NO_SHARED_CIPHER);
1111 goto f_err; 1111 goto fatal_err;
1112 } 1112 }
1113 S3I(s)->hs.new_cipher = c; 1113 S3I(s)->hs.new_cipher = c;
1114 } else { 1114 } else {
@@ -1147,7 +1147,7 @@ ssl3_get_client_hello(SSL *s)
1147 decode_err: 1147 decode_err:
1148 al = SSL_AD_DECODE_ERROR; 1148 al = SSL_AD_DECODE_ERROR;
1149 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1149 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1150 f_err: 1150 fatal_err:
1151 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1151 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1152 } 1152 }
1153 err: 1153 err:
@@ -1317,7 +1317,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
1317 if ((dhp = ssl_get_auto_dh(s)) == NULL) { 1317 if ((dhp = ssl_get_auto_dh(s)) == NULL) {
1318 al = SSL_AD_INTERNAL_ERROR; 1318 al = SSL_AD_INTERNAL_ERROR;
1319 SSLerror(s, ERR_R_INTERNAL_ERROR); 1319 SSLerror(s, ERR_R_INTERNAL_ERROR);
1320 goto f_err; 1320 goto fatal_err;
1321 } 1321 }
1322 } else 1322 } else
1323 dhp = s->cert->dh_tmp; 1323 dhp = s->cert->dh_tmp;
@@ -1329,7 +1329,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
1329 if (dhp == NULL) { 1329 if (dhp == NULL) {
1330 al = SSL_AD_HANDSHAKE_FAILURE; 1330 al = SSL_AD_HANDSHAKE_FAILURE;
1331 SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); 1331 SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
1332 goto f_err; 1332 goto fatal_err;
1333 } 1333 }
1334 1334
1335 if (S3I(s)->tmp.dh != NULL) { 1335 if (S3I(s)->tmp.dh != NULL) {
@@ -1375,7 +1375,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
1375 1375
1376 return (1); 1376 return (1);
1377 1377
1378 f_err: 1378 fatal_err:
1379 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1379 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1380 err: 1380 err:
1381 return (-1); 1381 return (-1);
@@ -1406,7 +1406,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1406 if ((S3I(s)->tmp.ecdh = EC_KEY_new()) == NULL) { 1406 if ((S3I(s)->tmp.ecdh = EC_KEY_new()) == NULL) {
1407 al = SSL_AD_HANDSHAKE_FAILURE; 1407 al = SSL_AD_HANDSHAKE_FAILURE;
1408 SSLerror(s, SSL_R_MISSING_TMP_ECDH_KEY); 1408 SSLerror(s, SSL_R_MISSING_TMP_ECDH_KEY);
1409 goto f_err; 1409 goto fatal_err;
1410 } 1410 }
1411 S3I(s)->tmp.ecdh_nid = nid; 1411 S3I(s)->tmp.ecdh_nid = nid;
1412 ecdh = S3I(s)->tmp.ecdh; 1412 ecdh = S3I(s)->tmp.ecdh;
@@ -1436,7 +1436,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1436 1436
1437 return (1); 1437 return (1);
1438 1438
1439 f_err: 1439 fatal_err:
1440 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1440 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1441 err: 1441 err:
1442 return (-1); 1442 return (-1);
@@ -1542,7 +1542,7 @@ ssl3_send_server_key_exchange(SSL *s)
1542 } else { 1542 } else {
1543 al = SSL_AD_HANDSHAKE_FAILURE; 1543 al = SSL_AD_HANDSHAKE_FAILURE;
1544 SSLerror(s, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 1544 SSLerror(s, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1545 goto f_err; 1545 goto fatal_err;
1546 } 1546 }
1547 1547
1548 if (!CBB_finish(&cbb_params, &params, &params_len)) 1548 if (!CBB_finish(&cbb_params, &params, &params_len))
@@ -1556,7 +1556,7 @@ ssl3_send_server_key_exchange(SSL *s)
1556 if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher, 1556 if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher,
1557 &md, &sigalg)) == NULL) { 1557 &md, &sigalg)) == NULL) {
1558 al = SSL_AD_DECODE_ERROR; 1558 al = SSL_AD_DECODE_ERROR;
1559 goto f_err; 1559 goto fatal_err;
1560 } 1560 }
1561 1561
1562 /* Send signature algorithm. */ 1562 /* Send signature algorithm. */
@@ -1564,7 +1564,7 @@ ssl3_send_server_key_exchange(SSL *s)
1564 if (!CBB_add_u16(&server_kex, sigalg->value)) { 1564 if (!CBB_add_u16(&server_kex, sigalg->value)) {
1565 al = SSL_AD_INTERNAL_ERROR; 1565 al = SSL_AD_INTERNAL_ERROR;
1566 SSLerror(s, ERR_R_INTERNAL_ERROR); 1566 SSLerror(s, ERR_R_INTERNAL_ERROR);
1567 goto f_err; 1567 goto fatal_err;
1568 } 1568 }
1569 } 1569 }
1570 1570
@@ -1627,7 +1627,7 @@ ssl3_send_server_key_exchange(SSL *s)
1627 1627
1628 return (ssl3_handshake_write(s)); 1628 return (ssl3_handshake_write(s));
1629 1629
1630 f_err: 1630 fatal_err:
1631 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1631 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1632 err: 1632 err:
1633 CBB_cleanup(&cbb_params); 1633 CBB_cleanup(&cbb_params);
@@ -1726,7 +1726,7 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs)
1726 (pkey->pkey.rsa == NULL)) { 1726 (pkey->pkey.rsa == NULL)) {
1727 al = SSL_AD_HANDSHAKE_FAILURE; 1727 al = SSL_AD_HANDSHAKE_FAILURE;
1728 SSLerror(s, SSL_R_MISSING_RSA_CERTIFICATE); 1728 SSLerror(s, SSL_R_MISSING_RSA_CERTIFICATE);
1729 goto f_err; 1729 goto fatal_err;
1730 } 1730 }
1731 rsa = pkey->pkey.rsa; 1731 rsa = pkey->pkey.rsa;
1732 1732
@@ -1795,7 +1795,7 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs)
1795 decode_err: 1795 decode_err:
1796 al = SSL_AD_DECODE_ERROR; 1796 al = SSL_AD_DECODE_ERROR;
1797 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1797 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1798 f_err: 1798 fatal_err:
1799 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1799 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1800 err: 1800 err:
1801 freezero(pms, pms_len); 1801 freezero(pms, pms_len);
@@ -1821,7 +1821,7 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs)
1821 if (S3I(s)->tmp.dh == NULL) { 1821 if (S3I(s)->tmp.dh == NULL) {
1822 al = SSL_AD_HANDSHAKE_FAILURE; 1822 al = SSL_AD_HANDSHAKE_FAILURE;
1823 SSLerror(s, SSL_R_MISSING_TMP_DH_KEY); 1823 SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
1824 goto f_err; 1824 goto fatal_err;
1825 } 1825 }
1826 dh = S3I(s)->tmp.dh; 1826 dh = S3I(s)->tmp.dh;
1827 1827
@@ -1841,17 +1841,17 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs)
1841 if (!DH_check_pub_key(dh, bn, &key_is_invalid)) { 1841 if (!DH_check_pub_key(dh, bn, &key_is_invalid)) {
1842 al = SSL_AD_INTERNAL_ERROR; 1842 al = SSL_AD_INTERNAL_ERROR;
1843 SSLerror(s, ERR_R_DH_LIB); 1843 SSLerror(s, ERR_R_DH_LIB);
1844 goto f_err; 1844 goto fatal_err;
1845 } 1845 }
1846 if (key_is_invalid) { 1846 if (key_is_invalid) {
1847 al = SSL_AD_ILLEGAL_PARAMETER; 1847 al = SSL_AD_ILLEGAL_PARAMETER;
1848 SSLerror(s, ERR_R_DH_LIB); 1848 SSLerror(s, ERR_R_DH_LIB);
1849 goto f_err; 1849 goto fatal_err;
1850 } 1850 }
1851 if ((key_len = DH_compute_key(key, bn, dh)) <= 0) { 1851 if ((key_len = DH_compute_key(key, bn, dh)) <= 0) {
1852 al = SSL_AD_INTERNAL_ERROR; 1852 al = SSL_AD_INTERNAL_ERROR;
1853 SSLerror(s, ERR_R_DH_LIB); 1853 SSLerror(s, ERR_R_DH_LIB);
1854 goto f_err; 1854 goto fatal_err;
1855 } 1855 }
1856 1856
1857 s->session->master_key_length = tls1_generate_master_secret(s, 1857 s->session->master_key_length = tls1_generate_master_secret(s,
@@ -1868,7 +1868,7 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs)
1868 decode_err: 1868 decode_err:
1869 al = SSL_AD_DECODE_ERROR; 1869 al = SSL_AD_DECODE_ERROR;
1870 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1870 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1871 f_err: 1871 fatal_err:
1872 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1872 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1873 err: 1873 err:
1874 freezero(key, key_size); 1874 freezero(key, key_size);
@@ -2083,18 +2083,18 @@ ssl3_get_client_key_exchange(SSL *s)
2083 } else { 2083 } else {
2084 al = SSL_AD_HANDSHAKE_FAILURE; 2084 al = SSL_AD_HANDSHAKE_FAILURE;
2085 SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE); 2085 SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE);
2086 goto f_err; 2086 goto fatal_err;
2087 } 2087 }
2088 2088
2089 if (CBS_len(&cbs) != 0) { 2089 if (CBS_len(&cbs) != 0) {
2090 al = SSL_AD_DECODE_ERROR; 2090 al = SSL_AD_DECODE_ERROR;
2091 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 2091 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
2092 goto f_err; 2092 goto fatal_err;
2093 } 2093 }
2094 2094
2095 return (1); 2095 return (1);
2096 2096
2097 f_err: 2097 fatal_err:
2098 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2098 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2099 err: 2099 err:
2100 return (-1); 2100 return (-1);
@@ -2139,7 +2139,7 @@ ssl3_get_cert_verify(SSL *s)
2139 if (peer != NULL) { 2139 if (peer != NULL) {
2140 al = SSL_AD_UNEXPECTED_MESSAGE; 2140 al = SSL_AD_UNEXPECTED_MESSAGE;
2141 SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE); 2141 SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);
2142 goto f_err; 2142 goto fatal_err;
2143 } 2143 }
2144 ret = 1; 2144 ret = 1;
2145 goto end; 2145 goto end;
@@ -2148,19 +2148,19 @@ ssl3_get_cert_verify(SSL *s)
2148 if (peer == NULL) { 2148 if (peer == NULL) {
2149 SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED); 2149 SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED);
2150 al = SSL_AD_UNEXPECTED_MESSAGE; 2150 al = SSL_AD_UNEXPECTED_MESSAGE;
2151 goto f_err; 2151 goto fatal_err;
2152 } 2152 }
2153 2153
2154 if (!(type & EVP_PKT_SIGN)) { 2154 if (!(type & EVP_PKT_SIGN)) {
2155 SSLerror(s, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); 2155 SSLerror(s, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
2156 al = SSL_AD_ILLEGAL_PARAMETER; 2156 al = SSL_AD_ILLEGAL_PARAMETER;
2157 goto f_err; 2157 goto fatal_err;
2158 } 2158 }
2159 2159
2160 if (S3I(s)->change_cipher_spec) { 2160 if (S3I(s)->change_cipher_spec) {
2161 SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); 2161 SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
2162 al = SSL_AD_UNEXPECTED_MESSAGE; 2162 al = SSL_AD_UNEXPECTED_MESSAGE;
2163 goto f_err; 2163 goto fatal_err;
2164 } 2164 }
2165 2165
2166 if (!SSL_USE_SIGALGS(s)) { 2166 if (!SSL_USE_SIGALGS(s)) {
@@ -2169,12 +2169,12 @@ ssl3_get_cert_verify(SSL *s)
2169 if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { 2169 if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
2170 SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE); 2170 SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE);
2171 al = SSL_AD_DECODE_ERROR; 2171 al = SSL_AD_DECODE_ERROR;
2172 goto f_err; 2172 goto fatal_err;
2173 } 2173 }
2174 if (CBS_len(&cbs) != 0) { 2174 if (CBS_len(&cbs) != 0) {
2175 al = SSL_AD_DECODE_ERROR; 2175 al = SSL_AD_DECODE_ERROR;
2176 SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); 2176 SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE);
2177 goto f_err; 2177 goto fatal_err;
2178 } 2178 }
2179 } 2179 }
2180 2180
@@ -2189,12 +2189,12 @@ ssl3_get_cert_verify(SSL *s)
2189 (md = sigalg->md()) == NULL) { 2189 (md = sigalg->md()) == NULL) {
2190 SSLerror(s, SSL_R_UNKNOWN_DIGEST); 2190 SSLerror(s, SSL_R_UNKNOWN_DIGEST);
2191 al = SSL_AD_DECODE_ERROR; 2191 al = SSL_AD_DECODE_ERROR;
2192 goto f_err; 2192 goto fatal_err;
2193 } 2193 }
2194 if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) { 2194 if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) {
2195 SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); 2195 SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
2196 al = SSL_AD_DECODE_ERROR; 2196 al = SSL_AD_DECODE_ERROR;
2197 goto f_err; 2197 goto fatal_err;
2198 } 2198 }
2199 2199
2200 if (!CBS_get_u16_length_prefixed(&cbs, &signature)) 2200 if (!CBS_get_u16_length_prefixed(&cbs, &signature))
@@ -2202,48 +2202,48 @@ ssl3_get_cert_verify(SSL *s)
2202 if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { 2202 if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
2203 SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE); 2203 SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE);
2204 al = SSL_AD_DECODE_ERROR; 2204 al = SSL_AD_DECODE_ERROR;
2205 goto f_err; 2205 goto fatal_err;
2206 } 2206 }
2207 if (CBS_len(&cbs) != 0) { 2207 if (CBS_len(&cbs) != 0) {
2208 al = SSL_AD_DECODE_ERROR; 2208 al = SSL_AD_DECODE_ERROR;
2209 SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); 2209 SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE);
2210 goto f_err; 2210 goto fatal_err;
2211 } 2211 }
2212 2212
2213 if (!tls1_transcript_data(s, &hdata, &hdatalen)) { 2213 if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
2214 SSLerror(s, ERR_R_INTERNAL_ERROR); 2214 SSLerror(s, ERR_R_INTERNAL_ERROR);
2215 al = SSL_AD_INTERNAL_ERROR; 2215 al = SSL_AD_INTERNAL_ERROR;
2216 goto f_err; 2216 goto fatal_err;
2217 } 2217 }
2218 if (!EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, pkey)) { 2218 if (!EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, pkey)) {
2219 SSLerror(s, ERR_R_EVP_LIB); 2219 SSLerror(s, ERR_R_EVP_LIB);
2220 al = SSL_AD_INTERNAL_ERROR; 2220 al = SSL_AD_INTERNAL_ERROR;
2221 goto f_err; 2221 goto fatal_err;
2222 } 2222 }
2223 if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && 2223 if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
2224 (!EVP_PKEY_CTX_set_rsa_padding 2224 (!EVP_PKEY_CTX_set_rsa_padding
2225 (pctx, RSA_PKCS1_PSS_PADDING) || 2225 (pctx, RSA_PKCS1_PSS_PADDING) ||
2226 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { 2226 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
2227 al = SSL_AD_INTERNAL_ERROR; 2227 al = SSL_AD_INTERNAL_ERROR;
2228 goto f_err; 2228 goto fatal_err;
2229 } 2229 }
2230 if (sigalg->key_type == EVP_PKEY_GOSTR01 && 2230 if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
2231 EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, 2231 EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
2232 EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, 2232 EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE,
2233 NULL) <= 0) { 2233 NULL) <= 0) {
2234 al = SSL_AD_INTERNAL_ERROR; 2234 al = SSL_AD_INTERNAL_ERROR;
2235 goto f_err; 2235 goto fatal_err;
2236 } 2236 }
2237 if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) { 2237 if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) {
2238 SSLerror(s, ERR_R_EVP_LIB); 2238 SSLerror(s, ERR_R_EVP_LIB);
2239 al = SSL_AD_INTERNAL_ERROR; 2239 al = SSL_AD_INTERNAL_ERROR;
2240 goto f_err; 2240 goto fatal_err;
2241 } 2241 }
2242 if (EVP_DigestVerifyFinal(&mctx, CBS_data(&signature), 2242 if (EVP_DigestVerifyFinal(&mctx, CBS_data(&signature),
2243 CBS_len(&signature)) <= 0) { 2243 CBS_len(&signature)) <= 0) {
2244 al = SSL_AD_DECRYPT_ERROR; 2244 al = SSL_AD_DECRYPT_ERROR;
2245 SSLerror(s, SSL_R_BAD_SIGNATURE); 2245 SSLerror(s, SSL_R_BAD_SIGNATURE);
2246 goto f_err; 2246 goto fatal_err;
2247 } 2247 }
2248 } else if (pkey->type == EVP_PKEY_RSA) { 2248 } else if (pkey->type == EVP_PKEY_RSA) {
2249 verify = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md, 2249 verify = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md,
@@ -2252,12 +2252,12 @@ ssl3_get_cert_verify(SSL *s)
2252 if (verify < 0) { 2252 if (verify < 0) {
2253 al = SSL_AD_DECRYPT_ERROR; 2253 al = SSL_AD_DECRYPT_ERROR;
2254 SSLerror(s, SSL_R_BAD_RSA_DECRYPT); 2254 SSLerror(s, SSL_R_BAD_RSA_DECRYPT);
2255 goto f_err; 2255 goto fatal_err;
2256 } 2256 }
2257 if (verify == 0) { 2257 if (verify == 0) {
2258 al = SSL_AD_DECRYPT_ERROR; 2258 al = SSL_AD_DECRYPT_ERROR;
2259 SSLerror(s, SSL_R_BAD_RSA_SIGNATURE); 2259 SSLerror(s, SSL_R_BAD_RSA_SIGNATURE);
2260 goto f_err; 2260 goto fatal_err;
2261 } 2261 }
2262 } else if (pkey->type == EVP_PKEY_EC) { 2262 } else if (pkey->type == EVP_PKEY_EC) {
2263 verify = ECDSA_verify(pkey->save_type, 2263 verify = ECDSA_verify(pkey->save_type,
@@ -2267,7 +2267,7 @@ ssl3_get_cert_verify(SSL *s)
2267 if (verify <= 0) { 2267 if (verify <= 0) {
2268 al = SSL_AD_DECRYPT_ERROR; 2268 al = SSL_AD_DECRYPT_ERROR;
2269 SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE); 2269 SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE);
2270 goto f_err; 2270 goto fatal_err;
2271 } 2271 }
2272#ifndef OPENSSL_NO_GOST 2272#ifndef OPENSSL_NO_GOST
2273 } else if (pkey->type == NID_id_GostR3410_94 || 2273 } else if (pkey->type == NID_id_GostR3410_94 ||
@@ -2280,18 +2280,18 @@ ssl3_get_cert_verify(SSL *s)
2280 if (!tls1_transcript_data(s, &hdata, &hdatalen)) { 2280 if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
2281 SSLerror(s, ERR_R_INTERNAL_ERROR); 2281 SSLerror(s, ERR_R_INTERNAL_ERROR);
2282 al = SSL_AD_INTERNAL_ERROR; 2282 al = SSL_AD_INTERNAL_ERROR;
2283 goto f_err; 2283 goto fatal_err;
2284 } 2284 }
2285 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || 2285 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
2286 !(md = EVP_get_digestbynid(nid))) { 2286 !(md = EVP_get_digestbynid(nid))) {
2287 SSLerror(s, ERR_R_EVP_LIB); 2287 SSLerror(s, ERR_R_EVP_LIB);
2288 al = SSL_AD_INTERNAL_ERROR; 2288 al = SSL_AD_INTERNAL_ERROR;
2289 goto f_err; 2289 goto fatal_err;
2290 } 2290 }
2291 if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) { 2291 if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
2292 SSLerror(s, ERR_R_EVP_LIB); 2292 SSLerror(s, ERR_R_EVP_LIB);
2293 al = SSL_AD_INTERNAL_ERROR; 2293 al = SSL_AD_INTERNAL_ERROR;
2294 goto f_err; 2294 goto fatal_err;
2295 } 2295 }
2296 if (!EVP_DigestInit_ex(&mctx, md, NULL) || 2296 if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
2297 !EVP_DigestUpdate(&mctx, hdata, hdatalen) || 2297 !EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
@@ -2304,14 +2304,14 @@ ssl3_get_cert_verify(SSL *s)
2304 SSLerror(s, ERR_R_EVP_LIB); 2304 SSLerror(s, ERR_R_EVP_LIB);
2305 al = SSL_AD_INTERNAL_ERROR; 2305 al = SSL_AD_INTERNAL_ERROR;
2306 EVP_PKEY_CTX_free(pctx); 2306 EVP_PKEY_CTX_free(pctx);
2307 goto f_err; 2307 goto fatal_err;
2308 } 2308 }
2309 if (EVP_PKEY_verify(pctx, CBS_data(&signature), 2309 if (EVP_PKEY_verify(pctx, CBS_data(&signature),
2310 CBS_len(&signature), sigbuf, siglen) <= 0) { 2310 CBS_len(&signature), sigbuf, siglen) <= 0) {
2311 al = SSL_AD_DECRYPT_ERROR; 2311 al = SSL_AD_DECRYPT_ERROR;
2312 SSLerror(s, SSL_R_BAD_SIGNATURE); 2312 SSLerror(s, SSL_R_BAD_SIGNATURE);
2313 EVP_PKEY_CTX_free(pctx); 2313 EVP_PKEY_CTX_free(pctx);
2314 goto f_err; 2314 goto fatal_err;
2315 } 2315 }
2316 2316
2317 EVP_PKEY_CTX_free(pctx); 2317 EVP_PKEY_CTX_free(pctx);
@@ -2319,7 +2319,7 @@ ssl3_get_cert_verify(SSL *s)
2319 } else { 2319 } else {
2320 SSLerror(s, ERR_R_INTERNAL_ERROR); 2320 SSLerror(s, ERR_R_INTERNAL_ERROR);
2321 al = SSL_AD_UNSUPPORTED_CERTIFICATE; 2321 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
2322 goto f_err; 2322 goto fatal_err;
2323 } 2323 }
2324 2324
2325 ret = 1; 2325 ret = 1;
@@ -2327,7 +2327,7 @@ ssl3_get_cert_verify(SSL *s)
2327 decode_err: 2327 decode_err:
2328 al = SSL_AD_DECODE_ERROR; 2328 al = SSL_AD_DECODE_ERROR;
2329 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 2329 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
2330 f_err: 2330 fatal_err:
2331 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2331 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2332 } 2332 }
2333 end: 2333 end:
@@ -2358,7 +2358,7 @@ ssl3_get_client_certificate(SSL *s)
2358 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { 2358 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
2359 SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); 2359 SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2360 al = SSL_AD_HANDSHAKE_FAILURE; 2360 al = SSL_AD_HANDSHAKE_FAILURE;
2361 goto f_err; 2361 goto fatal_err;
2362 } 2362 }
2363 /* 2363 /*
2364 * If tls asked for a client cert, 2364 * If tls asked for a client cert,
@@ -2368,7 +2368,7 @@ ssl3_get_client_certificate(SSL *s)
2368 SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 2368 SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
2369 ); 2369 );
2370 al = SSL_AD_UNEXPECTED_MESSAGE; 2370 al = SSL_AD_UNEXPECTED_MESSAGE;
2371 goto f_err; 2371 goto fatal_err;
2372 } 2372 }
2373 S3I(s)->tmp.reuse_message = 1; 2373 S3I(s)->tmp.reuse_message = 1;
2374 return (1); 2374 return (1);
@@ -2377,7 +2377,7 @@ ssl3_get_client_certificate(SSL *s)
2377 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { 2377 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
2378 al = SSL_AD_UNEXPECTED_MESSAGE; 2378 al = SSL_AD_UNEXPECTED_MESSAGE;
2379 SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE); 2379 SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
2380 goto f_err; 2380 goto fatal_err;
2381 } 2381 }
2382 2382
2383 if (n < 0) 2383 if (n < 0)
@@ -2400,7 +2400,7 @@ ssl3_get_client_certificate(SSL *s)
2400 if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) { 2400 if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
2401 al = SSL_AD_DECODE_ERROR; 2401 al = SSL_AD_DECODE_ERROR;
2402 SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); 2402 SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
2403 goto f_err; 2403 goto fatal_err;
2404 } 2404 }
2405 2405
2406 q = CBS_data(&cert); 2406 q = CBS_data(&cert);
@@ -2412,7 +2412,7 @@ ssl3_get_client_certificate(SSL *s)
2412 if (q != CBS_data(&cert) + CBS_len(&cert)) { 2412 if (q != CBS_data(&cert) + CBS_len(&cert)) {
2413 al = SSL_AD_DECODE_ERROR; 2413 al = SSL_AD_DECODE_ERROR;
2414 SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); 2414 SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
2415 goto f_err; 2415 goto fatal_err;
2416 } 2416 }
2417 if (!sk_X509_push(sk, x)) { 2417 if (!sk_X509_push(sk, x)) {
2418 SSLerror(s, ERR_R_MALLOC_FAILURE); 2418 SSLerror(s, ERR_R_MALLOC_FAILURE);
@@ -2430,7 +2430,7 @@ ssl3_get_client_certificate(SSL *s)
2430 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { 2430 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
2431 SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); 2431 SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2432 al = SSL_AD_HANDSHAKE_FAILURE; 2432 al = SSL_AD_HANDSHAKE_FAILURE;
2433 goto f_err; 2433 goto fatal_err;
2434 } 2434 }
2435 /* No client certificate so free transcript. */ 2435 /* No client certificate so free transcript. */
2436 tls1_transcript_free(s); 2436 tls1_transcript_free(s);
@@ -2439,7 +2439,7 @@ ssl3_get_client_certificate(SSL *s)
2439 if (i <= 0) { 2439 if (i <= 0) {
2440 al = ssl_verify_alarm_type(s->verify_result); 2440 al = ssl_verify_alarm_type(s->verify_result);
2441 SSLerror(s, SSL_R_NO_CERTIFICATE_RETURNED); 2441 SSLerror(s, SSL_R_NO_CERTIFICATE_RETURNED);
2442 goto f_err; 2442 goto fatal_err;
2443 } 2443 }
2444 } 2444 }
2445 2445
@@ -2473,7 +2473,7 @@ ssl3_get_client_certificate(SSL *s)
2473 decode_err: 2473 decode_err:
2474 al = SSL_AD_DECODE_ERROR; 2474 al = SSL_AD_DECODE_ERROR;
2475 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 2475 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
2476 f_err: 2476 fatal_err:
2477 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2477 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2478 } 2478 }
2479 err: 2479 err:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-23 03:48:35 +0000