Rename the truncated label into decode_err. This describes its purpose

better and doesn't look odd if there's trailing data for exapmle.
Indent a few labels in the neighborhood while there.

ok jsing

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 7d55c0d..29d488c 100644 (file)
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.80 2021/02/20 08:22:55 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.81 2021/02/20 14:03:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -634,7 +634,7 @@ ssl3_connect(SSL *s)
                skip = 0;
        }
 
-end:
+ end:
        s->internal->in_handshake--;
        if (cb != NULL)
                cb(s, SSL_CB_CONNECT_EXIT, ret);
@@ -779,7 +779,7 @@ ssl3_send_client_hello(SSL *s)
        /* SSL3_ST_CW_CLNT_HELLO_B */
        return (ssl3_handshake_write(s));
 
-err:
+ err:
        CBB_cleanup(&cbb);
 
        return (-1);
@@ -806,16 +806,16 @@ ssl3_get_dtls_hello_verify(SSL *s)
        }
 
        if (n < 0)
-               goto truncated;
+               goto decode_err;
 
        CBS_init(&hello_verify_request, s->internal->init_msg, n);
 
        if (!CBS_get_u16(&hello_verify_request, &ssl_version))
-               goto truncated;
+               goto decode_err;
        if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie))
-               goto truncated;
+               goto decode_err;
        if (CBS_len(&hello_verify_request) != 0)
-               goto truncated;
+               goto decode_err;
 
        /*
         * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always
@@ -840,9 +840,9 @@ ssl3_get_dtls_hello_verify(SSL *s)
 
        return 1;
 
-truncated:
+ decode_err:
        al = SSL_AD_DECODE_ERROR;
-f_err:
+ f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
        return -1;
 }
@@ -869,7 +869,7 @@ ssl3_get_server_hello(SSL *s)
        s->internal->first_packet = 0;
 
        if (n < 0)
-               goto truncated;
+               goto decode_err;
 
        CBS_init(&cbs, s->internal->init_msg, n);
 
@@ -894,7 +894,7 @@ ssl3_get_server_hello(SSL *s)
        }
 
        if (!CBS_get_u16(&cbs, &server_version))
-               goto truncated;
+               goto decode_err;
 
        if (ssl_supported_version_range(s, &min_version, &max_version) != 1) {
                SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
@@ -917,7 +917,7 @@ ssl3_get_server_hello(SSL *s)
 
        /* Server random. */
        if (!CBS_get_bytes(&cbs, &server_random, SSL3_RANDOM_SIZE))
-               goto truncated;
+               goto decode_err;
        if (!CBS_write_bytes(&server_random, s->s3->server_random,
            sizeof(s->s3->server_random), NULL))
                goto err;
@@ -950,7 +950,7 @@ ssl3_get_server_hello(SSL *s)
 
        /* Session ID. */
        if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
-               goto truncated;
+               goto decode_err;
 
        if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
                al = SSL_AD_ILLEGAL_PARAMETER;
@@ -960,7 +960,7 @@ ssl3_get_server_hello(SSL *s)
 
        /* Cipher suite. */
        if (!CBS_get_u16(&cbs, &cipher_suite))
-               goto truncated;
+               goto decode_err;
 
        /*
         * Check if we want to resume the session based on external
@@ -1063,7 +1063,7 @@ ssl3_get_server_hello(SSL *s)
                tls1_transcript_free(s);
 
        if (!CBS_get_u8(&cbs, &compression_method))
-               goto truncated;
+               goto decode_err;
 
        if (compression_method != 0) {
                al = SSL_AD_ILLEGAL_PARAMETER;
@@ -1098,13 +1098,13 @@ ssl3_get_server_hello(SSL *s)
 
        return (1);
 
-truncated:
+ decode_err:
        /* wrong packet length */
        al = SSL_AD_DECODE_ERROR;
        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-f_err:
+ f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-err:
+ err:
        return (-1);
 }
 
@@ -1143,11 +1143,11 @@ ssl3_get_server_certificate(SSL *s)
        }
 
        if (n < 0)
-               goto truncated;
+               goto decode_err;
 
        CBS_init(&cbs, s->internal->init_msg, n);
        if (CBS_len(&cbs) < 3)
-               goto truncated;
+               goto decode_err;
 
        if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) ||
            CBS_len(&cbs) != 0) {
@@ -1160,7 +1160,7 @@ ssl3_get_server_certificate(SSL *s)
                CBS cert;
 
                if (CBS_len(&cert_list) < 3)
-                       goto truncated;
+                       goto decode_err;
                if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
                        al = SSL_AD_DECODE_ERROR;
                        SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
@@ -1246,14 +1246,14 @@ ssl3_get_server_certificate(SSL *s)
        ret = 1;
 
        if (0) {
-truncated:
+ decode_err:
                /* wrong packet length */
                al = SSL_AD_DECODE_ERROR;
                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-f_err:
+ f_err:
                ssl3_send_alert(s, SSL3_AL_FATAL, al);
        }
-err:
+ err:
        EVP_PKEY_free(pkey);
        X509_free(x);
        sk_X509_pop_free(sk, X509_free);
@@ -1280,21 +1280,21 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        }
 
        if (!CBS_get_u16_length_prefixed(cbs, &dhp))
-               goto truncated;
+               goto decode_err;
        if ((dh->p = BN_bin2bn(CBS_data(&dhp), CBS_len(&dhp), NULL)) == NULL) {
                SSLerror(s, ERR_R_BN_LIB);
                goto err;
        }
 
        if (!CBS_get_u16_length_prefixed(cbs, &dhg))
-               goto truncated;
+               goto decode_err;
        if ((dh->g = BN_bin2bn(CBS_data(&dhg), CBS_len(&dhg), NULL)) == NULL) {
                SSLerror(s, ERR_R_BN_LIB);
                goto err;
        }
 
        if (!CBS_get_u16_length_prefixed(cbs, &dhpk))
-               goto truncated;
+               goto decode_err;
        if ((dh->pub_key = BN_bin2bn(CBS_data(&dhpk), CBS_len(&dhpk),
            NULL)) == NULL) {
                SSLerror(s, ERR_R_BN_LIB);
@@ -1320,7 +1320,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
 
        return (1);
 
- truncated:
+ decode_err:
        al = SSL_AD_DECODE_ERROR;
        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1428,7 +1428,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        }
 
        if (!CBS_get_u8_length_prefixed(cbs, &public))
-               goto truncated;
+               goto decode_err;
 
        if (nid == NID_X25519) {
                if (ssl3_get_server_kex_ecdhe_ecx(s, sc, nid, &public) != 1)
@@ -1453,7 +1453,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
 
        return (1);
 
- truncated:
+ decode_err:
        al = SSL_AD_DECODE_ERROR;
        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
 
@@ -1552,7 +1552,7 @@ ssl3_get_server_key_exchange(SSL *s)
                        uint16_t sigalg_value;
 
                        if (!CBS_get_u16(&cbs, &sigalg_value))
-                               goto truncated;
+                               goto decode_err;
                        if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs,
                            tls12_sigalgs_len)) == NULL) {
                                SSLerror(s, SSL_R_UNKNOWN_DIGEST);
@@ -1581,7 +1581,7 @@ ssl3_get_server_key_exchange(SSL *s)
                md = sigalg->md();
 
                if (!CBS_get_u16_length_prefixed(&cbs, &signature))
-                       goto truncated;
+                       goto decode_err;
                if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
                        al = SSL_AD_DECODE_ERROR;
                        SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH);
@@ -1628,7 +1628,7 @@ ssl3_get_server_key_exchange(SSL *s)
 
        return (1);
 
- truncated:
+ decode_err:
        al = SSL_AD_DECODE_ERROR;
        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
 
@@ -1684,7 +1684,7 @@ ssl3_get_certificate_request(SSL *s)
        }
 
        if (n < 0)
-               goto truncated;
+               goto decode_err;
        CBS_init(&cert_request, s->internal->init_msg, n);
 
        if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
@@ -1694,7 +1694,7 @@ ssl3_get_certificate_request(SSL *s)
 
        /* get the certificate types */
        if (!CBS_get_u8(&cert_request, &ctype_num))
-               goto truncated;
+               goto decode_err;
 
        if (ctype_num > SSL3_CT_NUMBER)
                ctype_num = SSL3_CT_NUMBER;
@@ -1783,10 +1783,10 @@ ssl3_get_certificate_request(SSL *s)
 
        ret = 1;
        if (0) {
-truncated:
+ decode_err:
                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
        }
-err:
+ err:
        X509_NAME_free(xn);
        sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
        return (ret);
@@ -1867,9 +1867,9 @@ ssl3_get_new_session_ticket(SSL *s)
            EVP_sha256(), NULL);
        ret = 1;
        return (ret);
-f_err:
+ f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-err:
+ err:
        return (-1);
 }
 
@@ -1921,7 +1921,7 @@ ssl3_get_cert_status(SSL *s)
                al = SSL_AD_INTERNAL_ERROR;
                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto f_err;
-       }
+       }
 
        if (s->ctx->internal->tlsext_status_cb) {
                int ret;
@@ -1939,7 +1939,7 @@ ssl3_get_cert_status(SSL *s)
                }
        }
        return (1);
-f_err:
+ f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
        return (-1);
 }
@@ -2016,7 +2016,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
 
        ret = 1;
 
-err:
+ err:
        explicit_bzero(pms, sizeof(pms));
        EVP_PKEY_free(pkey);
        free(enc_pms);
@@ -2079,7 +2079,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
 
        ret = 1;
 
-err:
+ err:
        DH_free(dh_clnt);
        freezero(key, key_size);
 
@@ -2349,7 +2349,7 @@ ssl3_send_client_key_exchange(SSL *s)
        /* SSL3_ST_CW_KEY_EXCH_B */
        return (ssl3_handshake_write(s));
 
-err:
+ err:
        CBB_cleanup(&cbb);
 
        return (-1);
@@ -2767,9 +2767,9 @@ ssl3_check_cert_and_algorithm(SSL *s)
        }
 
        return (1);
-f_err:
+ f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-err:
+ err:
        return (0);
 }
 

diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 06ad42c..0408dab 100644 (file)
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.92 2021/02/20 08:22:55 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.93 2021/02/20 14:03:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -741,7 +741,7 @@ ssl3_accept(SSL *s)
                }
                skip = 0;
        }
-end:
+ end:
        /* BIO_flush(s->wbio); */
        s->internal->in_handshake--;
        if (cb != NULL)
@@ -819,11 +819,11 @@ ssl3_get_client_hello(SSL *s)
 
        /* Parse client hello up until the extensions (if any). */
        if (!CBS_get_u16(&cbs, &client_version))
-               goto truncated;
+               goto decode_err;
        if (!CBS_get_bytes(&cbs, &client_random, SSL3_RANDOM_SIZE))
-               goto truncated;
+               goto decode_err;
        if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
-               goto truncated;
+               goto decode_err;
        if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
                al = SSL_AD_ILLEGAL_PARAMETER;
                SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
@@ -831,12 +831,12 @@ ssl3_get_client_hello(SSL *s)
        }
        if (SSL_is_dtls(s)) {
                if (!CBS_get_u8_length_prefixed(&cbs, &cookie))
-                       goto truncated;
+                       goto decode_err;
        }
        if (!CBS_get_u16_length_prefixed(&cbs, &cipher_suites))
-               goto truncated;
+               goto decode_err;
        if (!CBS_get_u8_length_prefixed(&cbs, &compression_methods))
-               goto truncated;
+               goto decode_err;
 
        /*
         * Use version from inside client hello, not from record header.
@@ -1003,7 +1003,7 @@ ssl3_get_client_hello(SSL *s)
        comp_null = 0;
        while (CBS_len(&compression_methods) > 0) {
                if (!CBS_get_u8(&compression_methods, &comp_method))
-                       goto truncated;
+                       goto decode_err;
                if (comp_method == 0)
                        comp_null = 1;
        }
@@ -1144,13 +1144,13 @@ ssl3_get_client_hello(SSL *s)
        ret = cookie_valid ? 2 : 1;
 
        if (0) {
-truncated:
+ decode_err:
                al = SSL_AD_DECODE_ERROR;
                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-f_err:
+ f_err:
                ssl3_send_alert(s, SSL3_AL_FATAL, al);
        }
-err:
+ err:
        sk_SSL_CIPHER_free(ciphers);
 
        return (ret);
@@ -1738,7 +1738,7 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs)
        p = pms;
 
        if (!CBS_get_u16_length_prefixed(cbs, &enc_pms))
-               goto truncated;
+               goto decode_err;
        if (CBS_len(cbs) != 0 || CBS_len(&enc_pms) != RSA_size(rsa)) {
                SSLerror(s, SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
                goto err;
@@ -1792,7 +1792,7 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs)
 
        return (1);
 
- truncated:
+ decode_err:
        al = SSL_AD_DECODE_ERROR;
        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
  f_err:
@@ -1814,9 +1814,9 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs)
        DH *dh;
 
        if (!CBS_get_u16_length_prefixed(cbs, &dh_Yc))
-               goto truncated;
+               goto decode_err;
        if (CBS_len(cbs) != 0)
-               goto truncated;
+               goto decode_err;
 
        if (S3I(s)->tmp.dh == NULL) {
                al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1865,7 +1865,7 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs)
 
        return (1);
 
- truncated:
+ decode_err:
        al = SSL_AD_DECODE_ERROR;
        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
  f_err:
@@ -2011,9 +2011,9 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs)
 
        /* Decrypt session key */
        if (!CBS_get_asn1(cbs, &gostblob, CBS_ASN1_SEQUENCE))
-               goto truncated;
+               goto decode_err;
        if (CBS_len(cbs) != 0)
-               goto truncated;
+               goto decode_err;
        if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen,
            CBS_data(&gostblob), CBS_len(&gostblob)) <= 0) {
                SSLerror(s, SSL_R_DECRYPTION_FAILED);
@@ -2039,7 +2039,7 @@ ssl3_get_client_kex_gost(SSL *s, CBS *cbs)
        else
                goto err;
 
- truncated:
+ decode_err:
        al = SSL_AD_DECODE_ERROR;
        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -2183,7 +2183,7 @@ ssl3_get_cert_verify(SSL *s)
                uint16_t sigalg_value;
 
                if (!CBS_get_u16(&cbs, &sigalg_value))
-                       goto truncated;
+                       goto decode_err;
                if ((sigalg = ssl_sigalg(sigalg_value, tls12_sigalgs,
                    tls12_sigalgs_len)) == NULL ||
                    (md = sigalg->md()) == NULL) {
@@ -2324,7 +2324,7 @@ ssl3_get_cert_verify(SSL *s)
 
        ret = 1;
        if (0) {
- truncated:
+ decode_err:
                al = SSL_AD_DECODE_ERROR;
                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
  f_err:
@@ -2381,7 +2381,7 @@ ssl3_get_client_certificate(SSL *s)
        }
 
        if (n < 0)
-               goto truncated;
+               goto decode_err;
 
        CBS_init(&cbs, s->internal->init_msg, n);
 
@@ -2392,7 +2392,7 @@ ssl3_get_client_certificate(SSL *s)
 
        if (!CBS_get_u24_length_prefixed(&cbs, &client_certs) ||
            CBS_len(&cbs) != 0)
-               goto truncated;
+               goto decode_err;
 
        while (CBS_len(&client_certs) > 0) {
                CBS cert;
@@ -2470,13 +2470,13 @@ ssl3_get_client_certificate(SSL *s)
 
        ret = 1;
        if (0) {
-truncated:
+ decode_err:
                al = SSL_AD_DECODE_ERROR;
                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-f_err:
+ f_err:
                ssl3_send_alert(s, SSL3_AL_FATAL, al);
        }
-err:
+ err:
        X509_free(x);
        sk_X509_pop_free(sk, X509_free);