Change SSLerror() back to taking two args, with the first one being an SSL *.

Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
author: beck <> 2017-02-07 02:08:38 +0000
committer: beck <> 2017-02-07 02:08:38 +0000
commit: 91c389f89015a024212e73f5ec6e24166955ab6e (patch)
tree: a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/d1_srtp.c
parent: 8a1ec4c748b269fba0669ee71234ec9a0f128613 (diff)
download: openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.gz
openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.bz2
openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.zip
1 files changed, 16 insertions, 16 deletions
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
index 82dc8bfdef..26c14543fc 100644
--- a/src/lib/libssl/d1_srtp.c
+++ b/src/lib/libssl/d1_srtp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srtp.c,v 1.20 2017/01/26 12:16:13 beck Exp $ */
+/* $OpenBSD: d1_srtp.c,v 1.21 2017/02/07 02:08:38 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -187,7 +187,7 @@ ssl_ctx_make_profiles(const char *profiles_string,
        SRTP_PROTECTION_PROFILE *p;
        if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
-                SSLerror(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
+                SSLerrorx(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
                return 1;
        }
@@ -198,7 +198,7 @@ ssl_ctx_make_profiles(const char *profiles_string,
                    col ? col - ptr : (int)strlen(ptr))) {
                        sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
                } else {
-                        SSLerror(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
+                        SSLerrorx(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
                        sk_SRTP_PROTECTION_PROFILE_free(profiles);
                        return 1;
                }
@@ -262,12 +262,12 @@ ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
        if (p) {
                if (ct == 0) {
-                        SSLerror(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
+                        SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
                        return 1;
                }
                if ((2 + ct * 2 + 1) > maxlen) {
-                        SSLerror(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
+                        SSLerror(s, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
                        return 1;
                }
@@ -300,7 +300,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
        CBS cbs, ciphers, mki;
        if (len < 0) {
-                SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+                SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
                *al = SSL_AD_DECODE_ERROR;
                goto done;
        }
@@ -309,7 +309,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
        /* Pull off the cipher suite list */
        if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
            CBS_len(&ciphers) % 2) {
-                SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+                SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
                *al = SSL_AD_DECODE_ERROR;
                goto done;
        }
@@ -318,7 +318,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
        while (CBS_len(&ciphers) > 0) {
                if (!CBS_get_u16(&ciphers, &id)) {
-                        SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+                        SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
                        *al = SSL_AD_DECODE_ERROR;
                        goto done;
                }
@@ -332,7 +332,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
        /* Extract the MKI value as a sanity check, but discard it for now. */
        if (!CBS_get_u8_length_prefixed(&cbs, &mki) ||
            CBS_len(&cbs) != 0) {
-                SSLerror(SSL_R_BAD_SRTP_MKI_VALUE);
+                SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE);
                *al = SSL_AD_DECODE_ERROR;
                goto done;
        }
@@ -373,12 +373,12 @@ ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
 {
        if (p) {
                if (maxlen < 5) {
-                        SSLerror(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
+                        SSLerror(s, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
                        return 1;
                }
                if (s->internal->srtp_profile == 0) {
-                        SSLerror(SSL_R_USE_SRTP_NOT_NEGOTIATED);
+                        SSLerror(s, SSL_R_USE_SRTP_NOT_NEGOTIATED);
                        return 1;
                }
                s2n(2, p);
@@ -401,7 +401,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
        CBS cbs, profile_ids, mki;
        if (len < 0) {
-                SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+                SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
                *al = SSL_AD_DECODE_ERROR;
                return 1;
        }
@@ -414,14 +414,14 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
         */
        if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) ||
            !CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) {
-                SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+                SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
                *al = SSL_AD_DECODE_ERROR;
                return 1;
        }
        /* Must be no MKI, since we never offer one. */
        if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&mki) != 0) {
-                SSLerror(SSL_R_BAD_SRTP_MKI_VALUE);
+                SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE);
                *al = SSL_AD_ILLEGAL_PARAMETER;
                return 1;
        }
@@ -430,7 +430,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
        /* Throw an error if the server gave us an unsolicited extension. */
        if (clnt == NULL) {
-                SSLerror(SSL_R_NO_SRTP_PROFILES);
+                SSLerror(s, SSL_R_NO_SRTP_PROFILES);
                *al = SSL_AD_DECODE_ERROR;
                return 1;
        }
@@ -449,7 +449,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
                }
        }
-        SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+        SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
        *al = SSL_AD_DECODE_ERROR;
        return 1;
 }
author	beck <>	2017-02-07 02:08:38 +0000
committer	beck <>	2017-02-07 02:08:38 +0000
commit	91c389f89015a024212e73f5ec6e24166955ab6e (patch)
tree	a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/d1_srtp.c
parent	8a1ec4c748b269fba0669ee71234ec9a0f128613 (diff)
download	openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.gz openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.bz2 openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.zip

diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c index 82dc8bfdef..26c14543fc 100644 --- a/src/lib/libssl/d1_srtp.c +++ b/src/lib/libssl/d1_srtp.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srtp.c,v 1.20 2017/01/26 12:16:13 beck Exp $ */	1	/* $OpenBSD: d1_srtp.c,v 1.21 2017/02/07 02:08:38 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -187,7 +187,7 @@ ssl_ctx_make_profiles(const char *profiles_string,
187	SRTP_PROTECTION_PROFILE *p;	187	SRTP_PROTECTION_PROFILE *p;
188		188
189	if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {	189	if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
190	SSLerror(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);	190	SSLerrorx(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
191	return 1;	191	return 1;
192	}	192	}
193		193
@@ -198,7 +198,7 @@ ssl_ctx_make_profiles(const char *profiles_string,
198	col ? col - ptr : (int)strlen(ptr))) {	198	col ? col - ptr : (int)strlen(ptr))) {
199	sk_SRTP_PROTECTION_PROFILE_push(profiles, p);	199	sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
200	} else {	200	} else {
201	SSLerror(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);	201	SSLerrorx(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
202	sk_SRTP_PROTECTION_PROFILE_free(profiles);	202	sk_SRTP_PROTECTION_PROFILE_free(profiles);
203	return 1;	203	return 1;
204	}	204	}
@@ -262,12 +262,12 @@ ssl_add_clienthello_use_srtp_ext(SSL s, unsigned char p, int *len, int maxlen)
262		262
263	if (p) {	263	if (p) {
264	if (ct == 0) {	264	if (ct == 0) {
265	SSLerror(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);	265	SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
266	return 1;	266	return 1;
267	}	267	}
268		268
269	if ((2 + ct * 2 + 1) > maxlen) {	269	if ((2 + ct * 2 + 1) > maxlen) {
270	SSLerror(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);	270	SSLerror(s, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
271	return 1;	271	return 1;
272	}	272	}
273		273
@@ -300,7 +300,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL s, const unsigned char d, int len,
300	CBS cbs, ciphers, mki;	300	CBS cbs, ciphers, mki;
301		301
302	if (len < 0) {	302	if (len < 0) {
303	SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);	303	SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
304	*al = SSL_AD_DECODE_ERROR;	304	*al = SSL_AD_DECODE_ERROR;
305	goto done;	305	goto done;
306	}	306	}
@@ -309,7 +309,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL s, const unsigned char d, int len,
309	/* Pull off the cipher suite list */	309	/* Pull off the cipher suite list */
310	if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) \|\|	310	if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) \|\|
311	CBS_len(&ciphers) % 2) {	311	CBS_len(&ciphers) % 2) {
312	SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);	312	SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
313	*al = SSL_AD_DECODE_ERROR;	313	*al = SSL_AD_DECODE_ERROR;
314	goto done;	314	goto done;
315	}	315	}
@@ -318,7 +318,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL s, const unsigned char d, int len,
318		318
319	while (CBS_len(&ciphers) > 0) {	319	while (CBS_len(&ciphers) > 0) {
320	if (!CBS_get_u16(&ciphers, &id)) {	320	if (!CBS_get_u16(&ciphers, &id)) {
321	SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);	321	SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
322	*al = SSL_AD_DECODE_ERROR;	322	*al = SSL_AD_DECODE_ERROR;
323	goto done;	323	goto done;
324	}	324	}
@@ -332,7 +332,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL s, const unsigned char d, int len,
332	/* Extract the MKI value as a sanity check, but discard it for now. */	332	/* Extract the MKI value as a sanity check, but discard it for now. */
333	if (!CBS_get_u8_length_prefixed(&cbs, &mki) \|\|	333	if (!CBS_get_u8_length_prefixed(&cbs, &mki) \|\|
334	CBS_len(&cbs) != 0) {	334	CBS_len(&cbs) != 0) {
335	SSLerror(SSL_R_BAD_SRTP_MKI_VALUE);	335	SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE);
336	*al = SSL_AD_DECODE_ERROR;	336	*al = SSL_AD_DECODE_ERROR;
337	goto done;	337	goto done;
338	}	338	}
@@ -373,12 +373,12 @@ ssl_add_serverhello_use_srtp_ext(SSL s, unsigned char p, int *len, int maxlen)
373	{	373	{
374	if (p) {	374	if (p) {
375	if (maxlen < 5) {	375	if (maxlen < 5) {
376	SSLerror(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);	376	SSLerror(s, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
377	return 1;	377	return 1;
378	}	378	}
379		379
380	if (s->internal->srtp_profile == 0) {	380	if (s->internal->srtp_profile == 0) {
381	SSLerror(SSL_R_USE_SRTP_NOT_NEGOTIATED);	381	SSLerror(s, SSL_R_USE_SRTP_NOT_NEGOTIATED);
382	return 1;	382	return 1;
383	}	383	}
384	s2n(2, p);	384	s2n(2, p);
@@ -401,7 +401,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL s, const unsigned char d, int len, int
401	CBS cbs, profile_ids, mki;	401	CBS cbs, profile_ids, mki;
402		402
403	if (len < 0) {	403	if (len < 0) {
404	SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);	404	SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
405	*al = SSL_AD_DECODE_ERROR;	405	*al = SSL_AD_DECODE_ERROR;
406	return 1;	406	return 1;
407	}	407	}
@@ -414,14 +414,14 @@ ssl_parse_serverhello_use_srtp_ext(SSL s, const unsigned char d, int len, int
414	*/	414	*/
415	if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) \|\|	415	if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) \|\|
416	!CBS_get_u16(&profile_ids, &id) \|\| CBS_len(&profile_ids) != 0) {	416	!CBS_get_u16(&profile_ids, &id) \|\| CBS_len(&profile_ids) != 0) {
417	SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);	417	SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
418	*al = SSL_AD_DECODE_ERROR;	418	*al = SSL_AD_DECODE_ERROR;
419	return 1;	419	return 1;
420	}	420	}
421		421
422	/* Must be no MKI, since we never offer one. */	422	/* Must be no MKI, since we never offer one. */
423	if (!CBS_get_u8_length_prefixed(&cbs, &mki) \|\| CBS_len(&mki) != 0) {	423	if (!CBS_get_u8_length_prefixed(&cbs, &mki) \|\| CBS_len(&mki) != 0) {
424	SSLerror(SSL_R_BAD_SRTP_MKI_VALUE);	424	SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE);
425	*al = SSL_AD_ILLEGAL_PARAMETER;	425	*al = SSL_AD_ILLEGAL_PARAMETER;
426	return 1;	426	return 1;
427	}	427	}
@@ -430,7 +430,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL s, const unsigned char d, int len, int
430		430
431	/* Throw an error if the server gave us an unsolicited extension. */	431	/* Throw an error if the server gave us an unsolicited extension. */
432	if (clnt == NULL) {	432	if (clnt == NULL) {
433	SSLerror(SSL_R_NO_SRTP_PROFILES);	433	SSLerror(s, SSL_R_NO_SRTP_PROFILES);
434	*al = SSL_AD_DECODE_ERROR;	434	*al = SSL_AD_DECODE_ERROR;
435	return 1;	435	return 1;
436	}	436	}
@@ -449,7 +449,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL s, const unsigned char d, int len, int
449	}	449	}
450	}	450	}
451		451
452	SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);	452	SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
453	*al = SSL_AD_DECODE_ERROR;	453	*al = SSL_AD_DECODE_ERROR;
454	return 1;	454	return 1;
455	}	455	}