Replace some usage of SSLerr with SSLfatal()
authorMatt Caswell <matt@openssl.org>
Thu, 23 Nov 2017 16:25:05 +0000 (16:25 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 4 Dec 2017 13:31:48 +0000 (13:31 +0000)
This is an initial step towards using SSLfatal() everywhere. Initially in
this commit and in subsequent commits we focus on the state machine code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4778)

ssl/s3_enc.c
ssl/statem/statem_lib.c

index 02e0598..f080f8a 100644 (file)
@@ -298,7 +298,8 @@ int ssl3_init_finished_mac(SSL *s)
     BIO *buf = BIO_new(BIO_s_mem());
 
     if (buf == NULL) {
-        SSLerr(SSL_F_SSL3_INIT_FINISHED_MAC, ERR_R_MALLOC_FAILURE);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC,
+                 ERR_R_MALLOC_FAILURE);
         return 0;
     }
     ssl3_free_digest_list(s);
index cb1fb7d..cc6dbd6 100644 (file)
@@ -86,8 +86,8 @@ int tls_setup_handshake(SSL *s)
          * ClientHello.
          */
         if (ssl_get_min_max_version(s, &ver_min, &ver_max) != 0) {
-            SSLerr(SSL_F_TLS_SETUP_HANDSHAKE, ERR_R_INTERNAL_ERROR);
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_SETUP_HANDSHAKE,
+                     ERR_R_INTERNAL_ERROR);
             return 0;
         }
         for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
@@ -104,10 +104,10 @@ int tls_setup_handshake(SSL *s)
                 break;
         }
         if (!ok) {
-            SSLerr(SSL_F_TLS_SETUP_HANDSHAKE, SSL_R_NO_CIPHERS_AVAILABLE);
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_SETUP_HANDSHAKE,
+                     SSL_R_NO_CIPHERS_AVAILABLE);
             ERR_add_error_data(1, "No ciphers enabled for max supported "
                                   "SSL/TLS version");
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
             return 0;
         }
         if (SSL_IS_FIRST_HANDSHAKE(s)) {
@@ -125,9 +125,8 @@ int tls_setup_handshake(SSL *s)
              * Server attempting to renegotiate with client that doesn't
              * support secure renegotiation.
              */
-            SSLerr(SSL_F_TLS_SETUP_HANDSHAKE,
-                   SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_SETUP_HANDSHAKE,
+                     SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
             return 0;
         } else {
             /* N.B. s->ctx may not equal s->session_ctx */