Send the function codes from the error functions to the bit bucket,

as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
author: beck <> 2017-01-29 17:49:23 +0000
committer: beck <> 2017-01-29 17:49:23 +0000
commit: 957b11334a7afb14537322f0e4795b2e368b3f59 (patch)
tree: 1a54abba678898ee5270ae4f3404a50ee9a92eea /src/lib/libcrypto/ocsp
parent: df96e020e729c6c37a8c7fe311fdd1fe6a8718c5 (diff)
download: openbsd-957b11334a7afb14537322f0e4795b2e368b3f59.tar.gz
openbsd-957b11334a7afb14537322f0e4795b2e368b3f59.tar.bz2
openbsd-957b11334a7afb14537322f0e4795b2e368b3f59.zip
6 files changed, 43 insertions, 87 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c
index 6b8fb87880..04ea6866a5 100644
--- a/src/lib/libcrypto/ocsp/ocsp_cl.c
+++ b/src/lib/libcrypto/ocsp/ocsp_cl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_cl.c,v 1.13 2016/12/30 15:31:58 jsing Exp $ */
+/* $OpenBSD: ocsp_cl.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */
@@ -159,8 +159,7 @@ OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key,
                goto err;
        if (key) {
                if (!X509_check_private_key(signer, key)) {
-                        OCSPerr(OCSP_F_OCSP_REQUEST_SIGN,
+                        OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                            OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
                        goto err;
                }
                if (!OCSP_REQUEST_sign(req, key, dgst))
@@ -202,13 +201,11 @@ OCSP_response_get1_basic(OCSP_RESPONSE *resp)
        rb = resp->responseBytes;
        if (!rb) {
-                OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC,
+                OCSPerror(OCSP_R_NO_RESPONSE_DATA);
-                    OCSP_R_NO_RESPONSE_DATA);
                return NULL;
        }
        if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
-                OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC,
+                OCSPerror(OCSP_R_NOT_BASIC_RESPONSE);
-                    OCSP_R_NOT_BASIC_RESPONSE);
                return NULL;
        }
@@ -341,16 +338,14 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
        /* Check thisUpdate is valid and not more than nsec in the future */
        if (ASN1_time_parse(thisupd->data, thisupd->length, &tm_this,
            V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {
-                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
+                OCSPerror(OCSP_R_ERROR_IN_THISUPDATE_FIELD);
-                    OCSP_R_ERROR_IN_THISUPDATE_FIELD);
                return 0;
        } else {
                t_tmp = t_now + nsec;
                if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
                        return 0;
                if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) > 0) {
-                        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
+                        OCSPerror(OCSP_R_STATUS_NOT_YET_VALID);
-                            OCSP_R_STATUS_NOT_YET_VALID);
                        return 0;
                }
@@ -363,8 +358,7 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
                        if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
                                return 0;
                        if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) < 0) {
-                                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
+                                OCSPerror(OCSP_R_STATUS_TOO_OLD);
-                                    OCSP_R_STATUS_TOO_OLD);
                                return 0;
                        }
                }
@@ -376,24 +370,21 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
        /* Check nextUpdate is valid and not more than nsec in the past */
        if (ASN1_time_parse(nextupd->data, nextupd->length, &tm_next,
            V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {
-                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
+                OCSPerror(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
-                    OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
                return 0;
        } else {
                t_tmp = t_now - nsec;
                if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
                        return 0;
                if (ASN1_time_tm_cmp(&tm_next, &tm_tmp) < 0) {
-                        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
+                        OCSPerror(OCSP_R_STATUS_EXPIRED);
-                            OCSP_R_STATUS_EXPIRED);
                        return 0;
                }
        }
        /* Also don't allow nextUpdate to precede thisUpdate */
        if (ASN1_time_tm_cmp(&tm_next, &tm_this) < 0) {
-                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
+                OCSPerror(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
-                    OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
                return 0;
        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_err.c b/src/lib/libcrypto/ocsp/ocsp_err.c
index af781074b6..9e3237f6a4 100644
--- a/src/lib/libcrypto/ocsp/ocsp_err.c
+++ b/src/lib/libcrypto/ocsp/ocsp_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_err.c,v 1.7 2014/07/10 22:45:57 jsing Exp $ */
+/* $OpenBSD: ocsp_err.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
 /* ====================================================================
 * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
@@ -72,25 +72,7 @@
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
 static ERR_STRING_DATA OCSP_str_functs[]= {
-        {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE),   "ASN1_STRING_encode"},
+        {ERR_FUNC(0xfff), "CRYPTO_internal"},
-        {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE),       "D2I_OCSP_NONCE"},
-        {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS),       "OCSP_basic_add1_status"},
-        {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN),      "OCSP_basic_sign"},
-        {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY),    "OCSP_basic_verify"},
-        {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW),     "OCSP_cert_id_new"},
-        {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
-        {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS),       "OCSP_CHECK_IDS"},
-        {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER),    "OCSP_CHECK_ISSUER"},
-        {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY),  "OCSP_check_validity"},
-        {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID),  "OCSP_MATCH_ISSUERID"},
-        {ERR_FUNC(OCSP_F_OCSP_PARSE_URL),       "OCSP_parse_url"},
-        {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN),    "OCSP_request_sign"},
-        {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY),  "OCSP_request_verify"},
-        {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC),     "OCSP_response_get1_basic"},
-        {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO),     "OCSP_sendreq_bio"},
-        {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO),    "OCSP_sendreq_nbio"},
-        {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1),     "PARSE_HTTP_LINE1"},
-        {ERR_FUNC(OCSP_F_REQUEST_VERIFY),       "REQUEST_VERIFY"},
        {0, NULL}
 };
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c
index 61af3717b7..b9c969928a 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ht.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ht.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_ht.c,v 1.23 2016/11/05 15:21:20 miod Exp $ */
+/* $OpenBSD: ocsp_ht.c,v 1.24 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -207,8 +207,7 @@ parse_http_line1(char *line)
        for (p = line; *p && !isspace((unsigned char)*p); p++)
                continue;
        if (!*p) {
-                OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
+                OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-                    OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
                return 0;
        }
@@ -216,8 +215,7 @@ parse_http_line1(char *line)
        while (*p && isspace((unsigned char)*p))
                p++;
        if (!*p) {
-                OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
+                OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-                    OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
                return 0;
        }
@@ -225,8 +223,7 @@ parse_http_line1(char *line)
        for (q = p; *q && !isspace((unsigned char)*q); q++)
                continue;
        if (!*q) {
-                OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
+                OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-                    OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
                return 0;
        }
@@ -251,7 +248,7 @@ parse_http_line1(char *line)
                        *r = 0;
        }
        if (retcode != 200) {
-                OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);
+                OCSPerror(OCSP_R_SERVER_RESPONSE_ERROR);
                if (!*q)
                        ERR_asprintf_error_data("Code=%s", p);
                else
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index 4a109b5513..d56a002096 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_lib.c,v 1.19 2016/12/21 18:13:59 beck Exp $ */
+/* $OpenBSD: ocsp_lib.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */
@@ -115,7 +115,7 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,
        if (alg->algorithm != NULL)
                ASN1_OBJECT_free(alg->algorithm);
        if ((nid = EVP_MD_type(dgst)) == NID_undef) {
-                OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
+                OCSPerror(OCSP_R_UNKNOWN_NID);
                goto err;
        }
        if (!(alg->algorithm = OBJ_nid2obj(nid)))
@@ -144,7 +144,7 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,
        return cid;
 digerr:
-        OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
+        OCSPerror(OCSP_R_DIGEST_ERR);
 err:
        if (cid)
                OCSP_CERTID_free(cid);
@@ -193,11 +193,11 @@ OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
        } else if (strncmp(url, "http://", 7) == 0)
                host = strdup(url + 7);
        else {
-                OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
+                OCSPerror(OCSP_R_ERROR_PARSING_URL);
                return 0;
        }
        if (host == NULL) {
-                OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
+                OCSPerror(ERR_R_MALLOC_FAILURE);
                return 0;
        }
@@ -221,7 +221,7 @@ OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
                free(host);
                free(path);
                free(port);
-                OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
+                OCSPerror(ERR_R_MALLOC_FAILURE);
                return 0;
        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_srv.c b/src/lib/libcrypto/ocsp/ocsp_srv.c
index ee4a5dd6db..a9e0aaab2f 100644
--- a/src/lib/libcrypto/ocsp/ocsp_srv.c
+++ b/src/lib/libcrypto/ocsp/ocsp_srv.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_srv.c,v 1.9 2016/12/30 15:31:58 jsing Exp $ */
+/* $OpenBSD: ocsp_srv.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
@@ -168,8 +168,7 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status,
        switch (cs->type = status) {
        case V_OCSP_CERTSTATUS_REVOKED:
                if (!revtime) {
-                        OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,
+                        OCSPerror(OCSP_R_NO_REVOKED_TIME);
-                            OCSP_R_NO_REVOKED_TIME);
                        goto err;
                }
                if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
@@ -226,8 +225,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
        OCSP_RESPID *rid;
        if (!X509_check_private_key(signer, key)) {
-                OCSPerr(OCSP_F_OCSP_BASIC_SIGN,
+                OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                    OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
                goto err;
        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index 80dd54e958..ebdd826878 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_vfy.c,v 1.14 2016/11/05 13:27:53 miod Exp $ */
+/* $OpenBSD: ocsp_vfy.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -86,8 +86,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
        ret = ocsp_find_signer(&signer, bs, certs, st, flags);
        if (!ret) {
-                OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+                OCSPerror(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
-                    OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
                goto end;
        }
        if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
@@ -101,8 +100,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
                        EVP_PKEY_free(skey);
                }
                if (!skey || ret <= 0) {
-                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+                        OCSPerror(OCSP_R_SIGNATURE_FAILURE);
-                            OCSP_R_SIGNATURE_FAILURE);
                        goto end;
                }
        }
@@ -116,8 +114,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
                        for (i = 0; i < sk_X509_num(certs); i++) {
                                if (!sk_X509_push(untrusted,
                                        sk_X509_value(certs, i))) {
-                                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+                                        OCSPerror(ERR_R_MALLOC_FAILURE);
-                                            ERR_R_MALLOC_FAILURE);
                                        goto end;
                                }
                        }
@@ -126,7 +123,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
                init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
                if (!init_res) {
                        ret = -1;
-                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
+                        OCSPerror(ERR_R_X509_LIB);
                        goto end;
                }
@@ -141,8 +138,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
                X509_STORE_CTX_cleanup(&ctx);
                if (ret <= 0) {
                        i = X509_STORE_CTX_get_error(&ctx);
-                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+                        OCSPerror(OCSP_R_CERTIFICATE_VERIFY_ERROR);
-                            OCSP_R_CERTIFICATE_VERIFY_ERROR);
                        ERR_asprintf_error_data("Verify error:%s",
                            X509_verify_cert_error_string(i));
                        goto end;
@@ -169,8 +165,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
                x = sk_X509_value(chain, sk_X509_num(chain) - 1);
                if (X509_check_trust(x, NID_OCSP_sign, 0) !=
                        X509_TRUST_TRUSTED) {
-                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+                        OCSPerror(OCSP_R_ROOT_CA_NOT_TRUSTED);
-                            OCSP_R_ROOT_CA_NOT_TRUSTED);
                        goto end;
                }
                ret = 1;
@@ -245,8 +240,7 @@ ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
        sresp = bs->tbsResponseData->responses;
        if (sk_X509_num(chain) <= 0) {
-                OCSPerr(OCSP_F_OCSP_CHECK_ISSUER,
+                OCSPerror(OCSP_R_NO_CERTIFICATES_IN_CHAIN);
-                    OCSP_R_NO_CERTIFICATES_IN_CHAIN);
                return -1;
        }
@@ -288,8 +282,7 @@ ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
        idcount = sk_OCSP_SINGLERESP_num(sresp);
        if (idcount <= 0) {
-                OCSPerr(OCSP_F_OCSP_CHECK_IDS,
+                OCSPerror(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
-                    OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
                return -1;
        }
@@ -323,8 +316,7 @@ ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                if (!(dgst =
                    EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) {
-                        OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
+                        OCSPerror(OCSP_R_UNKNOWN_MESSAGE_DIGEST);
-                            OCSP_R_UNKNOWN_MESSAGE_DIGEST);
                        return -1;
                }
@@ -365,7 +357,7 @@ ocsp_check_delegated(X509 *x, int flags)
        X509_check_purpose(x, -1, 0);
        if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN))
                return 1;
-        OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
+        OCSPerror(OCSP_R_MISSING_OCSPSIGNING_USAGE);
        return 0;
 }
@@ -384,20 +376,18 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
        X509_STORE_CTX ctx;
        if (!req->optionalSignature) {
-                OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
+                OCSPerror(OCSP_R_REQUEST_NOT_SIGNED);
                return 0;
        }
        gen = req->tbsRequest->requestorName;
        if (!gen || gen->type != GEN_DIRNAME) {
-                OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                OCSPerror(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
-                    OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
                return 0;
        }
        nm = gen->d.directoryName;
        ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
        if (ret <= 0) {
-                OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                OCSPerror(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
-                    OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
                return 0;
        }
        if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
@@ -409,8 +399,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
                ret = OCSP_REQUEST_verify(req, skey);
                EVP_PKEY_free(skey);
                if (ret <= 0) {
-                        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                        OCSPerror(OCSP_R_SIGNATURE_FAILURE);
-                            OCSP_R_SIGNATURE_FAILURE);
                        return 0;
                }
        }
@@ -424,7 +413,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
                        init_res = X509_STORE_CTX_init(&ctx, store, signer,
                            req->optionalSignature->certs);
                if (!init_res) {
-                        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
+                        OCSPerror(ERR_R_X509_LIB);
                        return 0;
                }
@@ -439,8 +428,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
                X509_STORE_CTX_cleanup(&ctx);
                if (ret <= 0) {
                        ret = X509_STORE_CTX_get_error(&ctx);
-                        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                        OCSPerror(OCSP_R_CERTIFICATE_VERIFY_ERROR);
-                            OCSP_R_CERTIFICATE_VERIFY_ERROR);
                        ERR_asprintf_error_data("Verify error:%s",
                            X509_verify_cert_error_string(ret));
                        return 0;
author	beck <>	2017-01-29 17:49:23 +0000
committer	beck <>	2017-01-29 17:49:23 +0000
commit	957b11334a7afb14537322f0e4795b2e368b3f59 (patch)
tree	1a54abba678898ee5270ae4f3404a50ee9a92eea /src/lib/libcrypto/ocsp
parent	df96e020e729c6c37a8c7fe311fdd1fe6a8718c5 (diff)
download	openbsd-957b11334a7afb14537322f0e4795b2e368b3f59.tar.gz openbsd-957b11334a7afb14537322f0e4795b2e368b3f59.tar.bz2 openbsd-957b11334a7afb14537322f0e4795b2e368b3f59.zip