summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2021-02-20 14:14:17 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2021-02-20 14:14:17 +0000
commit6cc8daed444ac189a3cb9b5d084057fae7727e85 (patch)
treee01df622dfce191673b4d67ac892972810f0e470 /lib
parentf8408829e501abee070db73ff56921fe97f217aa (diff)
Rename f_err into fatal_err.
discussed with jsing
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/d1_both.c16
-rw-r--r--lib/libssl/d1_pkt.c24
-rw-r--r--lib/libssl/ssl_both.c20
-rw-r--r--lib/libssl/ssl_clnt.c120
-rw-r--r--lib/libssl/ssl_lib.c8
-rw-r--r--lib/libssl/ssl_pkt.c40
-rw-r--r--lib/libssl/ssl_srvr.c138
7 files changed, 183 insertions, 183 deletions
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c
index ba4e9edd8d1..06a8585e10f 100644
--- a/lib/libssl/d1_both.c
+++ b/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.66 2021/01/26 14:22:19 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.67 2021/02/20 14:14:16 tb Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -391,7 +391,7 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
*ok = 1;
s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
@@ -433,7 +433,7 @@ again:
s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH;
return s->internal->init_num;
-f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
*ok = 0;
return -1;
@@ -776,7 +776,7 @@ again:
dtls1_get_message_header(wire, &msg_hdr) == 0) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
/*
@@ -818,12 +818,12 @@ again:
{
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
}
if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
- goto f_err;
+ goto fatal_err;
/* XDTLS: ressurect this when restart is in place */
S3I(s)->hs.state = stn;
@@ -849,7 +849,7 @@ again:
if (i != (int)frag_len) {
al = SSL3_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL3_AD_ILLEGAL_PARAMETER);
- goto f_err;
+ goto fatal_err;
}
*ok = 1;
@@ -863,7 +863,7 @@ again:
s->internal->init_num = frag_len;
return frag_len;
-f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
s->internal->init_num = 0;
diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index ebf04e32927..7f4261e47e7 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.92 2021/02/08 17:17:02 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.93 2021/02/20 14:14:16 tb Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -328,7 +328,7 @@ dtls1_process_record(SSL *s)
else if (alert_desc == SSL_AD_BAD_RECORD_MAC)
SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
- goto f_err;
+ goto fatal_err;
}
rr->data = out;
@@ -339,7 +339,7 @@ dtls1_process_record(SSL *s)
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, alert_desc);
err:
return (0);
@@ -635,7 +635,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
!tls12_record_layer_read_protected(s->internal->rl)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
- goto f_err;
+ goto fatal_err;
}
if (len <= 0)
@@ -698,7 +698,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
/* Not certain if this is the right error handling */
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ goto fatal_err;
}
if (dest_maxlen > 0) {
@@ -735,7 +735,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
(D1I(s)->handshake_fragment[3] != 0)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
- goto f_err;
+ goto fatal_err;
}
/* no need to check sequence number on HELLO REQUEST messages */
@@ -821,7 +821,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
- goto f_err;
+ goto fatal_err;
}
goto start;
@@ -847,7 +847,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
(rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
- goto f_err;
+ goto fatal_err;
}
rr->length = 0;
@@ -941,7 +941,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ goto fatal_err;
case SSL3_RT_CHANGE_CIPHER_SPEC:
case SSL3_RT_ALERT:
case SSL3_RT_HANDSHAKE:
@@ -950,7 +950,7 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
* should not happen when type != rr->type */
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ goto fatal_err;
case SSL3_RT_APPLICATION_DATA:
/* At this point, we were expecting handshake data,
* but have application data. If the library was
@@ -972,12 +972,12 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
} else {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ goto fatal_err;
}
}
/* not reached */
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (-1);
diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index ee69f9a121c..6ce127fb0ba 100644
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.23 2021/01/07 15:32:59 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.24 2021/02/20 14:14:16 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -256,7 +256,7 @@ ssl3_get_finished(SSL *s, int a, int b)
if (!S3I(s)->change_cipher_spec) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
- goto f_err;
+ goto fatal_err;
}
S3I(s)->change_cipher_spec = 0;
@@ -265,7 +265,7 @@ ssl3_get_finished(SSL *s, int a, int b)
if (n < 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
- goto f_err;
+ goto fatal_err;
}
CBS_init(&cbs, s->internal->init_msg, n);
@@ -274,13 +274,13 @@ ssl3_get_finished(SSL *s, int a, int b)
CBS_len(&cbs) != md_len) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
- goto f_err;
+ goto fatal_err;
}
if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
- goto f_err;
+ goto fatal_err;
}
/* Copy finished so we can use it for renegotiation checks. */
@@ -296,7 +296,7 @@ ssl3_get_finished(SSL *s, int a, int b)
}
return (1);
-f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return (0);
}
@@ -450,7 +450,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
*ok = 1;
s->internal->init_msg = s->internal->init_buf->data + 4;
@@ -502,7 +502,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
if ((mt >= 0) && (*p != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
CBS_init(&cbs, p, 4);
@@ -516,7 +516,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
if (l > (unsigned long)max) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE);
- goto f_err;
+ goto fatal_err;
}
if (l && !BUF_MEM_grow_clean(s->internal->init_buf, l + 4)) {
SSLerror(s, ERR_R_BUF_LIB);
@@ -564,7 +564,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
*ok = 1;
return (s->internal->init_num);
-f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
*ok = 0;
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 29d488c12c7..8ef3648f6c4 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.81 2021/02/20 14:03:50 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.82 2021/02/20 14:14:16 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -826,14 +826,14 @@ ssl3_get_dtls_hello_verify(SSL *s)
SSLerror(s, SSL_R_WRONG_SSL_VERSION);
s->version = (s->version & 0xff00) | (ssl_version & 0xff);
al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
+ goto fatal_err;
}
if (!CBS_write_bytes(&cookie, D1I(s)->cookie,
sizeof(D1I(s)->cookie), &cookie_len)) {
D1I(s)->cookie_len = 0;
al = SSL_AD_ILLEGAL_PARAMETER;
- goto f_err;
+ goto fatal_err;
}
D1I(s)->cookie_len = cookie_len;
D1I(s)->send_cookie = 1;
@@ -842,7 +842,7 @@ ssl3_get_dtls_hello_verify(SSL *s)
decode_err:
al = SSL_AD_DECODE_ERROR;
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return -1;
}
@@ -882,7 +882,7 @@ ssl3_get_server_hello(SSL *s)
/* Already sent a cookie. */
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
+ goto fatal_err;
}
}
}
@@ -890,7 +890,7 @@ ssl3_get_server_hello(SSL *s)
if (S3I(s)->tmp.message_type != SSL3_MT_SERVER_HELLO) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
+ goto fatal_err;
}
if (!CBS_get_u16(&cbs, &server_version))
@@ -905,7 +905,7 @@ ssl3_get_server_hello(SSL *s)
SSLerror(s, SSL_R_WRONG_SSL_VERSION);
s->version = (s->version & 0xff00) | (server_version & 0xff);
al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
+ goto fatal_err;
}
s->version = server_version;
@@ -938,13 +938,13 @@ ssl3_get_server_hello(SSL *s)
sizeof(tls13_downgrade_12))) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
- goto f_err;
+ goto fatal_err;
}
if (CBS_mem_equal(&server_random, tls13_downgrade_11,
sizeof(tls13_downgrade_11))) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
- goto f_err;
+ goto fatal_err;
}
}
@@ -955,7 +955,7 @@ ssl3_get_server_hello(SSL *s)
if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
- goto f_err;
+ goto fatal_err;
}
/* Cipher suite. */
@@ -987,7 +987,7 @@ ssl3_get_server_hello(SSL *s)
/* actually a client application bug */
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
- goto f_err;
+ goto fatal_err;
}
s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->internal->hit = 1;
@@ -1000,7 +1000,7 @@ ssl3_get_server_hello(SSL *s)
if (s->session->session_id_length > 0) {
if (!ssl_get_new_session(s, 0)) {
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
}
@@ -1019,7 +1019,7 @@ ssl3_get_server_hello(SSL *s)
if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_UNKNOWN_CIPHER_RETURNED);
- goto f_err;
+ goto fatal_err;
}
/* TLS v1.2 only ciphersuites require v1.2 or later. */
@@ -1027,14 +1027,14 @@ ssl3_get_server_hello(SSL *s)
(TLS1_get_version(s) < TLS1_2_VERSION)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
- goto f_err;
+ goto fatal_err;
}
if (!ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) {
/* we did not say we would use this cipher */
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
- goto f_err;
+ goto fatal_err;
}
/*
@@ -1047,7 +1047,7 @@ ssl3_get_server_hello(SSL *s)
if (s->internal->hit && (s->session->cipher_id != cipher->id)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
- goto f_err;
+ goto fatal_err;
}
S3I(s)->hs.new_cipher = cipher;
@@ -1068,12 +1068,12 @@ ssl3_get_server_hello(SSL *s)
if (compression_method != 0) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
- goto f_err;
+ goto fatal_err;
}
if (!tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)) {
SSLerror(s, SSL_R_PARSE_TLSEXT);
- goto f_err;
+ goto fatal_err;
}
/*
@@ -1088,7 +1088,7 @@ ssl3_get_server_hello(SSL *s)
!(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- goto f_err;
+ goto fatal_err;
}
if (ssl_check_serverhello_tlsext(s) <= 0) {
@@ -1102,7 +1102,7 @@ ssl3_get_server_hello(SSL *s)
/* wrong packet length */
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (-1);
@@ -1133,7 +1133,7 @@ ssl3_get_server_certificate(SSL *s)
if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
+ goto fatal_err;
}
@@ -1153,7 +1153,7 @@ ssl3_get_server_certificate(SSL *s)
CBS_len(&cbs) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
while (CBS_len(&cert_list) > 0) {
@@ -1164,7 +1164,7 @@ ssl3_get_server_certificate(SSL *s)
if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
q = CBS_data(&cert);
@@ -1172,12 +1172,12 @@ ssl3_get_server_certificate(SSL *s)
if (x == NULL) {
al = SSL_AD_BAD_CERTIFICATE;
SSLerror(s, ERR_R_ASN1_LIB);
- goto f_err;
+ goto fatal_err;
}
if (q != CBS_data(&cert) + CBS_len(&cert)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
if (!sk_X509_push(sk, x)) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
@@ -1190,7 +1190,7 @@ ssl3_get_server_certificate(SSL *s)
if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
al = ssl_verify_alarm_type(s->verify_result);
SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED);
- goto f_err;
+ goto fatal_err;
}
ERR_clear_error(); /* but we keep s->verify_result */
@@ -1216,7 +1216,7 @@ ssl3_get_server_certificate(SSL *s)
x = NULL;
al = SSL3_AL_FATAL;
SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
- goto f_err;
+ goto fatal_err;
}
i = ssl_cert_type(x, pkey);
@@ -1224,7 +1224,7 @@ ssl3_get_server_certificate(SSL *s)
x = NULL;
al = SSL3_AL_FATAL;
SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
- goto f_err;
+ goto fatal_err;
}
sc->peer_cert_type = i;
@@ -1250,7 +1250,7 @@ ssl3_get_server_certificate(SSL *s)
/* wrong packet length */
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
}
err:
@@ -1408,7 +1408,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
!CBS_get_u16(cbs, &curve_id)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
+ goto fatal_err;
}
/*
@@ -1418,13 +1418,13 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
if (tls1_check_curve(s, curve_id) != 1) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_WRONG_CURVE);
- goto f_err;
+ goto fatal_err;
}
if ((nid = tls1_ec_curve_id2nid(curve_id)) == 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
- goto f_err;
+ goto fatal_err;
}
if (!CBS_get_u8_length_prefixed(cbs, &public))
@@ -1457,7 +1457,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
@@ -1503,7 +1503,7 @@ ssl3_get_server_key_exchange(SSL *s)
if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
al = SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
+ goto fatal_err;
}
S3I(s)->tmp.reuse_message = 1;
@@ -1538,7 +1538,7 @@ ssl3_get_server_key_exchange(SSL *s)
} else if (alg_k != 0) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
param_len -= CBS_len(&cbs);
@@ -1557,17 +1557,17 @@ ssl3_get_server_key_exchange(SSL *s)
tls12_sigalgs_len)) == NULL) {
SSLerror(s, SSL_R_UNKNOWN_DIGEST);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
if ((md = sigalg->md()) == NULL) {
SSLerror(s, SSL_R_UNKNOWN_DIGEST);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) {
SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
} else if (pkey->type == EVP_PKEY_RSA) {
sigalg = ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
@@ -1576,7 +1576,7 @@ ssl3_get_server_key_exchange(SSL *s)
} else {
SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
md = sigalg->md();
@@ -1585,7 +1585,7 @@ ssl3_get_server_key_exchange(SSL *s)
if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH);
- goto f_err;
+ goto fatal_err;
}
if (!EVP_DigestVerifyInit(&md_ctx, &pctx, md, NULL, pkey))
@@ -1607,7 +1607,7 @@ ssl3_get_server_key_exchange(SSL *s)
CBS_len(&signature)) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_SIGNATURE);
- goto f_err;
+ goto fatal_err;
}
} else {
/* aNULL does not need public keys. */
@@ -1620,7 +1620,7 @@ ssl3_get_server_key_exchange(SSL *s)
if (CBS_len(&cbs) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
EVP_PKEY_free(pkey);
@@ -1632,7 +1632,7 @@ ssl3_get_server_key_exchange(SSL *s)
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
@@ -1818,13 +1818,13 @@ ssl3_get_new_session_ticket(SSL *s)
if (S3I(s)->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
+ goto fatal_err;
}
if (n < 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
CBS_init(&cbs, s->internal->init_msg, n);
@@ -1836,7 +1836,7 @@ ssl3_get_new_session_ticket(SSL *s)
CBS_len(&cbs) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint;
@@ -1867,7 +1867,7 @@ ssl3_get_new_session_ticket(SSL *s)
EVP_sha256(), NULL);
ret = 1;
return (ret);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (-1);
@@ -1891,7 +1891,7 @@ ssl3_get_cert_status(SSL *s)
/* need at least status type + length */
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
CBS_init(&cert_status, s->internal->init_msg, n);
@@ -1900,27 +1900,27 @@ ssl3_get_cert_status(SSL *s)
/* need at least status type + length */
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
if (status_type != TLSEXT_STATUSTYPE_ocsp) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE);
- goto f_err;
+ goto fatal_err;
}
if (!CBS_get_u24_length_prefixed(&cert_status, &response) ||
CBS_len(&cert_status) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,
&s->internal->tlsext_ocsp_resp_len)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, ERR_R_MALLOC_FAILURE);
- goto f_err;
+ goto fatal_err;
}
if (s->ctx->internal->tlsext_status_cb) {
@@ -1930,16 +1930,16 @@ ssl3_get_cert_status(SSL *s)
if (ret == 0) {
al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
- goto f_err;
+ goto fatal_err;
}
if (ret < 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, ERR_R_MALLOC_FAILURE);
- goto f_err;
+ goto fatal_err;
}
}
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
return (-1);
}
@@ -2742,7 +2742,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
sc->peer_pkeys[idx].x509, s) == 0) {
/* check failed */
SSLerror(s, SSL_R_BAD_ECC_CERT);
- goto f_err;
+ goto fatal_err;
} else {
return (1);
}
@@ -2754,20 +2754,20 @@ ssl3_check_cert_and_algorithm(SSL *s)
/* Check that we have a certificate if we require one. */
if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
SSLerror(s, SSL_R_MISSING_RSA_SIGNING_CERT);
- goto f_err;
+ goto fatal_err;
}
if ((alg_k & SSL_kRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
SSLerror(s, SSL_R_MISSING_RSA_ENCRYPTING_CERT);
- goto f_err;
+ goto fatal_err;
}
if ((alg_k & SSL_kDHE) &&
!(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
SSLerror(s, SSL_R_MISSING_DH_KEY);
- goto f_err;
+ goto fatal_err;
}
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
err:
return (0);
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 6a182f2e3b1..33aca33c922 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.247 2021/02/20 09:43:29 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.248 2021/02/20 14:14:16 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1600,7 +1600,7 @@ SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
result = client;
status = OPENSSL_NPN_NO_OVERLAP;
-found:
+ found:
*out = (unsigned char *) result + 1;
*outlen = result[0];
return (status);
@@ -1942,9 +1942,9 @@ SSL_CTX_new(const SSL_METHOD *meth)
ret->internal->options |= SSL_OP_LEGACY_SERVER_CONNECT;
return (ret);
-err:
+ err:
SSLerrorx(ERR_R_MALLOC_FAILURE);
-err2:
+ err2:
SSL_CTX_free(ret);
return (NULL);
}
diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c
index 1e0bd83d09d..894064c8179 100644
--- a/lib/libssl/ssl_pkt.c
+++ b/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.35 2021/02/08 17:18:39 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.36 2021/02/20 14:14:16 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -377,7 +377,7 @@ ssl3_get_record(SSL *s)
}
SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
+ goto fatal_err;
}
if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
@@ -388,7 +388,7 @@ ssl3_get_record(SSL *s)
if (rr->length > rb->len - SSL3_RT_HEADER_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW;
SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);
- goto f_err;
+ goto fatal_err;
}
}
@@ -419,7 +419,7 @@ ssl3_get_record(SSL *s)
SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
al = alert_desc;
- goto f_err;
+ goto fatal_err;
}
rr->data = out;
@@ -450,7 +450,7 @@ ssl3_get_record(SSL *s)
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (ret);
@@ -760,7 +760,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
}
}
-start:
+ start:
/*
* Do not process more than three consecutive records, otherwise the
* peer can cause us to loop indefinitely. Instead, return with an
@@ -798,7 +798,7 @@ start:
&& (rr->type != SSL3_RT_HANDSHAKE)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
- goto f_err;
+ goto fatal_err;
}
/* If the other end has shut down, throw anything we read away
@@ -818,7 +818,7 @@ start:
!tls12_record_layer_read_protected(s->internal->rl)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
- goto f_err;
+ goto fatal_err;
}
if (len <= 0)
@@ -900,7 +900,7 @@ start:
(S3I(s)->handshake_fragment[3] != 0)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
- goto f_err;
+ goto fatal_err;
}
if (s->internal->msg_callback)
@@ -944,7 +944,7 @@ start:
S3I(s)->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO &&
(s->internal->options & SSL_OP_NO_CLIENT_RENEGOTIATION)) {
al = SSL_AD_NO_RENEGOTIATION;
- goto f_err;
+ goto fatal_err;
}
/* If we are a server and get a client hello when renegotiation isn't
* allowed send back a no renegotiation alert and carry on.
@@ -999,7 +999,7 @@ start:
else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_NO_RENEGOTIATION);
- goto f_err;
+ goto fatal_err;
}
} else if (alert_level == SSL3_AL_FATAL) {
s->internal->rwstate = SSL_NOTHING;
@@ -1013,7 +1013,7 @@ start:
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
- goto f_err;
+ goto fatal_err;
}
goto start;
@@ -1033,21 +1033,21 @@ start:
(rr->data[0] != SSL3_MT_CCS)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
- goto f_err;
+ goto fatal_err;
}
/* Check we have a cipher to change to */
if (S3I(s)->hs.new_cipher == NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
- goto f_err;
+ goto fatal_err;
}
/* Check that we should be receiving a Change Cipher Spec. */
if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
- goto f_err;
+ goto fatal_err;
}
s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
@@ -1108,7 +1108,7 @@ start:
}
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ goto fatal_err;
case SSL3_RT_CHANGE_CIPHER_SPEC:
case SSL3_RT_ALERT:
case SSL3_RT_HANDSHAKE:
@@ -1117,7 +1117,7 @@ start:
* should not happen when type != rr->type */
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ goto fatal_err;
case SSL3_RT_APPLICATION_DATA:
/* At this point, we were expecting handshake data,
* but have application data. If the library was
@@ -1139,14 +1139,14 @@ start:
} else {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_RECORD);
- goto f_err;
+ goto fatal_err;
}
}
/* not reached */
-f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
-err:
+ err:
return (-1);
}
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 0408dab6604..15dda5108ce 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.93 2021/02/20 14:03:50 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.94 2021/02/20 14:14:16 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -827,7 +827,7 @@ ssl3_get_client_hello(SSL *s)
if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
- goto f_err;
+ goto fatal_err;
}
if (SSL_is_dtls(s)) {
if (!CBS_get_u8_length_prefixed(&cbs, &cookie))
@@ -855,7 +855,7 @@ ssl3_get_client_hello(SSL *s)
}
SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
+ goto fatal_err;
}
s->client_version = client_version;
s->version = shared_version;
@@ -912,7 +912,7 @@ ssl3_get_client_hello(SSL *s)
if (i == 1) { /* previous session */
s->internal->hit = 1;
} else if (i == -1)
- goto f_err;
+ goto fatal_err;
else {
/* i == 0 */
if (!ssl_get_new_session(s, 1))
@@ -929,7 +929,7 @@ ssl3_get_client_hello(SSL *s)
if (CBS_len(&cookie) > sizeof(D1I(s)->rcvd_cookie)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_COOKIE_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
/* Verify the cookie if appropriate option is set. */
@@ -947,7 +947,7 @@ ssl3_get_client_hello(SSL *s)
D1I(s)->rcvd_cookie, cookie_len) == 0) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_COOKIE_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
/* else cookie verification succeeded */
/* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */
@@ -956,7 +956,7 @@ ssl3_get_client_hello(SSL *s)
/* default verification */
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_COOKIE_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
cookie_valid = 1;
}
@@ -967,7 +967,7 @@ ssl3_get_client_hello(SSL *s)
/* we need a cipher if we are not resuming a session */
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_NO_CIPHERS_SPECIFIED);
- goto f_err;
+ goto fatal_err;
}
if (CBS_len(&cipher_suites) > 0) {
@@ -996,7 +996,7 @@ ssl3_get_client_hello(SSL *s)
*/
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_REQUIRED_CIPHER_MISSING);
- goto f_err;
+ goto fatal_err;
}
}
@@ -1010,18 +1010,18 @@ ssl3_get_client_hello(SSL *s)
if (comp_null == 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_NO_COMPRESSION_SPECIFIED);
- goto f_err;
+ goto fatal_err;
}
if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, &cbs, &al)) {
SSLerror(s, SSL_R_PARSE_TLSEXT);
- goto f_err;
+ goto fatal_err;
}
if (!S3I(s)->renegotiate_seen && s->internal->renegotiate) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- goto f_err;
+ goto fatal_err;
}
if (ssl_check_clienthello_tlsext_early(s) <= 0) {
@@ -1078,7 +1078,7 @@ ssl3_get_client_hello(SSL *s)
if (pref_cipher == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_NO_SHARED_CIPHER);
- goto f_err;
+ goto fatal_err;
}
s->session->cipher = pref_cipher;
@@ -1099,7 +1099,7 @@ ssl3_get_client_hello(SSL *s)
if (ciphers == NULL) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_NO_CIPHERS_PASSED);
- goto f_err;
+ goto fatal_err;
}
ciphers = NULL;
c = ssl3_choose_cipher(s, s->session->ciphers,
@@ -1108,7 +1108,7 @@ ssl3_get_client_hello(SSL *s)
if (c == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_NO_SHARED_CIPHER);
- goto f_err;
+ goto fatal_err;
}
S3I(s)->hs.new_cipher = c;
} else {
@@ -1147,7 +1147,7 @@ ssl3_get_client_hello(SSL *s)
decode_err:
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
}
err:
@@ -1317,7 +1317,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
if ((dhp = ssl_get_auto_dh(s)) == NULL) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ goto fatal_err;
}
} else
dhp = s->cert->dh_tmp;
@@ -1329,7 +1329,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
if (dhp == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
+ goto fatal_err;
}
if (S3I(s)->tmp.dh != NULL) {
@@ -1375,7 +1375,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (-1);
@@ -1406,7 +1406,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
if ((S3I(s)->tmp.ecdh = EC_KEY_new()) == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_MISSING_TMP_ECDH_KEY);
- goto f_err;
+ goto fatal_err;
}
S3I(s)->tmp.ecdh_nid = nid;
ecdh = S3I(s)->tmp.ecdh;
@@ -1436,7 +1436,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (-1);
@@ -1542,7 +1542,7 @@ ssl3_send_server_key_exchange(SSL *s)
} else {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
- goto f_err;
+ goto fatal_err;
}
if (!CBB_finish(&cbb_params, &params, &params_len))
@@ -1556,7 +1556,7 @@ ssl3_send_server_key_exchange(SSL *s)
if ((pkey = ssl_get_sign_pkey(s, S3I(s)->hs.new_cipher,
&md, &sigalg)) == NULL) {
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
/* Send signature algorithm. */
@@ -1564,7 +1564,7 @@ ssl3_send_server_key_exchange(SSL *s)
if (!CBB_add_u16(&server_kex, sigalg->value)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, ERR_R_INTERNAL_ERROR);
- goto f_err;
+ goto fatal_err;
}
}
@@ -1627,7 +1627,7 @@ ssl3_send_server_key_exchange(SSL *s)
return (ssl3_handshake_write(s));
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
CBB_cleanup(&cbb_params);
@@ -1726,7 +1726,7 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs)
(pkey->pkey.rsa == NULL)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_MISSING_RSA_CERTIFICATE);
- goto f_err;
+ goto fatal_err;
}
rsa = pkey->pkey.rsa;
@@ -1795,7 +1795,7 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs)
decode_err:
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
freezero(pms, pms_len);
@@ -1821,7 +1821,7 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs)
if (S3I(s)->tmp.dh == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
+ goto fatal_err;
}
dh = S3I(s)->tmp.dh;
@@ -1841,17 +1841,17 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs)
if (!DH_check_pub_key(dh, bn, &key_is_invalid)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, ERR_R_DH_LIB);
- goto f_err;
+ goto fatal_err;
}
if (key_is_invalid) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, ERR_R_DH_LIB);
- goto f_err;
+ goto fatal_err;
}
if ((key_len = DH_compute_key(key, bn, dh)) <= 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerror(s, ERR_R_DH_LIB);
- goto f_err;
+ goto fatal_err;
}
s->session->master_key_length = tls1_generate_master_secret(s,
@@ -1868,7 +1868,7 @@ ssl3_get_client_kex_dhe(SSL *s, CBS *cbs)
decode_err:
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
freezero(key, key_size);
@@ -2083,18 +2083,18 @@ ssl3_get_client_key_exchange(SSL *s)
} else {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE);
- goto f_err;
+ goto fatal_err;
}
if (CBS_len(&cbs) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- goto f_err;
+ goto fatal_err;
}
return (1);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (-1);
@@ -2139,7 +2139,7 @@ ssl3_get_cert_verify(SSL *s)
if (peer != NULL) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
ret = 1;
goto end;
@@ -2148,19 +2148,19 @@ ssl3_get_cert_verify(SSL *s)
if (peer == NULL) {
SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED);
al = SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
+ goto fatal_err;
}
if (!(type & EVP_PKT_SIGN)) {
SSLerror(s, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
al = SSL_AD_ILLEGAL_PARAMETER;
- goto f_err;
+ goto fatal_err;
}
if (S3I(s)->change_cipher_spec) {
SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
al = SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
+ goto fatal_err;
}
if (!SSL_USE_SIGALGS(s)) {
@@ -2169,12 +2169,12 @@ ssl3_get_cert_verify(SSL *s)
if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (CBS_len(&cbs) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
}
@@ -2189,12 +2189,12 @@ ssl3_get_cert_verify(SSL *s)
(md = sigalg->md()) == NULL) {
SSLerror(s, SSL_R_UNKNOWN_DIGEST);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!ssl_sigalg_pkey_ok(sigalg, pkey, 0)) {
SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!CBS_get_u16_length_prefixed(&cbs, &signature))
@@ -2202,48 +2202,48 @@ ssl3_get_cert_verify(SSL *s)
if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE);
al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (CBS_len(&cbs) != 0) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE);
- goto f_err;
+ goto fatal_err;
}
if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, pkey)) {
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
(!EVP_PKEY_CTX_set_rsa_padding
(pctx, RSA_PKCS1_PSS_PADDING) ||
!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (sigalg->key_type == EVP_PKEY_GOSTR01 &&
EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE,
NULL) <= 0) {
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!EVP_DigestVerifyUpdate(&mctx, hdata, hdatalen)) {
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (EVP_DigestVerifyFinal(&mctx, CBS_data(&signature),
CBS_len(&signature)) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_SIGNATURE);
- goto f_err;
+ goto fatal_err;
}
} else if (pkey->type == EVP_PKEY_RSA) {
verify = RSA_verify(NID_md5_sha1, S3I(s)->tmp.cert_verify_md,
@@ -2252,12 +2252,12 @@ ssl3_get_cert_verify(SSL *s)
if (verify < 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_RSA_DECRYPT);
- goto f_err;
+ goto fatal_err;
}
if (verify == 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_RSA_SIGNATURE);
- goto f_err;
+ goto fatal_err;
}
} else if (pkey->type == EVP_PKEY_EC) {
verify = ECDSA_verify(pkey->save_type,
@@ -2267,7 +2267,7 @@ ssl3_get_cert_verify(SSL *s)
if (verify <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE);
- goto f_err;
+ goto fatal_err;
}
#ifndef OPENSSL_NO_GOST
} else if (pkey->type == NID_id_GostR3410_94 ||
@@ -2280,18 +2280,18 @@ ssl3_get_cert_verify(SSL *s)
if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
!(md = EVP_get_digestbynid(nid))) {
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ goto fatal_err;
}
if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
!EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
@@ -2304,14 +2304,14 @@ ssl3_get_cert_verify(SSL *s)
SSLerror(s, ERR_R_EVP_LIB);
al = SSL_AD_INTERNAL_ERROR;
EVP_PKEY_CTX_free(pctx);
- goto f_err;
+ goto fatal_err;
}
if (EVP_PKEY_verify(pctx, CBS_data(&signature),
CBS_len(&signature), sigbuf, siglen) <= 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerror(s, SSL_R_BAD_SIGNATURE);
EVP_PKEY_CTX_free(pctx);
- goto f_err;
+ goto fatal_err;
}
EVP_PKEY_CTX_free(pctx);
@@ -2319,7 +2319,7 @@ ssl3_get_cert_verify(SSL *s)
} else {
SSLerror(s, ERR_R_INTERNAL_ERROR);
al = SSL_AD_UNSUPPORTED_CERTIFICATE;
- goto f_err;
+ goto fatal_err;
}
ret = 1;
@@ -2327,7 +2327,7 @@ ssl3_get_cert_verify(SSL *s)
decode_err:
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
}
end:
@@ -2358,7 +2358,7 @@ ssl3_get_client_certificate(SSL *s)
(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
al = SSL_AD_HANDSHAKE_FAILURE;
- goto f_err;
+ goto fatal_err;
}
/*
* If tls asked for a client cert,
@@ -2368,7 +2368,7 @@ ssl3_get_client_certificate(SSL *s)
SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
);
al = SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
+ goto fatal_err;
}
S3I(s)->tmp.reuse_message = 1;
return (1);
@@ -2377,7 +2377,7 @@ ssl3_get_client_certificate(SSL *s)
if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
- goto f_err;
+ goto fatal_err;
}
if (n < 0)
@@ -2400,7 +2400,7 @@ ssl3_get_client_certificate(SSL *s)
if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
q = CBS_data(&cert);
@@ -2412,7 +2412,7 @@ ssl3_get_client_certificate(SSL *s)
if (q != CBS_data(&cert) + CBS_len(&cert)) {
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
+ goto fatal_err;
}
if (!sk_X509_push(sk, x)) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
@@ -2430,7 +2430,7 @@ ssl3_get_client_certificate(SSL *s)
(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
al = SSL_AD_HANDSHAKE_FAILURE;
- goto f_err;
+ goto fatal_err;
}
/* No client certificate so free transcript. */
tls1_transcript_free(s);
@@ -2439,7 +2439,7 @@ ssl3_get_client_certificate(SSL *s)
if (i <= 0) {
al = ssl_verify_alarm_type(s->verify_result);
SSLerror(s, SSL_R_NO_CERTIFICATE_RETURNED);
- goto f_err;
+ goto fatal_err;
}
}
@@ -2473,7 +2473,7 @@ ssl3_get_client_certificate(SSL *s)
decode_err:
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- f_err:
+ fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
}
err:
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 19:26:03 +0000