SM2_R_INVALID_PRIVATE_KEY:113:invalid private key
SM2_R_NO_PARAMETERS_SET:109:no parameters set
SM2_R_USER_ID_TOO_LARGE:106:user id too large
-SSL_R_ALGORITHM_FETCH_FAILED:295:algorithm fetch failed
SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY:291:\
application data after close notify
SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake
/*
* SSL reason codes.
*/
-# define SSL_R_ALGORITHM_FETCH_FAILED 295
# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291
# define SSL_R_APP_DATA_IN_HANDSHAKE 100
# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
# define SSL_R_CERT_LENGTH_MISMATCH 135
# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED 218
# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
-# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
# define SSL_R_CLIENTHELLO_TLSEXT 226
# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
# define SSL_R_COMPRESSION_DISABLED 343
if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp,
0)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+ /* Error is already recorded */
+ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
return 0;
}
#ifndef OPENSSL_NO_ERR
static const ERR_STRING_DATA SSL_str_reasons[] = {
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ALGORITHM_FETCH_FAILED),
- "algorithm fetch failed"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY),
"application data after close notify"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE),
"ciphersuite digest has changed"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH),
"cipher code wrong length"},
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_OR_HASH_UNAVAILABLE),
- "cipher or hash unavailable"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSED_LENGTH_TOO_LONG),
"compressed length too long"},
s->statem.request_state = TLS_ST_SW_HELLO_REQ;
}
+void ossl_statem_send_fatal(SSL *s, int al)
+{
+ /* We shouldn't call SSLfatal() twice. Once is enough */
+ if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
+ return;
+ s->statem.in_init = 1;
+ s->statem.state = MSG_FLOW_ERROR;
+ if (al != SSL_AD_NO_ALERT
+ && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+}
+
/*
* Error reporting building block that's used instead of ERR_set_error().
* In addition to what ERR_set_error() does, this puts the state machine
ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
va_end(args);
- /* We shouldn't call SSLfatal() twice. Once is enough */
- if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
- return;
- s->statem.in_init = 1;
- s->statem.state = MSG_FLOW_ERROR;
- if (al != SSL_AD_NO_ALERT
- && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
- ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ ossl_statem_send_fatal(s, al);
}
/*
__owur int ossl_statem_connect(SSL *s);
void ossl_statem_clear(SSL *s);
void ossl_statem_set_renegotiate(SSL *s);
+void ossl_statem_send_fatal(SSL *s, int al);
void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...);
# define SSL_AD_NO_ALERT -1
+# define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al))
# define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL)
# define SSLfatal_data \
(ERR_new(), \
*/
sha256 = EVP_MD_fetch(s->ctx->libctx, "SHA2-256", s->ctx->propq);
if (sha256 == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_ALGORITHM_FETCH_FAILED);
+ /* Error is already recorded */
+ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
goto err;
}
/*
s->ctx->propq);
if (cipher == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_ALGORITHM_FETCH_FAILED);
+ /* Error is already recorded */
+ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
goto err;
}
if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, &mac_type,
&mac_secret_size, &comp, s->ext.use_etm)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+ /* Error is already recorded */
+ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
return 0;
}
s->session->cipher = s->s3.tmp.new_cipher;
if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, NULL,
0)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+ /* Error is already recorded */
+ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
return 0;
}
* it again
*/
if (!ssl_cipher_get_evp_cipher(s->ctx, sslcipher, &cipher)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_R_ALGORITHM_FETCH_FAILED);
+ /* Error is already recorded */
+ SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
EVP_MD_CTX_free(mdctx);
goto err;
}
return EVP_sha256();
}
+void ossl_statem_send_fatal(SSL *s, int al)
+{
+}
+
void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...)
{
}