-/* $OpenBSD: d1_both.c,v 1.66 2021/01/26 14:22:19 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.67 2021/02/20 14:14:16 tb Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
*ok = 1;
s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
return s->internal->init_num;
-f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
*ok = 0;
return -1;
dtls1_get_message_header(wire, &msg_hdr) == 0) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
/*
{
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
}
if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
- goto f_err;
+ goto fatal_err;
/* XDTLS: ressurect this when restart is in place */
S3I(s)->hs.state = stn;
if (i != (int)frag_len) {
al = SSL3_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL3_AD_ILLEGAL_PARAMETER);
- goto f_err;
+ goto fatal_err;
}
*ok = 1;
s->internal->init_num = frag_len;
return frag_len;
-f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
s->internal->init_num = 0;
-/* $OpenBSD: d1_pkt.c,v 1.92 2021/02/08 17:17:02 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.93 2021/02/20 14:14:16 tb Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
else if (alert_desc == SSL_AD_BAD_RECORD_MAC)
SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
- goto f_err;
+ goto fatal_err;
}
rr->data = out;
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, alert_desc);
err:
return (0);
!tls12_record_layer_read_protected(s->internal->rl)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
- goto f_err;
+ goto fatal_err;
}
if (len <= 0)
/* Not certain if this is the right error handling */
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ goto fatal_err;
}
if (dest_maxlen > 0) {
(D1I(s)->handshake_fragment[3] != 0)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
- goto f_err;
+ goto fatal_err;
}
/* no need to check sequence number on HELLO REQUEST messages */
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
- goto f_err;
+ goto fatal_err;
}
goto start;
(rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
- goto f_err;
+ goto fatal_err;
}
rr->length = 0;
}
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ goto fatal_err;
case SSL3_RT_CHANGE_CIPHER_SPEC:
case SSL3_RT_ALERT:
case SSL3_RT_HANDSHAKE:
* should not happen when type != rr->type */
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ goto fatal_err;
case SSL3_RT_APPLICATION_DATA:
/* At this point, we were expecting handshake data,
* but have application data. If the library was
} else {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ goto fatal_err;
}
}
/* not reached */
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (-1);
-/* $OpenBSD: ssl_both.c,v 1.23 2021/01/07 15:32:59 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.24 2021/02/20 14:14:16 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
if (!S3I(s)->change_cipher_spec) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
- goto f_err;
+ goto fatal_err;
}
S3I(s)->change_cipher_spec = 0;
if (n < 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
- goto f_err;
+ goto fatal_err;
}
CBS_init(&cbs, s->internal->init_msg, n);
CBS_len(&cbs) != md_len) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
- goto f_err;
+ goto fatal_err;
}
if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
- goto f_err;
+ goto fatal_err;
}
/* Copy finished so we can use it for renegotiation checks. */
}
return (1);
-f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return (0);
}
if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
*ok = 1;
s->internal->init_msg = s->internal->init_buf->data + 4;
if ((mt >= 0) && (*p != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
CBS_init(&cbs, p, 4);
if (l > (unsigned long)max) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE);
- goto f_err;
+ goto fatal_err;
}
if (l && !BUF_MEM_grow_clean(s->internal->init_buf, l + 4)) {
SSLerror(s, ERR_R_BUF_LIB);
*ok = 1;
return (s->internal->init_num);
-f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
*ok = 0;
-/* $OpenBSD: ssl_clnt.c,v 1.81 2021/02/20 14:03:50 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.82 2021/02/20 14:14:16 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
SSLerror(s, SSL_R_WRONG_SSL_VERSION);
s->version = (s->version & 0xff00) | (ssl_version & 0xff);
al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
+ goto fatal_err;
}
if (!CBS_write_bytes(&cookie, D1I(s)->cookie,
sizeof(D1I(s)->cookie), &cookie_len)) {
D1I(s)->cookie_len = 0;
al = SSL_AD_ILLEGAL_PARAMETER;
- goto f_err;
+ goto fatal_err;
}
D1I(s)->cookie_len = cookie_len;
D1I(s)->send_cookie = 1;
decode_err:
al = SSL_AD_DECODE_ERROR;
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return -1;
}
/* Already sent a cookie. */
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
+ goto fatal_err;
}
}
}
if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
+ goto fatal_err;
}
if (!CBS_get_u16(&cbs, &server_version))
SSLerror(s, SSL_R_WRONG_SSL_VERSION);
s->version = (s->version & 0xff00) | (server_version & 0xff);
al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
+ goto fatal_err;
}
s->version = server_version;
sizeof(tls13_downgrade_12))) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
- goto f_err;
+ goto fatal_err;
}
if (CBS_mem_equal(&server_random, tls13_downgrade_11,
sizeof(tls13_downgrade_11))) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
- goto f_err;
+ goto fatal_err;
}
}
if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
- goto f_err;
+ goto fatal_err;
}
/* Cipher suite. */
/* actually a client application bug */
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
- goto f_err;
+ goto fatal_err;
}
s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->internal->hit = 1;
if (s->session->session_id_length > 0) {
if (!ssl_get_new_session(s, 0)) {
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
}
if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_UNKNOWN_CIPHER_RETURNED);
- goto f_err;
+ goto fatal_err;
}
/* TLS v1.2 only ciphersuites require v1.2 or later. */
(TLS1_get_version(s) < TLS1_2_VERSION)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
- goto f_err;
+ goto fatal_err;
}
if (!ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) {
/* we did not say we would use this cipher */
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
- goto f_err;
+ goto fatal_err;
}
/*
if (s->internal->hit && (s->session->cipher_id != cipher->id)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
- goto f_err;
+ goto fatal_err;
}
S3I(s)->hs.new_cipher = cipher;
if (compression_method != 0) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
- goto f_err;
+ goto fatal_err;
}
if (!tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)) {
SSLerror(s, SSL_R_PARSE_TLSEXT);
- goto f_err;
+ goto fatal_err;
}
/*
!(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- goto f_err;
+ goto fatal_err;
}
if (ssl_check_serverhello_tlsext(s) <= 0) {
/* wrong packet length */
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (-1);
if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
+ goto fatal_err;
}
CBS_len(&cbs) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
while (CBS_len(&cert_list) > 0) {
if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
q = CBS_data(&cert);
if (x == NULL) {
al = SSL_AD_BAD_CERTIFICATE;
SSLerror(s, ERR_R_ASN1_LIB);
- goto f_err;
+ goto fatal_err;
}
if (q != CBS_data(&cert) + CBS_len(&cert)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
if (!sk_X509_push(sk, x)) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
al = ssl_verify_alarm_type(s->verify_result);
SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED);
- goto f_err;
+ goto fatal_err;
}
ERR_clear_error(); /* but we keep s->verify_result */
x = NULL;
al = SSL3_AL_FATAL;
SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
- goto f_err;
+ goto fatal_err;
}
i = ssl_cert_type(x, pkey);
x = NULL;
al = SSL3_AL_FATAL;
SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
- goto f_err;
+ goto fatal_err;
}
sc->peer_cert_type = i;
/* wrong packet length */
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
}
err:
!CBS_get_u16(cbs, &curve_id)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
+ goto fatal_err;
}
/*
if (tls1_check_curve(s, curve_id) != 1) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_WRONG_CURVE);
- goto f_err;
+ goto fatal_err;
}
if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
- goto f_err;
+ goto fatal_err;
}
if (!CBS_get_u8_length_prefixed(cbs, &public))
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
al = SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
+ goto fatal_err;
}
S3I(s)->tmp.reuse_message = 1;
} else if (alg_k != 0) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
param_len -= CBS_len(&cbs);
tls12_sigalgs_len)) == NULL) {
SSLerror(s, SSL_R_UNKNOWN_DIGEST);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
if ((md = sigalg->md()) == NULL) {
SSLerror(s, SSL_R_UNKNOWN_DIGEST);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) {
SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
} else if (pkey->type == EVP_PKEY_RSA) {
sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
} else {
SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
md = sigalg->md();
if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH);
- goto f_err;
+ goto fatal_err;
}
if (!EVP_DigestVerifyInit(&md_ctx, &pctx, md, NULL, pkey))
CBS_len(&signature)) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_SIGNATURE);
- goto f_err;
+ goto fatal_err;
}
} else {
/* aNULL does not need public keys. */
if (CBS_len(&cbs) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
EVP_PKEY_free(pkey);
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
+ goto fatal_err;
}
if (n < 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
CBS_init(&cbs, s->internal->init_msg, n);
CBS_len(&cbs) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint;
EVP_sha256(), NULL);
ret = 1;
return (ret);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (-1);
/* need at least status type + length */
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
CBS_init(&cert_status, s->internal->init_msg, n);
/* need at least status type + length */
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
if (status_type != TLSEXT_STATUSTYPE_ocsp) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE);
- goto f_err;
+ goto fatal_err;
}
if (!CBS_get_u24_length_prefixed(&cert_status, &response) ||
CBS_len(&cert_status) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,
&s->internal->tlsext_ocsp_resp_len)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, ERR_R_MALLOC_FAILURE);
- goto f_err;
+ goto fatal_err;
}
if (s->ctx->internal->tlsext_status_cb) {
if (ret == 0) {
al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
- goto f_err;
+ goto fatal_err;
}
if (ret < 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, ERR_R_MALLOC_FAILURE);
- goto f_err;
+ goto fatal_err;
}
}
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return (-1);
}
sc->peer_pkeys[idx].x509, s) == 0) {
/* check failed */
SSLerror(s, SSL_R_BAD_ECC_CERT);
- goto f_err;
+ goto fatal_err;
} else {
return (1);
}
/* Check that we have a certificate if we require one. */
if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
SSLerror(s, SSL_R_MISSING_RSA_SIGNING_CERT);
- goto f_err;
+ goto fatal_err;
}
if ((alg_k & SSL_kRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
SSLerror(s, SSL_R_MISSING_RSA_ENCRYPTING_CERT);
- goto f_err;
+ goto fatal_err;
}
if ((alg_k & SSL_kDHE) &&
!(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
SSLerror(s, SSL_R_MISSING_DH_KEY);
- goto f_err;
+ goto fatal_err;
}
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
err:
return (0);
-/* $OpenBSD: ssl_lib.c,v 1.247 2021/02/20 09:43:29 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.248 2021/02/20 14:14:16 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
result = client;
status = OPENSSL_NPN_NO_OVERLAP;
-found:
+ found:
*out = (unsigned char *) result + 1;
*outlen = result[0];
return (status);
ret->internal->options |= SSL_OP_LEGACY_SERVER_CONNECT;
return (ret);
-err:
+ err:
SSLerrorx(ERR_R_MALLOC_FAILURE);
-err2:
+ err2:
SSL_CTX_free(ret);
return (NULL);
}
-/* $OpenBSD: ssl_pkt.c,v 1.35 2021/02/08 17:18:39 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.36 2021/02/20 14:14:16 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
}
SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
+ goto fatal_err;
}
if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
if (rr->length > rb->len - SSL3_RT_HEADER_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW;
SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);
- goto f_err;
+ goto fatal_err;
}
}
SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
al = alert_desc;
- goto f_err;
+ goto fatal_err;
}
rr->data = out;
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (ret);
}
}
-start:
+ start:
/*
* Do not process more than three consecutive records, otherwise the
* peer can cause us to loop indefinitely. Instead, return with an
&& (rr->type != SSL3_RT_HANDSHAKE)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
- goto f_err;
+ goto fatal_err;
}
/* If the other end has shut down, throw anything we read away
!tls12_record_layer_read_protected(s->internal->rl)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
- goto f_err;
+ goto fatal_err;
}
if (len <= 0)
(S3I(s)->handshake_fragment[3] != 0)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
- goto f_err;
+ goto fatal_err;
}
if (s->internal->msg_callback)
S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO &&
(s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) {
al = SSL_AD_NO_RENEGOTIATION;
- goto f_err;
+ goto fatal_err;
}
/* If we are a server and get a client hello when renegotiation isn't
* allowed send back a no renegotiation alert and carry on.
else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_NO_RENEGOTIATION);
- goto f_err;
+ goto fatal_err;
}
} else if (alert_level == SSL3_AL_FATAL) {
s->internal->rwstate = SSL_NOTHING;
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
- goto f_err;
+ goto fatal_err;
}
goto start;
(rr->data[0] != SSL3_MT_CCS)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
- goto f_err;
+ goto fatal_err;
}
/* Check we have a cipher to change to */
if (S3I(s)->hs.new_cipher == NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
- goto f_err;
+ goto fatal_err;
}
/* Check that we should be receiving a Change Cipher Spec. */
if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
- goto f_err;
+ goto fatal_err;
}
s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
}
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ goto fatal_err;
case SSL3_RT_CHANGE_CIPHER_SPEC:
case SSL3_RT_ALERT:
case SSL3_RT_HANDSHAKE:
* should not happen when type != rr->type */
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ goto fatal_err;
case SSL3_RT_APPLICATION_DATA:
/* At this point, we were expecting handshake data,
* but have application data. If the library was
} else {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ goto fatal_err;
}
}
/* not reached */
-f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
-err:
+ err:
return (-1);
}
-/* $OpenBSD: ssl_srvr.c,v 1.93 2021/02/20 14:03:50 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.94 2021/02/20 14:14:16 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
- goto f_err;
+ goto fatal_err;
}
if (SSL_is_dtls(s)) {
if (!CBS_get_u8_length_prefixed(&cbs, &cookie))
}
SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
+ goto fatal_err;
}
s->client_version = client_version;
s->version = shared_version;
if (i == 1) { /* previous session */
s->internal->hit = 1;
} else if (i == -1)
- goto f_err;
+ goto fatal_err;
else {
/* i == 0 */
if (!ssl_get_new_session(s, 1))
if (CBS_len(&cookie) > sizeof(D1I(s)->rcvd_cookie)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_COOKIE_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
/* Verify the cookie if appropriate option is set. */
D1I(s)->rcvd_cookie, cookie_len) == 0) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_COOKIE_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
/* else cookie verification succeeded */
/* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */
/* default verification */
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_COOKIE_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
cookie_valid = 1;
}
/* we need a cipher if we are not resuming a session */
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_NO_CIPHERS_SPECIFIED);
- goto f_err;
+ goto fatal_err;
}
if (CBS_len(&cipher_suites) > 0) {
*/
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_REQUIRED_CIPHER_MISSING);
- goto f_err;
+ goto fatal_err;
}
}
if (comp_null == 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_NO_COMPRESSION_SPECIFIED);
- goto f_err;
+ goto fatal_err;
}
if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, &cbs, &al)) {
SSLerror(s, SSL_R_PARSE_TLSEXT);
- goto f_err;
+ goto fatal_err;
}
if (!S3I(s)->renegotiate_seen && s->internal->renegotiate) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- goto f_err;
+ goto fatal_err;
}
if (ssl_check_clienthello_tlsext_early(s) <= 0) {
if (pref_cipher == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_NO_SHARED_CIPHER);
- goto f_err;
+ goto fatal_err;
}
s->session->cipher = pref_cipher;
if (ciphers == NULL) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_NO_CIPHERS_PASSED);
- goto f_err;
+ goto fatal_err;
}
ciphers = NULL;
c = ssl3_choose_cipher(s, s->session->ciphers,
if (c == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_NO_SHARED_CIPHER);
- goto f_err;
+ goto fatal_err;
}
S3I(s)->hs.new_cipher = c;
} else {
decode_err:
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
}
err:
if ((dhp = ssl_get_auto_dh(s)) == NULL) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ goto fatal_err;
}
} else
dhp = s->cert->dh_tmp;
if (dhp == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
+ goto fatal_err;
}
if (S3I(s)->tmp.dh != NULL) {
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (-1);
if ((S3I(s)->tmp.ecdh = EC_KEY_new()) == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_MISSING_TMP_ECDH_KEY);
- goto f_err;
+ goto fatal_err;
}
S3I(s)->tmp.ecdh_nid = nid;
ecdh = S3I(s)->tmp.ecdh;
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (-1);
} else {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
- goto f_err;
+ goto fatal_err;
}
if (!CBB_finish(&cbb_params, ¶ms, ¶ms_len))
if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher,
&md, &sigalg)) == NULL) {
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
/* Send signature algorithm. */
if (!CBB_add_u16(&server_kex, sigalg->value)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ goto fatal_err;
}
}
return (ssl3_handshake_write(s));
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
CBB_cleanup(&cbb_params);
(pkey->pkey.rsa == NULL)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_MISSING_RSA_CERTIFICATE);
- goto f_err;
+ goto fatal_err;
}
rsa = pkey->pkey.rsa;
decode_err:
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
freezero(pms, pms_len);
if (S3I(s)->tmp.dh == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
+ goto fatal_err;
}
dh = S3I(s)->tmp.dh;
if (!DH_check_pub_key(dh, bn, &key_is_invalid)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, ERR_R_DH_LIB);
- goto f_err;
+ goto fatal_err;
}
if (key_is_invalid) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, ERR_R_DH_LIB);
- goto f_err;
+ goto fatal_err;
}
if ((key_len = DH_compute_key(key, bn, dh)) <= 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, ERR_R_DH_LIB);
- goto f_err;
+ goto fatal_err;
}
s->session->master_key_length = tls1_generate_master_secret(s,
decode_err:
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
freezero(key, key_size);
} else {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE);
- goto f_err;
+ goto fatal_err;
}
if (CBS_len(&cbs) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- goto f_err;
+ goto fatal_err;
}
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (-1);
if (peer != NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
ret = 1;
goto end;
if (peer == NULL) {
SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED);
al = SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
+ goto fatal_err;
}
if (!(type & EVP_PKT_SIGN)) {
SSLerror(s, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
al = SSL_AD_ILLEGAL_PARAMETER;
- goto f_err;
+ goto fatal_err;
}
if (S3I(s)->change_cipher_spec) {
SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
al = SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
+ goto fatal_err;
}
if (!SSL_USE_SIGALGS(s)) {
if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (CBS_len(&cbs) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
}
(md = sigalg->md()) == NULL) {
SSLerror(s, SSL_R_UNKNOWN_DIGEST);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) {
SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!CBS_get_u16_length_prefixed(&cbs, &signature))
if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (CBS_len(&cbs) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, pkey)) {
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
(!EVP_PKEY_CTX_set_rsa_padding
(pctx, RSA_PKCS1_PSS_PADDING) ||
!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE,
NULL) <= 0) {
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) {
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (EVP_DigestVerifyFinal(&mctx, CBS_data(&signature),
CBS_len(&signature)) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_SIGNATURE);
- goto f_err;
+ goto fatal_err;
}
} else if (pkey->type == EVP_PKEY_RSA) {
verify = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md,
if (verify < 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_RSA_DECRYPT);
- goto f_err;
+ goto fatal_err;
}
if (verify == 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_RSA_SIGNATURE);
- goto f_err;
+ goto fatal_err;
}
} else if (pkey->type == EVP_PKEY_EC) {
verify = ECDSA_verify(pkey->save_type,
if (verify <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE);
- goto f_err;
+ goto fatal_err;
}
#ifndef OPENSSL_NO_GOST
} else if (pkey->type == NID_id_GostR3410_94 ||
if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
!(md = EVP_get_digestbynid(nid))) {
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
!EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
EVP_PKEY_CTX_free(pctx);
- goto f_err;
+ goto fatal_err;
}
if (EVP_PKEY_verify(pctx, CBS_data(&signature),
CBS_len(&signature), sigbuf, siglen) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_SIGNATURE);
EVP_PKEY_CTX_free(pctx);
- goto f_err;
+ goto fatal_err;
}
EVP_PKEY_CTX_free(pctx);
} else {
SSLerror(s, ERR_R_INTERNAL_ERROR);
al = SSL_AD_UNSUPPORTED_CERTIFICATE;
- goto f_err;
+ goto fatal_err;
}
ret = 1;
decode_err:
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
}
end:
(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
al = SSL_AD_HANDSHAKE_FAILURE;
- goto f_err;
+ goto fatal_err;
}
/*
* If tls asked for a client cert,
SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
);
al = SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
+ goto fatal_err;
}
S3I(s)->tmp.reuse_message = 1;
return (1);
if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
- goto f_err;
+ goto fatal_err;
}
if (n < 0)
if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
q = CBS_data(&cert);
if (q != CBS_data(&cert) + CBS_len(&cert)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
if (!sk_X509_push(sk, x)) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
al = SSL_AD_HANDSHAKE_FAILURE;
- goto f_err;
+ goto fatal_err;
}
/* No client certificate so free transcript. */
tls1_transcript_free(s);
if (i <= 0) {
al = ssl_verify_alarm_type(s->verify_result);
SSLerror(s, SSL_R_NO_CERTIFICATE_RETURNED);
- goto f_err;
+ goto fatal_err;
}
}
decode_err:
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
}
err:
projects / openbsd / commitdiff