kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Remove the last of the f_err pattern. 

BUG=128

Change-Id: I4d7e64b09dbbbaa2d12161672cab532e2e53fe7b
Reviewed-on: https://boringssl-review.googlesource.com/17248
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
kris/onging/CECPQ3_patch15
David Benjamin 7 years ago
committed by CQ bot account: commit-bot@chromium.org
parent
8d606e361c
commit
d98107b4e1
1 changed files with 50 additions and 62 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +50
    -62
      ssl/handshake_server.c

+ 50
- 62
ssl/handshake_server.c View File

@@ -903,7 +903,6 @@ static int ssl3_select_certificate(SSL_HANDSHAKE *hs) {

static int ssl3_select_parameters(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
uint8_t al = SSL_AD_INTERNAL_ERROR;
int ret = -1;
SSL_SESSION *session = NULL;

@@ -933,9 +932,9 @@ static int ssl3_select_parameters(SSL_HANDSHAKE *hs) {
if (session->extended_master_secret && !hs->extended_master_secret) {
/* A ClientHello without EMS that attempts to resume a session with EMS
* is fatal to the connection. */
al = SSL_AD_HANDSHAKE_FAILURE;
OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION);
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
goto err;
}

if (!ssl_session_is_resumable(hs, session) ||
@@ -969,9 +968,9 @@ static int ssl3_select_parameters(SSL_HANDSHAKE *hs) {
if (ssl->ctx->dos_protection_cb != NULL &&
ssl->ctx->dos_protection_cb(&client_hello) == 0) {
/* Connection rejected for DOS reasons. */
al = SSL_AD_INTERNAL_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
goto err;
}

if (ssl->session == NULL) {
@@ -982,8 +981,8 @@ static int ssl3_select_parameters(SSL_HANDSHAKE *hs) {
OPENSSL_free(hs->new_session->tlsext_hostname);
hs->new_session->tlsext_hostname = BUF_strdup(hs->hostname);
if (hs->new_session->tlsext_hostname == NULL) {
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
goto err;
}
}

@@ -1008,8 +1007,10 @@ static int ssl3_select_parameters(SSL_HANDSHAKE *hs) {

/* HTTP/2 negotiation depends on the cipher suite, so ALPN negotiation was
* deferred. Complete it now. */
if (!ssl_negotiate_alpn(hs, &al, &client_hello)) {
goto f_err;
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!ssl_negotiate_alpn(hs, &alert, &client_hello)) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
goto err;
}

/* Now that all parameters are known, initialize the handshake hash and hash
@@ -1017,7 +1018,8 @@ static int ssl3_select_parameters(SSL_HANDSHAKE *hs) {
if (!SSL_TRANSCRIPT_init_hash(&hs->transcript, ssl3_protocol_version(ssl),
hs->new_cipher->algorithm_prf) ||
!ssl_hash_current_message(hs)) {
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
goto err;
}

/* Release the handshake buffer if client authentication isn't required. */
@@ -1027,11 +1029,6 @@ static int ssl3_select_parameters(SSL_HANDSHAKE *hs) {

ret = 1;

if (0) {
f_err:
ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
}

err:
SSL_SESSION_free(session);
return ret;
@@ -1417,7 +1414,6 @@ static int ssl3_get_client_certificate(SSL_HANDSHAKE *hs) {

static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
int al;
CBS client_key_exchange;
uint32_t alg_k;
uint32_t alg_a;
@@ -1453,27 +1449,27 @@ static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) {
if (!CBS_get_u16_length_prefixed(&client_key_exchange, &psk_identity) ||
((alg_k & SSL_kPSK) && CBS_len(&client_key_exchange) != 0)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
al = SSL_AD_DECODE_ERROR;
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
goto err;
}

if (ssl->psk_server_callback == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_NO_SERVER_CB);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
goto err;
}

if (CBS_len(&psk_identity) > PSK_MAX_IDENTITY_LEN ||
CBS_contains_zero_byte(&psk_identity)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
al = SSL_AD_ILLEGAL_PARAMETER;
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
goto err;
}

if (!CBS_strdup(&psk_identity, &hs->new_session->psk_identity)) {
al = SSL_AD_INTERNAL_ERROR;
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
goto err;
}

/* Look up the key for the identity. */
@@ -1481,13 +1477,13 @@ static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) {
sizeof(psk));
if (psk_len > PSK_MAX_PSK_LEN) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
al = SSL_AD_INTERNAL_ERROR;
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
goto err;
} else if (psk_len == 0) {
/* PSK related to the given identity not found */
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
al = SSL_AD_UNKNOWN_PSK_IDENTITY;
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNKNOWN_PSK_IDENTITY);
goto err;
}
}

@@ -1507,19 +1503,19 @@ static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) {
if (hs->state == SSL3_ST_SR_KEY_EXCH_A) {
if (!ssl_has_private_key(ssl) ||
EVP_PKEY_id(hs->local_pubkey) != EVP_PKEY_RSA) {
al = SSL_AD_HANDSHAKE_FAILURE;
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_RSA_CERTIFICATE);
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
goto err;
}
CBS encrypted_premaster_secret;
if (ssl->version > SSL3_VERSION) {
if (!CBS_get_u16_length_prefixed(&client_key_exchange,
&encrypted_premaster_secret) ||
CBS_len(&client_key_exchange) != 0) {
al = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL,
SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
goto err;
}
} else {
encrypted_premaster_secret = client_key_exchange;
@@ -1550,9 +1546,9 @@ static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) {
}

if (decrypt_len != rsa_size) {
al = SSL_AD_DECRYPT_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
goto err;
}

/* Prepare a random premaster, to be used on invalid padding. See RFC 5246,
@@ -1570,9 +1566,9 @@ static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) {
/* The smallest padded premaster is 11 bytes of overhead. Small keys are
* publicly invalid. */
if (decrypt_len < 11 + premaster_secret_len) {
al = SSL_AD_DECRYPT_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
goto err;
}

/* Check the padding. See RFC 3447, section 7.2.2. */
@@ -1605,9 +1601,9 @@ static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) {
CBS peer_key;
if (!CBS_get_u8_length_prefixed(&client_key_exchange, &peer_key) ||
CBS_len(&client_key_exchange) != 0) {
al = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
goto err;
}

/* Compute the premaster. */
@@ -1615,8 +1611,8 @@ static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) {
if (!SSL_ECDH_CTX_finish(&hs->ecdh_ctx, &premaster_secret,
&premaster_secret_len, &alert, CBS_data(&peer_key),
CBS_len(&peer_key))) {
al = alert;
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
goto err;
}

/* The key exchange state may now be discarded. */
@@ -1632,9 +1628,9 @@ static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) {
}
OPENSSL_memset(premaster_secret, 0, premaster_secret_len);
} else {
al = SSL_AD_HANDSHAKE_FAILURE;
OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_TYPE);
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
goto err;
}

/* For a PSK cipher suite, the actual pre-master secret is combined with the
@@ -1674,8 +1670,6 @@ static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) {
OPENSSL_free(premaster_secret);
return 1;

f_err:
ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
err:
if (premaster_secret != NULL) {
OPENSSL_cleanse(premaster_secret, premaster_secret_len);
@@ -1688,7 +1682,6 @@ err:

static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
int al;
CBS certificate_verify, signature;

/* Only RSA and ECDSA client certificates are supported, so a
@@ -1714,29 +1707,29 @@ static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs) {
uint16_t signature_algorithm = 0;
if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
if (!CBS_get_u16(&certificate_verify, &signature_algorithm)) {
al = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return -1;
}
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
al = alert;
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
return -1;
}
hs->new_session->peer_signature_algorithm = signature_algorithm;
} else if (!tls1_get_legacy_signature_algorithm(&signature_algorithm,
hs->peer_pubkey)) {
al = SSL_AD_UNSUPPORTED_CERTIFICATE;
OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_CERTIFICATE);
return -1;
}

/* Parse and verify the signature. */
if (!CBS_get_u16_length_prefixed(&certificate_verify, &signature) ||
CBS_len(&certificate_verify) != 0) {
al = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
return -1;
}

int sig_ok;
@@ -1748,7 +1741,7 @@ static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs) {
if (!SSL_TRANSCRIPT_ssl3_cert_verify_hash(&hs->transcript, digest,
&digest_len, hs->new_session,
signature_algorithm)) {
goto err;
return -1;
}

EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(hs->peer_pubkey, NULL);
@@ -1769,24 +1762,19 @@ static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs) {
ERR_clear_error();
#endif
if (!sig_ok) {
al = SSL_AD_DECRYPT_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
goto f_err;
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
return -1;
}

/* The handshake buffer is no longer necessary, and we may hash the current
* message.*/
SSL_TRANSCRIPT_free_buffer(&hs->transcript);
if (!ssl_hash_current_message(hs)) {
goto err;
return -1;
}

return 1;

f_err:
ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
err:
return 0;
}

/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It


Write Preview
Loading…
Cancel
Save