Provides consistent output and approach.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3496)
}
s->d1 = d1;
- s->method->ssl_clear(s);
+
+ if (!s->method->ssl_clear(s))
+ return 0;
+
return 1;
}
s->d1 = NULL;
}
-void dtls1_clear(SSL *s)
+int dtls1_clear(SSL *s)
{
pqueue *buffered_messages;
pqueue *sent_messages;
s->d1->sent_messages = sent_messages;
}
- ssl3_clear(s);
+ if (!ssl3_clear(s))
+ return 0;
if (s->method->version == DTLS_ANY_VERSION)
s->version = DTLS_MAX_VERSION;
#endif
else
s->version = s->method->version;
+
+ return 1;
}
long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
* https://www.openssl.org/source/license.html
*/
-#include <assert.h>
+#include "e_os.h"
#include "packet_locl.h"
#define DEFAULT_BUF_SIZE 256
int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
{
/* Internal API, so should not fail */
- assert(pkt->subs != NULL && len != 0);
- if (pkt->subs == NULL || len == 0)
+ if (!ossl_assert(pkt->subs != NULL && len != 0))
return 0;
if (pkt->maxsize - pkt->written < len)
size_t max = maxmaxsize(lenbytes);
/* Internal API, so should not fail */
- assert(buf != NULL && len > 0);
- if (buf == NULL || len == 0)
+ if (!ossl_assert(buf != NULL && len > 0))
return 0;
pkt->staticbuf = buf;
int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes)
{
/* Internal API, so should not fail */
- assert(buf != NULL);
- if (buf == NULL)
+ if (!ossl_assert(buf != NULL))
return 0;
pkt->staticbuf = NULL;
int WPACKET_set_flags(WPACKET *pkt, unsigned int flags)
{
/* Internal API, so should not fail */
- assert(pkt->subs != NULL);
- if (pkt->subs == NULL)
+ if (!ossl_assert(pkt->subs != NULL))
return 0;
pkt->subs->flags = flags;
{
WPACKET_SUB *sub;
- assert(pkt->subs != NULL);
- if (pkt->subs == NULL)
+ if (!ossl_assert(pkt->subs != NULL))
return 0;
for (sub = pkt->subs; sub != NULL; sub = sub->parent) {
unsigned char *lenchars;
/* Internal API, so should not fail */
- assert(pkt->subs != NULL);
- if (pkt->subs == NULL)
+ if (!ossl_assert(pkt->subs != NULL))
return 0;
sub = OPENSSL_zalloc(sizeof(*sub));
unsigned char *data;
/* Internal API, so should not fail */
- assert(size <= sizeof(unsigned int));
-
- if (size > sizeof(unsigned int)
+ if (!ossl_assert(size <= sizeof(unsigned int))
|| !WPACKET_allocate_bytes(pkt, size, &data)
|| !put_value(data, val, size))
return 0;
size_t lenbytes;
/* Internal API, so should not fail */
- assert(pkt->subs != NULL);
- if (pkt->subs == NULL)
+ if (!ossl_assert(pkt->subs != NULL))
return 0;
/* Find the WPACKET_SUB for the top level */
int WPACKET_get_total_written(WPACKET *pkt, size_t *written)
{
/* Internal API, so should not fail */
- assert(written != NULL);
- if (written == NULL)
+ if (!ossl_assert(written != NULL))
return 0;
*written = pkt->written;
int WPACKET_get_length(WPACKET *pkt, size_t *len)
{
/* Internal API, so should not fail */
- assert(pkt->subs != NULL && len != NULL);
- if (pkt->subs == NULL || len == NULL)
+ if (!ossl_assert(pkt->subs != NULL && len != NULL))
return 0;
*len = pkt->written - pkt->subs->pwritten;
#include <openssl/evp.h>
#include <openssl/buffer.h>
#include "record_locl.h"
-#include <assert.h>
#include "../packet_locl.h"
int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
* (which is tested for at the top of this function) then init must be
* finished
*/
- assert(SSL_is_init_finished(s));
- if (!SSL_is_init_finished(s)) {
+ if (!ossl_assert(SSL_is_init_finished(s))) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
goto f_err;
*/
#include <stdio.h>
-#include <assert.h>
#include <limits.h>
#include <errno.h>
#define USE_SOCKETS
* https://www.openssl.org/source/license.html
*/
-#include <assert.h>
#include "../ssl_locl.h"
#include "internal/constant_time_locl.h"
#include <openssl/rand.h>
unsigned char *mac;
/* TODO(size_t): convert this to do size_t properly */
imac_size = EVP_MD_CTX_size(s->read_hash);
- assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE);
- if (imac_size < 0 || imac_size > EVP_MAX_MD_SIZE) {
+ if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD, ERR_LIB_EVP);
goto f_err;
* https://www.openssl.org/source/license.html
*/
-#include <assert.h>
#include "../ssl_locl.h"
#include "record_locl.h"
* To get here we must have selected a ciphersuite - otherwise ctx would
* be NULL
*/
- assert(s->s3->tmp.new_cipher != NULL);
- if (s->s3->tmp.new_cipher == NULL)
+ if (!ossl_assert(s->s3->tmp.new_cipher != NULL))
return -1;
alg_enc = s->s3->tmp.new_cipher->algorithm_enc;
}
* https://www.openssl.org/source/license.html
*/
-#include <assert.h>
#include "internal/constant_time_locl.h"
#include "ssl_locl.h"
* ssl3_cbc_record_digest_supported should have been called first to
* check that the hash function is supported.
*/
- assert(0);
- if (md_out_size)
+ if (md_out_size != NULL)
*md_out_size = 0;
- return 0;
+ return ossl_assert(0);
}
- if (!ossl_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES
- && md_block_size <= MAX_HASH_BLOCK_SIZE
- && md_size <= EVP_MAX_MD_SIZE))
+ if (!ossl_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES)
+ || !ossl_assert(md_block_size <= MAX_HASH_BLOCK_SIZE)
+ || !ossl_assert(md_size <= EVP_MAX_MD_SIZE))
return 0;
header_length = 13;
*/
#include <stdio.h>
-#include <assert.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
#include <openssl/md5.h>
if (!SSL_SRP_CTX_init(s))
goto err;
#endif
- s->method->ssl_clear(s);
+
+ if (!s->method->ssl_clear(s))
+ return 0;
+
return 1;
err:
return 0;
s->s3 = NULL;
}
-void ssl3_clear(SSL *s)
+int ssl3_clear(SSL *s)
{
ssl3_cleanup_key_block(s);
OPENSSL_free(s->s3->tmp.ctype);
/* NULL/zero-out everything in the s3 struct */
memset(s->s3, 0, sizeof(*s->s3));
- ssl_free_wbio_buffer(s);
+ if (!ssl_free_wbio_buffer(s))
+ return 0;
s->version = SSL3_VERSION;
s->ext.npn = NULL;
s->ext.npn_len = 0;
#endif
+
+ return 1;
}
#ifndef OPENSSL_NO_SRP
}
#ifndef OPENSSL_NO_TLS13DOWNGRADE
if (ret) {
- assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len);
+ if (!ossl_assert(sizeof(tls11downgrade) < len)
+ || !ossl_assert(sizeof(tls12downgrade) < len))
+ return 0;
if (dgrd == DOWNGRADE_TO_1_2)
memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
sizeof(tls12downgrade));
#include "internal/err.h"
#include <openssl/crypto.h>
#include <openssl/evp.h>
-#include <assert.h>
#include "ssl_locl.h"
#include "internal/thread_once.h"
* OTHERWISE.
*/
-#include <assert.h>
#include <stdio.h>
#include "ssl_locl.h"
#include <openssl/objects.h>
s->method = s->ctx->method;
if (!s->method->ssl_new(s))
return 0;
- } else
- s->method->ssl_clear(s);
+ } else {
+ if (!s->method->ssl_clear(s))
+ return 0;
+ }
RECORD_LAYER_clear(&s->rlayer);
dane_final(&s->dane);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+ /* Ignore return value */
ssl_free_wbio_buffer(s);
BIO_free_all(s->wbio);
return 1;
}
-void ssl_free_wbio_buffer(SSL *s)
+int ssl_free_wbio_buffer(SSL *s)
{
/* callers ensure s is never null */
if (s->bbio == NULL)
- return;
+ return 1;
s->wbio = BIO_pop(s->wbio);
- assert(s->wbio != NULL);
+ if (!ossl_assert(s->wbio != NULL))
+ return 0;
BIO_free(s->bbio);
s->bbio = NULL;
+
+ return 1;
}
void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
unsigned flags;
unsigned long mask;
int (*ssl_new) (SSL *s);
- void (*ssl_clear) (SSL *s);
+ int (*ssl_clear) (SSL *s);
void (*ssl_free) (SSL *s);
int (*ssl_accept) (SSL *s);
int (*ssl_connect) (SSL *s);
__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes);
__owur int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written);
__owur int ssl3_shutdown(SSL *s);
-void ssl3_clear(SSL *s);
+int ssl3_clear(SSL *s);
__owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
__owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
__owur int tls1_new(SSL *s);
void tls1_free(SSL *s);
-void tls1_clear(SSL *s);
+int tls1_clear(SSL *s);
long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
__owur int dtls1_new(SSL *s);
void dtls1_free(SSL *s);
-void dtls1_clear(SSL *s);
+int dtls1_clear(SSL *s);
long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
__owur int dtls1_shutdown(SSL *s);
__owur int dtls1_dispatch_alert(SSL *s);
__owur int ssl_init_wbio_buffer(SSL *s);
-void ssl_free_wbio_buffer(SSL *s);
+int ssl_free_wbio_buffer(SSL *s);
__owur int tls1_change_cipher_state(SSL *s, int which);
__owur int tls1_setup_key_block(SSL *s);
* https://www.openssl.org/source/license.html
*/
-#include <assert.h>
#include <openssl/ocsp.h>
#include "../ssl_locl.h"
#include "statem_locl.h"
size_t encodedlen;
if (s->s3->tmp.pkey != NULL) {
- assert(s->hello_retry_request);
- if (!s->hello_retry_request) {
+ if (!ossl_assert(s->hello_retry_request)) {
SSLerr(SSL_F_ADD_KEY_SHARE, ERR_R_INTERNAL_ERROR);
return 0;
}
const unsigned char *data;
/* Check for logic errors */
- assert(expected_len == 0 || s->s3->previous_client_finished_len != 0);
- assert(expected_len == 0 || s->s3->previous_server_finished_len != 0);
+ if (!ossl_assert(expected_len == 0
+ || s->s3->previous_client_finished_len != 0)
+ || !ossl_assert(expected_len == 0
+ || s->s3->previous_server_finished_len != 0)) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
/* Parse the length byte */
if (!PACKET_get_1_len(pkt, &ilen)) {
/* Custom extension utility functions */
-#include <assert.h>
#include <openssl/ct.h>
#include "../ssl_locl.h"
#include "statem_locl.h"
/*
* We can't send duplicates: code logic should prevent this.
*/
- assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0);
+ if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
/*
* Indicate extension has been sent: this is both a sanity check to
* ensure we don't send duplicate extensions and indicates that it
BUF_MEM_free(s->init_buf);
s->init_buf = NULL;
}
- ssl_free_wbio_buffer(s);
+ if (!ssl_free_wbio_buffer(s))
+ return WORK_ERROR;
s->init_num = 0;
}
int tls1_new(SSL *s)
{
if (!ssl3_new(s))
- return (0);
- s->method->ssl_clear(s);
- return (1);
+ return 0;
+ if (!s->method->ssl_clear(s))
+ return 0;
+
+ return 1;
}
void tls1_free(SSL *s)
ssl3_free(s);
}
-void tls1_clear(SSL *s)
+int tls1_clear(SSL *s)
{
- ssl3_clear(s);
+ if (!ssl3_clear(s))
+ return 0;
+
if (s->method->version == TLS_ANY_VERSION)
s->version = TLS_MAX_VERSION;
else
s->version = s->method->version;
+
+ return 1;
}
#ifndef OPENSSL_NO_EC
projects / openssl.git / commitdiff