1 files changed, 46 insertions, 46 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 7d55c0dd52..29d488c12c 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.80 2021/02/20 08:22:55 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.81 2021/02/20 14:03:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -634,7 +634,7 @@ ssl3_connect(SSL *s)
                skip = 0;
        }
-end:
+ end:
        s->internal->in_handshake--;
        if (cb != NULL)
                cb(s, SSL_CB_CONNECT_EXIT, ret);
@@ -779,7 +779,7 @@ ssl3_send_client_hello(SSL *s)
        /* SSL3_ST_CW_CLNT_HELLO_B */
        return (ssl3_handshake_write(s));
-err:
+ err:
        CBB_cleanup(&cbb);
        return (-1);
@@ -806,16 +806,16 @@ ssl3_get_dtls_hello_verify(SSL *s)
        }
        if (n < 0)
-                goto truncated;
+                goto decode_err;
        CBS_init(&hello_verify_request, s->internal->init_msg, n);
        if (!CBS_get_u16(&hello_verify_request, &ssl_version))
-                goto truncated;
+                goto decode_err;
        if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie))
-                goto truncated;
+                goto decode_err;
        if (CBS_len(&hello_verify_request) != 0)
-                goto truncated;
+                goto decode_err;
        /*
         * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always
@@ -840,9 +840,9 @@ ssl3_get_dtls_hello_verify(SSL *s)
        return 1;
-truncated:
+ decode_err:
        al = SSL_AD_DECODE_ERROR;
-f_err:
+ f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
        return -1;
 }
@@ -869,7 +869,7 @@ ssl3_get_server_hello(SSL *s)
        s->internal->first_packet = 0;
        if (n < 0)
-                goto truncated;
+                goto decode_err;
        CBS_init(&cbs, s->internal->init_msg, n);
@@ -894,7 +894,7 @@ ssl3_get_server_hello(SSL *s)
        }
        if (!CBS_get_u16(&cbs, &server_version))
-                goto truncated;
+                goto decode_err;
        if (ssl_supported_version_range(s, &min_version, &max_version) != 1) {
                SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
@@ -917,7 +917,7 @@ ssl3_get_server_hello(SSL *s)
        /* Server random. */
        if (!CBS_get_bytes(&cbs, &server_random, SSL3_RANDOM_SIZE))
-                goto truncated;
+                goto decode_err;
        if (!CBS_write_bytes(&server_random, s->s3->server_random,
            sizeof(s->s3->server_random), NULL))
                goto err;
@@ -950,7 +950,7 @@ ssl3_get_server_hello(SSL *s)
        /* Session ID. */
        if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
-                goto truncated;
+                goto decode_err;
        if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
                al = SSL_AD_ILLEGAL_PARAMETER;
@@ -960,7 +960,7 @@ ssl3_get_server_hello(SSL *s)
        /* Cipher suite. */
        if (!CBS_get_u16(&cbs, &cipher_suite))
-                goto truncated;
+                goto decode_err;
        /*
         * Check if we want to resume the session based on external
@@ -1063,7 +1063,7 @@ ssl3_get_server_hello(SSL *s)
                tls1_transcript_free(s);
        if (!CBS_get_u8(&cbs, &compression_method))
-                goto truncated;
+                goto decode_err;
        if (compression_method != 0) {
                al = SSL_AD_ILLEGAL_PARAMETER;
@@ -1098,13 +1098,13 @@ ssl3_get_server_hello(SSL *s)
        return (1);
-truncated:
+ decode_err:
        /* wrong packet length */
        al = SSL_AD_DECODE_ERROR;
        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-f_err:
+ f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-err:
+ err:
        return (-1);
 }
@@ -1143,11 +1143,11 @@ ssl3_get_server_certificate(SSL *s)
        }
        if (n < 0)
-                goto truncated;
+                goto decode_err;
        CBS_init(&cbs, s->internal->init_msg, n);
        if (CBS_len(&cbs) < 3)
-                goto truncated;
+                goto decode_err;
        if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) ||
            CBS_len(&cbs) != 0) {
@@ -1160,7 +1160,7 @@ ssl3_get_server_certificate(SSL *s)
                CBS cert;
                if (CBS_len(&cert_list) < 3)
-                        goto truncated;
+                        goto decode_err;
                if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
                        al = SSL_AD_DECODE_ERROR;
                        SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
@@ -1246,14 +1246,14 @@ ssl3_get_server_certificate(SSL *s)
        ret = 1;
        if (0) {
-truncated:
+ decode_err:
                /* wrong packet length */
                al = SSL_AD_DECODE_ERROR;
                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-f_err:
+ f_err:
                ssl3_send_alert(s, SSL3_AL_FATAL, al);
        }
-err:
+ err:
        EVP_PKEY_free(pkey);
        X509_free(x);
        sk_X509_pop_free(sk, X509_free);
@@ -1280,21 +1280,21 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        }
        if (!CBS_get_u16_length_prefixed(cbs, &dhp))
-                goto truncated;
+                goto decode_err;
        if ((dh->p = BN_bin2bn(CBS_data(&dhp), CBS_len(&dhp), NULL)) == NULL) {
                SSLerror(s, ERR_R_BN_LIB);
                goto err;
        }
        if (!CBS_get_u16_length_prefixed(cbs, &dhg))
-                goto truncated;
+                goto decode_err;
        if ((dh->g = BN_bin2bn(CBS_data(&dhg), CBS_len(&dhg), NULL)) == NULL) {
                SSLerror(s, ERR_R_BN_LIB);
                goto err;
        }
        if (!CBS_get_u16_length_prefixed(cbs, &dhpk))
-                goto truncated;
+                goto decode_err;
        if ((dh->pub_key = BN_bin2bn(CBS_data(&dhpk), CBS_len(&dhpk),
            NULL)) == NULL) {
                SSLerror(s, ERR_R_BN_LIB);
@@ -1320,7 +1320,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        return (1);
- truncated:
+ decode_err:
        al = SSL_AD_DECODE_ERROR;
        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1428,7 +1428,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        }
        if (!CBS_get_u8_length_prefixed(cbs, &public))
-                goto truncated;
+                goto decode_err;
        if (nid == NID_X25519) {
                if (ssl3_get_server_kex_ecdhe_ecx(s, sc, nid, &public) != 1)
@@ -1453,7 +1453,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        return (1);
- truncated:
+ decode_err:
        al = SSL_AD_DECODE_ERROR;
        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
@@ -1552,7 +1552,7 @@ ssl3_get_server_key_exchange(SSL *s)
                        uint16_t sigalg_value;
                        if (!CBS_get_u16(&cbs, &sigalg_value))
-                                goto truncated;
+                                goto decode_err;
                        if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs,
                            tls12_sigalgs_len)) == NULL) {
                                SSLerror(s, SSL_R_UNKNOWN_DIGEST);
@@ -1581,7 +1581,7 @@ ssl3_get_server_key_exchange(SSL *s)
                md = sigalg->md();
                if (!CBS_get_u16_length_prefixed(&cbs, &signature))
-                        goto truncated;
+                        goto decode_err;
                if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
                        al = SSL_AD_DECODE_ERROR;
                        SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH);
@@ -1628,7 +1628,7 @@ ssl3_get_server_key_exchange(SSL *s)
        return (1);
- truncated:
+ decode_err:
        al = SSL_AD_DECODE_ERROR;
        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
@@ -1684,7 +1684,7 @@ ssl3_get_certificate_request(SSL *s)
        }
        if (n < 0)
-                goto truncated;
+                goto decode_err;
        CBS_init(&cert_request, s->internal->init_msg, n);
        if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
@@ -1694,7 +1694,7 @@ ssl3_get_certificate_request(SSL *s)
        /* get the certificate types */
        if (!CBS_get_u8(&cert_request, &ctype_num))
-                goto truncated;
+                goto decode_err;
        if (ctype_num > SSL3_CT_NUMBER)
                ctype_num = SSL3_CT_NUMBER;
@@ -1783,10 +1783,10 @@ ssl3_get_certificate_request(SSL *s)
        ret = 1;
        if (0) {
-truncated:
+ decode_err:
                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
        }
-err:
+ err:
        X509_NAME_free(xn);
        sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
        return (ret);
@@ -1867,9 +1867,9 @@ ssl3_get_new_session_ticket(SSL *s)
            EVP_sha256(), NULL);
        ret = 1;
        return (ret);
-f_err:
+ f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-err:
+ err:
        return (-1);
 }
@@ -1921,7 +1921,7 @@ ssl3_get_cert_status(SSL *s)
                al = SSL_AD_INTERNAL_ERROR;
                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto f_err;
-        }
+        }
        if (s->ctx->internal->tlsext_status_cb) {
                int ret;
@@ -1939,7 +1939,7 @@ ssl3_get_cert_status(SSL *s)
                }
        }
        return (1);
-f_err:
+ f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
        return (-1);
 }
@@ -2016,7 +2016,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
        ret = 1;
-err:
+ err:
        explicit_bzero(pms, sizeof(pms));
        EVP_PKEY_free(pkey);
        free(enc_pms);
@@ -2079,7 +2079,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
        ret = 1;
-err:
+ err:
        DH_free(dh_clnt);
        freezero(key, key_size);
@@ -2349,7 +2349,7 @@ ssl3_send_client_key_exchange(SSL *s)
        /* SSL3_ST_CW_KEY_EXCH_B */
        return (ssl3_handshake_write(s));
-err:
+ err:
        CBB_cleanup(&cbb);
        return (-1);
@@ -2767,9 +2767,9 @@ ssl3_check_cert_and_algorithm(SSL *s)
        }
        return (1);
-f_err:
+ f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-err:
+ err:
        return (0);
 }

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 7d55c0dd52..29d488c12c 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.80 2021/02/20 08:22:55 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.81 2021/02/20 14:03:50 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -634,7 +634,7 @@ ssl3_connect(SSL *s)
634	skip = 0;	634	skip = 0;
635	}	635	}
636		636
637	end:	637	end:
638	s->internal->in_handshake--;	638	s->internal->in_handshake--;
639	if (cb != NULL)	639	if (cb != NULL)
640	cb(s, SSL_CB_CONNECT_EXIT, ret);	640	cb(s, SSL_CB_CONNECT_EXIT, ret);
@@ -779,7 +779,7 @@ ssl3_send_client_hello(SSL *s)
779	/* SSL3_ST_CW_CLNT_HELLO_B */	779	/* SSL3_ST_CW_CLNT_HELLO_B */
780	return (ssl3_handshake_write(s));	780	return (ssl3_handshake_write(s));
781		781
782	err:	782	err:
783	CBB_cleanup(&cbb);	783	CBB_cleanup(&cbb);
784		784
785	return (-1);	785	return (-1);
@@ -806,16 +806,16 @@ ssl3_get_dtls_hello_verify(SSL *s)
806	}	806	}
807		807
808	if (n < 0)	808	if (n < 0)
809	goto truncated;	809	goto decode_err;
810		810
811	CBS_init(&hello_verify_request, s->internal->init_msg, n);	811	CBS_init(&hello_verify_request, s->internal->init_msg, n);
812		812
813	if (!CBS_get_u16(&hello_verify_request, &ssl_version))	813	if (!CBS_get_u16(&hello_verify_request, &ssl_version))
814	goto truncated;	814	goto decode_err;
815	if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie))	815	if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie))
816	goto truncated;	816	goto decode_err;
817	if (CBS_len(&hello_verify_request) != 0)	817	if (CBS_len(&hello_verify_request) != 0)
818	goto truncated;	818	goto decode_err;
819		819
820	/*	820	/*
821	* Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always	821	* Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always
@@ -840,9 +840,9 @@ ssl3_get_dtls_hello_verify(SSL *s)
840		840
841	return 1;	841	return 1;
842		842
843	truncated:	843	decode_err:
844	al = SSL_AD_DECODE_ERROR;	844	al = SSL_AD_DECODE_ERROR;
845	f_err:	845	f_err:
846	ssl3_send_alert(s, SSL3_AL_FATAL, al);	846	ssl3_send_alert(s, SSL3_AL_FATAL, al);
847	return -1;	847	return -1;
848	}	848	}
@@ -869,7 +869,7 @@ ssl3_get_server_hello(SSL *s)
869	s->internal->first_packet = 0;	869	s->internal->first_packet = 0;
870		870
871	if (n < 0)	871	if (n < 0)
872	goto truncated;	872	goto decode_err;
873		873
874	CBS_init(&cbs, s->internal->init_msg, n);	874	CBS_init(&cbs, s->internal->init_msg, n);
875		875
@@ -894,7 +894,7 @@ ssl3_get_server_hello(SSL *s)
894	}	894	}
895		895
896	if (!CBS_get_u16(&cbs, &server_version))	896	if (!CBS_get_u16(&cbs, &server_version))
897	goto truncated;	897	goto decode_err;
898		898
899	if (ssl_supported_version_range(s, &min_version, &max_version) != 1) {	899	if (ssl_supported_version_range(s, &min_version, &max_version) != 1) {
900	SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);	900	SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
@@ -917,7 +917,7 @@ ssl3_get_server_hello(SSL *s)
917		917
918	/* Server random. */	918	/* Server random. */
919	if (!CBS_get_bytes(&cbs, &server_random, SSL3_RANDOM_SIZE))	919	if (!CBS_get_bytes(&cbs, &server_random, SSL3_RANDOM_SIZE))
920	goto truncated;	920	goto decode_err;
921	if (!CBS_write_bytes(&server_random, s->s3->server_random,	921	if (!CBS_write_bytes(&server_random, s->s3->server_random,
922	sizeof(s->s3->server_random), NULL))	922	sizeof(s->s3->server_random), NULL))
923	goto err;	923	goto err;
@@ -950,7 +950,7 @@ ssl3_get_server_hello(SSL *s)
950		950
951	/* Session ID. */	951	/* Session ID. */
952	if (!CBS_get_u8_length_prefixed(&cbs, &session_id))	952	if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
953	goto truncated;	953	goto decode_err;
954		954
955	if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {	955	if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
956	al = SSL_AD_ILLEGAL_PARAMETER;	956	al = SSL_AD_ILLEGAL_PARAMETER;
@@ -960,7 +960,7 @@ ssl3_get_server_hello(SSL *s)
960		960
961	/* Cipher suite. */	961	/* Cipher suite. */
962	if (!CBS_get_u16(&cbs, &cipher_suite))	962	if (!CBS_get_u16(&cbs, &cipher_suite))
963	goto truncated;	963	goto decode_err;
964		964
965	/*	965	/*
966	* Check if we want to resume the session based on external	966	* Check if we want to resume the session based on external
@@ -1063,7 +1063,7 @@ ssl3_get_server_hello(SSL *s)
1063	tls1_transcript_free(s);	1063	tls1_transcript_free(s);
1064		1064
1065	if (!CBS_get_u8(&cbs, &compression_method))	1065	if (!CBS_get_u8(&cbs, &compression_method))
1066	goto truncated;	1066	goto decode_err;
1067		1067
1068	if (compression_method != 0) {	1068	if (compression_method != 0) {
1069	al = SSL_AD_ILLEGAL_PARAMETER;	1069	al = SSL_AD_ILLEGAL_PARAMETER;
@@ -1098,13 +1098,13 @@ ssl3_get_server_hello(SSL *s)
1098		1098
1099	return (1);	1099	return (1);
1100		1100
1101	truncated:	1101	decode_err:
1102	/* wrong packet length */	1102	/* wrong packet length */
1103	al = SSL_AD_DECODE_ERROR;	1103	al = SSL_AD_DECODE_ERROR;
1104	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);	1104	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1105	f_err:	1105	f_err:
1106	ssl3_send_alert(s, SSL3_AL_FATAL, al);	1106	ssl3_send_alert(s, SSL3_AL_FATAL, al);
1107	err:	1107	err:
1108	return (-1);	1108	return (-1);
1109	}	1109	}
1110		1110
@@ -1143,11 +1143,11 @@ ssl3_get_server_certificate(SSL *s)
1143	}	1143	}
1144		1144
1145	if (n < 0)	1145	if (n < 0)
1146	goto truncated;	1146	goto decode_err;
1147		1147
1148	CBS_init(&cbs, s->internal->init_msg, n);	1148	CBS_init(&cbs, s->internal->init_msg, n);
1149	if (CBS_len(&cbs) < 3)	1149	if (CBS_len(&cbs) < 3)
1150	goto truncated;	1150	goto decode_err;
1151		1151
1152	if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) \|\|	1152	if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) \|\|
1153	CBS_len(&cbs) != 0) {	1153	CBS_len(&cbs) != 0) {
@@ -1160,7 +1160,7 @@ ssl3_get_server_certificate(SSL *s)
1160	CBS cert;	1160	CBS cert;
1161		1161
1162	if (CBS_len(&cert_list) < 3)	1162	if (CBS_len(&cert_list) < 3)
1163	goto truncated;	1163	goto decode_err;
1164	if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {	1164	if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
1165	al = SSL_AD_DECODE_ERROR;	1165	al = SSL_AD_DECODE_ERROR;
1166	SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);	1166	SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
@@ -1246,14 +1246,14 @@ ssl3_get_server_certificate(SSL *s)
1246	ret = 1;	1246	ret = 1;
1247		1247
1248	if (0) {	1248	if (0) {
1249	truncated:	1249	decode_err:
1250	/* wrong packet length */	1250	/* wrong packet length */
1251	al = SSL_AD_DECODE_ERROR;	1251	al = SSL_AD_DECODE_ERROR;
1252	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);	1252	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1253	f_err:	1253	f_err:
1254	ssl3_send_alert(s, SSL3_AL_FATAL, al);	1254	ssl3_send_alert(s, SSL3_AL_FATAL, al);
1255	}	1255	}
1256	err:	1256	err:
1257	EVP_PKEY_free(pkey);	1257	EVP_PKEY_free(pkey);
1258	X509_free(x);	1258	X509_free(x);
1259	sk_X509_pop_free(sk, X509_free);	1259	sk_X509_pop_free(sk, X509_free);
@@ -1280,21 +1280,21 @@ ssl3_get_server_kex_dhe(SSL s, EVP_PKEY pkey, CBS cbs)
1280	}	1280	}
1281		1281
1282	if (!CBS_get_u16_length_prefixed(cbs, &dhp))	1282	if (!CBS_get_u16_length_prefixed(cbs, &dhp))
1283	goto truncated;	1283	goto decode_err;
1284	if ((dh->p = BN_bin2bn(CBS_data(&dhp), CBS_len(&dhp), NULL)) == NULL) {	1284	if ((dh->p = BN_bin2bn(CBS_data(&dhp), CBS_len(&dhp), NULL)) == NULL) {
1285	SSLerror(s, ERR_R_BN_LIB);	1285	SSLerror(s, ERR_R_BN_LIB);
1286	goto err;	1286	goto err;
1287	}	1287	}
1288		1288
1289	if (!CBS_get_u16_length_prefixed(cbs, &dhg))	1289	if (!CBS_get_u16_length_prefixed(cbs, &dhg))
1290	goto truncated;	1290	goto decode_err;
1291	if ((dh->g = BN_bin2bn(CBS_data(&dhg), CBS_len(&dhg), NULL)) == NULL) {	1291	if ((dh->g = BN_bin2bn(CBS_data(&dhg), CBS_len(&dhg), NULL)) == NULL) {
1292	SSLerror(s, ERR_R_BN_LIB);	1292	SSLerror(s, ERR_R_BN_LIB);
1293	goto err;	1293	goto err;
1294	}	1294	}
1295		1295
1296	if (!CBS_get_u16_length_prefixed(cbs, &dhpk))	1296	if (!CBS_get_u16_length_prefixed(cbs, &dhpk))
1297	goto truncated;	1297	goto decode_err;
1298	if ((dh->pub_key = BN_bin2bn(CBS_data(&dhpk), CBS_len(&dhpk),	1298	if ((dh->pub_key = BN_bin2bn(CBS_data(&dhpk), CBS_len(&dhpk),
1299	NULL)) == NULL) {	1299	NULL)) == NULL) {
1300	SSLerror(s, ERR_R_BN_LIB);	1300	SSLerror(s, ERR_R_BN_LIB);
@@ -1320,7 +1320,7 @@ ssl3_get_server_kex_dhe(SSL s, EVP_PKEY pkey, CBS cbs)
1320		1320
1321	return (1);	1321	return (1);
1322		1322
1323	truncated:	1323	decode_err:
1324	al = SSL_AD_DECODE_ERROR;	1324	al = SSL_AD_DECODE_ERROR;
1325	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);	1325	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1326	ssl3_send_alert(s, SSL3_AL_FATAL, al);	1326	ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1428,7 +1428,7 @@ ssl3_get_server_kex_ecdhe(SSL s, EVP_PKEY pkey, CBS cbs)
1428	}	1428	}
1429		1429
1430	if (!CBS_get_u8_length_prefixed(cbs, &public))	1430	if (!CBS_get_u8_length_prefixed(cbs, &public))
1431	goto truncated;	1431	goto decode_err;
1432		1432
1433	if (nid == NID_X25519) {	1433	if (nid == NID_X25519) {
1434	if (ssl3_get_server_kex_ecdhe_ecx(s, sc, nid, &public) != 1)	1434	if (ssl3_get_server_kex_ecdhe_ecx(s, sc, nid, &public) != 1)
@@ -1453,7 +1453,7 @@ ssl3_get_server_kex_ecdhe(SSL s, EVP_PKEY pkey, CBS cbs)
1453		1453
1454	return (1);	1454	return (1);
1455		1455
1456	truncated:	1456	decode_err:
1457	al = SSL_AD_DECODE_ERROR;	1457	al = SSL_AD_DECODE_ERROR;
1458	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);	1458	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1459		1459
@@ -1552,7 +1552,7 @@ ssl3_get_server_key_exchange(SSL *s)
1552	uint16_t sigalg_value;	1552	uint16_t sigalg_value;
1553		1553
1554	if (!CBS_get_u16(&cbs, &sigalg_value))	1554	if (!CBS_get_u16(&cbs, &sigalg_value))
1555	goto truncated;	1555	goto decode_err;
1556	if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs,	1556	if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs,
1557	tls12_sigalgs_len)) == NULL) {	1557	tls12_sigalgs_len)) == NULL) {
1558	SSLerror(s, SSL_R_UNKNOWN_DIGEST);	1558	SSLerror(s, SSL_R_UNKNOWN_DIGEST);
@@ -1581,7 +1581,7 @@ ssl3_get_server_key_exchange(SSL *s)
1581	md = sigalg->md();	1581	md = sigalg->md();
1582		1582
1583	if (!CBS_get_u16_length_prefixed(&cbs, &signature))	1583	if (!CBS_get_u16_length_prefixed(&cbs, &signature))
1584	goto truncated;	1584	goto decode_err;
1585	if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {	1585	if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
1586	al = SSL_AD_DECODE_ERROR;	1586	al = SSL_AD_DECODE_ERROR;
1587	SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH);	1587	SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH);
@@ -1628,7 +1628,7 @@ ssl3_get_server_key_exchange(SSL *s)
1628		1628
1629	return (1);	1629	return (1);
1630		1630
1631	truncated:	1631	decode_err:
1632	al = SSL_AD_DECODE_ERROR;	1632	al = SSL_AD_DECODE_ERROR;
1633	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);	1633	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1634		1634
@@ -1684,7 +1684,7 @@ ssl3_get_certificate_request(SSL *s)
1684	}	1684	}
1685		1685
1686	if (n < 0)	1686	if (n < 0)
1687	goto truncated;	1687	goto decode_err;
1688	CBS_init(&cert_request, s->internal->init_msg, n);	1688	CBS_init(&cert_request, s->internal->init_msg, n);
1689		1689
1690	if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {	1690	if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
@@ -1694,7 +1694,7 @@ ssl3_get_certificate_request(SSL *s)
1694		1694
1695	/* get the certificate types */	1695	/* get the certificate types */
1696	if (!CBS_get_u8(&cert_request, &ctype_num))	1696	if (!CBS_get_u8(&cert_request, &ctype_num))
1697	goto truncated;	1697	goto decode_err;
1698		1698
1699	if (ctype_num > SSL3_CT_NUMBER)	1699	if (ctype_num > SSL3_CT_NUMBER)
1700	ctype_num = SSL3_CT_NUMBER;	1700	ctype_num = SSL3_CT_NUMBER;
@@ -1783,10 +1783,10 @@ ssl3_get_certificate_request(SSL *s)
1783		1783
1784	ret = 1;	1784	ret = 1;
1785	if (0) {	1785	if (0) {
1786	truncated:	1786	decode_err:
1787	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);	1787	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1788	}	1788	}
1789	err:	1789	err:
1790	X509_NAME_free(xn);	1790	X509_NAME_free(xn);
1791	sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);	1791	sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
1792	return (ret);	1792	return (ret);
@@ -1867,9 +1867,9 @@ ssl3_get_new_session_ticket(SSL *s)
1867	EVP_sha256(), NULL);	1867	EVP_sha256(), NULL);
1868	ret = 1;	1868	ret = 1;
1869	return (ret);	1869	return (ret);
1870	f_err:	1870	f_err:
1871	ssl3_send_alert(s, SSL3_AL_FATAL, al);	1871	ssl3_send_alert(s, SSL3_AL_FATAL, al);
1872	err:	1872	err:
1873	return (-1);	1873	return (-1);
1874	}	1874	}
1875		1875
@@ -1921,7 +1921,7 @@ ssl3_get_cert_status(SSL *s)
1921	al = SSL_AD_INTERNAL_ERROR;	1921	al = SSL_AD_INTERNAL_ERROR;
1922	SSLerror(s, ERR_R_MALLOC_FAILURE);	1922	SSLerror(s, ERR_R_MALLOC_FAILURE);
1923	goto f_err;	1923	goto f_err;
1924	}	1924	}
1925		1925
1926	if (s->ctx->internal->tlsext_status_cb) {	1926	if (s->ctx->internal->tlsext_status_cb) {
1927	int ret;	1927	int ret;
@@ -1939,7 +1939,7 @@ ssl3_get_cert_status(SSL *s)
1939	}	1939	}
1940	}	1940	}
1941	return (1);	1941	return (1);
1942	f_err:	1942	f_err:
1943	ssl3_send_alert(s, SSL3_AL_FATAL, al);	1943	ssl3_send_alert(s, SSL3_AL_FATAL, al);
1944	return (-1);	1944	return (-1);
1945	}	1945	}
@@ -2016,7 +2016,7 @@ ssl3_send_client_kex_rsa(SSL s, SESS_CERT sess_cert, CBB *cbb)
2016		2016
2017	ret = 1;	2017	ret = 1;
2018		2018
2019	err:	2019	err:
2020	explicit_bzero(pms, sizeof(pms));	2020	explicit_bzero(pms, sizeof(pms));
2021	EVP_PKEY_free(pkey);	2021	EVP_PKEY_free(pkey);
2022	free(enc_pms);	2022	free(enc_pms);
@@ -2079,7 +2079,7 @@ ssl3_send_client_kex_dhe(SSL s, SESS_CERT sess_cert, CBB *cbb)
2079		2079
2080	ret = 1;	2080	ret = 1;
2081		2081
2082	err:	2082	err:
2083	DH_free(dh_clnt);	2083	DH_free(dh_clnt);
2084	freezero(key, key_size);	2084	freezero(key, key_size);
2085		2085
@@ -2349,7 +2349,7 @@ ssl3_send_client_key_exchange(SSL *s)
2349	/* SSL3_ST_CW_KEY_EXCH_B */	2349	/* SSL3_ST_CW_KEY_EXCH_B */
2350	return (ssl3_handshake_write(s));	2350	return (ssl3_handshake_write(s));
2351		2351
2352	err:	2352	err:
2353	CBB_cleanup(&cbb);	2353	CBB_cleanup(&cbb);
2354		2354
2355	return (-1);	2355	return (-1);
@@ -2767,9 +2767,9 @@ ssl3_check_cert_and_algorithm(SSL *s)
2767	}	2767	}
2768		2768
2769	return (1);	2769	return (1);
2770	f_err:	2770	f_err:
2771	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);	2771	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2772	err:	2772	err:
2773	return (0);	2773	return (0);
2774	}	2774	}
2775		2775