Replace some usage of SSLerr with SSLfatal()
This is an initial step towards using SSLfatal() everywhere. Initially in
this commit and in subsequent commits we focus on the state machine code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4778)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 02e0598..f080f8a 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -298,7 +298,8 @@
BIO *buf = BIO_new(BIO_s_mem());
if (buf == NULL) {
- SSLerr(SSL_F_SSL3_INIT_FINISHED_MAC, ERR_R_MALLOC_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC,
+ ERR_R_MALLOC_FAILURE);
return 0;
}
ssl3_free_digest_list(s);
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index cb1fb7d..cc6dbd6 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -86,8 +86,8 @@
* ClientHello.
*/
if (ssl_get_min_max_version(s, &ver_min, &ver_max) != 0) {
- SSLerr(SSL_F_TLS_SETUP_HANDSHAKE, ERR_R_INTERNAL_ERROR);
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_SETUP_HANDSHAKE,
+ ERR_R_INTERNAL_ERROR);
return 0;
}
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
@@ -104,10 +104,10 @@
break;
}
if (!ok) {
- SSLerr(SSL_F_TLS_SETUP_HANDSHAKE, SSL_R_NO_CIPHERS_AVAILABLE);
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_SETUP_HANDSHAKE,
+ SSL_R_NO_CIPHERS_AVAILABLE);
ERR_add_error_data(1, "No ciphers enabled for max supported "
"SSL/TLS version");
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
return 0;
}
if (SSL_IS_FIRST_HANDSHAKE(s)) {
@@ -125,9 +125,8 @@
* Server attempting to renegotiate with client that doesn't
* support secure renegotiation.
*/
- SSLerr(SSL_F_TLS_SETUP_HANDSHAKE,
- SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_SETUP_HANDSHAKE,
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
return 0;
} else {
/* N.B. s->ctx may not equal s->session_ctx */
