Clean away extraneous library specific FETCH_FAILED reason codes

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13467)
2024-11-23 18:13:39 +08:00 · 2020-11-20 23:07:56 +01:00 · 2020-11-20 23:07:56 +01:00 · 5a2d0ef36f
commit 5a2d0ef36f
parent d6d42cda5f
11 changed files with 31 additions and 22 deletions
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@ -3105,7 +3105,6 @@ SM2_R_INVALID_FIELD:105:invalid field
 SM2_R_INVALID_PRIVATE_KEY:113:invalid private key
 SM2_R_NO_PARAMETERS_SET:109:no parameters set
 SM2_R_USER_ID_TOO_LARGE:106:user id too large
-SSL_R_ALGORITHM_FETCH_FAILED:295:algorithm fetch failed
 SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY:291:\
 	application data after close notify
 SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@ -458,7 +458,6 @@
 /*
 * SSL reason codes.
 */
-# define SSL_R_ALGORITHM_FETCH_FAILED                     295
 # define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY        291
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
@ -513,7 +512,6 @@
 # define SSL_R_CERT_LENGTH_MISMATCH                       135
 # define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED             218
 # define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
-# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
 # define SSL_R_CLIENTHELLO_TLSEXT                         226
 # define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
 # define SSL_R_COMPRESSION_DISABLED                       343
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@ -251,7 +251,8 @@ int ssl3_setup_key_block(SSL *s)

    if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, &comp,
                            0)) {
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        /* Error is already recorded */
+        SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
        return 0;
    }

--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@ -15,8 +15,6 @@
 #ifndef OPENSSL_NO_ERR

 static const ERR_STRING_DATA SSL_str_reasons[] = {
-    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ALGORITHM_FETCH_FAILED),
-    "algorithm fetch failed"},
    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY),
    "application data after close notify"},
    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE),
@ -90,8 +88,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
    "ciphersuite digest has changed"},
    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH),
    "cipher code wrong length"},
-    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_OR_HASH_UNAVAILABLE),
-    "cipher or hash unavailable"},
    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"},
    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSED_LENGTH_TOO_LONG),
    "compressed length too long"},
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@ -111,6 +111,18 @@ void ossl_statem_set_renegotiate(SSL *s)
    s->statem.request_state = TLS_ST_SW_HELLO_REQ;
 }

+void ossl_statem_send_fatal(SSL *s, int al)
+{
+    /* We shouldn't call SSLfatal() twice. Once is enough */
+    if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
+      return;
+    s->statem.in_init = 1;
+    s->statem.state = MSG_FLOW_ERROR;
+    if (al != SSL_AD_NO_ALERT
+            && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+}
+
 /*
 * Error reporting building block that's used instead of ERR_set_error().
 * In addition to what ERR_set_error() does, this puts the state machine
@ -125,14 +137,7 @@ void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...)
    ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
    va_end(args);

-    /* We shouldn't call SSLfatal() twice. Once is enough */
-    if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
-      return;
-    s->statem.in_init = 1;
-    s->statem.state = MSG_FLOW_ERROR;
-    if (al != SSL_AD_NO_ALERT
-            && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    ossl_statem_send_fatal(s, al);
 }

 /*
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@ -132,8 +132,10 @@ __owur int ossl_statem_accept(SSL *s);
 __owur int ossl_statem_connect(SSL *s);
 void ossl_statem_clear(SSL *s);
 void ossl_statem_set_renegotiate(SSL *s);
+void ossl_statem_send_fatal(SSL *s, int al);
 void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...);
 # define SSL_AD_NO_ALERT    -1
+# define SSLfatal_alert(s, al) ossl_statem_send_fatal((s), (al))
 # define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL)
 # define SSLfatal_data                                          \
    (ERR_new(),                                                 \
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@ -2557,7 +2557,8 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
     */
    sha256 = EVP_MD_fetch(s->ctx->libctx, "SHA2-256", s->ctx->propq);
    if (sha256 == NULL) {
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_ALGORITHM_FETCH_FAILED);
+        /* Error is already recorded */
+        SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
        goto err;
    }
    /*
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@ -3776,7 +3776,8 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
                                              s->ctx->propq);

        if (cipher == NULL) {
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_ALGORITHM_FETCH_FAILED);
+            /* Error is already recorded */
+            SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
            goto err;
        }

--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@ -539,7 +539,8 @@ int tls1_setup_key_block(SSL *s)

    if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, &mac_type,
                            &mac_secret_size, &comp, s->ext.use_etm)) {
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        /* Error is already recorded */
+        SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
        return 0;
    }

--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@ -383,7 +383,8 @@ int tls13_setup_key_block(SSL *s)
    s->session->cipher = s->s3.tmp.new_cipher;
    if (!ssl_cipher_get_evp(s->ctx, s->session, &c, &hash, NULL, NULL, NULL,
                            0)) {
-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        /* Error is already recorded */
+        SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
        return 0;
    }

@ -595,8 +596,8 @@ int tls13_change_cipher_state(SSL *s, int which)
             * it again
             */
            if (!ssl_cipher_get_evp_cipher(s->ctx, sslcipher, &cipher)) {
-                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
-                         SSL_R_ALGORITHM_FETCH_FAILED);
+                /* Error is already recorded */
+                SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR);
                EVP_MD_CTX_free(mdctx);
                goto err;
            }
--- a/test/tls13secretstest.c
+++ b/test/tls13secretstest.c
@ -198,6 +198,10 @@ const EVP_MD *ssl_md(SSL_CTX *ctx, int idx)
    return EVP_sha256();
 }

+void ossl_statem_send_fatal(SSL *s, int al)
+{
+}
+
 void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...)
 {
 }