summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_both.c
diff options
context:
space:
mode:
authorbeck <>2017-02-07 02:08:38 +0000
committerbeck <>2017-02-07 02:08:38 +0000
commit91c389f89015a024212e73f5ec6e24166955ab6e (patch)
treea4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/ssl_both.c
parent8a1ec4c748b269fba0669ee71234ec9a0f128613 (diff)
downloadopenbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.gz
openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.bz2
openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.zip
Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
Diffstat (limited to 'src/lib/libssl/ssl_both.c')
-rw-r--r--src/lib/libssl/ssl_both.c26
1 files changed, 13 insertions, 13 deletions
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 2d79c24c86..14fd121d53 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_both.c,v 1.5 2017/01/29 15:20:18 jsing Exp $ */ 1/* $OpenBSD: ssl_both.c,v 1.6 2017/02/07 02:08:38 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -244,7 +244,7 @@ ssl3_get_finished(SSL *s, int a, int b)
244 /* If this occurs, we have missed a message */ 244 /* If this occurs, we have missed a message */
245 if (!S3I(s)->change_cipher_spec) { 245 if (!S3I(s)->change_cipher_spec) {
246 al = SSL_AD_UNEXPECTED_MESSAGE; 246 al = SSL_AD_UNEXPECTED_MESSAGE;
247 SSLerror(SSL_R_GOT_A_FIN_BEFORE_A_CCS); 247 SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
248 goto f_err; 248 goto f_err;
249 } 249 }
250 S3I(s)->change_cipher_spec = 0; 250 S3I(s)->change_cipher_spec = 0;
@@ -253,7 +253,7 @@ ssl3_get_finished(SSL *s, int a, int b)
253 253
254 if (n < 0) { 254 if (n < 0) {
255 al = SSL_AD_DECODE_ERROR; 255 al = SSL_AD_DECODE_ERROR;
256 SSLerror(SSL_R_BAD_DIGEST_LENGTH); 256 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
257 goto f_err; 257 goto f_err;
258 } 258 }
259 259
@@ -262,13 +262,13 @@ ssl3_get_finished(SSL *s, int a, int b)
262 if (S3I(s)->tmp.peer_finish_md_len != md_len || 262 if (S3I(s)->tmp.peer_finish_md_len != md_len ||
263 CBS_len(&cbs) != md_len) { 263 CBS_len(&cbs) != md_len) {
264 al = SSL_AD_DECODE_ERROR; 264 al = SSL_AD_DECODE_ERROR;
265 SSLerror(SSL_R_BAD_DIGEST_LENGTH); 265 SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
266 goto f_err; 266 goto f_err;
267 } 267 }
268 268
269 if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) { 269 if (!CBS_mem_equal(&cbs, S3I(s)->tmp.peer_finish_md, CBS_len(&cbs))) {
270 al = SSL_AD_DECRYPT_ERROR; 270 al = SSL_AD_DECRYPT_ERROR;
271 SSLerror(SSL_R_DIGEST_CHECK_FAILED); 271 SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
272 goto f_err; 272 goto f_err;
273 } 273 }
274 274
@@ -365,7 +365,7 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, X509 *x)
365 365
366 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, 366 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
367 x, NULL)) { 367 x, NULL)) {
368 SSLerror(ERR_R_X509_LIB); 368 SSLerror(s, ERR_R_X509_LIB);
369 goto err; 369 goto err;
370 } 370 }
371 X509_verify_cert(&xs_ctx); 371 X509_verify_cert(&xs_ctx);
@@ -419,7 +419,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
419 S3I(s)->tmp.reuse_message = 0; 419 S3I(s)->tmp.reuse_message = 0;
420 if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { 420 if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
421 al = SSL_AD_UNEXPECTED_MESSAGE; 421 al = SSL_AD_UNEXPECTED_MESSAGE;
422 SSLerror(SSL_R_UNEXPECTED_MESSAGE); 422 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
423 goto f_err; 423 goto f_err;
424 } 424 }
425 *ok = 1; 425 *ok = 1;
@@ -471,25 +471,25 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
471 471
472 if ((mt >= 0) && (*p != mt)) { 472 if ((mt >= 0) && (*p != mt)) {
473 al = SSL_AD_UNEXPECTED_MESSAGE; 473 al = SSL_AD_UNEXPECTED_MESSAGE;
474 SSLerror(SSL_R_UNEXPECTED_MESSAGE); 474 SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
475 goto f_err; 475 goto f_err;
476 } 476 }
477 477
478 CBS_init(&cbs, p, 4); 478 CBS_init(&cbs, p, 4);
479 if (!CBS_get_u8(&cbs, &u8) || 479 if (!CBS_get_u8(&cbs, &u8) ||
480 !CBS_get_u24(&cbs, &l)) { 480 !CBS_get_u24(&cbs, &l)) {
481 SSLerror(ERR_R_BUF_LIB); 481 SSLerror(s, ERR_R_BUF_LIB);
482 goto err; 482 goto err;
483 } 483 }
484 S3I(s)->tmp.message_type = u8; 484 S3I(s)->tmp.message_type = u8;
485 485
486 if (l > (unsigned long)max) { 486 if (l > (unsigned long)max) {
487 al = SSL_AD_ILLEGAL_PARAMETER; 487 al = SSL_AD_ILLEGAL_PARAMETER;
488 SSLerror(SSL_R_EXCESSIVE_MESSAGE_SIZE); 488 SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE);
489 goto f_err; 489 goto f_err;
490 } 490 }
491 if (l && !BUF_MEM_grow_clean(s->internal->init_buf, l + 4)) { 491 if (l && !BUF_MEM_grow_clean(s->internal->init_buf, l + 4)) {
492 SSLerror(ERR_R_BUF_LIB); 492 SSLerror(s, ERR_R_BUF_LIB);
493 goto err; 493 goto err;
494 } 494 }
495 S3I(s)->tmp.message_size = l; 495 S3I(s)->tmp.message_size = l;
@@ -679,7 +679,7 @@ ssl3_setup_read_buffer(SSL *s)
679 return 1; 679 return 1;
680 680
681err: 681err:
682 SSLerror(ERR_R_MALLOC_FAILURE); 682 SSLerror(s, ERR_R_MALLOC_FAILURE);
683 return 0; 683 return 0;
684} 684}
685 685
@@ -712,7 +712,7 @@ ssl3_setup_write_buffer(SSL *s)
712 return 1; 712 return 1;
713 713
714err: 714err:
715 SSLerror(ERR_R_MALLOC_FAILURE); 715 SSLerror(s, ERR_R_MALLOC_FAILURE);
716 return 0; 716 return 0;
717} 717}
718 718
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-08 16:54:13 +0000