diff options
| author | beck <> | 2017-02-07 02:08:38 +0000 |
|---|---|---|
| committer | beck <> | 2017-02-07 02:08:38 +0000 |
| commit | 91c389f89015a024212e73f5ec6e24166955ab6e (patch) | |
| tree | a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/ssl_cert.c | |
| parent | 8a1ec4c748b269fba0669ee71234ec9a0f128613 (diff) | |
| download | openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.gz openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.bz2 openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.zip | |
Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_cert.c | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 73683d4099..83a9f2e92d 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_cert.c,v 1.63 2017/01/29 17:49:23 beck Exp $ */ | 1 | /* $OpenBSD: ssl_cert.c,v 1.64 2017/02/07 02:08:38 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -178,7 +178,7 @@ ssl_cert_new(void) | |||
| 178 | 178 | ||
| 179 | ret = calloc(1, sizeof(CERT)); | 179 | ret = calloc(1, sizeof(CERT)); |
| 180 | if (ret == NULL) { | 180 | if (ret == NULL) { |
| 181 | SSLerror(ERR_R_MALLOC_FAILURE); | 181 | SSLerrorx(ERR_R_MALLOC_FAILURE); |
| 182 | return (NULL); | 182 | return (NULL); |
| 183 | } | 183 | } |
| 184 | ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); | 184 | ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); |
| @@ -195,7 +195,7 @@ ssl_cert_dup(CERT *cert) | |||
| 195 | 195 | ||
| 196 | ret = calloc(1, sizeof(CERT)); | 196 | ret = calloc(1, sizeof(CERT)); |
| 197 | if (ret == NULL) { | 197 | if (ret == NULL) { |
| 198 | SSLerror(ERR_R_MALLOC_FAILURE); | 198 | SSLerrorx(ERR_R_MALLOC_FAILURE); |
| 199 | return (NULL); | 199 | return (NULL); |
| 200 | } | 200 | } |
| 201 | 201 | ||
| @@ -212,13 +212,13 @@ ssl_cert_dup(CERT *cert) | |||
| 212 | if (cert->dh_tmp != NULL) { | 212 | if (cert->dh_tmp != NULL) { |
| 213 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); | 213 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); |
| 214 | if (ret->dh_tmp == NULL) { | 214 | if (ret->dh_tmp == NULL) { |
| 215 | SSLerror(ERR_R_DH_LIB); | 215 | SSLerrorx(ERR_R_DH_LIB); |
| 216 | goto err; | 216 | goto err; |
| 217 | } | 217 | } |
| 218 | if (cert->dh_tmp->priv_key) { | 218 | if (cert->dh_tmp->priv_key) { |
| 219 | BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); | 219 | BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); |
| 220 | if (!b) { | 220 | if (!b) { |
| 221 | SSLerror(ERR_R_BN_LIB); | 221 | SSLerrorx(ERR_R_BN_LIB); |
| 222 | goto err; | 222 | goto err; |
| 223 | } | 223 | } |
| 224 | ret->dh_tmp->priv_key = b; | 224 | ret->dh_tmp->priv_key = b; |
| @@ -226,7 +226,7 @@ ssl_cert_dup(CERT *cert) | |||
| 226 | if (cert->dh_tmp->pub_key) { | 226 | if (cert->dh_tmp->pub_key) { |
| 227 | BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); | 227 | BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); |
| 228 | if (!b) { | 228 | if (!b) { |
| 229 | SSLerror(ERR_R_BN_LIB); | 229 | SSLerrorx(ERR_R_BN_LIB); |
| 230 | goto err; | 230 | goto err; |
| 231 | } | 231 | } |
| 232 | ret->dh_tmp->pub_key = b; | 232 | ret->dh_tmp->pub_key = b; |
| @@ -238,7 +238,7 @@ ssl_cert_dup(CERT *cert) | |||
| 238 | if (cert->ecdh_tmp) { | 238 | if (cert->ecdh_tmp) { |
| 239 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); | 239 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); |
| 240 | if (ret->ecdh_tmp == NULL) { | 240 | if (ret->ecdh_tmp == NULL) { |
| 241 | SSLerror(ERR_R_EC_LIB); | 241 | SSLerrorx(ERR_R_EC_LIB); |
| 242 | goto err; | 242 | goto err; |
| 243 | } | 243 | } |
| 244 | } | 244 | } |
| @@ -284,7 +284,7 @@ ssl_cert_dup(CERT *cert) | |||
| 284 | 284 | ||
| 285 | default: | 285 | default: |
| 286 | /* Can't happen. */ | 286 | /* Can't happen. */ |
| 287 | SSLerror(SSL_R_LIBRARY_BUG); | 287 | SSLerrorx(SSL_R_LIBRARY_BUG); |
| 288 | } | 288 | } |
| 289 | } | 289 | } |
| 290 | } | 290 | } |
| @@ -354,12 +354,12 @@ ssl_cert_inst(CERT **o) | |||
| 354 | */ | 354 | */ |
| 355 | 355 | ||
| 356 | if (o == NULL) { | 356 | if (o == NULL) { |
| 357 | SSLerror(ERR_R_PASSED_NULL_PARAMETER); | 357 | SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); |
| 358 | return (0); | 358 | return (0); |
| 359 | } | 359 | } |
| 360 | if (*o == NULL) { | 360 | if (*o == NULL) { |
| 361 | if ((*o = ssl_cert_new()) == NULL) { | 361 | if ((*o = ssl_cert_new()) == NULL) { |
| 362 | SSLerror(ERR_R_MALLOC_FAILURE); | 362 | SSLerrorx(ERR_R_MALLOC_FAILURE); |
| 363 | return (0); | 363 | return (0); |
| 364 | } | 364 | } |
| 365 | } | 365 | } |
| @@ -374,7 +374,7 @@ ssl_sess_cert_new(void) | |||
| 374 | 374 | ||
| 375 | ret = calloc(1, sizeof *ret); | 375 | ret = calloc(1, sizeof *ret); |
| 376 | if (ret == NULL) { | 376 | if (ret == NULL) { |
| 377 | SSLerror(ERR_R_MALLOC_FAILURE); | 377 | SSLerrorx(ERR_R_MALLOC_FAILURE); |
| 378 | return NULL; | 378 | return NULL; |
| 379 | } | 379 | } |
| 380 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); | 380 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); |
| @@ -418,7 +418,7 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) | |||
| 418 | 418 | ||
| 419 | x = sk_X509_value(sk, 0); | 419 | x = sk_X509_value(sk, 0); |
| 420 | if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) { | 420 | if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) { |
| 421 | SSLerror(ERR_R_X509_LIB); | 421 | SSLerror(s, ERR_R_X509_LIB); |
| 422 | return (0); | 422 | return (0); |
| 423 | } | 423 | } |
| 424 | X509_STORE_CTX_set_ex_data(&ctx, | 424 | X509_STORE_CTX_set_ex_data(&ctx, |
| @@ -574,7 +574,7 @@ SSL_load_client_CA_file(const char *file) | |||
| 574 | in = BIO_new(BIO_s_file_internal()); | 574 | in = BIO_new(BIO_s_file_internal()); |
| 575 | 575 | ||
| 576 | if ((sk == NULL) || (in == NULL)) { | 576 | if ((sk == NULL) || (in == NULL)) { |
| 577 | SSLerror(ERR_R_MALLOC_FAILURE); | 577 | SSLerrorx(ERR_R_MALLOC_FAILURE); |
| 578 | goto err; | 578 | goto err; |
| 579 | } | 579 | } |
| 580 | 580 | ||
| @@ -587,7 +587,7 @@ SSL_load_client_CA_file(const char *file) | |||
| 587 | if (ret == NULL) { | 587 | if (ret == NULL) { |
| 588 | ret = sk_X509_NAME_new_null(); | 588 | ret = sk_X509_NAME_new_null(); |
| 589 | if (ret == NULL) { | 589 | if (ret == NULL) { |
| 590 | SSLerror(ERR_R_MALLOC_FAILURE); | 590 | SSLerrorx(ERR_R_MALLOC_FAILURE); |
| 591 | goto err; | 591 | goto err; |
| 592 | } | 592 | } |
| 593 | } | 593 | } |
| @@ -642,7 +642,7 @@ SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | |||
| 642 | in = BIO_new(BIO_s_file_internal()); | 642 | in = BIO_new(BIO_s_file_internal()); |
| 643 | 643 | ||
| 644 | if (in == NULL) { | 644 | if (in == NULL) { |
| 645 | SSLerror(ERR_R_MALLOC_FAILURE); | 645 | SSLerrorx(ERR_R_MALLOC_FAILURE); |
| 646 | goto err; | 646 | goto err; |
| 647 | } | 647 | } |
| 648 | 648 | ||
| @@ -711,7 +711,7 @@ SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) | |||
| 711 | if (!ret) { | 711 | if (!ret) { |
| 712 | SYSerror(errno); | 712 | SYSerror(errno); |
| 713 | ERR_asprintf_error_data("opendir ('%s')", dir); | 713 | ERR_asprintf_error_data("opendir ('%s')", dir); |
| 714 | SSLerror(ERR_R_SYS_LIB); | 714 | SSLerrorx(ERR_R_SYS_LIB); |
| 715 | } | 715 | } |
| 716 | return ret; | 716 | return ret; |
| 717 | } | 717 | } |