summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')
-rw-r--r--src/lib/libssl/ssl_clnt.c120
1 files changed, 60 insertions, 60 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 29d488c12c..8ef3648f6c 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.81 2021/02/20 14:03:50 tb Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.82 2021/02/20 14:14:16 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -826,14 +826,14 @@ ssl3_get_dtls_hello_verify(SSL *s)
826 SSLerror(s, SSL_R_WRONG_SSL_VERSION); 826 SSLerror(s, SSL_R_WRONG_SSL_VERSION);
827 s->version = (s->version & 0xff00) | (ssl_version & 0xff); 827 s->version = (s->version & 0xff00) | (ssl_version & 0xff);
828 al = SSL_AD_PROTOCOL_VERSION; 828 al = SSL_AD_PROTOCOL_VERSION;
829 goto f_err; 829 goto fatal_err;
830 } 830 }
831 831
832 if (!CBS_write_bytes(&cookie, D1I(s)->cookie, 832 if (!CBS_write_bytes(&cookie, D1I(s)->cookie,
833 sizeof(D1I(s)->cookie), &cookie_len)) { 833 sizeof(D1I(s)->cookie), &cookie_len)) {
834 D1I(s)->cookie_len = 0; 834 D1I(s)->cookie_len = 0;
835 al = SSL_AD_ILLEGAL_PARAMETER; 835 al = SSL_AD_ILLEGAL_PARAMETER;
836 goto f_err; 836 goto fatal_err;
837 } 837 }
838 D1I(s)->cookie_len = cookie_len; 838 D1I(s)->cookie_len = cookie_len;
839 D1I(s)->send_cookie = 1; 839 D1I(s)->send_cookie = 1;
@@ -842,7 +842,7 @@ ssl3_get_dtls_hello_verify(SSL *s)
842 842
843 decode_err: 843 decode_err:
844 al = SSL_AD_DECODE_ERROR; 844 al = SSL_AD_DECODE_ERROR;
845 f_err: 845 fatal_err:
846 ssl3_send_alert(s, SSL3_AL_FATAL, al); 846 ssl3_send_alert(s, SSL3_AL_FATAL, al);
847 return -1; 847 return -1;
848} 848}
@@ -882,7 +882,7 @@ ssl3_get_server_hello(SSL *s)
882 /* Already sent a cookie. */ 882 /* Already sent a cookie. */
883 al = SSL_AD_UNEXPECTED_MESSAGE; 883 al = SSL_AD_UNEXPECTED_MESSAGE;
884 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); 884 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
885 goto f_err; 885 goto fatal_err;
886 } 886 }
887 } 887 }
888 } 888 }
@@ -890,7 +890,7 @@ ssl3_get_server_hello(SSL *s)
890 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) { 890 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {
891 al = SSL_AD_UNEXPECTED_MESSAGE; 891 al = SSL_AD_UNEXPECTED_MESSAGE;
892 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); 892 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
893 goto f_err; 893 goto fatal_err;
894 } 894 }
895 895
896 if (!CBS_get_u16(&cbs, &server_version)) 896 if (!CBS_get_u16(&cbs, &server_version))
@@ -905,7 +905,7 @@ ssl3_get_server_hello(SSL *s)
905 SSLerror(s, SSL_R_WRONG_SSL_VERSION); 905 SSLerror(s, SSL_R_WRONG_SSL_VERSION);
906 s->version = (s->version & 0xff00) | (server_version & 0xff); 906 s->version = (s->version & 0xff00) | (server_version & 0xff);
907 al = SSL_AD_PROTOCOL_VERSION; 907 al = SSL_AD_PROTOCOL_VERSION;
908 goto f_err; 908 goto fatal_err;
909 } 909 }
910 s->version = server_version; 910 s->version = server_version;
911 911
@@ -938,13 +938,13 @@ ssl3_get_server_hello(SSL *s)
938 sizeof(tls13_downgrade_12))) { 938 sizeof(tls13_downgrade_12))) {
939 al = SSL_AD_ILLEGAL_PARAMETER; 939 al = SSL_AD_ILLEGAL_PARAMETER;
940 SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); 940 SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
941 goto f_err; 941 goto fatal_err;
942 } 942 }
943 if (CBS_mem_equal(&server_random, tls13_downgrade_11, 943 if (CBS_mem_equal(&server_random, tls13_downgrade_11,
944 sizeof(tls13_downgrade_11))) { 944 sizeof(tls13_downgrade_11))) {
945 al = SSL_AD_ILLEGAL_PARAMETER; 945 al = SSL_AD_ILLEGAL_PARAMETER;
946 SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); 946 SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
947 goto f_err; 947 goto fatal_err;
948 } 948 }
949 } 949 }
950 950
@@ -955,7 +955,7 @@ ssl3_get_server_hello(SSL *s)
955 if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) { 955 if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
956 al = SSL_AD_ILLEGAL_PARAMETER; 956 al = SSL_AD_ILLEGAL_PARAMETER;
957 SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG); 957 SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
958 goto f_err; 958 goto fatal_err;
959 } 959 }
960 960
961 /* Cipher suite. */ 961 /* Cipher suite. */
@@ -987,7 +987,7 @@ ssl3_get_server_hello(SSL *s)
987 /* actually a client application bug */ 987 /* actually a client application bug */
988 al = SSL_AD_ILLEGAL_PARAMETER; 988 al = SSL_AD_ILLEGAL_PARAMETER;
989 SSLerror(s, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); 989 SSLerror(s, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
990 goto f_err; 990 goto fatal_err;
991 } 991 }
992 s->s3->flags |= SSL3_FLAGS_CCS_OK; 992 s->s3->flags |= SSL3_FLAGS_CCS_OK;
993 s->internal->hit = 1; 993 s->internal->hit = 1;
@@ -1000,7 +1000,7 @@ ssl3_get_server_hello(SSL *s)
1000 if (s->session->session_id_length > 0) { 1000 if (s->session->session_id_length > 0) {
1001 if (!ssl_get_new_session(s, 0)) { 1001 if (!ssl_get_new_session(s, 0)) {
1002 al = SSL_AD_INTERNAL_ERROR; 1002 al = SSL_AD_INTERNAL_ERROR;
1003 goto f_err; 1003 goto fatal_err;
1004 } 1004 }
1005 } 1005 }
1006 1006
@@ -1019,7 +1019,7 @@ ssl3_get_server_hello(SSL *s)
1019 if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) { 1019 if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) {
1020 al = SSL_AD_ILLEGAL_PARAMETER; 1020 al = SSL_AD_ILLEGAL_PARAMETER;
1021 SSLerror(s, SSL_R_UNKNOWN_CIPHER_RETURNED); 1021 SSLerror(s, SSL_R_UNKNOWN_CIPHER_RETURNED);
1022 goto f_err; 1022 goto fatal_err;
1023 } 1023 }
1024 1024
1025 /* TLS v1.2 only ciphersuites require v1.2 or later. */ 1025 /* TLS v1.2 only ciphersuites require v1.2 or later. */
@@ -1027,14 +1027,14 @@ ssl3_get_server_hello(SSL *s)
1027 (TLS1_get_version(s) < TLS1_2_VERSION)) { 1027 (TLS1_get_version(s) < TLS1_2_VERSION)) {
1028 al = SSL_AD_ILLEGAL_PARAMETER; 1028 al = SSL_AD_ILLEGAL_PARAMETER;
1029 SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); 1029 SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
1030 goto f_err; 1030 goto fatal_err;
1031 } 1031 }
1032 1032
1033 if (!ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) { 1033 if (!ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) {
1034 /* we did not say we would use this cipher */ 1034 /* we did not say we would use this cipher */
1035 al = SSL_AD_ILLEGAL_PARAMETER; 1035 al = SSL_AD_ILLEGAL_PARAMETER;
1036 SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED); 1036 SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
1037 goto f_err; 1037 goto fatal_err;
1038 } 1038 }
1039 1039
1040 /* 1040 /*
@@ -1047,7 +1047,7 @@ ssl3_get_server_hello(SSL *s)
1047 if (s->internal->hit && (s->session->cipher_id != cipher->id)) { 1047 if (s->internal->hit && (s->session->cipher_id != cipher->id)) {
1048 al = SSL_AD_ILLEGAL_PARAMETER; 1048 al = SSL_AD_ILLEGAL_PARAMETER;
1049 SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); 1049 SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
1050 goto f_err; 1050 goto fatal_err;
1051 } 1051 }
1052 S3I(s)->hs.new_cipher = cipher; 1052 S3I(s)->hs.new_cipher = cipher;
1053 1053
@@ -1068,12 +1068,12 @@ ssl3_get_server_hello(SSL *s)
1068 if (compression_method != 0) { 1068 if (compression_method != 0) {
1069 al = SSL_AD_ILLEGAL_PARAMETER; 1069 al = SSL_AD_ILLEGAL_PARAMETER;
1070 SSLerror(s, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 1070 SSLerror(s, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
1071 goto f_err; 1071 goto fatal_err;
1072 } 1072 }
1073 1073
1074 if (!tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)) { 1074 if (!tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)) {
1075 SSLerror(s, SSL_R_PARSE_TLSEXT); 1075 SSLerror(s, SSL_R_PARSE_TLSEXT);
1076 goto f_err; 1076 goto fatal_err;
1077 } 1077 }
1078 1078
1079 /* 1079 /*
@@ -1088,7 +1088,7 @@ ssl3_get_server_hello(SSL *s)
1088 !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) { 1088 !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
1089 al = SSL_AD_HANDSHAKE_FAILURE; 1089 al = SSL_AD_HANDSHAKE_FAILURE;
1090 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); 1090 SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1091 goto f_err; 1091 goto fatal_err;
1092 } 1092 }
1093 1093
1094 if (ssl_check_serverhello_tlsext(s) <= 0) { 1094 if (ssl_check_serverhello_tlsext(s) <= 0) {
@@ -1102,7 +1102,7 @@ ssl3_get_server_hello(SSL *s)
1102 /* wrong packet length */ 1102 /* wrong packet length */
1103 al = SSL_AD_DECODE_ERROR; 1103 al = SSL_AD_DECODE_ERROR;
1104 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1104 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1105 f_err: 1105 fatal_err:
1106 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1106 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1107 err: 1107 err:
1108 return (-1); 1108 return (-1);
@@ -1133,7 +1133,7 @@ ssl3_get_server_certificate(SSL *s)
1133 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { 1133 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
1134 al = SSL_AD_UNEXPECTED_MESSAGE; 1134 al = SSL_AD_UNEXPECTED_MESSAGE;
1135 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); 1135 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
1136 goto f_err; 1136 goto fatal_err;
1137 } 1137 }
1138 1138
1139 1139
@@ -1153,7 +1153,7 @@ ssl3_get_server_certificate(SSL *s)
1153 CBS_len(&cbs) != 0) { 1153 CBS_len(&cbs) != 0) {
1154 al = SSL_AD_DECODE_ERROR; 1154 al = SSL_AD_DECODE_ERROR;
1155 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1155 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1156 goto f_err; 1156 goto fatal_err;
1157 } 1157 }
1158 1158
1159 while (CBS_len(&cert_list) > 0) { 1159 while (CBS_len(&cert_list) > 0) {
@@ -1164,7 +1164,7 @@ ssl3_get_server_certificate(SSL *s)
1164 if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) { 1164 if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
1165 al = SSL_AD_DECODE_ERROR; 1165 al = SSL_AD_DECODE_ERROR;
1166 SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); 1166 SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
1167 goto f_err; 1167 goto fatal_err;
1168 } 1168 }
1169 1169
1170 q = CBS_data(&cert); 1170 q = CBS_data(&cert);
@@ -1172,12 +1172,12 @@ ssl3_get_server_certificate(SSL *s)
1172 if (x == NULL) { 1172 if (x == NULL) {
1173 al = SSL_AD_BAD_CERTIFICATE; 1173 al = SSL_AD_BAD_CERTIFICATE;
1174 SSLerror(s, ERR_R_ASN1_LIB); 1174 SSLerror(s, ERR_R_ASN1_LIB);
1175 goto f_err; 1175 goto fatal_err;
1176 } 1176 }
1177 if (q != CBS_data(&cert) + CBS_len(&cert)) { 1177 if (q != CBS_data(&cert) + CBS_len(&cert)) {
1178 al = SSL_AD_DECODE_ERROR; 1178 al = SSL_AD_DECODE_ERROR;
1179 SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH); 1179 SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
1180 goto f_err; 1180 goto fatal_err;
1181 } 1181 }
1182 if (!sk_X509_push(sk, x)) { 1182 if (!sk_X509_push(sk, x)) {
1183 SSLerror(s, ERR_R_MALLOC_FAILURE); 1183 SSLerror(s, ERR_R_MALLOC_FAILURE);
@@ -1190,7 +1190,7 @@ ssl3_get_server_certificate(SSL *s)
1190 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) { 1190 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
1191 al = ssl_verify_alarm_type(s->verify_result); 1191 al = ssl_verify_alarm_type(s->verify_result);
1192 SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED); 1192 SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED);
1193 goto f_err; 1193 goto fatal_err;
1194 1194
1195 } 1195 }
1196 ERR_clear_error(); /* but we keep s->verify_result */ 1196 ERR_clear_error(); /* but we keep s->verify_result */
@@ -1216,7 +1216,7 @@ ssl3_get_server_certificate(SSL *s)
1216 x = NULL; 1216 x = NULL;
1217 al = SSL3_AL_FATAL; 1217 al = SSL3_AL_FATAL;
1218 SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); 1218 SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1219 goto f_err; 1219 goto fatal_err;
1220 } 1220 }
1221 1221
1222 i = ssl_cert_type(x, pkey); 1222 i = ssl_cert_type(x, pkey);
@@ -1224,7 +1224,7 @@ ssl3_get_server_certificate(SSL *s)
1224 x = NULL; 1224 x = NULL;
1225 al = SSL3_AL_FATAL; 1225 al = SSL3_AL_FATAL;
1226 SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE); 1226 SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1227 goto f_err; 1227 goto fatal_err;
1228 } 1228 }
1229 1229
1230 sc->peer_cert_type = i; 1230 sc->peer_cert_type = i;
@@ -1250,7 +1250,7 @@ ssl3_get_server_certificate(SSL *s)
1250 /* wrong packet length */ 1250 /* wrong packet length */
1251 al = SSL_AD_DECODE_ERROR; 1251 al = SSL_AD_DECODE_ERROR;
1252 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1252 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1253 f_err: 1253 fatal_err:
1254 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1254 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1255 } 1255 }
1256 err: 1256 err:
@@ -1408,7 +1408,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
1408 !CBS_get_u16(cbs, &curve_id)) { 1408 !CBS_get_u16(cbs, &curve_id)) {
1409 al = SSL_AD_DECODE_ERROR; 1409 al = SSL_AD_DECODE_ERROR;
1410 SSLerror(s, SSL_R_LENGTH_TOO_SHORT); 1410 SSLerror(s, SSL_R_LENGTH_TOO_SHORT);
1411 goto f_err; 1411 goto fatal_err;
1412 } 1412 }
1413 1413
1414 /* 1414 /*
@@ -1418,13 +1418,13 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
1418 if (tls1_check_curve(s, curve_id) != 1) { 1418 if (tls1_check_curve(s, curve_id) != 1) {
1419 al = SSL_AD_DECODE_ERROR; 1419 al = SSL_AD_DECODE_ERROR;
1420 SSLerror(s, SSL_R_WRONG_CURVE); 1420 SSLerror(s, SSL_R_WRONG_CURVE);
1421 goto f_err; 1421 goto fatal_err;
1422 } 1422 }
1423 1423
1424 if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) { 1424 if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) {
1425 al = SSL_AD_INTERNAL_ERROR; 1425 al = SSL_AD_INTERNAL_ERROR;
1426 SSLerror(s, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); 1426 SSLerror(s, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1427 goto f_err; 1427 goto fatal_err;
1428 } 1428 }
1429 1429
1430 if (!CBS_get_u8_length_prefixed(cbs, &public)) 1430 if (!CBS_get_u8_length_prefixed(cbs, &public))
@@ -1457,7 +1457,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
1457 al = SSL_AD_DECODE_ERROR; 1457 al = SSL_AD_DECODE_ERROR;
1458 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1458 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1459 1459
1460 f_err: 1460 fatal_err:
1461 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1461 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1462 1462
1463 err: 1463 err:
@@ -1503,7 +1503,7 @@ ssl3_get_server_key_exchange(SSL *s)
1503 if (alg_k & (SSL_kDHE|SSL_kECDHE)) { 1503 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
1504 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 1504 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
1505 al = SSL_AD_UNEXPECTED_MESSAGE; 1505 al = SSL_AD_UNEXPECTED_MESSAGE;
1506 goto f_err; 1506 goto fatal_err;
1507 } 1507 }
1508 1508
1509 S3I(s)->tmp.reuse_message = 1; 1509 S3I(s)->tmp.reuse_message = 1;
@@ -1538,7 +1538,7 @@ ssl3_get_server_key_exchange(SSL *s)
1538 } else if (alg_k != 0) { 1538 } else if (alg_k != 0) {
1539 al = SSL_AD_UNEXPECTED_MESSAGE; 1539 al = SSL_AD_UNEXPECTED_MESSAGE;
1540 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); 1540 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
1541 goto f_err; 1541 goto fatal_err;
1542 } 1542 }
1543 1543
1544 param_len -= CBS_len(&cbs); 1544 param_len -= CBS_len(&cbs);
@@ -1557,17 +1557,17 @@ ssl3_get_server_key_exchange(SSL *s)
1557 tls12_sigalgs_len)) == NULL) { 1557 tls12_sigalgs_len)) == NULL) {
1558 SSLerror(s, SSL_R_UNKNOWN_DIGEST); 1558 SSLerror(s, SSL_R_UNKNOWN_DIGEST);
1559 al = SSL_AD_DECODE_ERROR; 1559 al = SSL_AD_DECODE_ERROR;
1560 goto f_err; 1560 goto fatal_err;
1561 } 1561 }
1562 if ((md = sigalg->md()) == NULL) { 1562 if ((md = sigalg->md()) == NULL) {
1563 SSLerror(s, SSL_R_UNKNOWN_DIGEST); 1563 SSLerror(s, SSL_R_UNKNOWN_DIGEST);
1564 al = SSL_AD_DECODE_ERROR; 1564 al = SSL_AD_DECODE_ERROR;
1565 goto f_err; 1565 goto fatal_err;
1566 } 1566 }
1567 if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) { 1567 if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) {
1568 SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE); 1568 SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
1569 al = SSL_AD_DECODE_ERROR; 1569 al = SSL_AD_DECODE_ERROR;
1570 goto f_err; 1570 goto fatal_err;
1571 } 1571 }
1572 } else if (pkey->type == EVP_PKEY_RSA) { 1572 } else if (pkey->type == EVP_PKEY_RSA) {
1573 sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1); 1573 sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
@@ -1576,7 +1576,7 @@ ssl3_get_server_key_exchange(SSL *s)
1576 } else { 1576 } else {
1577 SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); 1577 SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
1578 al = SSL_AD_DECODE_ERROR; 1578 al = SSL_AD_DECODE_ERROR;
1579 goto f_err; 1579 goto fatal_err;
1580 } 1580 }
1581 md = sigalg->md(); 1581 md = sigalg->md();
1582 1582
@@ -1585,7 +1585,7 @@ ssl3_get_server_key_exchange(SSL *s)
1585 if (CBS_len(&signature) > EVP_PKEY_size(pkey)) { 1585 if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
1586 al = SSL_AD_DECODE_ERROR; 1586 al = SSL_AD_DECODE_ERROR;
1587 SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH); 1587 SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH);
1588 goto f_err; 1588 goto fatal_err;
1589 } 1589 }
1590 1590
1591 if (!EVP_DigestVerifyInit(&md_ctx, &pctx, md, NULL, pkey)) 1591 if (!EVP_DigestVerifyInit(&md_ctx, &pctx, md, NULL, pkey))
@@ -1607,7 +1607,7 @@ ssl3_get_server_key_exchange(SSL *s)
1607 CBS_len(&signature)) <= 0) { 1607 CBS_len(&signature)) <= 0) {
1608 al = SSL_AD_DECRYPT_ERROR; 1608 al = SSL_AD_DECRYPT_ERROR;
1609 SSLerror(s, SSL_R_BAD_SIGNATURE); 1609 SSLerror(s, SSL_R_BAD_SIGNATURE);
1610 goto f_err; 1610 goto fatal_err;
1611 } 1611 }
1612 } else { 1612 } else {
1613 /* aNULL does not need public keys. */ 1613 /* aNULL does not need public keys. */
@@ -1620,7 +1620,7 @@ ssl3_get_server_key_exchange(SSL *s)
1620 if (CBS_len(&cbs) != 0) { 1620 if (CBS_len(&cbs) != 0) {
1621 al = SSL_AD_DECODE_ERROR; 1621 al = SSL_AD_DECODE_ERROR;
1622 SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE); 1622 SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE);
1623 goto f_err; 1623 goto fatal_err;
1624 } 1624 }
1625 1625
1626 EVP_PKEY_free(pkey); 1626 EVP_PKEY_free(pkey);
@@ -1632,7 +1632,7 @@ ssl3_get_server_key_exchange(SSL *s)
1632 al = SSL_AD_DECODE_ERROR; 1632 al = SSL_AD_DECODE_ERROR;
1633 SSLerror(s, SSL_R_BAD_PACKET_LENGTH); 1633 SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1634 1634
1635 f_err: 1635 fatal_err:
1636 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1636 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1637 1637
1638 err: 1638 err:
@@ -1818,13 +1818,13 @@ ssl3_get_new_session_ticket(SSL *s)
1818 if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { 1818 if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
1819 al = SSL_AD_UNEXPECTED_MESSAGE; 1819 al = SSL_AD_UNEXPECTED_MESSAGE;
1820 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE); 1820 SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
1821 goto f_err; 1821 goto fatal_err;
1822 } 1822 }
1823 1823
1824 if (n < 0) { 1824 if (n < 0) {
1825 al = SSL_AD_DECODE_ERROR; 1825 al = SSL_AD_DECODE_ERROR;
1826 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1826 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1827 goto f_err; 1827 goto fatal_err;
1828 } 1828 }
1829 1829
1830 CBS_init(&cbs, s->internal->init_msg, n); 1830 CBS_init(&cbs, s->internal->init_msg, n);
@@ -1836,7 +1836,7 @@ ssl3_get_new_session_ticket(SSL *s)
1836 CBS_len(&cbs) != 0) { 1836 CBS_len(&cbs) != 0) {
1837 al = SSL_AD_DECODE_ERROR; 1837 al = SSL_AD_DECODE_ERROR;
1838 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1838 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1839 goto f_err; 1839 goto fatal_err;
1840 } 1840 }
1841 s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint; 1841 s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint;
1842 1842
@@ -1867,7 +1867,7 @@ ssl3_get_new_session_ticket(SSL *s)
1867 EVP_sha256(), NULL); 1867 EVP_sha256(), NULL);
1868 ret = 1; 1868 ret = 1;
1869 return (ret); 1869 return (ret);
1870 f_err: 1870 fatal_err:
1871 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1871 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1872 err: 1872 err:
1873 return (-1); 1873 return (-1);
@@ -1891,7 +1891,7 @@ ssl3_get_cert_status(SSL *s)
1891 /* need at least status type + length */ 1891 /* need at least status type + length */
1892 al = SSL_AD_DECODE_ERROR; 1892 al = SSL_AD_DECODE_ERROR;
1893 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1893 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1894 goto f_err; 1894 goto fatal_err;
1895 } 1895 }
1896 1896
1897 CBS_init(&cert_status, s->internal->init_msg, n); 1897 CBS_init(&cert_status, s->internal->init_msg, n);
@@ -1900,27 +1900,27 @@ ssl3_get_cert_status(SSL *s)
1900 /* need at least status type + length */ 1900 /* need at least status type + length */
1901 al = SSL_AD_DECODE_ERROR; 1901 al = SSL_AD_DECODE_ERROR;
1902 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1902 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1903 goto f_err; 1903 goto fatal_err;
1904 } 1904 }
1905 1905
1906 if (status_type != TLSEXT_STATUSTYPE_ocsp) { 1906 if (status_type != TLSEXT_STATUSTYPE_ocsp) {
1907 al = SSL_AD_DECODE_ERROR; 1907 al = SSL_AD_DECODE_ERROR;
1908 SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE); 1908 SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE);
1909 goto f_err; 1909 goto fatal_err;
1910 } 1910 }
1911 1911
1912 if (!CBS_get_u24_length_prefixed(&cert_status, &response) || 1912 if (!CBS_get_u24_length_prefixed(&cert_status, &response) ||
1913 CBS_len(&cert_status) != 0) { 1913 CBS_len(&cert_status) != 0) {
1914 al = SSL_AD_DECODE_ERROR; 1914 al = SSL_AD_DECODE_ERROR;
1915 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1915 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1916 goto f_err; 1916 goto fatal_err;
1917 } 1917 }
1918 1918
1919 if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp, 1919 if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,
1920 &s->internal->tlsext_ocsp_resp_len)) { 1920 &s->internal->tlsext_ocsp_resp_len)) {
1921 al = SSL_AD_INTERNAL_ERROR; 1921 al = SSL_AD_INTERNAL_ERROR;
1922 SSLerror(s, ERR_R_MALLOC_FAILURE); 1922 SSLerror(s, ERR_R_MALLOC_FAILURE);
1923 goto f_err; 1923 goto fatal_err;
1924 } 1924 }
1925 1925
1926 if (s->ctx->internal->tlsext_status_cb) { 1926 if (s->ctx->internal->tlsext_status_cb) {
@@ -1930,16 +1930,16 @@ ssl3_get_cert_status(SSL *s)
1930 if (ret == 0) { 1930 if (ret == 0) {
1931 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 1931 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1932 SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE); 1932 SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
1933 goto f_err; 1933 goto fatal_err;
1934 } 1934 }
1935 if (ret < 0) { 1935 if (ret < 0) {
1936 al = SSL_AD_INTERNAL_ERROR; 1936 al = SSL_AD_INTERNAL_ERROR;
1937 SSLerror(s, ERR_R_MALLOC_FAILURE); 1937 SSLerror(s, ERR_R_MALLOC_FAILURE);
1938 goto f_err; 1938 goto fatal_err;
1939 } 1939 }
1940 } 1940 }
1941 return (1); 1941 return (1);
1942 f_err: 1942 fatal_err:
1943 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1943 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1944 return (-1); 1944 return (-1);
1945} 1945}
@@ -2742,7 +2742,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2742 sc->peer_pkeys[idx].x509, s) == 0) { 2742 sc->peer_pkeys[idx].x509, s) == 0) {
2743 /* check failed */ 2743 /* check failed */
2744 SSLerror(s, SSL_R_BAD_ECC_CERT); 2744 SSLerror(s, SSL_R_BAD_ECC_CERT);
2745 goto f_err; 2745 goto fatal_err;
2746 } else { 2746 } else {
2747 return (1); 2747 return (1);
2748 } 2748 }
@@ -2754,20 +2754,20 @@ ssl3_check_cert_and_algorithm(SSL *s)
2754 /* Check that we have a certificate if we require one. */ 2754 /* Check that we have a certificate if we require one. */
2755 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { 2755 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
2756 SSLerror(s, SSL_R_MISSING_RSA_SIGNING_CERT); 2756 SSLerror(s, SSL_R_MISSING_RSA_SIGNING_CERT);
2757 goto f_err; 2757 goto fatal_err;
2758 } 2758 }
2759 if ((alg_k & SSL_kRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) { 2759 if ((alg_k & SSL_kRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
2760 SSLerror(s, SSL_R_MISSING_RSA_ENCRYPTING_CERT); 2760 SSLerror(s, SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2761 goto f_err; 2761 goto fatal_err;
2762 } 2762 }
2763 if ((alg_k & SSL_kDHE) && 2763 if ((alg_k & SSL_kDHE) &&
2764 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { 2764 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
2765 SSLerror(s, SSL_R_MISSING_DH_KEY); 2765 SSLerror(s, SSL_R_MISSING_DH_KEY);
2766 goto f_err; 2766 goto fatal_err;
2767 } 2767 }
2768 2768
2769 return (1); 2769 return (1);
2770 f_err: 2770 fatal_err:
2771 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2771 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2772 err: 2772 err:
2773 return (0); 2773 return (0);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 18:06:03 +0000