diff options
Diffstat (limited to 'src/lib/libssl/ssl_pkt.c')
| -rw-r--r-- | src/lib/libssl/ssl_pkt.c | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 1e0bd83d09..894064c817 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_pkt.c,v 1.35 2021/02/08 17:18:39 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_pkt.c,v 1.36 2021/02/20 14:14:16 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -377,7 +377,7 @@ ssl3_get_record(SSL *s) | |||
| 377 | } | 377 | } |
| 378 | SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); | 378 | SSLerror(s, SSL_R_WRONG_VERSION_NUMBER); |
| 379 | al = SSL_AD_PROTOCOL_VERSION; | 379 | al = SSL_AD_PROTOCOL_VERSION; |
| 380 | goto f_err; | 380 | goto fatal_err; |
| 381 | } | 381 | } |
| 382 | 382 | ||
| 383 | if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) { | 383 | if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) { |
| @@ -388,7 +388,7 @@ ssl3_get_record(SSL *s) | |||
| 388 | if (rr->length > rb->len - SSL3_RT_HEADER_LENGTH) { | 388 | if (rr->length > rb->len - SSL3_RT_HEADER_LENGTH) { |
| 389 | al = SSL_AD_RECORD_OVERFLOW; | 389 | al = SSL_AD_RECORD_OVERFLOW; |
| 390 | SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG); | 390 | SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG); |
| 391 | goto f_err; | 391 | goto fatal_err; |
| 392 | } | 392 | } |
| 393 | } | 393 | } |
| 394 | 394 | ||
| @@ -419,7 +419,7 @@ ssl3_get_record(SSL *s) | |||
| 419 | SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); | 419 | SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); |
| 420 | 420 | ||
| 421 | al = alert_desc; | 421 | al = alert_desc; |
| 422 | goto f_err; | 422 | goto fatal_err; |
| 423 | } | 423 | } |
| 424 | 424 | ||
| 425 | rr->data = out; | 425 | rr->data = out; |
| @@ -450,7 +450,7 @@ ssl3_get_record(SSL *s) | |||
| 450 | 450 | ||
| 451 | return (1); | 451 | return (1); |
| 452 | 452 | ||
| 453 | f_err: | 453 | fatal_err: |
| 454 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 454 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 455 | err: | 455 | err: |
| 456 | return (ret); | 456 | return (ret); |
| @@ -760,7 +760,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | |||
| 760 | } | 760 | } |
| 761 | } | 761 | } |
| 762 | 762 | ||
| 763 | start: | 763 | start: |
| 764 | /* | 764 | /* |
| 765 | * Do not process more than three consecutive records, otherwise the | 765 | * Do not process more than three consecutive records, otherwise the |
| 766 | * peer can cause us to loop indefinitely. Instead, return with an | 766 | * peer can cause us to loop indefinitely. Instead, return with an |
| @@ -798,7 +798,7 @@ start: | |||
| 798 | && (rr->type != SSL3_RT_HANDSHAKE)) { | 798 | && (rr->type != SSL3_RT_HANDSHAKE)) { |
| 799 | al = SSL_AD_UNEXPECTED_MESSAGE; | 799 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 800 | SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); | 800 | SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); |
| 801 | goto f_err; | 801 | goto fatal_err; |
| 802 | } | 802 | } |
| 803 | 803 | ||
| 804 | /* If the other end has shut down, throw anything we read away | 804 | /* If the other end has shut down, throw anything we read away |
| @@ -818,7 +818,7 @@ start: | |||
| 818 | !tls12_record_layer_read_protected(s->internal->rl)) { | 818 | !tls12_record_layer_read_protected(s->internal->rl)) { |
| 819 | al = SSL_AD_UNEXPECTED_MESSAGE; | 819 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 820 | SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); | 820 | SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); |
| 821 | goto f_err; | 821 | goto fatal_err; |
| 822 | } | 822 | } |
| 823 | 823 | ||
| 824 | if (len <= 0) | 824 | if (len <= 0) |
| @@ -900,7 +900,7 @@ start: | |||
| 900 | (S3I(s)->handshake_fragment[3] != 0)) { | 900 | (S3I(s)->handshake_fragment[3] != 0)) { |
| 901 | al = SSL_AD_DECODE_ERROR; | 901 | al = SSL_AD_DECODE_ERROR; |
| 902 | SSLerror(s, SSL_R_BAD_HELLO_REQUEST); | 902 | SSLerror(s, SSL_R_BAD_HELLO_REQUEST); |
| 903 | goto f_err; | 903 | goto fatal_err; |
| 904 | } | 904 | } |
| 905 | 905 | ||
| 906 | if (s->internal->msg_callback) | 906 | if (s->internal->msg_callback) |
| @@ -944,7 +944,7 @@ start: | |||
| 944 | S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO && | 944 | S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO && |
| 945 | (s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) { | 945 | (s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) { |
| 946 | al = SSL_AD_NO_RENEGOTIATION; | 946 | al = SSL_AD_NO_RENEGOTIATION; |
| 947 | goto f_err; | 947 | goto fatal_err; |
| 948 | } | 948 | } |
| 949 | /* If we are a server and get a client hello when renegotiation isn't | 949 | /* If we are a server and get a client hello when renegotiation isn't |
| 950 | * allowed send back a no renegotiation alert and carry on. | 950 | * allowed send back a no renegotiation alert and carry on. |
| @@ -999,7 +999,7 @@ start: | |||
| 999 | else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { | 999 | else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { |
| 1000 | al = SSL_AD_HANDSHAKE_FAILURE; | 1000 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 1001 | SSLerror(s, SSL_R_NO_RENEGOTIATION); | 1001 | SSLerror(s, SSL_R_NO_RENEGOTIATION); |
| 1002 | goto f_err; | 1002 | goto fatal_err; |
| 1003 | } | 1003 | } |
| 1004 | } else if (alert_level == SSL3_AL_FATAL) { | 1004 | } else if (alert_level == SSL3_AL_FATAL) { |
| 1005 | s->internal->rwstate = SSL_NOTHING; | 1005 | s->internal->rwstate = SSL_NOTHING; |
| @@ -1013,7 +1013,7 @@ start: | |||
| 1013 | } else { | 1013 | } else { |
| 1014 | al = SSL_AD_ILLEGAL_PARAMETER; | 1014 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 1015 | SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE); | 1015 | SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE); |
| 1016 | goto f_err; | 1016 | goto fatal_err; |
| 1017 | } | 1017 | } |
| 1018 | 1018 | ||
| 1019 | goto start; | 1019 | goto start; |
| @@ -1033,21 +1033,21 @@ start: | |||
| 1033 | (rr->data[0] != SSL3_MT_CCS)) { | 1033 | (rr->data[0] != SSL3_MT_CCS)) { |
| 1034 | al = SSL_AD_ILLEGAL_PARAMETER; | 1034 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 1035 | SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); | 1035 | SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); |
| 1036 | goto f_err; | 1036 | goto fatal_err; |
| 1037 | } | 1037 | } |
| 1038 | 1038 | ||
| 1039 | /* Check we have a cipher to change to */ | 1039 | /* Check we have a cipher to change to */ |
| 1040 | if (S3I(s)->hs.new_cipher == NULL) { | 1040 | if (S3I(s)->hs.new_cipher == NULL) { |
| 1041 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1041 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1042 | SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); | 1042 | SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); |
| 1043 | goto f_err; | 1043 | goto fatal_err; |
| 1044 | } | 1044 | } |
| 1045 | 1045 | ||
| 1046 | /* Check that we should be receiving a Change Cipher Spec. */ | 1046 | /* Check that we should be receiving a Change Cipher Spec. */ |
| 1047 | if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { | 1047 | if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { |
| 1048 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1048 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1049 | SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); | 1049 | SSLerror(s, SSL_R_CCS_RECEIVED_EARLY); |
| 1050 | goto f_err; | 1050 | goto fatal_err; |
| 1051 | } | 1051 | } |
| 1052 | s->s3->flags &= ~SSL3_FLAGS_CCS_OK; | 1052 | s->s3->flags &= ~SSL3_FLAGS_CCS_OK; |
| 1053 | 1053 | ||
| @@ -1108,7 +1108,7 @@ start: | |||
| 1108 | } | 1108 | } |
| 1109 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1109 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1110 | SSLerror(s, SSL_R_UNEXPECTED_RECORD); | 1110 | SSLerror(s, SSL_R_UNEXPECTED_RECORD); |
| 1111 | goto f_err; | 1111 | goto fatal_err; |
| 1112 | case SSL3_RT_CHANGE_CIPHER_SPEC: | 1112 | case SSL3_RT_CHANGE_CIPHER_SPEC: |
| 1113 | case SSL3_RT_ALERT: | 1113 | case SSL3_RT_ALERT: |
| 1114 | case SSL3_RT_HANDSHAKE: | 1114 | case SSL3_RT_HANDSHAKE: |
| @@ -1117,7 +1117,7 @@ start: | |||
| 1117 | * should not happen when type != rr->type */ | 1117 | * should not happen when type != rr->type */ |
| 1118 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1118 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1119 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 1119 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 1120 | goto f_err; | 1120 | goto fatal_err; |
| 1121 | case SSL3_RT_APPLICATION_DATA: | 1121 | case SSL3_RT_APPLICATION_DATA: |
| 1122 | /* At this point, we were expecting handshake data, | 1122 | /* At this point, we were expecting handshake data, |
| 1123 | * but have application data. If the library was | 1123 | * but have application data. If the library was |
| @@ -1139,14 +1139,14 @@ start: | |||
| 1139 | } else { | 1139 | } else { |
| 1140 | al = SSL_AD_UNEXPECTED_MESSAGE; | 1140 | al = SSL_AD_UNEXPECTED_MESSAGE; |
| 1141 | SSLerror(s, SSL_R_UNEXPECTED_RECORD); | 1141 | SSLerror(s, SSL_R_UNEXPECTED_RECORD); |
| 1142 | goto f_err; | 1142 | goto fatal_err; |
| 1143 | } | 1143 | } |
| 1144 | } | 1144 | } |
| 1145 | /* not reached */ | 1145 | /* not reached */ |
| 1146 | 1146 | ||
| 1147 | f_err: | 1147 | fatal_err: |
| 1148 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1148 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 1149 | err: | 1149 | err: |
| 1150 | return (-1); | 1150 | return (-1); |
| 1151 | } | 1151 | } |
| 1152 | 1152 | ||