SSL_R_BAD_SSL_FILETYPE:124:bad ssl filetype
SSL_R_BAD_VALUE:384:bad value
SSL_R_BAD_WRITE_RETRY:127:bad write retry
+SSL_R_BINDER_DOES_NOT_VERIFY:253:binder does not verify
SSL_R_BIO_NOT_SET:128:bio not set
SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:129:block cipher pad is wrong
SSL_R_BN_LIB:130:bn lib
# define SSL_R_BAD_SSL_FILETYPE 124
# define SSL_R_BAD_VALUE 384
# define SSL_R_BAD_WRITE_RETRY 127
+# define SSL_R_BINDER_DOES_NOT_VERIFY 253
# define SSL_R_BIO_NOT_SET 128
# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
# define SSL_R_BN_LIB 130
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_VALUE), "bad value"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_WRITE_RETRY), "bad write retry"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BINDER_DOES_NOT_VERIFY),
+ "binder does not verify"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BIO_NOT_SET), "bio not set"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),
"block cipher pad is wrong"},
}
if (sess->master_key_length != hashsize) {
- SSLerr(SSL_F_TLS_PSK_DO_BINDER, SSL_R_BAD_PSK);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+ SSL_R_BAD_PSK);
goto err;
}
(const unsigned char *)nonce_label,
sizeof(nonce_label) - 1, sess->ext.tick_nonce,
sess->ext.tick_nonce_len, psk, hashsize)) {
- SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
+ /* SSLfatal() already called */
goto err;
}
}
else
early_secret = (unsigned char *)sess->early_secret;
if (!tls13_generate_secret(s, md, NULL, psk, hashsize, early_secret)) {
- SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
+ /* SSLfatal() already called */
goto err;
}
if (mctx == NULL
|| EVP_DigestInit_ex(mctx, md, NULL) <= 0
|| EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
- SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
/* Generate the binder key */
if (!tls13_hkdf_expand(s, md, early_secret, (unsigned char *)label,
labelsize, hash, hashsize, binderkey, hashsize)) {
- SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
+ /* SSLfatal() already called */
goto err;
}
/* Generate the finished key */
if (!tls13_derive_finishedkey(s, md, binderkey, finishedkey, hashsize)) {
- SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
+ /* SSLfatal() already called */
goto err;
}
if (EVP_DigestInit_ex(mctx, md, NULL) <= 0) {
- SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
if (hdatalen <= 0) {
- SSLerr(SSL_F_TLS_PSK_DO_BINDER, SSL_R_BAD_HANDSHAKE_LENGTH);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+ SSL_R_BAD_HANDSHAKE_LENGTH);
goto err;
}
|| !PACKET_get_length_prefixed_3(&hashprefix, &msg)
|| !PACKET_forward(&hashprefix, 1)
|| !PACKET_get_length_prefixed_3(&hashprefix, &msg)) {
- SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
hdatalen -= PACKET_remaining(&hashprefix);
}
if (EVP_DigestUpdate(mctx, hdata, hdatalen) <= 0) {
- SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
}
if (EVP_DigestUpdate(mctx, msgstart, binderoffset) <= 0
|| EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
- SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
mackey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, finishedkey, hashsize);
if (mackey == NULL) {
- SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
|| EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
|| EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
|| bindersize != hashsize) {
- SSLerr(SSL_F_TLS_PSK_DO_BINDER, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
} else {
/* HMAC keys can't do EVP_DigestVerify* - use CRYPTO_memcmp instead */
ret = (CRYPTO_memcmp(binderin, binderout, hashsize) == 0);
+ if (!ret)
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PSK_DO_BINDER,
+ SSL_R_BINDER_DOES_NOT_VERIFY);
}
err:
if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
+ ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
}
}
}
if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
- SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
+ ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
}
size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen;
unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL;
const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
- EXT_RETURN ret = EXT_RETURN_FAIL;
int dores = 0;
s->session->ext.tick_identity = TLSEXT_PSK_BAD_IDENTITY;
if (s->session->cipher == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
ERR_R_INTERNAL_ERROR);
- goto err;
+ return EXT_RETURN_FAIL;
}
mdres = ssl_md(s->session->cipher->algorithm2);
if (mdres == NULL) {
*/
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
SSL_R_BAD_PSK);
- goto err;
+ return EXT_RETURN_FAIL;
}
if (s->hello_retry_request && mdpsk != handmd) {
*/
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
SSL_R_BAD_PSK);
- goto err;
+ return EXT_RETURN_FAIL;
}
pskhashsize = EVP_MD_size(mdpsk);
|| !WPACKET_start_sub_packet_u16(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
ERR_R_INTERNAL_ERROR);
- goto err;
+ return EXT_RETURN_FAIL;
}
if (dores) {
|| !WPACKET_put_bytes_u32(pkt, agems)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
ERR_R_INTERNAL_ERROR);
- goto err;
+ return EXT_RETURN_FAIL;
}
}
|| !WPACKET_put_bytes_u32(pkt, 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
ERR_R_INTERNAL_ERROR);
- goto err;
+ return EXT_RETURN_FAIL;
}
}
|| !WPACKET_fill_lengths(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
ERR_R_INTERNAL_ERROR);
- goto err;
+ return EXT_RETURN_FAIL;
}
msgstart = WPACKET_get_curr(pkt) - msglen;
if (dores
&& tls_psk_do_binder(s, mdres, msgstart, binderoffset, NULL,
resbinder, s->session, 1, 0) != 1) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
- ERR_R_INTERNAL_ERROR);
- goto err;
+ /* SSLfatal() already called */
+ return EXT_RETURN_FAIL;
}
if (s->psksession != NULL
&& tls_psk_do_binder(s, mdpsk, msgstart, binderoffset, NULL,
pskbinder, s->psksession, 1, 1) != 1) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
- ERR_R_INTERNAL_ERROR);
- goto err;
+ /* SSLfatal() already called */
+ return EXT_RETURN_FAIL;
}
if (dores)
if (s->psksession != NULL)
s->psksession->ext.tick_identity = (dores ? 1 : 0);
- ret = EXT_RETURN_SENT;
- err:
- return ret;
+ return EXT_RETURN_SENT;
#else
return EXT_RETURN_NOT_SENT;
#endif
(const unsigned char *)s->init_buf->data,
binderoffset, PACKET_data(&binder), NULL,
sess, 0, ext) != 1) {
- SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
- SSL_R_BAD_EXTENSION);
+ /* SSLfatal() already called */
goto err;
}
ERR_R_INTERNAL_ERROR);
return 0;
}
- /* ssl_cipher_list_to_bytes() raises SSLerr if appropriate */
+
if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), pkt)) {
/* SSLfatal() already called */
return 0;
{
if (s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY
&& s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) {
- SSLerr(SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA,
- ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
projects / oweals / openssl.git / commitdiff