Remove the last of the f_err pattern.
BUG=128
Change-Id: I4d7e64b09dbbbaa2d12161672cab532e2e53fe7b
Reviewed-on: https://boringssl-review.googlesource.com/17248
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index 8d61b29..3979801 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -903,7 +903,6 @@
static int ssl3_select_parameters(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- uint8_t al = SSL_AD_INTERNAL_ERROR;
int ret = -1;
SSL_SESSION *session = NULL;
@@ -933,9 +932,9 @@
if (session->extended_master_secret && !hs->extended_master_secret) {
/* A ClientHello without EMS that attempts to resume a session with EMS
* is fatal to the connection. */
- al = SSL_AD_HANDSHAKE_FAILURE;
OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION);
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ goto err;
}
if (!ssl_session_is_resumable(hs, session) ||
@@ -969,9 +968,9 @@
if (ssl->ctx->dos_protection_cb != NULL &&
ssl->ctx->dos_protection_cb(&client_hello) == 0) {
/* Connection rejected for DOS reasons. */
- al = SSL_AD_INTERNAL_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ goto err;
}
if (ssl->session == NULL) {
@@ -982,8 +981,8 @@
OPENSSL_free(hs->new_session->tlsext_hostname);
hs->new_session->tlsext_hostname = BUF_strdup(hs->hostname);
if (hs->new_session->tlsext_hostname == NULL) {
- al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ goto err;
}
}
@@ -1008,8 +1007,10 @@
/* HTTP/2 negotiation depends on the cipher suite, so ALPN negotiation was
* deferred. Complete it now. */
- if (!ssl_negotiate_alpn(hs, &al, &client_hello)) {
- goto f_err;
+ uint8_t alert = SSL_AD_DECODE_ERROR;
+ if (!ssl_negotiate_alpn(hs, &alert, &client_hello)) {
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ goto err;
}
/* Now that all parameters are known, initialize the handshake hash and hash
@@ -1017,7 +1018,8 @@
if (!SSL_TRANSCRIPT_init_hash(&hs->transcript, ssl3_protocol_version(ssl),
hs->new_cipher->algorithm_prf) ||
!ssl_hash_current_message(hs)) {
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ goto err;
}
/* Release the handshake buffer if client authentication isn't required. */
@@ -1027,11 +1029,6 @@
ret = 1;
- if (0) {
- f_err:
- ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
- }
-
err:
SSL_SESSION_free(session);
return ret;
@@ -1417,7 +1414,6 @@
static int ssl3_get_client_key_exchange(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- int al;
CBS client_key_exchange;
uint32_t alg_k;
uint32_t alg_a;
@@ -1453,27 +1449,27 @@
if (!CBS_get_u16_length_prefixed(&client_key_exchange, &psk_identity) ||
((alg_k & SSL_kPSK) && CBS_len(&client_key_exchange) != 0)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- al = SSL_AD_DECODE_ERROR;
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ goto err;
}
if (ssl->psk_server_callback == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_NO_SERVER_CB);
- al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ goto err;
}
if (CBS_len(&psk_identity) > PSK_MAX_IDENTITY_LEN ||
CBS_contains_zero_byte(&psk_identity)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
- al = SSL_AD_ILLEGAL_PARAMETER;
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+ goto err;
}
if (!CBS_strdup(&psk_identity, &hs->new_session->psk_identity)) {
- al = SSL_AD_INTERNAL_ERROR;
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ goto err;
}
/* Look up the key for the identity. */
@@ -1481,13 +1477,13 @@
sizeof(psk));
if (psk_len > PSK_MAX_PSK_LEN) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- al = SSL_AD_INTERNAL_ERROR;
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ goto err;
} else if (psk_len == 0) {
/* PSK related to the given identity not found */
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
- al = SSL_AD_UNKNOWN_PSK_IDENTITY;
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNKNOWN_PSK_IDENTITY);
+ goto err;
}
}
@@ -1507,19 +1503,19 @@
if (hs->state == SSL3_ST_SR_KEY_EXCH_A) {
if (!ssl_has_private_key(ssl) ||
EVP_PKEY_id(hs->local_pubkey) != EVP_PKEY_RSA) {
- al = SSL_AD_HANDSHAKE_FAILURE;
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_RSA_CERTIFICATE);
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ goto err;
}
CBS encrypted_premaster_secret;
if (ssl->version > SSL3_VERSION) {
if (!CBS_get_u16_length_prefixed(&client_key_exchange,
&encrypted_premaster_secret) ||
CBS_len(&client_key_exchange) != 0) {
- al = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL,
SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ goto err;
}
} else {
encrypted_premaster_secret = client_key_exchange;
@@ -1550,9 +1546,9 @@
}
if (decrypt_len != rsa_size) {
- al = SSL_AD_DECRYPT_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
+ goto err;
}
/* Prepare a random premaster, to be used on invalid padding. See RFC 5246,
@@ -1570,9 +1566,9 @@
/* The smallest padded premaster is 11 bytes of overhead. Small keys are
* publicly invalid. */
if (decrypt_len < 11 + premaster_secret_len) {
- al = SSL_AD_DECRYPT_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
+ goto err;
}
/* Check the padding. See RFC 3447, section 7.2.2. */
@@ -1605,9 +1601,9 @@
CBS peer_key;
if (!CBS_get_u8_length_prefixed(&client_key_exchange, &peer_key) ||
CBS_len(&client_key_exchange) != 0) {
- al = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ goto err;
}
/* Compute the premaster. */
@@ -1615,8 +1611,8 @@
if (!SSL_ECDH_CTX_finish(&hs->ecdh_ctx, &premaster_secret,
&premaster_secret_len, &alert, CBS_data(&peer_key),
CBS_len(&peer_key))) {
- al = alert;
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ goto err;
}
/* The key exchange state may now be discarded. */
@@ -1632,9 +1628,9 @@
}
OPENSSL_memset(premaster_secret, 0, premaster_secret_len);
} else {
- al = SSL_AD_HANDSHAKE_FAILURE;
OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_TYPE);
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ goto err;
}
/* For a PSK cipher suite, the actual pre-master secret is combined with the
@@ -1674,8 +1670,6 @@
OPENSSL_free(premaster_secret);
return 1;
-f_err:
- ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
err:
if (premaster_secret != NULL) {
OPENSSL_cleanse(premaster_secret, premaster_secret_len);
@@ -1688,7 +1682,6 @@
static int ssl3_get_cert_verify(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- int al;
CBS certificate_verify, signature;
/* Only RSA and ECDSA client certificates are supported, so a
@@ -1714,29 +1707,29 @@
uint16_t signature_algorithm = 0;
if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
if (!CBS_get_u16(&certificate_verify, &signature_algorithm)) {
- al = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ return -1;
}
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
- al = alert;
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
+ return -1;
}
hs->new_session->peer_signature_algorithm = signature_algorithm;
} else if (!tls1_get_legacy_signature_algorithm(&signature_algorithm,
hs->peer_pubkey)) {
- al = SSL_AD_UNSUPPORTED_CERTIFICATE;
OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_CERTIFICATE);
+ return -1;
}
/* Parse and verify the signature. */
if (!CBS_get_u16_length_prefixed(&certificate_verify, &signature) ||
CBS_len(&certificate_verify) != 0) {
- al = SSL_AD_DECODE_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ return -1;
}
int sig_ok;
@@ -1748,7 +1741,7 @@
if (!SSL_TRANSCRIPT_ssl3_cert_verify_hash(&hs->transcript, digest,
&digest_len, hs->new_session,
signature_algorithm)) {
- goto err;
+ return -1;
}
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(hs->peer_pubkey, NULL);
@@ -1769,24 +1762,19 @@
ERR_clear_error();
#endif
if (!sig_ok) {
- al = SSL_AD_DECRYPT_ERROR;
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
- goto f_err;
+ ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
+ return -1;
}
/* The handshake buffer is no longer necessary, and we may hash the current
* message.*/
SSL_TRANSCRIPT_free_buffer(&hs->transcript);
if (!ssl_hash_current_message(hs)) {
- goto err;
+ return -1;
}
return 1;
-
-f_err:
- ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
-err:
- return 0;
}
/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It