summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_both.c23
-rw-r--r--src/lib/libssl/d1_clnt.c5
-rw-r--r--src/lib/libssl/d1_srtp.c47
-rw-r--r--src/lib/libssl/d1_srvr.c8
-rw-r--r--src/lib/libssl/s3_lib.c53
-rw-r--r--src/lib/libssl/ssl_both.c14
-rw-r--r--src/lib/libssl/ssl_cert.c8
-rw-r--r--src/lib/libssl/ssl_ciph.c8
-rw-r--r--src/lib/libssl/ssl_clnt.c287
-rw-r--r--src/lib/libssl/ssl_lib.c65
-rw-r--r--src/lib/libssl/ssl_packet.c12
-rw-r--r--src/lib/libssl/ssl_pkt.c59
-rw-r--r--src/lib/libssl/ssl_rsa.c8
-rw-r--r--src/lib/libssl/ssl_sess.c35
-rw-r--r--src/lib/libssl/ssl_srvr.c254
-rw-r--r--src/lib/libssl/t1_enc.c32
-rw-r--r--src/lib/libssl/t1_lib.c35
-rw-r--r--src/lib/libssl/t1_reneg.c35
18 files changed, 335 insertions, 653 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index fb7e289d96..0e4317653d 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.47 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.48 2017/01/26 12:16:13 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -410,8 +410,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
410 S3I(s)->tmp.reuse_message = 0; 410 S3I(s)->tmp.reuse_message = 0;
411 if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { 411 if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
412 al = SSL_AD_UNEXPECTED_MESSAGE; 412 al = SSL_AD_UNEXPECTED_MESSAGE;
413 SSLerror( 413 SSLerror(SSL_R_UNEXPECTED_MESSAGE);
414 SSL_R_UNEXPECTED_MESSAGE);
415 goto f_err; 414 goto f_err;
416 } 415 }
417 *ok = 1; 416 *ok = 1;
@@ -476,14 +475,12 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
476 475
477 /* sanity checking */ 476 /* sanity checking */
478 if ((frag_off + frag_len) > msg_len) { 477 if ((frag_off + frag_len) > msg_len) {
479 SSLerror( 478 SSLerror(SSL_R_EXCESSIVE_MESSAGE_SIZE);
480 SSL_R_EXCESSIVE_MESSAGE_SIZE);
481 return SSL_AD_ILLEGAL_PARAMETER; 479 return SSL_AD_ILLEGAL_PARAMETER;
482 } 480 }
483 481
484 if ((frag_off + frag_len) > (unsigned long)max) { 482 if ((frag_off + frag_len) > (unsigned long)max) {
485 SSLerror( 483 SSLerror(SSL_R_EXCESSIVE_MESSAGE_SIZE);
486 SSL_R_EXCESSIVE_MESSAGE_SIZE);
487 return SSL_AD_ILLEGAL_PARAMETER; 484 return SSL_AD_ILLEGAL_PARAMETER;
488 } 485 }
489 486
@@ -509,8 +506,7 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
509 * They must be playing with us! BTW, failure to enforce 506 * They must be playing with us! BTW, failure to enforce
510 * upper limit would open possibility for buffer overrun. 507 * upper limit would open possibility for buffer overrun.
511 */ 508 */
512 SSLerror( 509 SSLerror(SSL_R_EXCESSIVE_MESSAGE_SIZE);
513 SSL_R_EXCESSIVE_MESSAGE_SIZE);
514 return SSL_AD_ILLEGAL_PARAMETER; 510 return SSL_AD_ILLEGAL_PARAMETER;
515 } 511 }
516 512
@@ -803,8 +799,7 @@ again:
803 /* parse the message fragment header */ 799 /* parse the message fragment header */
804 dtls1_get_message_header(wire, &msg_hdr) == 0) { 800 dtls1_get_message_header(wire, &msg_hdr) == 0) {
805 al = SSL_AD_UNEXPECTED_MESSAGE; 801 al = SSL_AD_UNEXPECTED_MESSAGE;
806 SSLerror( 802 SSLerror(SSL_R_UNEXPECTED_MESSAGE);
807 SSL_R_UNEXPECTED_MESSAGE);
808 goto f_err; 803 goto f_err;
809 } 804 }
810 805
@@ -846,8 +841,7 @@ again:
846 else /* Incorrectly formated Hello request */ 841 else /* Incorrectly formated Hello request */
847 { 842 {
848 al = SSL_AD_UNEXPECTED_MESSAGE; 843 al = SSL_AD_UNEXPECTED_MESSAGE;
849 SSLerror( 844 SSLerror(SSL_R_UNEXPECTED_MESSAGE);
850 SSL_R_UNEXPECTED_MESSAGE);
851 goto f_err; 845 goto f_err;
852 } 846 }
853 } 847 }
@@ -878,8 +872,7 @@ again:
878 */ 872 */
879 if (i != (int)frag_len) { 873 if (i != (int)frag_len) {
880 al = SSL3_AD_ILLEGAL_PARAMETER; 874 al = SSL3_AD_ILLEGAL_PARAMETER;
881 SSLerror( 875 SSLerror(SSL3_AD_ILLEGAL_PARAMETER);
882 SSL3_AD_ILLEGAL_PARAMETER);
883 goto f_err; 876 goto f_err;
884 } 877 }
885 878
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index fd981c5f8e..6e124c7a85 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.72 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.73 2017/01/26 12:16:13 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -216,8 +216,7 @@ dtls1_connect(SSL *s)
216 cb(s, SSL_CB_HANDSHAKE_START, 1); 216 cb(s, SSL_CB_HANDSHAKE_START, 1);
217 217
218 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) { 218 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) {
219 SSLerror( 219 SSLerror(ERR_R_INTERNAL_ERROR);
220 ERR_R_INTERNAL_ERROR);
221 ret = -1; 220 ret = -1;
222 goto end; 221 goto end;
223 } 222 }
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
index b98c04b7cf..82dc8bfdef 100644
--- a/src/lib/libssl/d1_srtp.c
+++ b/src/lib/libssl/d1_srtp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srtp.c,v 1.19 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: d1_srtp.c,v 1.20 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -187,8 +187,7 @@ ssl_ctx_make_profiles(const char *profiles_string,
187 SRTP_PROTECTION_PROFILE *p; 187 SRTP_PROTECTION_PROFILE *p;
188 188
189 if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { 189 if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
190 SSLerror( 190 SSLerror(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
191 SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
192 return 1; 191 return 1;
193 } 192 }
194 193
@@ -199,8 +198,7 @@ ssl_ctx_make_profiles(const char *profiles_string,
199 col ? col - ptr : (int)strlen(ptr))) { 198 col ? col - ptr : (int)strlen(ptr))) {
200 sk_SRTP_PROTECTION_PROFILE_push(profiles, p); 199 sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
201 } else { 200 } else {
202 SSLerror( 201 SSLerror(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
203 SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
204 sk_SRTP_PROTECTION_PROFILE_free(profiles); 202 sk_SRTP_PROTECTION_PROFILE_free(profiles);
205 return 1; 203 return 1;
206 } 204 }
@@ -264,14 +262,12 @@ ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
264 262
265 if (p) { 263 if (p) {
266 if (ct == 0) { 264 if (ct == 0) {
267 SSLerror( 265 SSLerror(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
268 SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
269 return 1; 266 return 1;
270 } 267 }
271 268
272 if ((2 + ct * 2 + 1) > maxlen) { 269 if ((2 + ct * 2 + 1) > maxlen) {
273 SSLerror( 270 SSLerror(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
274 SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
275 return 1; 271 return 1;
276 } 272 }
277 273
@@ -304,8 +300,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
304 CBS cbs, ciphers, mki; 300 CBS cbs, ciphers, mki;
305 301
306 if (len < 0) { 302 if (len < 0) {
307 SSLerror( 303 SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
308 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
309 *al = SSL_AD_DECODE_ERROR; 304 *al = SSL_AD_DECODE_ERROR;
310 goto done; 305 goto done;
311 } 306 }
@@ -314,8 +309,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
314 /* Pull off the cipher suite list */ 309 /* Pull off the cipher suite list */
315 if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) || 310 if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
316 CBS_len(&ciphers) % 2) { 311 CBS_len(&ciphers) % 2) {
317 SSLerror( 312 SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
318 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
319 *al = SSL_AD_DECODE_ERROR; 313 *al = SSL_AD_DECODE_ERROR;
320 goto done; 314 goto done;
321 } 315 }
@@ -324,8 +318,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
324 318
325 while (CBS_len(&ciphers) > 0) { 319 while (CBS_len(&ciphers) > 0) {
326 if (!CBS_get_u16(&ciphers, &id)) { 320 if (!CBS_get_u16(&ciphers, &id)) {
327 SSLerror( 321 SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
328 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
329 *al = SSL_AD_DECODE_ERROR; 322 *al = SSL_AD_DECODE_ERROR;
330 goto done; 323 goto done;
331 } 324 }
@@ -339,8 +332,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
339 /* Extract the MKI value as a sanity check, but discard it for now. */ 332 /* Extract the MKI value as a sanity check, but discard it for now. */
340 if (!CBS_get_u8_length_prefixed(&cbs, &mki) || 333 if (!CBS_get_u8_length_prefixed(&cbs, &mki) ||
341 CBS_len(&cbs) != 0) { 334 CBS_len(&cbs) != 0) {
342 SSLerror( 335 SSLerror(SSL_R_BAD_SRTP_MKI_VALUE);
343 SSL_R_BAD_SRTP_MKI_VALUE);
344 *al = SSL_AD_DECODE_ERROR; 336 *al = SSL_AD_DECODE_ERROR;
345 goto done; 337 goto done;
346 } 338 }
@@ -381,14 +373,12 @@ ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
381{ 373{
382 if (p) { 374 if (p) {
383 if (maxlen < 5) { 375 if (maxlen < 5) {
384 SSLerror( 376 SSLerror(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
385 SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
386 return 1; 377 return 1;
387 } 378 }
388 379
389 if (s->internal->srtp_profile == 0) { 380 if (s->internal->srtp_profile == 0) {
390 SSLerror( 381 SSLerror(SSL_R_USE_SRTP_NOT_NEGOTIATED);
391 SSL_R_USE_SRTP_NOT_NEGOTIATED);
392 return 1; 382 return 1;
393 } 383 }
394 s2n(2, p); 384 s2n(2, p);
@@ -411,8 +401,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
411 CBS cbs, profile_ids, mki; 401 CBS cbs, profile_ids, mki;
412 402
413 if (len < 0) { 403 if (len < 0) {
414 SSLerror( 404 SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
415 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
416 *al = SSL_AD_DECODE_ERROR; 405 *al = SSL_AD_DECODE_ERROR;
417 return 1; 406 return 1;
418 } 407 }
@@ -425,16 +414,14 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
425 */ 414 */
426 if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) || 415 if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) ||
427 !CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) { 416 !CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) {
428 SSLerror( 417 SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
429 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
430 *al = SSL_AD_DECODE_ERROR; 418 *al = SSL_AD_DECODE_ERROR;
431 return 1; 419 return 1;
432 } 420 }
433 421
434 /* Must be no MKI, since we never offer one. */ 422 /* Must be no MKI, since we never offer one. */
435 if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&mki) != 0) { 423 if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&mki) != 0) {
436 SSLerror( 424 SSLerror(SSL_R_BAD_SRTP_MKI_VALUE);
437 SSL_R_BAD_SRTP_MKI_VALUE);
438 *al = SSL_AD_ILLEGAL_PARAMETER; 425 *al = SSL_AD_ILLEGAL_PARAMETER;
439 return 1; 426 return 1;
440 } 427 }
@@ -443,8 +430,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
443 430
444 /* Throw an error if the server gave us an unsolicited extension. */ 431 /* Throw an error if the server gave us an unsolicited extension. */
445 if (clnt == NULL) { 432 if (clnt == NULL) {
446 SSLerror( 433 SSLerror(SSL_R_NO_SRTP_PROFILES);
447 SSL_R_NO_SRTP_PROFILES);
448 *al = SSL_AD_DECODE_ERROR; 434 *al = SSL_AD_DECODE_ERROR;
449 return 1; 435 return 1;
450 } 436 }
@@ -463,8 +449,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
463 } 449 }
464 } 450 }
465 451
466 SSLerror( 452 SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
467 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
468 *al = SSL_AD_DECODE_ERROR; 453 *al = SSL_AD_DECODE_ERROR;
469 return 1; 454 return 1;
470} 455}
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 80d7d639c3..fa860b8d5a 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.82 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.83 2017/01/26 12:16:13 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -506,8 +506,7 @@ dtls1_accept(SSL *s)
506 * at this point and digest cached records. 506 * at this point and digest cached records.
507 */ 507 */
508 if (!S3I(s)->handshake_buffer) { 508 if (!S3I(s)->handshake_buffer) {
509 SSLerror( 509 SSLerror(ERR_R_INTERNAL_ERROR);
510 ERR_R_INTERNAL_ERROR);
511 ret = -1; 510 ret = -1;
512 goto end; 511 goto end;
513 } 512 }
@@ -706,8 +705,7 @@ dtls1_send_hello_verify_request(SSL *s)
706 if (s->ctx->internal->app_gen_cookie_cb == NULL || 705 if (s->ctx->internal->app_gen_cookie_cb == NULL ||
707 s->ctx->internal->app_gen_cookie_cb(s, 706 s->ctx->internal->app_gen_cookie_cb(s,
708 D1I(s)->cookie, &(D1I(s)->cookie_len)) == 0) { 707 D1I(s)->cookie, &(D1I(s)->cookie_len)) == 0) {
709 SSLerror( 708 SSLerror(ERR_R_INTERNAL_ERROR);
710 ERR_R_INTERNAL_ERROR);
711 return 0; 709 return 0;
712 } 710 }
713 711
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 6287f6cbc6..108cc9f71e 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.132 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.133 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1980,8 +1980,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1980 1980
1981 if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { 1981 if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
1982 if (!ssl_cert_inst(&s->cert)) { 1982 if (!ssl_cert_inst(&s->cert)) {
1983 SSLerror( 1983 SSLerror(ERR_R_MALLOC_FAILURE);
1984 ERR_R_MALLOC_FAILURE);
1985 return (0); 1984 return (0);
1986 } 1985 }
1987 } 1986 }
@@ -2016,13 +2015,11 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2016 { 2015 {
2017 DH *dh = (DH *)parg; 2016 DH *dh = (DH *)parg;
2018 if (dh == NULL) { 2017 if (dh == NULL) {
2019 SSLerror( 2018 SSLerror(ERR_R_PASSED_NULL_PARAMETER);
2020 ERR_R_PASSED_NULL_PARAMETER);
2021 return (ret); 2019 return (ret);
2022 } 2020 }
2023 if ((dh = DHparams_dup(dh)) == NULL) { 2021 if ((dh = DHparams_dup(dh)) == NULL) {
2024 SSLerror( 2022 SSLerror(ERR_R_DH_LIB);
2025 ERR_R_DH_LIB);
2026 return (ret); 2023 return (ret);
2027 } 2024 }
2028 DH_free(s->cert->dh_tmp); 2025 DH_free(s->cert->dh_tmp);
@@ -2044,21 +2041,18 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2044 EC_KEY *ecdh = NULL; 2041 EC_KEY *ecdh = NULL;
2045 2042
2046 if (parg == NULL) { 2043 if (parg == NULL) {
2047 SSLerror( 2044 SSLerror(ERR_R_PASSED_NULL_PARAMETER);
2048 ERR_R_PASSED_NULL_PARAMETER);
2049 return (ret); 2045 return (ret);
2050 } 2046 }
2051 if (!EC_KEY_up_ref((EC_KEY *)parg)) { 2047 if (!EC_KEY_up_ref((EC_KEY *)parg)) {
2052 SSLerror( 2048 SSLerror(ERR_R_ECDH_LIB);
2053 ERR_R_ECDH_LIB);
2054 return (ret); 2049 return (ret);
2055 } 2050 }
2056 ecdh = (EC_KEY *)parg; 2051 ecdh = (EC_KEY *)parg;
2057 if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) { 2052 if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
2058 if (!EC_KEY_generate_key(ecdh)) { 2053 if (!EC_KEY_generate_key(ecdh)) {
2059 EC_KEY_free(ecdh); 2054 EC_KEY_free(ecdh);
2060 SSLerror( 2055 SSLerror(ERR_R_ECDH_LIB);
2061 ERR_R_ECDH_LIB);
2062 return (ret); 2056 return (ret);
2063 } 2057 }
2064 } 2058 }
@@ -2069,8 +2063,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2069 break; 2063 break;
2070 case SSL_CTRL_SET_TMP_ECDH_CB: 2064 case SSL_CTRL_SET_TMP_ECDH_CB:
2071 { 2065 {
2072 SSLerror( 2066 SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2073 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2074 return (ret); 2067 return (ret);
2075 } 2068 }
2076 break; 2069 break;
@@ -2083,19 +2076,16 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2083 if (parg == NULL) 2076 if (parg == NULL)
2084 break; 2077 break;
2085 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { 2078 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
2086 SSLerror( 2079 SSLerror(SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2087 SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2088 return 0; 2080 return 0;
2089 } 2081 }
2090 if ((s->tlsext_hostname = strdup((char *)parg)) 2082 if ((s->tlsext_hostname = strdup((char *)parg))
2091 == NULL) { 2083 == NULL) {
2092 SSLerror( 2084 SSLerror(ERR_R_INTERNAL_ERROR);
2093 ERR_R_INTERNAL_ERROR);
2094 return 0; 2085 return 0;
2095 } 2086 }
2096 } else { 2087 } else {
2097 SSLerror( 2088 SSLerror(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2098 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2099 return 0; 2089 return 0;
2100 } 2090 }
2101 break; 2091 break;
@@ -2177,8 +2167,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2177 2167
2178 if (cmd == SSL_CTRL_SET_TMP_DH_CB) { 2168 if (cmd == SSL_CTRL_SET_TMP_DH_CB) {
2179 if (!ssl_cert_inst(&s->cert)) { 2169 if (!ssl_cert_inst(&s->cert)) {
2180 SSLerror( 2170 SSLerror(ERR_R_MALLOC_FAILURE);
2181 ERR_R_MALLOC_FAILURE);
2182 return (0); 2171 return (0);
2183 } 2172 }
2184 } 2173 }
@@ -2223,8 +2212,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2223 2212
2224 dh = (DH *)parg; 2213 dh = (DH *)parg;
2225 if ((new = DHparams_dup(dh)) == NULL) { 2214 if ((new = DHparams_dup(dh)) == NULL) {
2226 SSLerror( 2215 SSLerror(ERR_R_DH_LIB);
2227 ERR_R_DH_LIB);
2228 return 0; 2216 return 0;
2229 } 2217 }
2230 DH_free(cert->dh_tmp); 2218 DH_free(cert->dh_tmp);
@@ -2246,21 +2234,18 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2246 EC_KEY *ecdh = NULL; 2234 EC_KEY *ecdh = NULL;
2247 2235
2248 if (parg == NULL) { 2236 if (parg == NULL) {
2249 SSLerror( 2237 SSLerror(ERR_R_ECDH_LIB);
2250 ERR_R_ECDH_LIB);
2251 return 0; 2238 return 0;
2252 } 2239 }
2253 ecdh = EC_KEY_dup((EC_KEY *)parg); 2240 ecdh = EC_KEY_dup((EC_KEY *)parg);
2254 if (ecdh == NULL) { 2241 if (ecdh == NULL) {
2255 SSLerror( 2242 SSLerror(ERR_R_EC_LIB);
2256 ERR_R_EC_LIB);
2257 return 0; 2243 return 0;
2258 } 2244 }
2259 if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) { 2245 if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
2260 if (!EC_KEY_generate_key(ecdh)) { 2246 if (!EC_KEY_generate_key(ecdh)) {
2261 EC_KEY_free(ecdh); 2247 EC_KEY_free(ecdh);
2262 SSLerror( 2248 SSLerror(ERR_R_ECDH_LIB);
2263 ERR_R_ECDH_LIB);
2264 return 0; 2249 return 0;
2265 } 2250 }
2266 } 2251 }
@@ -2272,8 +2257,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2272 /* break; */ 2257 /* break; */
2273 case SSL_CTRL_SET_TMP_ECDH_CB: 2258 case SSL_CTRL_SET_TMP_ECDH_CB:
2274 { 2259 {
2275 SSLerror( 2260 SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2276 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2277 return (0); 2261 return (0);
2278 } 2262 }
2279 break; 2263 break;
@@ -2287,8 +2271,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2287 if (!keys) 2271 if (!keys)
2288 return 48; 2272 return 48;
2289 if (larg != 48) { 2273 if (larg != 48) {
2290 SSLerror( 2274 SSLerror(SSL_R_INVALID_TICKET_KEYS_LENGTH);
2291 SSL_R_INVALID_TICKET_KEYS_LENGTH);
2292 return 0; 2275 return 0;
2293 } 2276 }
2294 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { 2277 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 707feb6d09..0a33002809 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_both.c,v 1.3 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: ssl_both.c,v 1.4 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -365,8 +365,7 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, X509 *x)
365 365
366 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, 366 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
367 x, NULL)) { 367 x, NULL)) {
368 SSLerror( 368 SSLerror(ERR_R_X509_LIB);
369 ERR_R_X509_LIB);
370 goto err; 369 goto err;
371 } 370 }
372 X509_verify_cert(&xs_ctx); 371 X509_verify_cert(&xs_ctx);
@@ -420,8 +419,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
420 S3I(s)->tmp.reuse_message = 0; 419 S3I(s)->tmp.reuse_message = 0;
421 if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { 420 if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
422 al = SSL_AD_UNEXPECTED_MESSAGE; 421 al = SSL_AD_UNEXPECTED_MESSAGE;
423 SSLerror( 422 SSLerror(SSL_R_UNEXPECTED_MESSAGE);
424 SSL_R_UNEXPECTED_MESSAGE);
425 goto f_err; 423 goto f_err;
426 } 424 }
427 *ok = 1; 425 *ok = 1;
@@ -473,8 +471,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
473 471
474 if ((mt >= 0) && (*p != mt)) { 472 if ((mt >= 0) && (*p != mt)) {
475 al = SSL_AD_UNEXPECTED_MESSAGE; 473 al = SSL_AD_UNEXPECTED_MESSAGE;
476 SSLerror( 474 SSLerror(SSL_R_UNEXPECTED_MESSAGE);
477 SSL_R_UNEXPECTED_MESSAGE);
478 goto f_err; 475 goto f_err;
479 } 476 }
480 477
@@ -488,8 +485,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
488 485
489 if (l > (unsigned long)max) { 486 if (l > (unsigned long)max) {
490 al = SSL_AD_ILLEGAL_PARAMETER; 487 al = SSL_AD_ILLEGAL_PARAMETER;
491 SSLerror( 488 SSLerror(SSL_R_EXCESSIVE_MESSAGE_SIZE);
492 SSL_R_EXCESSIVE_MESSAGE_SIZE);
493 goto f_err; 489 goto f_err;
494 } 490 }
495 if (l && !BUF_MEM_grow_clean(s->internal->init_buf, l + 4)) { 491 if (l && !BUF_MEM_grow_clean(s->internal->init_buf, l + 4)) {
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 4f714f751a..e608bcfea4 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_cert.c,v 1.61 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: ssl_cert.c,v 1.62 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -587,8 +587,7 @@ SSL_load_client_CA_file(const char *file)
587 if (ret == NULL) { 587 if (ret == NULL) {
588 ret = sk_X509_NAME_new_null(); 588 ret = sk_X509_NAME_new_null();
589 if (ret == NULL) { 589 if (ret == NULL) {
590 SSLerror( 590 SSLerror(ERR_R_MALLOC_FAILURE);
591 ERR_R_MALLOC_FAILURE);
592 goto err; 591 goto err;
593 } 592 }
594 } 593 }
@@ -643,8 +642,7 @@ SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
643 in = BIO_new(BIO_s_file_internal()); 642 in = BIO_new(BIO_s_file_internal());
644 643
645 if (in == NULL) { 644 if (in == NULL) {
646 SSLerror( 645 SSLerror(ERR_R_MALLOC_FAILURE);
647 ERR_R_MALLOC_FAILURE);
648 goto err; 646 goto err;
649 } 647 }
650 648
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index c1dee99e58..f167244eb4 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.91 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.92 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1162,8 +1162,7 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
1162 * it is no command or separator nor 1162 * it is no command or separator nor
1163 * alphanumeric, so we call this an error. 1163 * alphanumeric, so we call this an error.
1164 */ 1164 */
1165 SSLerror( 1165 SSLerror(SSL_R_INVALID_COMMAND);
1166 SSL_R_INVALID_COMMAND);
1167 retval = found = 0; 1166 retval = found = 0;
1168 l++; 1167 l++;
1169 break; 1168 break;
@@ -1309,8 +1308,7 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
1309 if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) 1308 if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8))
1310 ok = ssl_cipher_strength_sort(head_p, tail_p); 1309 ok = ssl_cipher_strength_sort(head_p, tail_p);
1311 else 1310 else
1312 SSLerror( 1311 SSLerror(SSL_R_INVALID_COMMAND);
1313 SSL_R_INVALID_COMMAND);
1314 if (ok == 0) 1312 if (ok == 0)
1315 retval = 0; 1313 retval = 0;
1316 /* 1314 /*
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index c8d4aca1c3..6f2edf5d90 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.3 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.4 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -211,8 +211,7 @@ ssl3_connect(SSL *s)
211 cb(s, SSL_CB_HANDSHAKE_START, 1); 211 cb(s, SSL_CB_HANDSHAKE_START, 1);
212 212
213 if ((s->version & 0xff00 ) != 0x0300) { 213 if ((s->version & 0xff00 ) != 0x0300) {
214 SSLerror( 214 SSLerror(ERR_R_INTERNAL_ERROR);
215 ERR_R_INTERNAL_ERROR);
216 ret = -1; 215 ret = -1;
217 goto end; 216 goto end;
218 } 217 }
@@ -551,8 +550,7 @@ ssl3_connect(SSL *s)
551 /* break; */ 550 /* break; */
552 551
553 default: 552 default:
554 SSLerror( 553 SSLerror(SSL_R_UNKNOWN_STATE);
555 SSL_R_UNKNOWN_STATE);
556 ret = -1; 554 ret = -1;
557 goto end; 555 goto end;
558 /* break; */ 556 /* break; */
@@ -597,8 +595,7 @@ ssl3_client_hello(SSL *s)
597 SSL_SESSION *sess = s->session; 595 SSL_SESSION *sess = s->session;
598 596
599 if (ssl_supported_version_range(s, NULL, &max_version) != 1) { 597 if (ssl_supported_version_range(s, NULL, &max_version) != 1) {
600 SSLerror( 598 SSLerror(SSL_R_NO_PROTOCOLS_AVAILABLE);
601 SSL_R_NO_PROTOCOLS_AVAILABLE);
602 return (-1); 599 return (-1);
603 } 600 }
604 s->client_version = s->version = max_version; 601 s->client_version = s->version = max_version;
@@ -668,8 +665,7 @@ ssl3_client_hello(SSL *s)
668 *(p++) = i; 665 *(p++) = i;
669 if (i != 0) { 666 if (i != 0) {
670 if (i > (int)sizeof(s->session->session_id)) { 667 if (i > (int)sizeof(s->session->session_id)) {
671 SSLerror( 668 SSLerror(ERR_R_INTERNAL_ERROR);
672 ERR_R_INTERNAL_ERROR);
673 goto err; 669 goto err;
674 } 670 }
675 memcpy(p, s->session->session_id, i); 671 memcpy(p, s->session->session_id, i);
@@ -679,8 +675,7 @@ ssl3_client_hello(SSL *s)
679 /* DTLS Cookie. */ 675 /* DTLS Cookie. */
680 if (SSL_IS_DTLS(s)) { 676 if (SSL_IS_DTLS(s)) {
681 if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) { 677 if (D1I(s)->cookie_len > sizeof(D1I(s)->cookie)) {
682 SSLerror( 678 SSLerror(ERR_R_INTERNAL_ERROR);
683 ERR_R_INTERNAL_ERROR);
684 goto err; 679 goto err;
685 } 680 }
686 *(p++) = D1I(s)->cookie_len; 681 *(p++) = D1I(s)->cookie_len;
@@ -693,8 +688,7 @@ ssl3_client_hello(SSL *s)
693 bufend - &p[2], &outlen)) 688 bufend - &p[2], &outlen))
694 goto err; 689 goto err;
695 if (outlen == 0) { 690 if (outlen == 0) {
696 SSLerror( 691 SSLerror(SSL_R_NO_CIPHERS_AVAILABLE);
697 SSL_R_NO_CIPHERS_AVAILABLE);
698 goto err; 692 goto err;
699 } 693 }
700 s2n(outlen, p); 694 s2n(outlen, p);
@@ -706,8 +700,7 @@ ssl3_client_hello(SSL *s)
706 700
707 /* TLS extensions*/ 701 /* TLS extensions*/
708 if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) { 702 if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
709 SSLerror( 703 SSLerror(ERR_R_INTERNAL_ERROR);
710 ERR_R_INTERNAL_ERROR);
711 goto err; 704 goto err;
712 } 705 }
713 706
@@ -759,8 +752,7 @@ ssl3_get_server_hello(SSL *s)
759 } else { 752 } else {
760 /* Already sent a cookie. */ 753 /* Already sent a cookie. */
761 al = SSL_AD_UNEXPECTED_MESSAGE; 754 al = SSL_AD_UNEXPECTED_MESSAGE;
762 SSLerror( 755 SSLerror(SSL_R_BAD_MESSAGE_TYPE);
763 SSL_R_BAD_MESSAGE_TYPE);
764 goto f_err; 756 goto f_err;
765 } 757 }
766 } 758 }
@@ -768,8 +760,7 @@ ssl3_get_server_hello(SSL *s)
768 760
769 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) { 761 if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {
770 al = SSL_AD_UNEXPECTED_MESSAGE; 762 al = SSL_AD_UNEXPECTED_MESSAGE;
771 SSLerror( 763 SSLerror(SSL_R_BAD_MESSAGE_TYPE);
772 SSL_R_BAD_MESSAGE_TYPE);
773 goto f_err; 764 goto f_err;
774 } 765 }
775 766
@@ -777,8 +768,7 @@ ssl3_get_server_hello(SSL *s)
777 goto truncated; 768 goto truncated;
778 769
779 if (ssl_supported_version_range(s, &min_version, &max_version) != 1) { 770 if (ssl_supported_version_range(s, &min_version, &max_version) != 1) {
780 SSLerror( 771 SSLerror(SSL_R_NO_PROTOCOLS_AVAILABLE);
781 SSL_R_NO_PROTOCOLS_AVAILABLE);
782 goto err; 772 goto err;
783 } 773 }
784 774
@@ -812,8 +802,7 @@ ssl3_get_server_hello(SSL *s)
812 if ((CBS_len(&session_id) > sizeof(s->session->session_id)) || 802 if ((CBS_len(&session_id) > sizeof(s->session->session_id)) ||
813 (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)) { 803 (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)) {
814 al = SSL_AD_ILLEGAL_PARAMETER; 804 al = SSL_AD_ILLEGAL_PARAMETER;
815 SSLerror( 805 SSLerror(SSL_R_SSL3_SESSION_ID_TOO_LONG);
816 SSL_R_SSL3_SESSION_ID_TOO_LONG);
817 goto f_err; 806 goto f_err;
818 } 807 }
819 808
@@ -845,8 +834,7 @@ ssl3_get_server_hello(SSL *s)
845 s->sid_ctx, s->sid_ctx_length) != 0) { 834 s->sid_ctx, s->sid_ctx_length) != 0) {
846 /* actually a client application bug */ 835 /* actually a client application bug */
847 al = SSL_AD_ILLEGAL_PARAMETER; 836 al = SSL_AD_ILLEGAL_PARAMETER;
848 SSLerror( 837 SSLerror(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
849 SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
850 goto f_err; 838 goto f_err;
851 } 839 }
852 s->s3->flags |= SSL3_FLAGS_CCS_OK; 840 s->s3->flags |= SSL3_FLAGS_CCS_OK;
@@ -878,8 +866,7 @@ ssl3_get_server_hello(SSL *s)
878 866
879 if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) { 867 if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) {
880 al = SSL_AD_ILLEGAL_PARAMETER; 868 al = SSL_AD_ILLEGAL_PARAMETER;
881 SSLerror( 869 SSLerror(SSL_R_UNKNOWN_CIPHER_RETURNED);
882 SSL_R_UNKNOWN_CIPHER_RETURNED);
883 goto f_err; 870 goto f_err;
884 } 871 }
885 872
@@ -887,8 +874,7 @@ ssl3_get_server_hello(SSL *s)
887 if ((cipher->algorithm_ssl & SSL_TLSV1_2) && 874 if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
888 (TLS1_get_version(s) < TLS1_2_VERSION)) { 875 (TLS1_get_version(s) < TLS1_2_VERSION)) {
889 al = SSL_AD_ILLEGAL_PARAMETER; 876 al = SSL_AD_ILLEGAL_PARAMETER;
890 SSLerror( 877 SSLerror(SSL_R_WRONG_CIPHER_RETURNED);
891 SSL_R_WRONG_CIPHER_RETURNED);
892 goto f_err; 878 goto f_err;
893 } 879 }
894 880
@@ -897,8 +883,7 @@ ssl3_get_server_hello(SSL *s)
897 if (i < 0) { 883 if (i < 0) {
898 /* we did not say we would use this cipher */ 884 /* we did not say we would use this cipher */
899 al = SSL_AD_ILLEGAL_PARAMETER; 885 al = SSL_AD_ILLEGAL_PARAMETER;
900 SSLerror( 886 SSLerror(SSL_R_WRONG_CIPHER_RETURNED);
901 SSL_R_WRONG_CIPHER_RETURNED);
902 goto f_err; 887 goto f_err;
903 } 888 }
904 889
@@ -911,8 +896,7 @@ ssl3_get_server_hello(SSL *s)
911 s->session->cipher_id = s->session->cipher->id; 896 s->session->cipher_id = s->session->cipher->id;
912 if (s->internal->hit && (s->session->cipher_id != cipher->id)) { 897 if (s->internal->hit && (s->session->cipher_id != cipher->id)) {
913 al = SSL_AD_ILLEGAL_PARAMETER; 898 al = SSL_AD_ILLEGAL_PARAMETER;
914 SSLerror( 899 SSLerror(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
915 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
916 goto f_err; 900 goto f_err;
917 } 901 }
918 S3I(s)->tmp.new_cipher = cipher; 902 S3I(s)->tmp.new_cipher = cipher;
@@ -933,8 +917,7 @@ ssl3_get_server_hello(SSL *s)
933 917
934 if (compression_method != 0) { 918 if (compression_method != 0) {
935 al = SSL_AD_ILLEGAL_PARAMETER; 919 al = SSL_AD_ILLEGAL_PARAMETER;
936 SSLerror( 920 SSLerror(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
937 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
938 goto f_err; 921 goto f_err;
939 } 922 }
940 923
@@ -991,15 +974,13 @@ ssl3_get_server_certificate(SSL *s)
991 974
992 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { 975 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
993 al = SSL_AD_UNEXPECTED_MESSAGE; 976 al = SSL_AD_UNEXPECTED_MESSAGE;
994 SSLerror( 977 SSLerror(SSL_R_BAD_MESSAGE_TYPE);
995 SSL_R_BAD_MESSAGE_TYPE);
996 goto f_err; 978 goto f_err;
997 } 979 }
998 980
999 981
1000 if ((sk = sk_X509_new_null()) == NULL) { 982 if ((sk = sk_X509_new_null()) == NULL) {
1001 SSLerror( 983 SSLerror(ERR_R_MALLOC_FAILURE);
1002 ERR_R_MALLOC_FAILURE);
1003 goto err; 984 goto err;
1004 } 985 }
1005 986
@@ -1013,8 +994,7 @@ ssl3_get_server_certificate(SSL *s)
1013 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) || 994 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) ||
1014 CBS_len(&cbs) != 0) { 995 CBS_len(&cbs) != 0) {
1015 al = SSL_AD_DECODE_ERROR; 996 al = SSL_AD_DECODE_ERROR;
1016 SSLerror( 997 SSLerror(SSL_R_LENGTH_MISMATCH);
1017 SSL_R_LENGTH_MISMATCH);
1018 goto f_err; 998 goto f_err;
1019 } 999 }
1020 1000
@@ -1025,8 +1005,7 @@ ssl3_get_server_certificate(SSL *s)
1025 goto truncated; 1005 goto truncated;
1026 if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) { 1006 if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
1027 al = SSL_AD_DECODE_ERROR; 1007 al = SSL_AD_DECODE_ERROR;
1028 SSLerror( 1008 SSLerror(SSL_R_CERT_LENGTH_MISMATCH);
1029 SSL_R_CERT_LENGTH_MISMATCH);
1030 goto f_err; 1009 goto f_err;
1031 } 1010 }
1032 1011
@@ -1034,19 +1013,16 @@ ssl3_get_server_certificate(SSL *s)
1034 x = d2i_X509(NULL, &q, CBS_len(&cert)); 1013 x = d2i_X509(NULL, &q, CBS_len(&cert));
1035 if (x == NULL) { 1014 if (x == NULL) {
1036 al = SSL_AD_BAD_CERTIFICATE; 1015 al = SSL_AD_BAD_CERTIFICATE;
1037 SSLerror( 1016 SSLerror(ERR_R_ASN1_LIB);
1038 ERR_R_ASN1_LIB);
1039 goto f_err; 1017 goto f_err;
1040 } 1018 }
1041 if (q != CBS_data(&cert) + CBS_len(&cert)) { 1019 if (q != CBS_data(&cert) + CBS_len(&cert)) {
1042 al = SSL_AD_DECODE_ERROR; 1020 al = SSL_AD_DECODE_ERROR;
1043 SSLerror( 1021 SSLerror(SSL_R_CERT_LENGTH_MISMATCH);
1044 SSL_R_CERT_LENGTH_MISMATCH);
1045 goto f_err; 1022 goto f_err;
1046 } 1023 }
1047 if (!sk_X509_push(sk, x)) { 1024 if (!sk_X509_push(sk, x)) {
1048 SSLerror( 1025 SSLerror(ERR_R_MALLOC_FAILURE);
1049 ERR_R_MALLOC_FAILURE);
1050 goto err; 1026 goto err;
1051 } 1027 }
1052 x = NULL; 1028 x = NULL;
@@ -1055,8 +1031,7 @@ ssl3_get_server_certificate(SSL *s)
1055 i = ssl_verify_cert_chain(s, sk); 1031 i = ssl_verify_cert_chain(s, sk);
1056 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) { 1032 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
1057 al = ssl_verify_alarm_type(s->verify_result); 1033 al = ssl_verify_alarm_type(s->verify_result);
1058 SSLerror( 1034 SSLerror(SSL_R_CERTIFICATE_VERIFY_FAILED);
1059 SSL_R_CERTIFICATE_VERIFY_FAILED);
1060 goto f_err; 1035 goto f_err;
1061 1036
1062 } 1037 }
@@ -1082,8 +1057,7 @@ ssl3_get_server_certificate(SSL *s)
1082 if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { 1057 if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
1083 x = NULL; 1058 x = NULL;
1084 al = SSL3_AL_FATAL; 1059 al = SSL3_AL_FATAL;
1085 SSLerror( 1060 SSLerror(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1086 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1087 goto f_err; 1061 goto f_err;
1088 } 1062 }
1089 1063
@@ -1091,8 +1065,7 @@ ssl3_get_server_certificate(SSL *s)
1091 if (i < 0) { 1065 if (i < 0) {
1092 x = NULL; 1066 x = NULL;
1093 al = SSL3_AL_FATAL; 1067 al = SSL3_AL_FATAL;
1094 SSLerror( 1068 SSLerror(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1095 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1096 goto f_err; 1069 goto f_err;
1097 } 1070 }
1098 1071
@@ -1118,8 +1091,7 @@ ssl3_get_server_certificate(SSL *s)
1118truncated: 1091truncated:
1119 /* wrong packet length */ 1092 /* wrong packet length */
1120 al = SSL_AD_DECODE_ERROR; 1093 al = SSL_AD_DECODE_ERROR;
1121 SSLerror( 1094 SSLerror(SSL_R_BAD_PACKET_LENGTH);
1122 SSL_R_BAD_PACKET_LENGTH);
1123f_err: 1095f_err:
1124 ssl3_send_alert(s, SSL3_AL_FATAL, al); 1096 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1125 } 1097 }
@@ -1337,8 +1309,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn)
1337 1309
1338 if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) { 1310 if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) {
1339 al = SSL_AD_INTERNAL_ERROR; 1311 al = SSL_AD_INTERNAL_ERROR;
1340 SSLerror( 1312 SSLerror(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1341 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1342 goto f_err; 1313 goto f_err;
1343 } 1314 }
1344 1315
@@ -1414,8 +1385,7 @@ ssl3_get_server_key_exchange(SSL *s)
1414 * ephemeral keys. 1385 * ephemeral keys.
1415 */ 1386 */
1416 if (alg_k & (SSL_kDHE|SSL_kECDHE)) { 1387 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
1417 SSLerror( 1388 SSLerror(SSL_R_UNEXPECTED_MESSAGE);
1418 SSL_R_UNEXPECTED_MESSAGE);
1419 al = SSL_AD_UNEXPECTED_MESSAGE; 1389 al = SSL_AD_UNEXPECTED_MESSAGE;
1420 goto f_err; 1390 goto f_err;
1421 } 1391 }
@@ -1463,8 +1433,7 @@ ssl3_get_server_key_exchange(SSL *s)
1463 int sigalg = tls12_get_sigid(pkey); 1433 int sigalg = tls12_get_sigid(pkey);
1464 /* Should never happen */ 1434 /* Should never happen */
1465 if (sigalg == -1) { 1435 if (sigalg == -1) {
1466 SSLerror( 1436 SSLerror(ERR_R_INTERNAL_ERROR);
1467 ERR_R_INTERNAL_ERROR);
1468 goto err; 1437 goto err;
1469 } 1438 }
1470 /* 1439 /*
@@ -1474,15 +1443,13 @@ ssl3_get_server_key_exchange(SSL *s)
1474 if (2 > n) 1443 if (2 > n)
1475 goto truncated; 1444 goto truncated;
1476 if (sigalg != (int)p[1]) { 1445 if (sigalg != (int)p[1]) {
1477 SSLerror( 1446 SSLerror(SSL_R_WRONG_SIGNATURE_TYPE);
1478 SSL_R_WRONG_SIGNATURE_TYPE);
1479 al = SSL_AD_DECODE_ERROR; 1447 al = SSL_AD_DECODE_ERROR;
1480 goto f_err; 1448 goto f_err;
1481 } 1449 }
1482 md = tls12_get_hash(p[0]); 1450 md = tls12_get_hash(p[0]);
1483 if (md == NULL) { 1451 if (md == NULL) {
1484 SSLerror( 1452 SSLerror(SSL_R_UNKNOWN_DIGEST);
1485 SSL_R_UNKNOWN_DIGEST);
1486 al = SSL_AD_DECODE_ERROR; 1453 al = SSL_AD_DECODE_ERROR;
1487 goto f_err; 1454 goto f_err;
1488 } 1455 }
@@ -1500,8 +1467,7 @@ ssl3_get_server_key_exchange(SSL *s)
1500 if (i != n || n > j) { 1467 if (i != n || n > j) {
1501 /* wrong packet length */ 1468 /* wrong packet length */
1502 al = SSL_AD_DECODE_ERROR; 1469 al = SSL_AD_DECODE_ERROR;
1503 SSLerror( 1470 SSLerror(SSL_R_WRONG_SIGNATURE_LENGTH);
1504 SSL_R_WRONG_SIGNATURE_LENGTH);
1505 goto f_err; 1471 goto f_err;
1506 } 1472 }
1507 1473
@@ -1533,15 +1499,13 @@ ssl3_get_server_key_exchange(SSL *s)
1533 p, n, pkey->pkey.rsa); 1499 p, n, pkey->pkey.rsa);
1534 if (i < 0) { 1500 if (i < 0) {
1535 al = SSL_AD_DECRYPT_ERROR; 1501 al = SSL_AD_DECRYPT_ERROR;
1536 SSLerror( 1502 SSLerror(SSL_R_BAD_RSA_DECRYPT);
1537 SSL_R_BAD_RSA_DECRYPT);
1538 goto f_err; 1503 goto f_err;
1539 } 1504 }
1540 if (i == 0) { 1505 if (i == 0) {
1541 /* bad signature */ 1506 /* bad signature */
1542 al = SSL_AD_DECRYPT_ERROR; 1507 al = SSL_AD_DECRYPT_ERROR;
1543 SSLerror( 1508 SSLerror(SSL_R_BAD_SIGNATURE);
1544 SSL_R_BAD_SIGNATURE);
1545 goto f_err; 1509 goto f_err;
1546 } 1510 }
1547 } else { 1511 } else {
@@ -1554,23 +1518,20 @@ ssl3_get_server_key_exchange(SSL *s)
1554 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) { 1518 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) {
1555 /* bad signature */ 1519 /* bad signature */
1556 al = SSL_AD_DECRYPT_ERROR; 1520 al = SSL_AD_DECRYPT_ERROR;
1557 SSLerror( 1521 SSLerror(SSL_R_BAD_SIGNATURE);
1558 SSL_R_BAD_SIGNATURE);
1559 goto f_err; 1522 goto f_err;
1560 } 1523 }
1561 } 1524 }
1562 } else { 1525 } else {
1563 /* aNULL does not need public keys. */ 1526 /* aNULL does not need public keys. */
1564 if (!(alg_a & SSL_aNULL)) { 1527 if (!(alg_a & SSL_aNULL)) {
1565 SSLerror( 1528 SSLerror(ERR_R_INTERNAL_ERROR);
1566 ERR_R_INTERNAL_ERROR);
1567 goto err; 1529 goto err;
1568 } 1530 }
1569 /* still data left over */ 1531 /* still data left over */
1570 if (n != 0) { 1532 if (n != 0) {
1571 al = SSL_AD_DECODE_ERROR; 1533 al = SSL_AD_DECODE_ERROR;
1572 SSLerror( 1534 SSLerror(SSL_R_EXTRA_DATA_IN_MESSAGE);
1573 SSL_R_EXTRA_DATA_IN_MESSAGE);
1574 goto f_err; 1535 goto f_err;
1575 } 1536 }
1576 } 1537 }
@@ -1630,16 +1591,14 @@ ssl3_get_certificate_request(SSL *s)
1630 1591
1631 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { 1592 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
1632 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1593 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1633 SSLerror( 1594 SSLerror(SSL_R_WRONG_MESSAGE_TYPE);
1634 SSL_R_WRONG_MESSAGE_TYPE);
1635 goto err; 1595 goto err;
1636 } 1596 }
1637 1597
1638 /* TLS does not like anon-DH with client cert */ 1598 /* TLS does not like anon-DH with client cert */
1639 if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) { 1599 if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
1640 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); 1600 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1641 SSLerror( 1601 SSLerror(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1642 SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1643 goto err; 1602 goto err;
1644 } 1603 }
1645 1604
@@ -1648,8 +1607,7 @@ ssl3_get_certificate_request(SSL *s)
1648 CBS_init(&cert_request, s->internal->init_msg, n); 1607 CBS_init(&cert_request, s->internal->init_msg, n);
1649 1608
1650 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { 1609 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
1651 SSLerror( 1610 SSLerror(ERR_R_MALLOC_FAILURE);
1652 ERR_R_MALLOC_FAILURE);
1653 goto err; 1611 goto err;
1654 } 1612 }
1655 1613
@@ -1662,8 +1620,7 @@ ssl3_get_certificate_request(SSL *s)
1662 if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) || 1620 if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) ||
1663 !CBS_write_bytes(&ctypes, (uint8_t *)S3I(s)->tmp.ctype, 1621 !CBS_write_bytes(&ctypes, (uint8_t *)S3I(s)->tmp.ctype,
1664 sizeof(S3I(s)->tmp.ctype), NULL)) { 1622 sizeof(S3I(s)->tmp.ctype), NULL)) {
1665 SSLerror( 1623 SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
1666 SSL_R_DATA_LENGTH_TOO_LONG);
1667 goto err; 1624 goto err;
1668 } 1625 }
1669 1626
@@ -1671,8 +1628,7 @@ ssl3_get_certificate_request(SSL *s)
1671 CBS sigalgs; 1628 CBS sigalgs;
1672 1629
1673 if (CBS_len(&cert_request) < 2) { 1630 if (CBS_len(&cert_request) < 2) {
1674 SSLerror( 1631 SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
1675 SSL_R_DATA_LENGTH_TOO_LONG);
1676 goto err; 1632 goto err;
1677 } 1633 }
1678 1634
@@ -1681,32 +1637,28 @@ ssl3_get_certificate_request(SSL *s)
1681 */ 1637 */
1682 if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) { 1638 if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) {
1683 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1639 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1684 SSLerror( 1640 SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
1685 SSL_R_DATA_LENGTH_TOO_LONG);
1686 goto err; 1641 goto err;
1687 } 1642 }
1688 if ((CBS_len(&sigalgs) & 1) || 1643 if ((CBS_len(&sigalgs) & 1) ||
1689 !tls1_process_sigalgs(s, CBS_data(&sigalgs), 1644 !tls1_process_sigalgs(s, CBS_data(&sigalgs),
1690 CBS_len(&sigalgs))) { 1645 CBS_len(&sigalgs))) {
1691 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1646 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1692 SSLerror( 1647 SSLerror(SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1693 SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1694 goto err; 1648 goto err;
1695 } 1649 }
1696 } 1650 }
1697 1651
1698 /* get the CA RDNs */ 1652 /* get the CA RDNs */
1699 if (CBS_len(&cert_request) < 2) { 1653 if (CBS_len(&cert_request) < 2) {
1700 SSLerror( 1654 SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
1701 SSL_R_DATA_LENGTH_TOO_LONG);
1702 goto err; 1655 goto err;
1703 } 1656 }
1704 1657
1705 if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) || 1658 if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) ||
1706 CBS_len(&cert_request) != 0) { 1659 CBS_len(&cert_request) != 0) {
1707 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1660 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1708 SSLerror( 1661 SSLerror(SSL_R_LENGTH_MISMATCH);
1709 SSL_R_LENGTH_MISMATCH);
1710 goto err; 1662 goto err;
1711 } 1663 }
1712 1664
@@ -1714,15 +1666,13 @@ ssl3_get_certificate_request(SSL *s)
1714 CBS rdn; 1666 CBS rdn;
1715 1667
1716 if (CBS_len(&rdn_list) < 2) { 1668 if (CBS_len(&rdn_list) < 2) {
1717 SSLerror( 1669 SSLerror(SSL_R_DATA_LENGTH_TOO_LONG);
1718 SSL_R_DATA_LENGTH_TOO_LONG);
1719 goto err; 1670 goto err;
1720 } 1671 }
1721 1672
1722 if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) { 1673 if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) {
1723 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1674 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1724 SSLerror( 1675 SSLerror(SSL_R_CA_DN_TOO_LONG);
1725 SSL_R_CA_DN_TOO_LONG);
1726 goto err; 1676 goto err;
1727 } 1677 }
1728 1678
@@ -1730,20 +1680,17 @@ ssl3_get_certificate_request(SSL *s)
1730 if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) { 1680 if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) {
1731 ssl3_send_alert(s, SSL3_AL_FATAL, 1681 ssl3_send_alert(s, SSL3_AL_FATAL,
1732 SSL_AD_DECODE_ERROR); 1682 SSL_AD_DECODE_ERROR);
1733 SSLerror( 1683 SSLerror(ERR_R_ASN1_LIB);
1734 ERR_R_ASN1_LIB);
1735 goto err; 1684 goto err;
1736 } 1685 }
1737 1686
1738 if (q != CBS_data(&rdn) + CBS_len(&rdn)) { 1687 if (q != CBS_data(&rdn) + CBS_len(&rdn)) {
1739 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); 1688 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1740 SSLerror( 1689 SSLerror(SSL_R_CA_DN_LENGTH_MISMATCH);
1741 SSL_R_CA_DN_LENGTH_MISMATCH);
1742 goto err; 1690 goto err;
1743 } 1691 }
1744 if (!sk_X509_NAME_push(ca_sk, xn)) { 1692 if (!sk_X509_NAME_push(ca_sk, xn)) {
1745 SSLerror( 1693 SSLerror(ERR_R_MALLOC_FAILURE);
1746 ERR_R_MALLOC_FAILURE);
1747 goto err; 1694 goto err;
1748 } 1695 }
1749 xn = NULL; /* avoid free in err block */ 1696 xn = NULL; /* avoid free in err block */
@@ -1759,8 +1706,7 @@ ssl3_get_certificate_request(SSL *s)
1759 ret = 1; 1706 ret = 1;
1760 if (0) { 1707 if (0) {
1761truncated: 1708truncated:
1762 SSLerror( 1709 SSLerror(SSL_R_BAD_PACKET_LENGTH);
1763 SSL_R_BAD_PACKET_LENGTH);
1764 } 1710 }
1765err: 1711err:
1766 X509_NAME_free(xn); 1712 X509_NAME_free(xn);
@@ -1793,15 +1739,13 @@ ssl3_get_new_session_ticket(SSL *s)
1793 } 1739 }
1794 if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { 1740 if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
1795 al = SSL_AD_UNEXPECTED_MESSAGE; 1741 al = SSL_AD_UNEXPECTED_MESSAGE;
1796 SSLerror( 1742 SSLerror(SSL_R_BAD_MESSAGE_TYPE);
1797 SSL_R_BAD_MESSAGE_TYPE);
1798 goto f_err; 1743 goto f_err;
1799 } 1744 }
1800 1745
1801 if (n < 0) { 1746 if (n < 0) {
1802 al = SSL_AD_DECODE_ERROR; 1747 al = SSL_AD_DECODE_ERROR;
1803 SSLerror( 1748 SSLerror(SSL_R_LENGTH_MISMATCH);
1804 SSL_R_LENGTH_MISMATCH);
1805 goto f_err; 1749 goto f_err;
1806 } 1750 }
1807 1751
@@ -1813,16 +1757,14 @@ ssl3_get_new_session_ticket(SSL *s)
1813 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) || 1757 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) ||
1814 CBS_len(&cbs) != 0) { 1758 CBS_len(&cbs) != 0) {
1815 al = SSL_AD_DECODE_ERROR; 1759 al = SSL_AD_DECODE_ERROR;
1816 SSLerror( 1760 SSLerror(SSL_R_LENGTH_MISMATCH);
1817 SSL_R_LENGTH_MISMATCH);
1818 goto f_err; 1761 goto f_err;
1819 } 1762 }
1820 s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint; 1763 s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint;
1821 1764
1822 if (!CBS_stow(&session_ticket, &s->session->tlsext_tick, 1765 if (!CBS_stow(&session_ticket, &s->session->tlsext_tick,
1823 &s->session->tlsext_ticklen)) { 1766 &s->session->tlsext_ticklen)) {
1824 SSLerror( 1767 SSLerror(ERR_R_MALLOC_FAILURE);
1825 ERR_R_MALLOC_FAILURE);
1826 goto err; 1768 goto err;
1827 } 1769 }
1828 1770
@@ -1872,8 +1814,7 @@ ssl3_get_cert_status(SSL *s)
1872 if (n < 0) { 1814 if (n < 0) {
1873 /* need at least status type + length */ 1815 /* need at least status type + length */
1874 al = SSL_AD_DECODE_ERROR; 1816 al = SSL_AD_DECODE_ERROR;
1875 SSLerror( 1817 SSLerror(SSL_R_LENGTH_MISMATCH);
1876 SSL_R_LENGTH_MISMATCH);
1877 goto f_err; 1818 goto f_err;
1878 } 1819 }
1879 1820
@@ -1882,23 +1823,20 @@ ssl3_get_cert_status(SSL *s)
1882 CBS_len(&cert_status) < 3) { 1823 CBS_len(&cert_status) < 3) {
1883 /* need at least status type + length */ 1824 /* need at least status type + length */
1884 al = SSL_AD_DECODE_ERROR; 1825 al = SSL_AD_DECODE_ERROR;
1885 SSLerror( 1826 SSLerror(SSL_R_LENGTH_MISMATCH);
1886 SSL_R_LENGTH_MISMATCH);
1887 goto f_err; 1827 goto f_err;
1888 } 1828 }
1889 1829
1890 if (status_type != TLSEXT_STATUSTYPE_ocsp) { 1830 if (status_type != TLSEXT_STATUSTYPE_ocsp) {
1891 al = SSL_AD_DECODE_ERROR; 1831 al = SSL_AD_DECODE_ERROR;
1892 SSLerror( 1832 SSLerror(SSL_R_UNSUPPORTED_STATUS_TYPE);
1893 SSL_R_UNSUPPORTED_STATUS_TYPE);
1894 goto f_err; 1833 goto f_err;
1895 } 1834 }
1896 1835
1897 if (!CBS_get_u24_length_prefixed(&cert_status, &response) || 1836 if (!CBS_get_u24_length_prefixed(&cert_status, &response) ||
1898 CBS_len(&cert_status) != 0) { 1837 CBS_len(&cert_status) != 0) {
1899 al = SSL_AD_DECODE_ERROR; 1838 al = SSL_AD_DECODE_ERROR;
1900 SSLerror( 1839 SSLerror(SSL_R_LENGTH_MISMATCH);
1901 SSL_R_LENGTH_MISMATCH);
1902 goto f_err; 1840 goto f_err;
1903 } 1841 }
1904 1842
@@ -1906,8 +1844,7 @@ ssl3_get_cert_status(SSL *s)
1906 &stow_len) || stow_len > INT_MAX) { 1844 &stow_len) || stow_len > INT_MAX) {
1907 s->internal->tlsext_ocsp_resplen = 0; 1845 s->internal->tlsext_ocsp_resplen = 0;
1908 al = SSL_AD_INTERNAL_ERROR; 1846 al = SSL_AD_INTERNAL_ERROR;
1909 SSLerror( 1847 SSLerror(ERR_R_MALLOC_FAILURE);
1910 ERR_R_MALLOC_FAILURE);
1911 goto f_err; 1848 goto f_err;
1912 } 1849 }
1913 s->internal->tlsext_ocsp_resplen = (int)stow_len; 1850 s->internal->tlsext_ocsp_resplen = (int)stow_len;
@@ -1918,14 +1855,12 @@ ssl3_get_cert_status(SSL *s)
1918 s->ctx->internal->tlsext_status_arg); 1855 s->ctx->internal->tlsext_status_arg);
1919 if (ret == 0) { 1856 if (ret == 0) {
1920 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 1857 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1921 SSLerror( 1858 SSLerror(SSL_R_INVALID_STATUS_RESPONSE);
1922 SSL_R_INVALID_STATUS_RESPONSE);
1923 goto f_err; 1859 goto f_err;
1924 } 1860 }
1925 if (ret < 0) { 1861 if (ret < 0) {
1926 al = SSL_AD_INTERNAL_ERROR; 1862 al = SSL_AD_INTERNAL_ERROR;
1927 SSLerror( 1863 SSLerror(ERR_R_MALLOC_FAILURE);
1928 ERR_R_MALLOC_FAILURE);
1929 goto f_err; 1864 goto f_err;
1930 } 1865 }
1931 } 1866 }
@@ -1974,8 +1909,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
1974 pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1909 pkey = X509_get_pubkey(sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1975 if (pkey == NULL || pkey->type != EVP_PKEY_RSA || 1910 if (pkey == NULL || pkey->type != EVP_PKEY_RSA ||
1976 pkey->pkey.rsa == NULL) { 1911 pkey->pkey.rsa == NULL) {
1977 SSLerror( 1912 SSLerror(ERR_R_INTERNAL_ERROR);
1978 ERR_R_INTERNAL_ERROR);
1979 goto err; 1913 goto err;
1980 } 1914 }
1981 1915
@@ -1984,16 +1918,14 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
1984 arc4random_buf(&pms[2], sizeof(pms) - 2); 1918 arc4random_buf(&pms[2], sizeof(pms) - 2);
1985 1919
1986 if ((enc_pms = malloc(RSA_size(pkey->pkey.rsa))) == NULL) { 1920 if ((enc_pms = malloc(RSA_size(pkey->pkey.rsa))) == NULL) {
1987 SSLerror( 1921 SSLerror(ERR_R_MALLOC_FAILURE);
1988 ERR_R_MALLOC_FAILURE);
1989 goto err; 1922 goto err;
1990 } 1923 }
1991 1924
1992 enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, pkey->pkey.rsa, 1925 enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, pkey->pkey.rsa,
1993 RSA_PKCS1_PADDING); 1926 RSA_PKCS1_PADDING);
1994 if (enc_len <= 0) { 1927 if (enc_len <= 0) {
1995 SSLerror( 1928 SSLerror(SSL_R_BAD_RSA_ENCRYPT);
1996 SSL_R_BAD_RSA_ENCRYPT);
1997 goto err; 1929 goto err;
1998 } 1930 }
1999 1931
@@ -2031,8 +1963,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2031 /* Ensure that we have an ephemeral key for DHE. */ 1963 /* Ensure that we have an ephemeral key for DHE. */
2032 if (sess_cert->peer_dh_tmp == NULL) { 1964 if (sess_cert->peer_dh_tmp == NULL) {
2033 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 1965 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2034 SSLerror( 1966 SSLerror(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
2035 SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
2036 goto err; 1967 goto err;
2037 } 1968 }
2038 dh_srvr = sess_cert->peer_dh_tmp; 1969 dh_srvr = sess_cert->peer_dh_tmp;
@@ -2048,8 +1979,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2048 } 1979 }
2049 key_size = DH_size(dh_clnt); 1980 key_size = DH_size(dh_clnt);
2050 if ((key = malloc(key_size)) == NULL) { 1981 if ((key = malloc(key_size)) == NULL) {
2051 SSLerror( 1982 SSLerror(ERR_R_MALLOC_FAILURE);
2052 ERR_R_MALLOC_FAILURE);
2053 goto err; 1983 goto err;
2054 } 1984 }
2055 key_len = DH_compute_key(key, dh_srvr->pub_key, dh_clnt); 1985 key_len = DH_compute_key(key, dh_srvr->pub_key, dh_clnt);
@@ -2098,14 +2028,12 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
2098 2028
2099 if ((group = EC_KEY_get0_group(sc->peer_ecdh_tmp)) == NULL || 2029 if ((group = EC_KEY_get0_group(sc->peer_ecdh_tmp)) == NULL ||
2100 (point = EC_KEY_get0_public_key(sc->peer_ecdh_tmp)) == NULL) { 2030 (point = EC_KEY_get0_public_key(sc->peer_ecdh_tmp)) == NULL) {
2101 SSLerror( 2031 SSLerror(ERR_R_INTERNAL_ERROR);
2102 ERR_R_INTERNAL_ERROR);
2103 goto err; 2032 goto err;
2104 } 2033 }
2105 2034
2106 if ((ecdh = EC_KEY_new()) == NULL) { 2035 if ((ecdh = EC_KEY_new()) == NULL) {
2107 SSLerror( 2036 SSLerror(ERR_R_MALLOC_FAILURE);
2108 ERR_R_MALLOC_FAILURE);
2109 goto err; 2037 goto err;
2110 } 2038 }
2111 2039
@@ -2124,8 +2052,7 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
2124 goto err; 2052 goto err;
2125 } 2053 }
2126 if ((key = malloc(key_size)) == NULL) { 2054 if ((key = malloc(key_size)) == NULL) {
2127 SSLerror( 2055 SSLerror(ERR_R_MALLOC_FAILURE);
2128 ERR_R_MALLOC_FAILURE);
2129 } 2056 }
2130 key_len = ECDH_compute_key(key, key_size, point, ecdh, NULL); 2057 key_len = ECDH_compute_key(key, key_size, point, ecdh, NULL);
2131 if (key_len <= 0) { 2058 if (key_len <= 0) {
@@ -2146,8 +2073,7 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
2146 } 2073 }
2147 2074
2148 if ((bn_ctx = BN_CTX_new()) == NULL) { 2075 if ((bn_ctx = BN_CTX_new()) == NULL) {
2149 SSLerror( 2076 SSLerror(ERR_R_MALLOC_FAILURE);
2150 ERR_R_MALLOC_FAILURE);
2151 goto err; 2077 goto err;
2152 } 2078 }
2153 2079
@@ -2233,8 +2159,7 @@ ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sc, CBB *cbb)
2233 goto err; 2159 goto err;
2234 } else { 2160 } else {
2235 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2161 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2236 SSLerror( 2162 SSLerror(ERR_R_INTERNAL_ERROR);
2237 ERR_R_INTERNAL_ERROR);
2238 goto err; 2163 goto err;
2239 } 2164 }
2240 2165
@@ -2261,8 +2186,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2261 /* Get server sertificate PKEY and create ctx from it */ 2186 /* Get server sertificate PKEY and create ctx from it */
2262 peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509; 2187 peer_cert = sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509;
2263 if (peer_cert == NULL) { 2188 if (peer_cert == NULL) {
2264 SSLerror( 2189 SSLerror(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2265 SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2266 goto err; 2190 goto err;
2267 } 2191 }
2268 2192
@@ -2298,8 +2222,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2298 */ 2222 */
2299 ukm_hash = EVP_MD_CTX_create(); 2223 ukm_hash = EVP_MD_CTX_create();
2300 if (ukm_hash == NULL) { 2224 if (ukm_hash == NULL) {
2301 SSLerror( 2225 SSLerror(ERR_R_MALLOC_FAILURE);
2302 ERR_R_MALLOC_FAILURE);
2303 goto err; 2226 goto err;
2304 } 2227 }
2305 2228
@@ -2371,8 +2294,7 @@ ssl3_send_client_key_exchange(SSL *s)
2371 if ((sess_cert = SSI(s)->sess_cert) == NULL) { 2294 if ((sess_cert = SSI(s)->sess_cert) == NULL) {
2372 ssl3_send_alert(s, SSL3_AL_FATAL, 2295 ssl3_send_alert(s, SSL3_AL_FATAL,
2373 SSL_AD_UNEXPECTED_MESSAGE); 2296 SSL_AD_UNEXPECTED_MESSAGE);
2374 SSLerror( 2297 SSLerror(ERR_R_INTERNAL_ERROR);
2375 ERR_R_INTERNAL_ERROR);
2376 goto err; 2298 goto err;
2377 } 2299 }
2378 2300
@@ -2395,8 +2317,7 @@ ssl3_send_client_key_exchange(SSL *s)
2395 } else { 2317 } else {
2396 ssl3_send_alert(s, SSL3_AL_FATAL, 2318 ssl3_send_alert(s, SSL3_AL_FATAL,
2397 SSL_AD_HANDSHAKE_FAILURE); 2319 SSL_AD_HANDSHAKE_FAILURE);
2398 SSLerror( 2320 SSLerror(ERR_R_INTERNAL_ERROR);
2399 ERR_R_INTERNAL_ERROR);
2400 goto err; 2321 goto err;
2401 } 2322 }
2402 2323
@@ -2458,16 +2379,14 @@ ssl3_send_client_verify(SSL *s)
2458 &hdata); 2379 &hdata);
2459 if (hdatalen <= 0 || 2380 if (hdatalen <= 0 ||
2460 !tls12_get_sigandhash(p, pkey, md)) { 2381 !tls12_get_sigandhash(p, pkey, md)) {
2461 SSLerror( 2382 SSLerror(ERR_R_INTERNAL_ERROR);
2462 ERR_R_INTERNAL_ERROR);
2463 goto err; 2383 goto err;
2464 } 2384 }
2465 p += 2; 2385 p += 2;
2466 if (!EVP_SignInit_ex(&mctx, md, NULL) || 2386 if (!EVP_SignInit_ex(&mctx, md, NULL) ||
2467 !EVP_SignUpdate(&mctx, hdata, hdatalen) || 2387 !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
2468 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { 2388 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
2469 SSLerror( 2389 SSLerror(ERR_R_EVP_LIB);
2470 ERR_R_EVP_LIB);
2471 goto err; 2390 goto err;
2472 } 2391 }
2473 s2n(u, p); 2392 s2n(u, p);
@@ -2480,8 +2399,7 @@ ssl3_send_client_verify(SSL *s)
2480 if (RSA_sign(NID_md5_sha1, data, 2399 if (RSA_sign(NID_md5_sha1, data,
2481 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]), 2400 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
2482 &u, pkey->pkey.rsa) <= 0 ) { 2401 &u, pkey->pkey.rsa) <= 0 ) {
2483 SSLerror( 2402 SSLerror(ERR_R_RSA_LIB);
2484 ERR_R_RSA_LIB);
2485 goto err; 2403 goto err;
2486 } 2404 }
2487 s2n(u, p); 2405 s2n(u, p);
@@ -2491,8 +2409,7 @@ ssl3_send_client_verify(SSL *s)
2491 &(data[MD5_DIGEST_LENGTH]), 2409 &(data[MD5_DIGEST_LENGTH]),
2492 SHA_DIGEST_LENGTH, &(p[2]), 2410 SHA_DIGEST_LENGTH, &(p[2]),
2493 (unsigned int *)&j, pkey->pkey.dsa)) { 2411 (unsigned int *)&j, pkey->pkey.dsa)) {
2494 SSLerror( 2412 SSLerror(ERR_R_DSA_LIB);
2495 ERR_R_DSA_LIB);
2496 goto err; 2413 goto err;
2497 } 2414 }
2498 s2n(j, p); 2415 s2n(j, p);
@@ -2502,8 +2419,7 @@ ssl3_send_client_verify(SSL *s)
2502 &(data[MD5_DIGEST_LENGTH]), 2419 &(data[MD5_DIGEST_LENGTH]),
2503 SHA_DIGEST_LENGTH, &(p[2]), 2420 SHA_DIGEST_LENGTH, &(p[2]),
2504 (unsigned int *)&j, pkey->pkey.ec)) { 2421 (unsigned int *)&j, pkey->pkey.ec)) {
2505 SSLerror( 2422 SSLerror(ERR_R_ECDSA_LIB);
2506 ERR_R_ECDSA_LIB);
2507 goto err; 2423 goto err;
2508 } 2424 }
2509 s2n(j, p); 2425 s2n(j, p);
@@ -2520,14 +2436,12 @@ ssl3_send_client_verify(SSL *s)
2520 2436
2521 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); 2437 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
2522 if (hdatalen <= 0) { 2438 if (hdatalen <= 0) {
2523 SSLerror( 2439 SSLerror(ERR_R_INTERNAL_ERROR);
2524 ERR_R_INTERNAL_ERROR);
2525 goto err; 2440 goto err;
2526 } 2441 }
2527 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || 2442 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
2528 !(md = EVP_get_digestbynid(nid))) { 2443 !(md = EVP_get_digestbynid(nid))) {
2529 SSLerror( 2444 SSLerror(ERR_R_EVP_LIB);
2530 ERR_R_EVP_LIB);
2531 goto err; 2445 goto err;
2532 } 2446 }
2533 if (!EVP_DigestInit_ex(&mctx, md, NULL) || 2447 if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
@@ -2540,8 +2454,7 @@ ssl3_send_client_verify(SSL *s)
2540 NULL) <= 0) || 2454 NULL) <= 0) ||
2541 (EVP_PKEY_sign(pctx, &(p[2]), &sigsize, 2455 (EVP_PKEY_sign(pctx, &(p[2]), &sigsize,
2542 signbuf, u) <= 0)) { 2456 signbuf, u) <= 0)) {
2543 SSLerror( 2457 SSLerror(ERR_R_EVP_LIB);
2544 ERR_R_EVP_LIB);
2545 goto err; 2458 goto err;
2546 } 2459 }
2547 if (!tls1_digest_cached_records(s)) 2460 if (!tls1_digest_cached_records(s))
@@ -2551,8 +2464,7 @@ ssl3_send_client_verify(SSL *s)
2551 n = j + 2; 2464 n = j + 2;
2552#endif 2465#endif
2553 } else { 2466 } else {
2554 SSLerror( 2467 SSLerror(ERR_R_INTERNAL_ERROR);
2555 ERR_R_INTERNAL_ERROR);
2556 goto err; 2468 goto err;
2557 } 2469 }
2558 2470
@@ -2610,8 +2522,7 @@ ssl3_send_client_certificate(SSL *s)
2610 i = 0; 2522 i = 0;
2611 } else if (i == 1) { 2523 } else if (i == 1) {
2612 i = 0; 2524 i = 0;
2613 SSLerror( 2525 SSLerror(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2614 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2615 } 2526 }
2616 2527
2617 X509_free(x509); 2528 X509_free(x509);
@@ -2665,8 +2576,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2665 2576
2666 sc = SSI(s)->sess_cert; 2577 sc = SSI(s)->sess_cert;
2667 if (sc == NULL) { 2578 if (sc == NULL) {
2668 SSLerror( 2579 SSLerror(ERR_R_INTERNAL_ERROR);
2669 ERR_R_INTERNAL_ERROR);
2670 goto err; 2580 goto err;
2671 } 2581 }
2672 dh = SSI(s)->sess_cert->peer_dh_tmp; 2582 dh = SSI(s)->sess_cert->peer_dh_tmp;
@@ -2678,8 +2588,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2678 if (ssl_check_srvr_ecc_cert_and_alg( 2588 if (ssl_check_srvr_ecc_cert_and_alg(
2679 sc->peer_pkeys[idx].x509, s) == 0) { 2589 sc->peer_pkeys[idx].x509, s) == 0) {
2680 /* check failed */ 2590 /* check failed */
2681 SSLerror( 2591 SSLerror(SSL_R_BAD_ECC_CERT);
2682 SSL_R_BAD_ECC_CERT);
2683 goto f_err; 2592 goto f_err;
2684 } else { 2593 } else {
2685 return (1); 2594 return (1);
@@ -2691,25 +2600,21 @@ ssl3_check_cert_and_algorithm(SSL *s)
2691 2600
2692 /* Check that we have a certificate if we require one. */ 2601 /* Check that we have a certificate if we require one. */
2693 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { 2602 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
2694 SSLerror( 2603 SSLerror(SSL_R_MISSING_RSA_SIGNING_CERT);
2695 SSL_R_MISSING_RSA_SIGNING_CERT);
2696 goto f_err; 2604 goto f_err;
2697 } else if ((alg_a & SSL_aDSS) && 2605 } else if ((alg_a & SSL_aDSS) &&
2698 !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { 2606 !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
2699 SSLerror( 2607 SSLerror(SSL_R_MISSING_DSA_SIGNING_CERT);
2700 SSL_R_MISSING_DSA_SIGNING_CERT);
2701 goto f_err; 2608 goto f_err;
2702 } 2609 }
2703 if ((alg_k & SSL_kRSA) && 2610 if ((alg_k & SSL_kRSA) &&
2704 !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) { 2611 !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
2705 SSLerror( 2612 SSLerror(SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2706 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2707 goto f_err; 2613 goto f_err;
2708 } 2614 }
2709 if ((alg_k & SSL_kDHE) && 2615 if ((alg_k & SSL_kDHE) &&
2710 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { 2616 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
2711 SSLerror( 2617 SSLerror(SSL_R_MISSING_DH_KEY);
2712 SSL_R_MISSING_DH_KEY);
2713 goto f_err; 2618 goto f_err;
2714 } 2619 }
2715 2620
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 605fc428ad..898fdbc479 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.154 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.155 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -226,8 +226,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
226 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), 226 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
227 &(ctx->internal->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST); 227 &(ctx->internal->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
228 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { 228 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
229 SSLerror( 229 SSLerror(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
230 SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
231 return (0); 230 return (0);
232 } 231 }
233 return (1); 232 return (1);
@@ -381,8 +380,7 @@ SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
381 unsigned int sid_ctx_len) 380 unsigned int sid_ctx_len)
382{ 381{
383 if (sid_ctx_len > sizeof ctx->sid_ctx) { 382 if (sid_ctx_len > sizeof ctx->sid_ctx) {
384 SSLerror( 383 SSLerror(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
385 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
386 return (0); 384 return (0);
387 } 385 }
388 ctx->sid_ctx_length = sid_ctx_len; 386 ctx->sid_ctx_length = sid_ctx_len;
@@ -396,8 +394,7 @@ SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
396 unsigned int sid_ctx_len) 394 unsigned int sid_ctx_len)
397{ 395{
398 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 396 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
399 SSLerror( 397 SSLerror(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
400 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
401 return (0); 398 return (0);
402 } 399 }
403 ssl->sid_ctx_length = sid_ctx_len; 400 ssl->sid_ctx_length = sid_ctx_len;
@@ -873,13 +870,11 @@ SSL_CTX_check_private_key(const SSL_CTX *ctx)
873{ 870{
874 if ((ctx == NULL) || (ctx->internal->cert == NULL) || 871 if ((ctx == NULL) || (ctx->internal->cert == NULL) ||
875 (ctx->internal->cert->key->x509 == NULL)) { 872 (ctx->internal->cert->key->x509 == NULL)) {
876 SSLerror( 873 SSLerror(SSL_R_NO_CERTIFICATE_ASSIGNED);
877 SSL_R_NO_CERTIFICATE_ASSIGNED);
878 return (0); 874 return (0);
879 } 875 }
880 if (ctx->internal->cert->key->privatekey == NULL) { 876 if (ctx->internal->cert->key->privatekey == NULL) {
881 SSLerror( 877 SSLerror(SSL_R_NO_PRIVATE_KEY_ASSIGNED);
882 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
883 return (0); 878 return (0);
884 } 879 }
885 return (X509_check_private_key(ctx->internal->cert->key->x509, 880 return (X509_check_private_key(ctx->internal->cert->key->x509,
@@ -891,23 +886,19 @@ int
891SSL_check_private_key(const SSL *ssl) 886SSL_check_private_key(const SSL *ssl)
892{ 887{
893 if (ssl == NULL) { 888 if (ssl == NULL) {
894 SSLerror( 889 SSLerror(ERR_R_PASSED_NULL_PARAMETER);
895 ERR_R_PASSED_NULL_PARAMETER);
896 return (0); 890 return (0);
897 } 891 }
898 if (ssl->cert == NULL) { 892 if (ssl->cert == NULL) {
899 SSLerror( 893 SSLerror(SSL_R_NO_CERTIFICATE_ASSIGNED);
900 SSL_R_NO_CERTIFICATE_ASSIGNED);
901 return (0); 894 return (0);
902 } 895 }
903 if (ssl->cert->key->x509 == NULL) { 896 if (ssl->cert->key->x509 == NULL) {
904 SSLerror( 897 SSLerror(SSL_R_NO_CERTIFICATE_ASSIGNED);
905 SSL_R_NO_CERTIFICATE_ASSIGNED);
906 return (0); 898 return (0);
907 } 899 }
908 if (ssl->cert->key->privatekey == NULL) { 900 if (ssl->cert->key->privatekey == NULL) {
909 SSLerror( 901 SSLerror(SSL_R_NO_PRIVATE_KEY_ASSIGNED);
910 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
911 return (0); 902 return (0);
912 } 903 }
913 return (X509_check_private_key(ssl->cert->key->x509, 904 return (X509_check_private_key(ssl->cert->key->x509,
@@ -1428,8 +1419,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1428 * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2]. 1419 * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
1429 */ 1420 */
1430 if (num < 2 || num > 0x10000 - 2) { 1421 if (num < 2 || num > 0x10000 - 2) {
1431 SSLerror( 1422 SSLerror(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1432 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1433 return (NULL); 1423 return (NULL);
1434 } 1424 }
1435 1425
@@ -1441,8 +1431,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1441 CBS_init(&cbs, p, num); 1431 CBS_init(&cbs, p, num);
1442 while (CBS_len(&cbs) > 0) { 1432 while (CBS_len(&cbs) > 0) {
1443 if (!CBS_get_u16(&cbs, &cipher_value)) { 1433 if (!CBS_get_u16(&cbs, &cipher_value)) {
1444 SSLerror( 1434 SSLerror(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1445 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1446 goto err; 1435 goto err;
1447 } 1436 }
1448 1437
@@ -1454,8 +1443,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1454 * renegotiating. 1443 * renegotiating.
1455 */ 1444 */
1456 if (s->internal->renegotiate) { 1445 if (s->internal->renegotiate) {
1457 SSLerror( 1446 SSLerror(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1458 SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1459 ssl3_send_alert(s, SSL3_AL_FATAL, 1447 ssl3_send_alert(s, SSL3_AL_FATAL,
1460 SSL_AD_HANDSHAKE_FAILURE); 1448 SSL_AD_HANDSHAKE_FAILURE);
1461 1449
@@ -1474,8 +1462,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1474 */ 1462 */
1475 max_version = ssl_max_server_version(s); 1463 max_version = ssl_max_server_version(s);
1476 if (max_version == 0 || s->version < max_version) { 1464 if (max_version == 0 || s->version < max_version) {
1477 SSLerror( 1465 SSLerror(SSL_R_INAPPROPRIATE_FALLBACK);
1478 SSL_R_INAPPROPRIATE_FALLBACK);
1479 if (s->s3 != NULL) 1466 if (s->s3 != NULL)
1480 ssl3_send_alert(s, SSL3_AL_FATAL, 1467 ssl3_send_alert(s, SSL3_AL_FATAL,
1481 SSL_AD_INAPPROPRIATE_FALLBACK); 1468 SSL_AD_INAPPROPRIATE_FALLBACK);
@@ -1486,8 +1473,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1486 1473
1487 if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) { 1474 if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
1488 if (!sk_SSL_CIPHER_push(sk, c)) { 1475 if (!sk_SSL_CIPHER_push(sk, c)) {
1489 SSLerror( 1476 SSLerror(ERR_R_MALLOC_FAILURE);
1490 ERR_R_MALLOC_FAILURE);
1491 goto err; 1477 goto err;
1492 } 1478 }
1493 } 1479 }
@@ -1812,8 +1798,7 @@ SSL_CTX_new(const SSL_METHOD *meth)
1812 } 1798 }
1813 1799
1814 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { 1800 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1815 SSLerror( 1801 SSLerror(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1816 SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1817 goto err; 1802 goto err;
1818 } 1803 }
1819 1804
@@ -1881,13 +1866,11 @@ SSL_CTX_new(const SSL_METHOD *meth)
1881 goto err; 1866 goto err;
1882 1867
1883 if ((ret->internal->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { 1868 if ((ret->internal->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
1884 SSLerror( 1869 SSLerror(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1885 SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1886 goto err2; 1870 goto err2;
1887 } 1871 }
1888 if ((ret->internal->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { 1872 if ((ret->internal->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
1889 SSLerror( 1873 SSLerror(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1890 SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1891 goto err2; 1874 goto err2;
1892 } 1875 }
1893 1876
@@ -2126,8 +2109,7 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2126 /* Key usage, if present, must allow signing. */ 2109 /* Key usage, if present, must allow signing. */
2127 if ((x->ex_flags & EXFLAG_KUSAGE) && 2110 if ((x->ex_flags & EXFLAG_KUSAGE) &&
2128 ((x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) == 0)) { 2111 ((x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) == 0)) {
2129 SSLerror( 2112 SSLerror(SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2130 SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2131 return (0); 2113 return (0);
2132 } 2114 }
2133 } 2115 }
@@ -2448,24 +2430,21 @@ SSL_set_connect_state(SSL *s)
2448int 2430int
2449ssl_undefined_function(SSL *s) 2431ssl_undefined_function(SSL *s)
2450{ 2432{
2451 SSLerror( 2433 SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2452 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2453 return (0); 2434 return (0);
2454} 2435}
2455 2436
2456int 2437int
2457ssl_undefined_void_function(void) 2438ssl_undefined_void_function(void)
2458{ 2439{
2459 SSLerror( 2440 SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2460 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2461 return (0); 2441 return (0);
2462} 2442}
2463 2443
2464int 2444int
2465ssl_undefined_const_function(const SSL *s) 2445ssl_undefined_const_function(const SSL *s)
2466{ 2446{
2467 SSLerror( 2447 SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2468 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2469 return (0); 2448 return (0);
2470} 2449}
2471 2450
diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c
index a8462ffd84..9ffc27e9a7 100644
--- a/src/lib/libssl/ssl_packet.c
+++ b/src/lib/libssl/ssl_packet.c
@@ -106,8 +106,7 @@ ssl_convert_sslv2_client_hello(SSL *s)
106 return -1; 106 return -1;
107 107
108 if (record_length < 9) { 108 if (record_length < 9) {
109 SSLerror( 109 SSLerror(SSL_R_RECORD_LENGTH_MISMATCH);
110 SSL_R_RECORD_LENGTH_MISMATCH);
111 return -1; 110 return -1;
112 } 111 }
113 if (record_length > 4096) { 112 if (record_length > 4096) {
@@ -150,8 +149,7 @@ ssl_convert_sslv2_client_hello(SSL *s)
150 if (!CBS_get_bytes(&cbs, &challenge, challenge_length)) 149 if (!CBS_get_bytes(&cbs, &challenge, challenge_length))
151 return -1; 150 return -1;
152 if (CBS_len(&cbs) != 0) { 151 if (CBS_len(&cbs) != 0) {
153 SSLerror( 152 SSLerror(SSL_R_RECORD_LENGTH_MISMATCH);
154 SSL_R_RECORD_LENGTH_MISMATCH);
155 return -1; 153 return -1;
156 } 154 }
157 155
@@ -236,16 +234,14 @@ ssl_server_legacy_first_packet(SSL *s)
236 if (ssl_is_sslv2_client_hello(&header) == 1) { 234 if (ssl_is_sslv2_client_hello(&header) == 1) {
237 /* Only permit SSLv2 client hellos if TLSv1.0 is enabled. */ 235 /* Only permit SSLv2 client hellos if TLSv1.0 is enabled. */
238 if (ssl_enabled_version_range(s, &min_version, NULL) != 1) { 236 if (ssl_enabled_version_range(s, &min_version, NULL) != 1) {
239 SSLerror( 237 SSLerror(SSL_R_NO_PROTOCOLS_AVAILABLE);
240 SSL_R_NO_PROTOCOLS_AVAILABLE);
241 return -1; 238 return -1;
242 } 239 }
243 if (min_version > TLS1_VERSION) 240 if (min_version > TLS1_VERSION)
244 return 1; 241 return 1;
245 242
246 if (ssl_convert_sslv2_client_hello(s) != 1) { 243 if (ssl_convert_sslv2_client_hello(s) != 1) {
247 SSLerror( 244 SSLerror(SSL_R_BAD_PACKET_LENGTH);
248 SSL_R_BAD_PACKET_LENGTH);
249 return -1; 245 return -1;
250 } 246 }
251 247
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index f354fb82bf..38d011fdc3 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.6 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.7 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -364,8 +364,7 @@ ssl3_get_record(SSL *s)
364 if (!CBS_get_u8(&header, &type) || 364 if (!CBS_get_u8(&header, &type) ||
365 !CBS_get_u16(&header, &ssl_version) || 365 !CBS_get_u16(&header, &ssl_version) ||
366 !CBS_get_u16(&header, &len)) { 366 !CBS_get_u16(&header, &len)) {
367 SSLerror( 367 SSLerror(SSL_R_BAD_PACKET_LENGTH);
368 SSL_R_BAD_PACKET_LENGTH);
369 goto err; 368 goto err;
370 } 369 }
371 370
@@ -374,8 +373,7 @@ ssl3_get_record(SSL *s)
374 373
375 /* Lets check version */ 374 /* Lets check version */
376 if (!s->internal->first_packet && ssl_version != s->version) { 375 if (!s->internal->first_packet && ssl_version != s->version) {
377 SSLerror( 376 SSLerror(SSL_R_WRONG_VERSION_NUMBER);
378 SSL_R_WRONG_VERSION_NUMBER);
379 if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && 377 if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
380 !s->internal->enc_write_ctx && !s->internal->write_hash) 378 !s->internal->enc_write_ctx && !s->internal->write_hash)
381 /* Send back error using their minor version number :-) */ 379 /* Send back error using their minor version number :-) */
@@ -385,15 +383,13 @@ ssl3_get_record(SSL *s)
385 } 383 }
386 384
387 if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) { 385 if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
388 SSLerror( 386 SSLerror(SSL_R_WRONG_VERSION_NUMBER);
389 SSL_R_WRONG_VERSION_NUMBER);
390 goto err; 387 goto err;
391 } 388 }
392 389
393 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { 390 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
394 al = SSL_AD_RECORD_OVERFLOW; 391 al = SSL_AD_RECORD_OVERFLOW;
395 SSLerror( 392 SSLerror(SSL_R_PACKET_LENGTH_TOO_LONG);
396 SSL_R_PACKET_LENGTH_TOO_LONG);
397 goto f_err; 393 goto f_err;
398 } 394 }
399 395
@@ -510,8 +506,7 @@ ssl3_get_record(SSL *s)
510 * (e.g. via a logfile) 506 * (e.g. via a logfile)
511 */ 507 */
512 al = SSL_AD_BAD_RECORD_MAC; 508 al = SSL_AD_BAD_RECORD_MAC;
513 SSLerror( 509 SSLerror(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
514 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
515 goto f_err; 510 goto f_err;
516 } 511 }
517 512
@@ -543,8 +538,7 @@ ssl3_get_record(SSL *s)
543 * empty record without forcing want_read. 538 * empty record without forcing want_read.
544 */ 539 */
545 if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) { 540 if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {
546 SSLerror( 541 SSLerror(SSL_R_PEER_BEHAVING_BADLY);
547 SSL_R_PEER_BEHAVING_BADLY);
548 return -1; 542 return -1;
549 } 543 }
550 if (s->internal->empty_record_count > 1) { 544 if (s->internal->empty_record_count > 1) {
@@ -588,8 +582,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
588 if (i < 0) 582 if (i < 0)
589 return (i); 583 return (i);
590 if (i == 0) { 584 if (i == 0) {
591 SSLerror( 585 SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
592 SSL_R_SSL_HANDSHAKE_FAILURE);
593 return -1; 586 return -1;
594 } 587 }
595 } 588 }
@@ -698,8 +691,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
698 if (prefix_len > 691 if (prefix_len >
699 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { 692 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
700 /* insufficient space */ 693 /* insufficient space */
701 SSLerror( 694 SSLerror(ERR_R_INTERNAL_ERROR);
702 ERR_R_INTERNAL_ERROR);
703 goto err; 695 goto err;
704 } 696 }
705 } 697 }
@@ -961,8 +953,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
961 if (i < 0) 953 if (i < 0)
962 return (i); 954 return (i);
963 if (i == 0) { 955 if (i == 0) {
964 SSLerror( 956 SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
965 SSL_R_SSL_HANDSHAKE_FAILURE);
966 return (-1); 957 return (-1);
967 } 958 }
968 } 959 }
@@ -1004,8 +995,7 @@ start:
1004 * reset by ssl3_get_finished */ 995 * reset by ssl3_get_finished */
1005 && (rr->type != SSL3_RT_HANDSHAKE)) { 996 && (rr->type != SSL3_RT_HANDSHAKE)) {
1006 al = SSL_AD_UNEXPECTED_MESSAGE; 997 al = SSL_AD_UNEXPECTED_MESSAGE;
1007 SSLerror( 998 SSLerror(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1008 SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1009 goto f_err; 999 goto f_err;
1010 } 1000 }
1011 1001
@@ -1025,8 +1015,7 @@ start:
1025 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && 1015 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
1026 (s->enc_read_ctx == NULL)) { 1016 (s->enc_read_ctx == NULL)) {
1027 al = SSL_AD_UNEXPECTED_MESSAGE; 1017 al = SSL_AD_UNEXPECTED_MESSAGE;
1028 SSLerror( 1018 SSLerror(SSL_R_APP_DATA_IN_HANDSHAKE);
1029 SSL_R_APP_DATA_IN_HANDSHAKE);
1030 goto f_err; 1019 goto f_err;
1031 } 1020 }
1032 1021
@@ -1126,8 +1115,7 @@ start:
1126 if (i < 0) 1115 if (i < 0)
1127 return (i); 1116 return (i);
1128 if (i == 0) { 1117 if (i == 0) {
1129 SSLerror( 1118 SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
1130 SSL_R_SSL_HANDSHAKE_FAILURE);
1131 return (-1); 1119 return (-1);
1132 } 1120 }
1133 1121
@@ -1200,15 +1188,13 @@ start:
1200 */ 1188 */
1201 else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { 1189 else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
1202 al = SSL_AD_HANDSHAKE_FAILURE; 1190 al = SSL_AD_HANDSHAKE_FAILURE;
1203 SSLerror( 1191 SSLerror(SSL_R_NO_RENEGOTIATION);
1204 SSL_R_NO_RENEGOTIATION);
1205 goto f_err; 1192 goto f_err;
1206 } 1193 }
1207 } else if (alert_level == SSL3_AL_FATAL) { 1194 } else if (alert_level == SSL3_AL_FATAL) {
1208 s->internal->rwstate = SSL_NOTHING; 1195 s->internal->rwstate = SSL_NOTHING;
1209 S3I(s)->fatal_alert = alert_descr; 1196 S3I(s)->fatal_alert = alert_descr;
1210 SSLerror( 1197 SSLerror(SSL_AD_REASON_OFFSET + alert_descr);
1211 SSL_AD_REASON_OFFSET + alert_descr);
1212 ERR_asprintf_error_data("SSL alert number %d", 1198 ERR_asprintf_error_data("SSL alert number %d",
1213 alert_descr); 1199 alert_descr);
1214 s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; 1200 s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
@@ -1236,24 +1222,21 @@ start:
1236 if ((rr->length != 1) || (rr->off != 0) || 1222 if ((rr->length != 1) || (rr->off != 0) ||
1237 (rr->data[0] != SSL3_MT_CCS)) { 1223 (rr->data[0] != SSL3_MT_CCS)) {
1238 al = SSL_AD_ILLEGAL_PARAMETER; 1224 al = SSL_AD_ILLEGAL_PARAMETER;
1239 SSLerror( 1225 SSLerror(SSL_R_BAD_CHANGE_CIPHER_SPEC);
1240 SSL_R_BAD_CHANGE_CIPHER_SPEC);
1241 goto f_err; 1226 goto f_err;
1242 } 1227 }
1243 1228
1244 /* Check we have a cipher to change to */ 1229 /* Check we have a cipher to change to */
1245 if (S3I(s)->tmp.new_cipher == NULL) { 1230 if (S3I(s)->tmp.new_cipher == NULL) {
1246 al = SSL_AD_UNEXPECTED_MESSAGE; 1231 al = SSL_AD_UNEXPECTED_MESSAGE;
1247 SSLerror( 1232 SSLerror(SSL_R_CCS_RECEIVED_EARLY);
1248 SSL_R_CCS_RECEIVED_EARLY);
1249 goto f_err; 1233 goto f_err;
1250 } 1234 }
1251 1235
1252 /* Check that we should be receiving a Change Cipher Spec. */ 1236 /* Check that we should be receiving a Change Cipher Spec. */
1253 if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { 1237 if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
1254 al = SSL_AD_UNEXPECTED_MESSAGE; 1238 al = SSL_AD_UNEXPECTED_MESSAGE;
1255 SSLerror( 1239 SSLerror(SSL_R_CCS_RECEIVED_EARLY);
1256 SSL_R_CCS_RECEIVED_EARLY);
1257 goto f_err; 1240 goto f_err;
1258 } 1241 }
1259 s->s3->flags &= ~SSL3_FLAGS_CCS_OK; 1242 s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
@@ -1285,8 +1268,7 @@ start:
1285 if (i < 0) 1268 if (i < 0)
1286 return (i); 1269 return (i);
1287 if (i == 0) { 1270 if (i == 0) {
1288 SSLerror( 1271 SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
1289 SSL_R_SSL_HANDSHAKE_FAILURE);
1290 return (-1); 1272 return (-1);
1291 } 1273 }
1292 1274
@@ -1373,8 +1355,7 @@ ssl3_do_change_cipher_spec(SSL *s)
1373 if (S3I(s)->tmp.key_block == NULL) { 1355 if (S3I(s)->tmp.key_block == NULL) {
1374 if (s->session == NULL || s->session->master_key_length == 0) { 1356 if (s->session == NULL || s->session->master_key_length == 0) {
1375 /* might happen if dtls1_read_bytes() calls this */ 1357 /* might happen if dtls1_read_bytes() calls this */
1376 SSLerror( 1358 SSLerror(SSL_R_CCS_RECEIVED_EARLY);
1377 SSL_R_CCS_RECEIVED_EARLY);
1378 return (0); 1359 return (0);
1379 } 1360 }
1380 1361
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index 3efed227f0..facb8ac274 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_rsa.c,v 1.26 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: ssl_rsa.c,v 1.27 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -565,8 +565,7 @@ int
565SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) 565SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
566{ 566{
567 if (pkey == NULL) { 567 if (pkey == NULL) {
568 SSLerror( 568 SSLerror(ERR_R_PASSED_NULL_PARAMETER);
569 ERR_R_PASSED_NULL_PARAMETER);
570 return (0); 569 return (0);
571 } 570 }
572 if (!ssl_cert_inst(&ctx->internal->cert)) { 571 if (!ssl_cert_inst(&ctx->internal->cert)) {
@@ -602,8 +601,7 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
602 j = ERR_R_ASN1_LIB; 601 j = ERR_R_ASN1_LIB;
603 pkey = d2i_PrivateKey_bio(in, NULL); 602 pkey = d2i_PrivateKey_bio(in, NULL);
604 } else { 603 } else {
605 SSLerror( 604 SSLerror(SSL_R_BAD_SSL_FILETYPE);
606 SSL_R_BAD_SSL_FILETYPE);
607 goto end; 605 goto end;
608 } 606 }
609 if (pkey == NULL) { 607 if (pkey == NULL) {
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 5cd531ef59..5477e9a168 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sess.c,v 1.68 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: ssl_sess.c,v 1.69 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -312,8 +312,7 @@ ssl_get_new_session(SSL *s, int session)
312 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; 312 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
313 break; 313 break;
314 default: 314 default:
315 SSLerror( 315 SSLerror(SSL_R_UNSUPPORTED_SSL_VERSION);
316 SSL_R_UNSUPPORTED_SSL_VERSION);
317 SSL_SESSION_free(ss); 316 SSL_SESSION_free(ss);
318 return (0); 317 return (0);
319 } 318 }
@@ -336,8 +335,7 @@ ssl_get_new_session(SSL *s, int session)
336 tmp = ss->session_id_length; 335 tmp = ss->session_id_length;
337 if (!cb(s, ss->session_id, &tmp)) { 336 if (!cb(s, ss->session_id, &tmp)) {
338 /* The callback failed */ 337 /* The callback failed */
339 SSLerror( 338 SSLerror(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
340 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
341 SSL_SESSION_free(ss); 339 SSL_SESSION_free(ss);
342 return (0); 340 return (0);
343 } 341 }
@@ -348,8 +346,7 @@ ssl_get_new_session(SSL *s, int session)
348 */ 346 */
349 if (!tmp || (tmp > ss->session_id_length)) { 347 if (!tmp || (tmp > ss->session_id_length)) {
350 /* The callback set an illegal length */ 348 /* The callback set an illegal length */
351 SSLerror( 349 SSLerror(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
352 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
353 SSL_SESSION_free(ss); 350 SSL_SESSION_free(ss);
354 return (0); 351 return (0);
355 } 352 }
@@ -358,8 +355,7 @@ ssl_get_new_session(SSL *s, int session)
358 /* Finally, check for a conflict. */ 355 /* Finally, check for a conflict. */
359 if (SSL_has_matching_session_id(s, ss->session_id, 356 if (SSL_has_matching_session_id(s, ss->session_id,
360 ss->session_id_length)) { 357 ss->session_id_length)) {
361 SSLerror( 358 SSLerror(SSL_R_SSL_SESSION_ID_CONFLICT);
362 SSL_R_SSL_SESSION_ID_CONFLICT);
363 SSL_SESSION_free(ss); 359 SSL_SESSION_free(ss);
364 return (0); 360 return (0);
365 } 361 }
@@ -368,8 +364,7 @@ sess_id_done:
368 if (s->tlsext_hostname) { 364 if (s->tlsext_hostname) {
369 ss->tlsext_hostname = strdup(s->tlsext_hostname); 365 ss->tlsext_hostname = strdup(s->tlsext_hostname);
370 if (ss->tlsext_hostname == NULL) { 366 if (ss->tlsext_hostname == NULL) {
371 SSLerror( 367 SSLerror(ERR_R_INTERNAL_ERROR);
372 ERR_R_INTERNAL_ERROR);
373 SSL_SESSION_free(ss); 368 SSL_SESSION_free(ss);
374 return 0; 369 return 0;
375 } 370 }
@@ -528,8 +523,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
528 * applications to effectively disable the session cache by 523 * applications to effectively disable the session cache by
529 * accident without anyone noticing). 524 * accident without anyone noticing).
530 */ 525 */
531 SSLerror( 526 SSLerror(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
532 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
533 fatal = 1; 527 fatal = 1;
534 goto err; 528 goto err;
535 } 529 }
@@ -729,8 +723,7 @@ SSL_set_session(SSL *s, SSL_SESSION *session)
729 if (meth == NULL) 723 if (meth == NULL)
730 meth = s->method->internal->get_ssl_method(session->ssl_version); 724 meth = s->method->internal->get_ssl_method(session->ssl_version);
731 if (meth == NULL) { 725 if (meth == NULL) {
732 SSLerror( 726 SSLerror(SSL_R_UNABLE_TO_FIND_SSL_METHOD);
733 SSL_R_UNABLE_TO_FIND_SSL_METHOD);
734 return (0); 727 return (0);
735 } 728 }
736 729
@@ -810,8 +803,7 @@ SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
810 unsigned int sid_ctx_len) 803 unsigned int sid_ctx_len)
811{ 804{
812 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { 805 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
813 SSLerror( 806 SSLerror(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
814 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
815 return 0; 807 return 0;
816 } 808 }
817 s->sid_ctx_length = sid_ctx_len; 809 s->sid_ctx_length = sid_ctx_len;
@@ -872,8 +864,7 @@ SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
872 s->internal->tlsext_session_ticket = 864 s->internal->tlsext_session_ticket =
873 malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); 865 malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
874 if (!s->internal->tlsext_session_ticket) { 866 if (!s->internal->tlsext_session_ticket) {
875 SSLerror( 867 SSLerror(ERR_R_MALLOC_FAILURE);
876 ERR_R_MALLOC_FAILURE);
877 return 0; 868 return 0;
878 } 869 }
879 870
@@ -1080,13 +1071,11 @@ int
1080SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) 1071SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
1081{ 1072{
1082 if (!ENGINE_init(e)) { 1073 if (!ENGINE_init(e)) {
1083 SSLerror( 1074 SSLerror(ERR_R_ENGINE_LIB);
1084 ERR_R_ENGINE_LIB);
1085 return 0; 1075 return 0;
1086 } 1076 }
1087 if (!ENGINE_get_ssl_client_cert_function(e)) { 1077 if (!ENGINE_get_ssl_client_cert_function(e)) {
1088 SSLerror( 1078 SSLerror(SSL_R_NO_CLIENT_CERT_METHOD);
1089 SSL_R_NO_CLIENT_CERT_METHOD);
1090 ENGINE_finish(e); 1079 ENGINE_finish(e);
1091 return 0; 1080 return 0;
1092 } 1081 }
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 46ca4d6c9c..0b110d6a72 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.3 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.4 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -253,8 +253,7 @@ ssl3_accept(SSL *s)
253 * client that doesn't support secure 253 * client that doesn't support secure
254 * renegotiation. 254 * renegotiation.
255 */ 255 */
256 SSLerror( 256 SSLerror(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
257 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
258 ssl3_send_alert(s, SSL3_AL_FATAL, 257 ssl3_send_alert(s, SSL3_AL_FATAL,
259 SSL_AD_HANDSHAKE_FAILURE); 258 SSL_AD_HANDSHAKE_FAILURE);
260 ret = -1; 259 ret = -1;
@@ -484,8 +483,7 @@ ssl3_accept(SSL *s)
484 * at this point and digest cached records. 483 * at this point and digest cached records.
485 */ 484 */
486 if (!S3I(s)->handshake_buffer) { 485 if (!S3I(s)->handshake_buffer) {
487 SSLerror( 486 SSLerror(ERR_R_INTERNAL_ERROR);
488 ERR_R_INTERNAL_ERROR);
489 ret = -1; 487 ret = -1;
490 goto end; 488 goto end;
491 } 489 }
@@ -673,8 +671,7 @@ ssl3_accept(SSL *s)
673 /* break; */ 671 /* break; */
674 672
675 default: 673 default:
676 SSLerror( 674 SSLerror(SSL_R_UNKNOWN_STATE);
677 SSL_R_UNKNOWN_STATE);
678 ret = -1; 675 ret = -1;
679 goto end; 676 goto end;
680 /* break; */ 677 /* break; */
@@ -868,8 +865,7 @@ ssl3_get_client_hello(SSL *s)
868 if (cookie_len > sizeof(D1I(s)->rcvd_cookie)) { 865 if (cookie_len > sizeof(D1I(s)->rcvd_cookie)) {
869 /* too much data */ 866 /* too much data */
870 al = SSL_AD_DECODE_ERROR; 867 al = SSL_AD_DECODE_ERROR;
871 SSLerror( 868 SSLerror(SSL_R_COOKIE_MISMATCH);
872 SSL_R_COOKIE_MISMATCH);
873 goto f_err; 869 goto f_err;
874 } 870 }
875 871
@@ -885,8 +881,7 @@ ssl3_get_client_hello(SSL *s)
885 if (s->ctx->internal->app_verify_cookie_cb(s, 881 if (s->ctx->internal->app_verify_cookie_cb(s,
886 D1I(s)->rcvd_cookie, cookie_len) == 0) { 882 D1I(s)->rcvd_cookie, cookie_len) == 0) {
887 al = SSL_AD_HANDSHAKE_FAILURE; 883 al = SSL_AD_HANDSHAKE_FAILURE;
888 SSLerror( 884 SSLerror(SSL_R_COOKIE_MISMATCH);
889 SSL_R_COOKIE_MISMATCH);
890 goto f_err; 885 goto f_err;
891 } 886 }
892 /* else cookie verification succeeded */ 887 /* else cookie verification succeeded */
@@ -894,8 +889,7 @@ ssl3_get_client_hello(SSL *s)
894 D1I(s)->cookie_len) != 0) { 889 D1I(s)->cookie_len) != 0) {
895 /* default verification */ 890 /* default verification */
896 al = SSL_AD_HANDSHAKE_FAILURE; 891 al = SSL_AD_HANDSHAKE_FAILURE;
897 SSLerror( 892 SSLerror(SSL_R_COOKIE_MISMATCH);
898 SSL_R_COOKIE_MISMATCH);
899 goto f_err; 893 goto f_err;
900 } 894 }
901 895
@@ -911,8 +905,7 @@ ssl3_get_client_hello(SSL *s)
911 if ((i == 0) && (j != 0)) { 905 if ((i == 0) && (j != 0)) {
912 /* we need a cipher if we are not resuming a session */ 906 /* we need a cipher if we are not resuming a session */
913 al = SSL_AD_ILLEGAL_PARAMETER; 907 al = SSL_AD_ILLEGAL_PARAMETER;
914 SSLerror( 908 SSLerror(SSL_R_NO_CIPHERS_SPECIFIED);
915 SSL_R_NO_CIPHERS_SPECIFIED);
916 goto f_err; 909 goto f_err;
917 } 910 }
918 if (p - d + i > n) 911 if (p - d + i > n)
@@ -941,8 +934,7 @@ ssl3_get_client_hello(SSL *s)
941 * list if we are asked to reuse it 934 * list if we are asked to reuse it
942 */ 935 */
943 al = SSL_AD_ILLEGAL_PARAMETER; 936 al = SSL_AD_ILLEGAL_PARAMETER;
944 SSLerror( 937 SSLerror(SSL_R_REQUIRED_CIPHER_MISSING);
945 SSL_R_REQUIRED_CIPHER_MISSING);
946 goto f_err; 938 goto f_err;
947 } 939 }
948 } 940 }
@@ -962,8 +954,7 @@ ssl3_get_client_hello(SSL *s)
962 if (j >= i) { 954 if (j >= i) {
963 /* no compress */ 955 /* no compress */
964 al = SSL_AD_DECODE_ERROR; 956 al = SSL_AD_DECODE_ERROR;
965 SSLerror( 957 SSLerror(SSL_R_NO_COMPRESSION_SPECIFIED);
966 SSL_R_NO_COMPRESSION_SPECIFIED);
967 goto f_err; 958 goto f_err;
968 } 959 }
969 960
@@ -974,8 +965,7 @@ ssl3_get_client_hello(SSL *s)
974 goto f_err; 965 goto f_err;
975 } 966 }
976 if (ssl_check_clienthello_tlsext_early(s) <= 0) { 967 if (ssl_check_clienthello_tlsext_early(s) <= 0) {
977 SSLerror( 968 SSLerror(SSL_R_CLIENTHELLO_TLSEXT);
978 SSL_R_CLIENTHELLO_TLSEXT);
979 goto err; 969 goto err;
980 } 970 }
981 971
@@ -1006,8 +996,7 @@ ssl3_get_client_hello(SSL *s)
1006 SSL_get_ciphers(s)); 996 SSL_get_ciphers(s));
1007 if (pref_cipher == NULL) { 997 if (pref_cipher == NULL) {
1008 al = SSL_AD_HANDSHAKE_FAILURE; 998 al = SSL_AD_HANDSHAKE_FAILURE;
1009 SSLerror( 999 SSLerror(SSL_R_NO_SHARED_CIPHER);
1010 SSL_R_NO_SHARED_CIPHER);
1011 goto f_err; 1000 goto f_err;
1012 } 1001 }
1013 1002
@@ -1032,8 +1021,7 @@ ssl3_get_client_hello(SSL *s)
1032 s->session->ciphers = ciphers; 1021 s->session->ciphers = ciphers;
1033 if (ciphers == NULL) { 1022 if (ciphers == NULL) {
1034 al = SSL_AD_ILLEGAL_PARAMETER; 1023 al = SSL_AD_ILLEGAL_PARAMETER;
1035 SSLerror( 1024 SSLerror(SSL_R_NO_CIPHERS_PASSED);
1036 SSL_R_NO_CIPHERS_PASSED);
1037 goto f_err; 1025 goto f_err;
1038 } 1026 }
1039 ciphers = NULL; 1027 ciphers = NULL;
@@ -1042,8 +1030,7 @@ ssl3_get_client_hello(SSL *s)
1042 1030
1043 if (c == NULL) { 1031 if (c == NULL) {
1044 al = SSL_AD_HANDSHAKE_FAILURE; 1032 al = SSL_AD_HANDSHAKE_FAILURE;
1045 SSLerror( 1033 SSLerror(SSL_R_NO_SHARED_CIPHER);
1046 SSL_R_NO_SHARED_CIPHER);
1047 goto f_err; 1034 goto f_err;
1048 } 1035 }
1049 S3I(s)->tmp.new_cipher = c; 1036 S3I(s)->tmp.new_cipher = c;
@@ -1142,8 +1129,7 @@ ssl3_send_server_hello(SSL *s)
1142 1129
1143 sl = s->session->session_id_length; 1130 sl = s->session->session_id_length;
1144 if (sl > (int)sizeof(s->session->session_id)) { 1131 if (sl > (int)sizeof(s->session->session_id)) {
1145 SSLerror( 1132 SSLerror(ERR_R_INTERNAL_ERROR);
1146 ERR_R_INTERNAL_ERROR);
1147 goto err; 1133 goto err;
1148 } 1134 }
1149 1135
@@ -1166,8 +1152,7 @@ ssl3_send_server_hello(SSL *s)
1166 1152
1167 if ((p = ssl_add_serverhello_tlsext(s, p + outlen, 1153 if ((p = ssl_add_serverhello_tlsext(s, p + outlen,
1168 bufend)) == NULL) { 1154 bufend)) == NULL) {
1169 SSLerror( 1155 SSLerror(ERR_R_INTERNAL_ERROR);
1170 ERR_R_INTERNAL_ERROR);
1171 goto err; 1156 goto err;
1172 } 1157 }
1173 1158
@@ -1208,8 +1193,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
1208 if (s->cert->dh_tmp_auto != 0) { 1193 if (s->cert->dh_tmp_auto != 0) {
1209 if ((dhp = ssl_get_auto_dh(s)) == NULL) { 1194 if ((dhp = ssl_get_auto_dh(s)) == NULL) {
1210 al = SSL_AD_INTERNAL_ERROR; 1195 al = SSL_AD_INTERNAL_ERROR;
1211 SSLerror( 1196 SSLerror(ERR_R_INTERNAL_ERROR);
1212 ERR_R_INTERNAL_ERROR);
1213 goto f_err; 1197 goto f_err;
1214 } 1198 }
1215 } else 1199 } else
@@ -1221,14 +1205,12 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
1221 1205
1222 if (dhp == NULL) { 1206 if (dhp == NULL) {
1223 al = SSL_AD_HANDSHAKE_FAILURE; 1207 al = SSL_AD_HANDSHAKE_FAILURE;
1224 SSLerror( 1208 SSLerror(SSL_R_MISSING_TMP_DH_KEY);
1225 SSL_R_MISSING_TMP_DH_KEY);
1226 goto f_err; 1209 goto f_err;
1227 } 1210 }
1228 1211
1229 if (S3I(s)->tmp.dh != NULL) { 1212 if (S3I(s)->tmp.dh != NULL) {
1230 SSLerror( 1213 SSLerror(ERR_R_INTERNAL_ERROR);
1231 ERR_R_INTERNAL_ERROR);
1232 goto err; 1214 goto err;
1233 } 1215 }
1234 1216
@@ -1299,14 +1281,12 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1299 } 1281 }
1300 if (ecdhp == NULL) { 1282 if (ecdhp == NULL) {
1301 al = SSL_AD_HANDSHAKE_FAILURE; 1283 al = SSL_AD_HANDSHAKE_FAILURE;
1302 SSLerror( 1284 SSLerror(SSL_R_MISSING_TMP_ECDH_KEY);
1303 SSL_R_MISSING_TMP_ECDH_KEY);
1304 goto f_err; 1285 goto f_err;
1305 } 1286 }
1306 1287
1307 if (S3I(s)->tmp.ecdh != NULL) { 1288 if (S3I(s)->tmp.ecdh != NULL) {
1308 SSLerror( 1289 SSLerror(ERR_R_INTERNAL_ERROR);
1309 ERR_R_INTERNAL_ERROR);
1310 goto err; 1290 goto err;
1311 } 1291 }
1312 1292
@@ -1314,8 +1294,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1314 if (s->cert->ecdh_tmp_auto != 0) { 1294 if (s->cert->ecdh_tmp_auto != 0) {
1315 ecdh = ecdhp; 1295 ecdh = ecdhp;
1316 } else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { 1296 } else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
1317 SSLerror( 1297 SSLerror(ERR_R_ECDH_LIB);
1318 ERR_R_ECDH_LIB);
1319 goto err; 1298 goto err;
1320 } 1299 }
1321 S3I(s)->tmp.ecdh = ecdh; 1300 S3I(s)->tmp.ecdh = ecdh;
@@ -1324,8 +1303,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1324 (EC_KEY_get0_private_key(ecdh) == NULL) || 1303 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1325 (s->internal->options & SSL_OP_SINGLE_ECDH_USE)) { 1304 (s->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
1326 if (!EC_KEY_generate_key(ecdh)) { 1305 if (!EC_KEY_generate_key(ecdh)) {
1327 SSLerror( 1306 SSLerror(ERR_R_ECDH_LIB);
1328 ERR_R_ECDH_LIB);
1329 goto err; 1307 goto err;
1330 } 1308 }
1331 } 1309 }
@@ -1333,8 +1311,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1333 if (((group = EC_KEY_get0_group(ecdh)) == NULL) || 1311 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1334 (EC_KEY_get0_public_key(ecdh) == NULL) || 1312 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1335 (EC_KEY_get0_private_key(ecdh) == NULL)) { 1313 (EC_KEY_get0_private_key(ecdh) == NULL)) {
1336 SSLerror( 1314 SSLerror(ERR_R_ECDH_LIB);
1337 ERR_R_ECDH_LIB);
1338 goto err; 1315 goto err;
1339 } 1316 }
1340 1317
@@ -1344,8 +1321,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1344 */ 1321 */
1345 if ((curve_id = tls1_ec_nid2curve_id( 1322 if ((curve_id = tls1_ec_nid2curve_id(
1346 EC_GROUP_get_curve_name(group))) == 0) { 1323 EC_GROUP_get_curve_name(group))) == 0) {
1347 SSLerror( 1324 SSLerror(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1348 SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1349 goto err; 1325 goto err;
1350 } 1326 }
1351 1327
@@ -1360,8 +1336,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
1360 1336
1361 bn_ctx = BN_CTX_new(); 1337 bn_ctx = BN_CTX_new();
1362 if ((encodedPoint == NULL) || (bn_ctx == NULL)) { 1338 if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
1363 SSLerror( 1339 SSLerror(ERR_R_MALLOC_FAILURE);
1364 ERR_R_MALLOC_FAILURE);
1365 goto err; 1340 goto err;
1366 } 1341 }
1367 1342
@@ -1421,8 +1396,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
1421 1396
1422 /* Generate an X25519 key pair. */ 1397 /* Generate an X25519 key pair. */
1423 if (S3I(s)->tmp.x25519 != NULL) { 1398 if (S3I(s)->tmp.x25519 != NULL) {
1424 SSLerror( 1399 SSLerror(ERR_R_INTERNAL_ERROR);
1425 ERR_R_INTERNAL_ERROR);
1426 goto err; 1400 goto err;
1427 } 1401 }
1428 if ((S3I(s)->tmp.x25519 = malloc(X25519_KEY_LENGTH)) == NULL) 1402 if ((S3I(s)->tmp.x25519 = malloc(X25519_KEY_LENGTH)) == NULL)
@@ -1433,8 +1407,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
1433 1407
1434 /* Serialize public key. */ 1408 /* Serialize public key. */
1435 if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { 1409 if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) {
1436 SSLerror( 1410 SSLerror(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1437 SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1438 goto err; 1411 goto err;
1439 } 1412 }
1440 1413
@@ -1509,8 +1482,7 @@ ssl3_send_server_key_exchange(SSL *s)
1509 goto err; 1482 goto err;
1510 } else { 1483 } else {
1511 al = SSL_AD_HANDSHAKE_FAILURE; 1484 al = SSL_AD_HANDSHAKE_FAILURE;
1512 SSLerror( 1485 SSLerror(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1513 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1514 goto f_err; 1486 goto f_err;
1515 } 1487 }
1516 1488
@@ -1531,8 +1503,7 @@ ssl3_send_server_key_exchange(SSL *s)
1531 1503
1532 if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) + 1504 if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) +
1533 params_len + kn)) { 1505 params_len + kn)) {
1534 SSLerror( 1506 SSLerror(ERR_LIB_BUF);
1535 ERR_LIB_BUF);
1536 goto err; 1507 goto err;
1537 } 1508 }
1538 1509
@@ -1611,8 +1582,7 @@ ssl3_send_server_key_exchange(SSL *s)
1611 } else { 1582 } else {
1612 /* Is this error check actually needed? */ 1583 /* Is this error check actually needed? */
1613 al = SSL_AD_HANDSHAKE_FAILURE; 1584 al = SSL_AD_HANDSHAKE_FAILURE;
1614 SSLerror( 1585 SSLerror(SSL_R_UNKNOWN_PKEY_TYPE);
1615 SSL_R_UNKNOWN_PKEY_TYPE);
1616 goto f_err; 1586 goto f_err;
1617 } 1587 }
1618 } 1588 }
@@ -1724,8 +1694,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
1724 if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || 1694 if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) ||
1725 (pkey->pkey.rsa == NULL)) { 1695 (pkey->pkey.rsa == NULL)) {
1726 al = SSL_AD_HANDSHAKE_FAILURE; 1696 al = SSL_AD_HANDSHAKE_FAILURE;
1727 SSLerror( 1697 SSLerror(SSL_R_MISSING_RSA_CERTIFICATE);
1728 SSL_R_MISSING_RSA_CERTIFICATE);
1729 goto f_err; 1698 goto f_err;
1730 } 1699 }
1731 rsa = pkey->pkey.rsa; 1700 rsa = pkey->pkey.rsa;
@@ -1734,8 +1703,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
1734 goto truncated; 1703 goto truncated;
1735 n2s(p, i); 1704 n2s(p, i);
1736 if (n != i + 2) { 1705 if (n != i + 2) {
1737 SSLerror( 1706 SSLerror(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
1738 SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
1739 goto err; 1707 goto err;
1740 } else 1708 } else
1741 n = i; 1709 n = i;
@@ -1836,15 +1804,13 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n)
1836 1804
1837 if (S3I(s)->tmp.dh == NULL) { 1805 if (S3I(s)->tmp.dh == NULL) {
1838 al = SSL_AD_HANDSHAKE_FAILURE; 1806 al = SSL_AD_HANDSHAKE_FAILURE;
1839 SSLerror( 1807 SSLerror(SSL_R_MISSING_TMP_DH_KEY);
1840 SSL_R_MISSING_TMP_DH_KEY);
1841 goto f_err; 1808 goto f_err;
1842 } 1809 }
1843 dh = S3I(s)->tmp.dh; 1810 dh = S3I(s)->tmp.dh;
1844 1811
1845 if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) { 1812 if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) {
1846 SSLerror( 1813 SSLerror(SSL_R_BN_LIB);
1847 SSL_R_BN_LIB);
1848 goto err; 1814 goto err;
1849 } 1815 }
1850 1816
@@ -1894,8 +1860,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1894 1860
1895 /* Initialize structures for server's ECDH key pair. */ 1861 /* Initialize structures for server's ECDH key pair. */
1896 if ((srvr_ecdh = EC_KEY_new()) == NULL) { 1862 if ((srvr_ecdh = EC_KEY_new()) == NULL) {
1897 SSLerror( 1863 SSLerror(ERR_R_MALLOC_FAILURE);
1898 ERR_R_MALLOC_FAILURE);
1899 goto err; 1864 goto err;
1900 } 1865 }
1901 1866
@@ -1910,15 +1875,13 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1910 1875
1911 if (!EC_KEY_set_group(srvr_ecdh, group) || 1876 if (!EC_KEY_set_group(srvr_ecdh, group) ||
1912 !EC_KEY_set_private_key(srvr_ecdh, priv_key)) { 1877 !EC_KEY_set_private_key(srvr_ecdh, priv_key)) {
1913 SSLerror( 1878 SSLerror(ERR_R_EC_LIB);
1914 ERR_R_EC_LIB);
1915 goto err; 1879 goto err;
1916 } 1880 }
1917 1881
1918 /* Let's get client's public key */ 1882 /* Let's get client's public key */
1919 if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) { 1883 if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) {
1920 SSLerror( 1884 SSLerror(ERR_R_MALLOC_FAILURE);
1921 ERR_R_MALLOC_FAILURE);
1922 goto err; 1885 goto err;
1923 } 1886 }
1924 1887
@@ -1940,16 +1903,14 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1940 * group. 1903 * group.
1941 */ 1904 */
1942 al = SSL_AD_HANDSHAKE_FAILURE; 1905 al = SSL_AD_HANDSHAKE_FAILURE;
1943 SSLerror( 1906 SSLerror(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
1944 SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
1945 goto f_err; 1907 goto f_err;
1946 } 1908 }
1947 1909
1948 if (EC_POINT_copy(clnt_ecpoint, 1910 if (EC_POINT_copy(clnt_ecpoint,
1949 EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) 1911 EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec))
1950 == 0) { 1912 == 0) {
1951 SSLerror( 1913 SSLerror(ERR_R_EC_LIB);
1952 ERR_R_EC_LIB);
1953 goto err; 1914 goto err;
1954 } 1915 }
1955 ret = 2; /* Skip certificate verify processing */ 1916 ret = 2; /* Skip certificate verify processing */
@@ -1959,8 +1920,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1959 * in the ClientKeyExchange message. 1920 * in the ClientKeyExchange message.
1960 */ 1921 */
1961 if ((bn_ctx = BN_CTX_new()) == NULL) { 1922 if ((bn_ctx = BN_CTX_new()) == NULL) {
1962 SSLerror( 1923 SSLerror(ERR_R_MALLOC_FAILURE);
1963 ERR_R_MALLOC_FAILURE);
1964 goto err; 1924 goto err;
1965 } 1925 }
1966 1926
@@ -1969,14 +1929,12 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1969 1929
1970 p += 1; 1930 p += 1;
1971 if (n != 1 + i) { 1931 if (n != 1 + i) {
1972 SSLerror( 1932 SSLerror(ERR_R_EC_LIB);
1973 ERR_R_EC_LIB);
1974 goto err; 1933 goto err;
1975 } 1934 }
1976 if (EC_POINT_oct2point(group, 1935 if (EC_POINT_oct2point(group,
1977 clnt_ecpoint, p, i, bn_ctx) == 0) { 1936 clnt_ecpoint, p, i, bn_ctx) == 0) {
1978 SSLerror( 1937 SSLerror(ERR_R_EC_LIB);
1979 ERR_R_EC_LIB);
1980 goto err; 1938 goto err;
1981 } 1939 }
1982 /* 1940 /*
@@ -1989,15 +1947,13 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
1989 /* Compute the shared pre-master secret */ 1947 /* Compute the shared pre-master secret */
1990 key_size = ECDH_size(srvr_ecdh); 1948 key_size = ECDH_size(srvr_ecdh);
1991 if (key_size <= 0) { 1949 if (key_size <= 0) {
1992 SSLerror( 1950 SSLerror(ERR_R_ECDH_LIB);
1993 ERR_R_ECDH_LIB);
1994 goto err; 1951 goto err;
1995 } 1952 }
1996 i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh, 1953 i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh,
1997 NULL); 1954 NULL);
1998 if (i <= 0) { 1955 if (i <= 0) {
1999 SSLerror( 1956 SSLerror(ERR_R_ECDH_LIB);
2000 ERR_R_ECDH_LIB);
2001 goto err; 1957 goto err;
2002 } 1958 }
2003 1959
@@ -2114,16 +2070,14 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
2114 if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, 2070 if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag,
2115 &Tclass, n) != V_ASN1_CONSTRUCTED || 2071 &Tclass, n) != V_ASN1_CONSTRUCTED ||
2116 Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) { 2072 Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) {
2117 SSLerror( 2073 SSLerror(SSL_R_DECRYPTION_FAILED);
2118 SSL_R_DECRYPTION_FAILED);
2119 goto gerr; 2074 goto gerr;
2120 } 2075 }
2121 start = p; 2076 start = p;
2122 inlen = Tlen; 2077 inlen = Tlen;
2123 if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, 2078 if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen,
2124 start, inlen) <=0) { 2079 start, inlen) <=0) {
2125 SSLerror( 2080 SSLerror(SSL_R_DECRYPTION_FAILED);
2126 SSL_R_DECRYPTION_FAILED);
2127 goto gerr; 2081 goto gerr;
2128 } 2082 }
2129 /* Generate master secret */ 2083 /* Generate master secret */
@@ -2184,8 +2138,7 @@ ssl3_get_client_key_exchange(SSL *s)
2184 goto err; 2138 goto err;
2185 } else { 2139 } else {
2186 al = SSL_AD_HANDSHAKE_FAILURE; 2140 al = SSL_AD_HANDSHAKE_FAILURE;
2187 SSLerror( 2141 SSLerror(SSL_R_UNKNOWN_CIPHER_TYPE);
2188 SSL_R_UNKNOWN_CIPHER_TYPE);
2189 goto f_err; 2142 goto f_err;
2190 } 2143 }
2191 2144
@@ -2228,8 +2181,7 @@ ssl3_get_cert_verify(SSL *s)
2228 S3I(s)->tmp.reuse_message = 1; 2181 S3I(s)->tmp.reuse_message = 1;
2229 if (peer != NULL) { 2182 if (peer != NULL) {
2230 al = SSL_AD_UNEXPECTED_MESSAGE; 2183 al = SSL_AD_UNEXPECTED_MESSAGE;
2231 SSLerror( 2184 SSLerror(SSL_R_MISSING_VERIFY_MESSAGE);
2232 SSL_R_MISSING_VERIFY_MESSAGE);
2233 goto f_err; 2185 goto f_err;
2234 } 2186 }
2235 ret = 1; 2187 ret = 1;
@@ -2237,22 +2189,19 @@ ssl3_get_cert_verify(SSL *s)
2237 } 2189 }
2238 2190
2239 if (peer == NULL) { 2191 if (peer == NULL) {
2240 SSLerror( 2192 SSLerror(SSL_R_NO_CLIENT_CERT_RECEIVED);
2241 SSL_R_NO_CLIENT_CERT_RECEIVED);
2242 al = SSL_AD_UNEXPECTED_MESSAGE; 2193 al = SSL_AD_UNEXPECTED_MESSAGE;
2243 goto f_err; 2194 goto f_err;
2244 } 2195 }
2245 2196
2246 if (!(type & EVP_PKT_SIGN)) { 2197 if (!(type & EVP_PKT_SIGN)) {
2247 SSLerror( 2198 SSLerror(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
2248 SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
2249 al = SSL_AD_ILLEGAL_PARAMETER; 2199 al = SSL_AD_ILLEGAL_PARAMETER;
2250 goto f_err; 2200 goto f_err;
2251 } 2201 }
2252 2202
2253 if (S3I(s)->change_cipher_spec) { 2203 if (S3I(s)->change_cipher_spec) {
2254 SSLerror( 2204 SSLerror(SSL_R_CCS_RECEIVED_EARLY);
2255 SSL_R_CCS_RECEIVED_EARLY);
2256 al = SSL_AD_UNEXPECTED_MESSAGE; 2205 al = SSL_AD_UNEXPECTED_MESSAGE;
2257 goto f_err; 2206 goto f_err;
2258 } 2207 }
@@ -2273,8 +2222,7 @@ ssl3_get_cert_verify(SSL *s)
2273 int sigalg = tls12_get_sigid(pkey); 2222 int sigalg = tls12_get_sigid(pkey);
2274 /* Should never happen */ 2223 /* Should never happen */
2275 if (sigalg == -1) { 2224 if (sigalg == -1) {
2276 SSLerror( 2225 SSLerror(ERR_R_INTERNAL_ERROR);
2277 ERR_R_INTERNAL_ERROR);
2278 al = SSL_AD_INTERNAL_ERROR; 2226 al = SSL_AD_INTERNAL_ERROR;
2279 goto f_err; 2227 goto f_err;
2280 } 2228 }
@@ -2282,15 +2230,13 @@ ssl3_get_cert_verify(SSL *s)
2282 goto truncated; 2230 goto truncated;
2283 /* Check key type is consistent with signature */ 2231 /* Check key type is consistent with signature */
2284 if (sigalg != (int)p[1]) { 2232 if (sigalg != (int)p[1]) {
2285 SSLerror( 2233 SSLerror(SSL_R_WRONG_SIGNATURE_TYPE);
2286 SSL_R_WRONG_SIGNATURE_TYPE);
2287 al = SSL_AD_DECODE_ERROR; 2234 al = SSL_AD_DECODE_ERROR;
2288 goto f_err; 2235 goto f_err;
2289 } 2236 }
2290 md = tls12_get_hash(p[0]); 2237 md = tls12_get_hash(p[0]);
2291 if (md == NULL) { 2238 if (md == NULL) {
2292 SSLerror( 2239 SSLerror(SSL_R_UNKNOWN_DIGEST);
2293 SSL_R_UNKNOWN_DIGEST);
2294 al = SSL_AD_DECODE_ERROR; 2240 al = SSL_AD_DECODE_ERROR;
2295 goto f_err; 2241 goto f_err;
2296 } 2242 }
@@ -2306,8 +2252,7 @@ ssl3_get_cert_verify(SSL *s)
2306 } 2252 }
2307 j = EVP_PKEY_size(pkey); 2253 j = EVP_PKEY_size(pkey);
2308 if ((i > j) || (n > j) || (n <= 0)) { 2254 if ((i > j) || (n > j) || (n <= 0)) {
2309 SSLerror( 2255 SSLerror(SSL_R_WRONG_SIGNATURE_SIZE);
2310 SSL_R_WRONG_SIGNATURE_SIZE);
2311 al = SSL_AD_DECODE_ERROR; 2256 al = SSL_AD_DECODE_ERROR;
2312 goto f_err; 2257 goto f_err;
2313 } 2258 }
@@ -2317,23 +2262,20 @@ ssl3_get_cert_verify(SSL *s)
2317 void *hdata; 2262 void *hdata;
2318 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); 2263 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
2319 if (hdatalen <= 0) { 2264 if (hdatalen <= 0) {
2320 SSLerror( 2265 SSLerror(ERR_R_INTERNAL_ERROR);
2321 ERR_R_INTERNAL_ERROR);
2322 al = SSL_AD_INTERNAL_ERROR; 2266 al = SSL_AD_INTERNAL_ERROR;
2323 goto f_err; 2267 goto f_err;
2324 } 2268 }
2325 if (!EVP_VerifyInit_ex(&mctx, md, NULL) || 2269 if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
2326 !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { 2270 !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
2327 SSLerror( 2271 SSLerror(ERR_R_EVP_LIB);
2328 ERR_R_EVP_LIB);
2329 al = SSL_AD_INTERNAL_ERROR; 2272 al = SSL_AD_INTERNAL_ERROR;
2330 goto f_err; 2273 goto f_err;
2331 } 2274 }
2332 2275
2333 if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) { 2276 if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
2334 al = SSL_AD_DECRYPT_ERROR; 2277 al = SSL_AD_DECRYPT_ERROR;
2335 SSLerror( 2278 SSLerror(SSL_R_BAD_SIGNATURE);
2336 SSL_R_BAD_SIGNATURE);
2337 goto f_err; 2279 goto f_err;
2338 } 2280 }
2339 } else 2281 } else
@@ -2343,14 +2285,12 @@ ssl3_get_cert_verify(SSL *s)
2343 pkey->pkey.rsa); 2285 pkey->pkey.rsa);
2344 if (i < 0) { 2286 if (i < 0) {
2345 al = SSL_AD_DECRYPT_ERROR; 2287 al = SSL_AD_DECRYPT_ERROR;
2346 SSLerror( 2288 SSLerror(SSL_R_BAD_RSA_DECRYPT);
2347 SSL_R_BAD_RSA_DECRYPT);
2348 goto f_err; 2289 goto f_err;
2349 } 2290 }
2350 if (i == 0) { 2291 if (i == 0) {
2351 al = SSL_AD_DECRYPT_ERROR; 2292 al = SSL_AD_DECRYPT_ERROR;
2352 SSLerror( 2293 SSLerror(SSL_R_BAD_RSA_SIGNATURE);
2353 SSL_R_BAD_RSA_SIGNATURE);
2354 goto f_err; 2294 goto f_err;
2355 } 2295 }
2356 } else 2296 } else
@@ -2361,8 +2301,7 @@ ssl3_get_cert_verify(SSL *s)
2361 if (j <= 0) { 2301 if (j <= 0) {
2362 /* bad signature */ 2302 /* bad signature */
2363 al = SSL_AD_DECRYPT_ERROR; 2303 al = SSL_AD_DECRYPT_ERROR;
2364 SSLerror( 2304 SSLerror(SSL_R_BAD_DSA_SIGNATURE);
2365 SSL_R_BAD_DSA_SIGNATURE);
2366 goto f_err; 2305 goto f_err;
2367 } 2306 }
2368 } else 2307 } else
@@ -2373,8 +2312,7 @@ ssl3_get_cert_verify(SSL *s)
2373 if (j <= 0) { 2312 if (j <= 0) {
2374 /* bad signature */ 2313 /* bad signature */
2375 al = SSL_AD_DECRYPT_ERROR; 2314 al = SSL_AD_DECRYPT_ERROR;
2376 SSLerror( 2315 SSLerror(SSL_R_BAD_ECDSA_SIGNATURE);
2377 SSL_R_BAD_ECDSA_SIGNATURE);
2378 goto f_err; 2316 goto f_err;
2379 } 2317 }
2380 } else 2318 } else
@@ -2390,22 +2328,19 @@ ssl3_get_cert_verify(SSL *s)
2390 2328
2391 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); 2329 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
2392 if (hdatalen <= 0) { 2330 if (hdatalen <= 0) {
2393 SSLerror( 2331 SSLerror(ERR_R_INTERNAL_ERROR);
2394 ERR_R_INTERNAL_ERROR);
2395 al = SSL_AD_INTERNAL_ERROR; 2332 al = SSL_AD_INTERNAL_ERROR;
2396 goto f_err; 2333 goto f_err;
2397 } 2334 }
2398 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || 2335 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
2399 !(md = EVP_get_digestbynid(nid))) { 2336 !(md = EVP_get_digestbynid(nid))) {
2400 SSLerror( 2337 SSLerror(ERR_R_EVP_LIB);
2401 ERR_R_EVP_LIB);
2402 al = SSL_AD_INTERNAL_ERROR; 2338 al = SSL_AD_INTERNAL_ERROR;
2403 goto f_err; 2339 goto f_err;
2404 } 2340 }
2405 pctx = EVP_PKEY_CTX_new(pkey, NULL); 2341 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2406 if (!pctx) { 2342 if (!pctx) {
2407 SSLerror( 2343 SSLerror(ERR_R_EVP_LIB);
2408 ERR_R_EVP_LIB);
2409 al = SSL_AD_INTERNAL_ERROR; 2344 al = SSL_AD_INTERNAL_ERROR;
2410 goto f_err; 2345 goto f_err;
2411 } 2346 }
@@ -2418,8 +2353,7 @@ ssl3_get_cert_verify(SSL *s)
2418 EVP_PKEY_CTRL_GOST_SIG_FORMAT, 2353 EVP_PKEY_CTRL_GOST_SIG_FORMAT,
2419 GOST_SIG_FORMAT_RS_LE, 2354 GOST_SIG_FORMAT_RS_LE,
2420 NULL) <= 0)) { 2355 NULL) <= 0)) {
2421 SSLerror( 2356 SSLerror(ERR_R_EVP_LIB);
2422 ERR_R_EVP_LIB);
2423 al = SSL_AD_INTERNAL_ERROR; 2357 al = SSL_AD_INTERNAL_ERROR;
2424 EVP_PKEY_CTX_free(pctx); 2358 EVP_PKEY_CTX_free(pctx);
2425 goto f_err; 2359 goto f_err;
@@ -2427,8 +2361,7 @@ ssl3_get_cert_verify(SSL *s)
2427 2361
2428 if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) { 2362 if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) {
2429 al = SSL_AD_DECRYPT_ERROR; 2363 al = SSL_AD_DECRYPT_ERROR;
2430 SSLerror( 2364 SSLerror(SSL_R_BAD_SIGNATURE);
2431 SSL_R_BAD_SIGNATURE);
2432 EVP_PKEY_CTX_free(pctx); 2365 EVP_PKEY_CTX_free(pctx);
2433 goto f_err; 2366 goto f_err;
2434 } 2367 }
@@ -2437,8 +2370,7 @@ ssl3_get_cert_verify(SSL *s)
2437 } else 2370 } else
2438#endif 2371#endif
2439 { 2372 {
2440 SSLerror( 2373 SSLerror(ERR_R_INTERNAL_ERROR);
2441 ERR_R_INTERNAL_ERROR);
2442 al = SSL_AD_UNSUPPORTED_CERTIFICATE; 2374 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
2443 goto f_err; 2375 goto f_err;
2444 } 2376 }
@@ -2482,8 +2414,7 @@ ssl3_get_client_certificate(SSL *s)
2482 if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { 2414 if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
2483 if ((s->verify_mode & SSL_VERIFY_PEER) && 2415 if ((s->verify_mode & SSL_VERIFY_PEER) &&
2484 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { 2416 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
2485 SSLerror( 2417 SSLerror(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2486 SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2487 al = SSL_AD_HANDSHAKE_FAILURE; 2418 al = SSL_AD_HANDSHAKE_FAILURE;
2488 goto f_err; 2419 goto f_err;
2489 } 2420 }
@@ -2492,8 +2423,7 @@ ssl3_get_client_certificate(SSL *s)
2492 * the client must return a 0 list. 2423 * the client must return a 0 list.
2493 */ 2424 */
2494 if (S3I(s)->tmp.cert_request) { 2425 if (S3I(s)->tmp.cert_request) {
2495 SSLerror( 2426 SSLerror(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
2496 SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
2497 ); 2427 );
2498 al = SSL_AD_UNEXPECTED_MESSAGE; 2428 al = SSL_AD_UNEXPECTED_MESSAGE;
2499 goto f_err; 2429 goto f_err;
@@ -2504,8 +2434,7 @@ ssl3_get_client_certificate(SSL *s)
2504 2434
2505 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) { 2435 if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
2506 al = SSL_AD_UNEXPECTED_MESSAGE; 2436 al = SSL_AD_UNEXPECTED_MESSAGE;
2507 SSLerror( 2437 SSLerror(SSL_R_WRONG_MESSAGE_TYPE);
2508 SSL_R_WRONG_MESSAGE_TYPE);
2509 goto f_err; 2438 goto f_err;
2510 } 2439 }
2511 2440
@@ -2515,8 +2444,7 @@ ssl3_get_client_certificate(SSL *s)
2515 CBS_init(&cbs, s->internal->init_msg, n); 2444 CBS_init(&cbs, s->internal->init_msg, n);
2516 2445
2517 if ((sk = sk_X509_new_null()) == NULL) { 2446 if ((sk = sk_X509_new_null()) == NULL) {
2518 SSLerror( 2447 SSLerror(ERR_R_MALLOC_FAILURE);
2519 ERR_R_MALLOC_FAILURE);
2520 goto err; 2448 goto err;
2521 } 2449 }
2522 2450
@@ -2529,27 +2457,23 @@ ssl3_get_client_certificate(SSL *s)
2529 2457
2530 if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) { 2458 if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
2531 al = SSL_AD_DECODE_ERROR; 2459 al = SSL_AD_DECODE_ERROR;
2532 SSLerror( 2460 SSLerror(SSL_R_CERT_LENGTH_MISMATCH);
2533 SSL_R_CERT_LENGTH_MISMATCH);
2534 goto f_err; 2461 goto f_err;
2535 } 2462 }
2536 2463
2537 q = CBS_data(&cert); 2464 q = CBS_data(&cert);
2538 x = d2i_X509(NULL, &q, CBS_len(&cert)); 2465 x = d2i_X509(NULL, &q, CBS_len(&cert));
2539 if (x == NULL) { 2466 if (x == NULL) {
2540 SSLerror( 2467 SSLerror(ERR_R_ASN1_LIB);
2541 ERR_R_ASN1_LIB);
2542 goto err; 2468 goto err;
2543 } 2469 }
2544 if (q != CBS_data(&cert) + CBS_len(&cert)) { 2470 if (q != CBS_data(&cert) + CBS_len(&cert)) {
2545 al = SSL_AD_DECODE_ERROR; 2471 al = SSL_AD_DECODE_ERROR;
2546 SSLerror( 2472 SSLerror(SSL_R_CERT_LENGTH_MISMATCH);
2547 SSL_R_CERT_LENGTH_MISMATCH);
2548 goto f_err; 2473 goto f_err;
2549 } 2474 }
2550 if (!sk_X509_push(sk, x)) { 2475 if (!sk_X509_push(sk, x)) {
2551 SSLerror( 2476 SSLerror(ERR_R_MALLOC_FAILURE);
2552 ERR_R_MALLOC_FAILURE);
2553 goto err; 2477 goto err;
2554 } 2478 }
2555 x = NULL; 2479 x = NULL;
@@ -2562,8 +2486,7 @@ ssl3_get_client_certificate(SSL *s)
2562 */ 2486 */
2563 if ((s->verify_mode & SSL_VERIFY_PEER) && 2487 if ((s->verify_mode & SSL_VERIFY_PEER) &&
2564 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { 2488 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
2565 SSLerror( 2489 SSLerror(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2566 SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2567 al = SSL_AD_HANDSHAKE_FAILURE; 2490 al = SSL_AD_HANDSHAKE_FAILURE;
2568 goto f_err; 2491 goto f_err;
2569 } 2492 }
@@ -2576,8 +2499,7 @@ ssl3_get_client_certificate(SSL *s)
2576 i = ssl_verify_cert_chain(s, sk); 2499 i = ssl_verify_cert_chain(s, sk);
2577 if (i <= 0) { 2500 if (i <= 0) {
2578 al = ssl_verify_alarm_type(s->verify_result); 2501 al = ssl_verify_alarm_type(s->verify_result);
2579 SSLerror( 2502 SSLerror(SSL_R_NO_CERTIFICATE_RETURNED);
2580 SSL_R_NO_CERTIFICATE_RETURNED);
2581 goto f_err; 2503 goto f_err;
2582 } 2504 }
2583 } 2505 }
@@ -2593,8 +2515,7 @@ ssl3_get_client_certificate(SSL *s)
2593 if (SSI(s)->sess_cert == NULL) { 2515 if (SSI(s)->sess_cert == NULL) {
2594 SSI(s)->sess_cert = ssl_sess_cert_new(); 2516 SSI(s)->sess_cert = ssl_sess_cert_new();
2595 if (SSI(s)->sess_cert == NULL) { 2517 if (SSI(s)->sess_cert == NULL) {
2596 SSLerror( 2518 SSLerror(ERR_R_MALLOC_FAILURE);
2597 ERR_R_MALLOC_FAILURE);
2598 goto err; 2519 goto err;
2599 } 2520 }
2600 } 2521 }
@@ -2612,8 +2533,7 @@ ssl3_get_client_certificate(SSL *s)
2612 if (0) { 2533 if (0) {
2613truncated: 2534truncated:
2614 al = SSL_AD_DECODE_ERROR; 2535 al = SSL_AD_DECODE_ERROR;
2615 SSLerror( 2536 SSLerror(SSL_R_BAD_PACKET_LENGTH);
2616 SSL_R_BAD_PACKET_LENGTH);
2617f_err: 2537f_err:
2618 ssl3_send_alert(s, SSL3_AL_FATAL, al); 2538 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2619 } 2539 }
@@ -2638,8 +2558,7 @@ ssl3_send_server_certificate(SSL *s)
2638 2558
2639 if (s->internal->state == SSL3_ST_SW_CERT_A) { 2559 if (s->internal->state == SSL3_ST_SW_CERT_A) {
2640 if ((x = ssl_get_server_send_cert(s)) == NULL) { 2560 if ((x = ssl_get_server_send_cert(s)) == NULL) {
2641 SSLerror( 2561 SSLerror(ERR_R_INTERNAL_ERROR);
2642 ERR_R_INTERNAL_ERROR);
2643 return (0); 2562 return (0);
2644 } 2563 }
2645 2564
@@ -2857,8 +2776,7 @@ ssl3_get_next_proto(SSL *s)
2857 * extension in their ClientHello 2776 * extension in their ClientHello
2858 */ 2777 */
2859 if (!S3I(s)->next_proto_neg_seen) { 2778 if (!S3I(s)->next_proto_neg_seen) {
2860 SSLerror( 2779 SSLerror(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
2861 SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
2862 return (-1); 2780 return (-1);
2863 } 2781 }
2864 2782
@@ -2874,8 +2792,7 @@ ssl3_get_next_proto(SSL *s)
2874 * by ssl3_get_finished). 2792 * by ssl3_get_finished).
2875 */ 2793 */
2876 if (!S3I(s)->change_cipher_spec) { 2794 if (!S3I(s)->change_cipher_spec) {
2877 SSLerror( 2795 SSLerror(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
2878 SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
2879 return (-1); 2796 return (-1);
2880 } 2797 }
2881 2798
@@ -2905,8 +2822,7 @@ ssl3_get_next_proto(SSL *s)
2905 s->internal->next_proto_negotiated_len = 0; 2822 s->internal->next_proto_negotiated_len = 0;
2906 2823
2907 if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) { 2824 if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) {
2908 SSLerror( 2825 SSLerror(ERR_R_MALLOC_FAILURE);
2909 ERR_R_MALLOC_FAILURE);
2910 return (0); 2826 return (0);
2911 } 2827 }
2912 s->internal->next_proto_negotiated_len = (uint8_t)len; 2828 s->internal->next_proto_negotiated_len = (uint8_t)len;
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index f79219561a..2ee521b073 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.94 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.95 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -228,8 +228,7 @@ tls1_digest_cached_records(SSL *s)
228 } 228 }
229 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); 229 hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
230 if (hdatalen <= 0) { 230 if (hdatalen <= 0) {
231 SSLerror( 231 SSLerror(SSL_R_BAD_HANDSHAKE_LENGTH);
232 SSL_R_BAD_HANDSHAKE_LENGTH);
233 goto err; 232 goto err;
234 } 233 }
235 234
@@ -240,8 +239,7 @@ tls1_digest_cached_records(SSL *s)
240 239
241 S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create(); 240 S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();
242 if (S3I(s)->handshake_dgst[i] == NULL) { 241 if (S3I(s)->handshake_dgst[i] == NULL) {
243 SSLerror( 242 SSLerror(ERR_R_MALLOC_FAILURE);
244 ERR_R_MALLOC_FAILURE);
245 goto err; 243 goto err;
246 } 244 }
247 if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) { 245 if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {
@@ -385,8 +383,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
385 count++; 383 count++;
386 } 384 }
387 if (count == 0) { 385 if (count == 0) {
388 SSLerror( 386 SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
389 SSL_R_SSL_HANDSHAKE_FAILURE);
390 goto err; 387 goto err;
391 } 388 }
392 len = slen / count; 389 len = slen / count;
@@ -397,8 +394,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
397 for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) { 394 for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
398 if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) { 395 if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
399 if (!md) { 396 if (!md) {
400 SSLerror( 397 SSLerror(SSL_R_UNSUPPORTED_DIGEST_TYPE);
401 SSL_R_UNSUPPORTED_DIGEST_TYPE);
402 goto err; 398 goto err;
403 } 399 }
404 if (!tls1_P_hash(md , S1, len + (slen&1), seed1, 400 if (!tls1_P_hash(md , S1, len + (slen&1), seed1,
@@ -474,8 +470,7 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
474 EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) 470 EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))
475 return (0); 471 return (0);
476 if (iv_len > sizeof(aead_ctx->fixed_nonce)) { 472 if (iv_len > sizeof(aead_ctx->fixed_nonce)) {
477 SSLerror( 473 SSLerror(ERR_R_INTERNAL_ERROR);
478 ERR_R_INTERNAL_ERROR);
479 return (0); 474 return (0);
480 } 475 }
481 memcpy(aead_ctx->fixed_nonce, iv, iv_len); 476 memcpy(aead_ctx->fixed_nonce, iv, iv_len);
@@ -491,15 +486,13 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
491 if (aead_ctx->xor_fixed_nonce) { 486 if (aead_ctx->xor_fixed_nonce) {
492 if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) || 487 if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) ||
493 aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) { 488 aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) {
494 SSLerror( 489 SSLerror(ERR_R_INTERNAL_ERROR);
495 ERR_R_INTERNAL_ERROR);
496 return (0); 490 return (0);
497 } 491 }
498 } else { 492 } else {
499 if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len != 493 if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len !=
500 EVP_AEAD_nonce_length(aead)) { 494 EVP_AEAD_nonce_length(aead)) {
501 SSLerror( 495 SSLerror(ERR_R_INTERNAL_ERROR);
502 ERR_R_INTERNAL_ERROR);
503 return (0); 496 return (0);
504 } 497 }
505 } 498 }
@@ -736,8 +729,7 @@ tls1_setup_key_block(SSL *s)
736 if (s->session->cipher && 729 if (s->session->cipher &&
737 (s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) { 730 (s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) {
738 if (!ssl_cipher_get_evp_aead(s->session, &aead)) { 731 if (!ssl_cipher_get_evp_aead(s->session, &aead)) {
739 SSLerror( 732 SSLerror(SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
740 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
741 return (0); 733 return (0);
742 } 734 }
743 key_len = EVP_AEAD_key_length(aead); 735 key_len = EVP_AEAD_key_length(aead);
@@ -745,8 +737,7 @@ tls1_setup_key_block(SSL *s)
745 } else { 737 } else {
746 if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type, 738 if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type,
747 &mac_secret_size)) { 739 &mac_secret_size)) {
748 SSLerror( 740 SSLerror(SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
749 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
750 return (0); 741 return (0);
751 } 742 }
752 key_len = EVP_CIPHER_key_length(cipher); 743 key_len = EVP_CIPHER_key_length(cipher);
@@ -1345,8 +1336,7 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1345 1336
1346 goto ret; 1337 goto ret;
1347err1: 1338err1:
1348 SSLerror( 1339 SSLerror(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
1349 SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
1350 rv = 0; 1340 rv = 0;
1351 goto ret; 1341 goto ret;
1352err2: 1342err2:
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b3e86c0a31..2e9d31112d 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.113 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.114 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -742,8 +742,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
742 int el; 742 int el;
743 743
744 if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { 744 if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) {
745 SSLerror( 745 SSLerror(ERR_R_INTERNAL_ERROR);
746 ERR_R_INTERNAL_ERROR);
747 return NULL; 746 return NULL;
748 } 747 }
749 748
@@ -754,8 +753,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
754 s2n(el, ret); 753 s2n(el, ret);
755 754
756 if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { 755 if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) {
757 SSLerror( 756 SSLerror(ERR_R_INTERNAL_ERROR);
758 ERR_R_INTERNAL_ERROR);
759 return NULL; 757 return NULL;
760 } 758 }
761 759
@@ -780,8 +778,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
780 if (formatslen > lenmax) 778 if (formatslen > lenmax)
781 return NULL; 779 return NULL;
782 if (formatslen > 255) { 780 if (formatslen > 255) {
783 SSLerror( 781 SSLerror(ERR_R_INTERNAL_ERROR);
784 ERR_R_INTERNAL_ERROR);
785 return NULL; 782 return NULL;
786 } 783 }
787 784
@@ -803,8 +800,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
803 if (curveslen * 2 > lenmax) 800 if (curveslen * 2 > lenmax)
804 return NULL; 801 return NULL;
805 if (curveslen * 2 > 65532) { 802 if (curveslen * 2 > 65532) {
806 SSLerror( 803 SSLerror(ERR_R_INTERNAL_ERROR);
807 ERR_R_INTERNAL_ERROR);
808 return NULL; 804 return NULL;
809 } 805 }
810 806
@@ -946,8 +942,7 @@ skip_ext:
946 s2n(el, ret); 942 s2n(el, ret);
947 943
948 if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) { 944 if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) {
949 SSLerror( 945 SSLerror(ERR_R_INTERNAL_ERROR);
950 ERR_R_INTERNAL_ERROR);
951 return NULL; 946 return NULL;
952 } 947 }
953 ret += el; 948 ret += el;
@@ -1025,8 +1020,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
1025 int el; 1020 int el;
1026 1021
1027 if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { 1022 if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) {
1028 SSLerror( 1023 SSLerror(ERR_R_INTERNAL_ERROR);
1029 ERR_R_INTERNAL_ERROR);
1030 return NULL; 1024 return NULL;
1031 } 1025 }
1032 1026
@@ -1037,8 +1031,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
1037 s2n(el, ret); 1031 s2n(el, ret);
1038 1032
1039 if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { 1033 if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) {
1040 SSLerror( 1034 SSLerror(ERR_R_INTERNAL_ERROR);
1041 ERR_R_INTERNAL_ERROR);
1042 return NULL; 1035 return NULL;
1043 } 1036 }
1044 1037
@@ -1061,8 +1054,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
1061 if (formatslen > lenmax) 1054 if (formatslen > lenmax)
1062 return NULL; 1055 return NULL;
1063 if (formatslen > 255) { 1056 if (formatslen > 255) {
1064 SSLerror( 1057 SSLerror(ERR_R_INTERNAL_ERROR);
1065 ERR_R_INTERNAL_ERROR);
1066 return NULL; 1058 return NULL;
1067 } 1059 }
1068 1060
@@ -1108,8 +1100,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
1108 s2n(el, ret); 1100 s2n(el, ret);
1109 1101
1110 if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) { 1102 if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) {
1111 SSLerror( 1103 SSLerror(ERR_R_INTERNAL_ERROR);
1112 ERR_R_INTERNAL_ERROR);
1113 return NULL; 1104 return NULL;
1114 } 1105 }
1115 ret += el; 1106 ret += el;
@@ -1627,8 +1618,7 @@ ri_check:
1627 1618
1628 if (!renegotiate_seen && s->internal->renegotiate) { 1619 if (!renegotiate_seen && s->internal->renegotiate) {
1629 *al = SSL_AD_HANDSHAKE_FAILURE; 1620 *al = SSL_AD_HANDSHAKE_FAILURE;
1630 SSLerror( 1621 SSLerror(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1631 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1632 return 0; 1622 return 0;
1633 } 1623 }
1634 1624
@@ -1880,8 +1870,7 @@ ri_check:
1880 if (!renegotiate_seen && 1870 if (!renegotiate_seen &&
1881 !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) { 1871 !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
1882 *al = SSL_AD_HANDSHAKE_FAILURE; 1872 *al = SSL_AD_HANDSHAKE_FAILURE;
1883 SSLerror( 1873 SSLerror(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1884 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1885 return 0; 1874 return 0;
1886 } 1875 }
1887 1876
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
index ea432554b0..596b96edd3 100644
--- a/src/lib/libssl/t1_reneg.c
+++ b/src/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_reneg.c,v 1.13 2017/01/26 10:40:21 beck Exp $ */ 1/* $OpenBSD: t1_reneg.c,v 1.14 2017/01/26 12:16:13 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -123,8 +123,7 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
123{ 123{
124 if (p) { 124 if (p) {
125 if ((S3I(s)->previous_client_finished_len + 1) > maxlen) { 125 if ((S3I(s)->previous_client_finished_len + 1) > maxlen) {
126 SSLerror( 126 SSLerror(SSL_R_RENEGOTIATE_EXT_TOO_LONG);
127 SSL_R_RENEGOTIATE_EXT_TOO_LONG);
128 return 0; 127 return 0;
129 } 128 }
130 129
@@ -151,8 +150,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len,
151 CBS cbs, reneg; 150 CBS cbs, reneg;
152 151
153 if (len < 0) { 152 if (len < 0) {
154 SSLerror( 153 SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);
155 SSL_R_RENEGOTIATION_ENCODING_ERR);
156 *al = SSL_AD_ILLEGAL_PARAMETER; 154 *al = SSL_AD_ILLEGAL_PARAMETER;
157 return 0; 155 return 0;
158 } 156 }
@@ -161,24 +159,21 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len,
161 if (!CBS_get_u8_length_prefixed(&cbs, &reneg) || 159 if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
162 /* Consistency check */ 160 /* Consistency check */
163 CBS_len(&cbs) != 0) { 161 CBS_len(&cbs) != 0) {
164 SSLerror( 162 SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);
165 SSL_R_RENEGOTIATION_ENCODING_ERR);
166 *al = SSL_AD_ILLEGAL_PARAMETER; 163 *al = SSL_AD_ILLEGAL_PARAMETER;
167 return 0; 164 return 0;
168 } 165 }
169 166
170 /* Check that the extension matches */ 167 /* Check that the extension matches */
171 if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) { 168 if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) {
172 SSLerror( 169 SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
173 SSL_R_RENEGOTIATION_MISMATCH);
174 *al = SSL_AD_HANDSHAKE_FAILURE; 170 *al = SSL_AD_HANDSHAKE_FAILURE;
175 return 0; 171 return 0;
176 } 172 }
177 173
178 if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished, 174 if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished,
179 S3I(s)->previous_client_finished_len)) { 175 S3I(s)->previous_client_finished_len)) {
180 SSLerror( 176 SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
181 SSL_R_RENEGOTIATION_MISMATCH);
182 *al = SSL_AD_HANDSHAKE_FAILURE; 177 *al = SSL_AD_HANDSHAKE_FAILURE;
183 return 0; 178 return 0;
184 } 179 }
@@ -196,8 +191,7 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
196 if (p) { 191 if (p) {
197 if ((S3I(s)->previous_client_finished_len + 192 if ((S3I(s)->previous_client_finished_len +
198 S3I(s)->previous_server_finished_len + 1) > maxlen) { 193 S3I(s)->previous_server_finished_len + 1) > maxlen) {
199 SSLerror( 194 SSLerror(SSL_R_RENEGOTIATE_EXT_TOO_LONG);
200 SSL_R_RENEGOTIATE_EXT_TOO_LONG);
201 return 0; 195 return 0;
202 } 196 }
203 197
@@ -235,8 +229,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
235 OPENSSL_assert(!expected_len || S3I(s)->previous_server_finished_len); 229 OPENSSL_assert(!expected_len || S3I(s)->previous_server_finished_len);
236 230
237 if (len < 0) { 231 if (len < 0) {
238 SSLerror( 232 SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);
239 SSL_R_RENEGOTIATION_ENCODING_ERR);
240 *al = SSL_AD_ILLEGAL_PARAMETER; 233 *al = SSL_AD_ILLEGAL_PARAMETER;
241 return 0; 234 return 0;
242 } 235 }
@@ -246,8 +239,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
246 if (!CBS_get_u8_length_prefixed(&cbs, &reneg) || 239 if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
247 /* Consistency check */ 240 /* Consistency check */
248 CBS_len(&cbs) != 0) { 241 CBS_len(&cbs) != 0) {
249 SSLerror( 242 SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);
250 SSL_R_RENEGOTIATION_ENCODING_ERR);
251 *al = SSL_AD_ILLEGAL_PARAMETER; 243 *al = SSL_AD_ILLEGAL_PARAMETER;
252 return 0; 244 return 0;
253 } 245 }
@@ -259,23 +251,20 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
259 !CBS_get_bytes(&reneg, &previous_server, 251 !CBS_get_bytes(&reneg, &previous_server,
260 S3I(s)->previous_server_finished_len) || 252 S3I(s)->previous_server_finished_len) ||
261 CBS_len(&reneg) != 0) { 253 CBS_len(&reneg) != 0) {
262 SSLerror( 254 SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
263 SSL_R_RENEGOTIATION_MISMATCH);
264 *al = SSL_AD_HANDSHAKE_FAILURE; 255 *al = SSL_AD_HANDSHAKE_FAILURE;
265 return 0; 256 return 0;
266 } 257 }
267 258
268 if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished, 259 if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished,
269 CBS_len(&previous_client))) { 260 CBS_len(&previous_client))) {
270 SSLerror( 261 SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
271 SSL_R_RENEGOTIATION_MISMATCH);
272 *al = SSL_AD_HANDSHAKE_FAILURE; 262 *al = SSL_AD_HANDSHAKE_FAILURE;
273 return 0; 263 return 0;
274 } 264 }
275 if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished, 265 if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished,
276 CBS_len(&previous_server))) { 266 CBS_len(&previous_server))) {
277 SSLerror( 267 SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
278 SSL_R_RENEGOTIATION_MISMATCH);
279 *al = SSL_AD_ILLEGAL_PARAMETER; 268 *al = SSL_AD_ILLEGAL_PARAMETER;
280 return 0; 269 return 0;
281 } 270 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 15:56:44 +0000