Send the error function codes to rot in the depths of hell where they belong

We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
author: beck <> 2017-01-26 10:40:21 +0000
committer: beck <> 2017-01-26 10:40:21 +0000
commit: a4abf558fd44464a5a48bfeb5393b01002f66c5e (patch)
tree: e105a2b33d3aefb54727a955e9c746cc8edb0e50 /src/lib/libssl/ssl_packet.c
parent: b7978753e566fd60946300b252a9d9d89559733e (diff)
download: openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.tar.gz
openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.tar.bz2
openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.zip
1 files changed, 9 insertions, 9 deletions
diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c
index 0c5b4c463b..a8462ffd84 100644
--- a/src/lib/libssl/ssl_packet.c
+++ b/src/lib/libssl/ssl_packet.c
@@ -106,12 +106,12 @@ ssl_convert_sslv2_client_hello(SSL *s)
                return -1;
        if (record_length < 9) {
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+                SSLerror(
                    SSL_R_RECORD_LENGTH_MISMATCH);
                return -1;
        }
        if (record_length > 4096) {
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE);
+                SSLerror(SSL_R_RECORD_TOO_LARGE);
                return -1;
        }
@@ -150,7 +150,7 @@ ssl_convert_sslv2_client_hello(SSL *s)
        if (!CBS_get_bytes(&cbs, &challenge, challenge_length))
                return -1;
        if (CBS_len(&cbs) != 0) {
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+                SSLerror(
                    SSL_R_RECORD_LENGTH_MISMATCH);
                return -1;
        }
@@ -236,7 +236,7 @@ ssl_server_legacy_first_packet(SSL *s)
        if (ssl_is_sslv2_client_hello(&header) == 1) {
                /* Only permit SSLv2 client hellos if TLSv1.0 is enabled. */
                if (ssl_enabled_version_range(s, &min_version, NULL) != 1) {
-                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,
+                        SSLerror(
                            SSL_R_NO_PROTOCOLS_AVAILABLE);
                        return -1;
                }
@@ -244,7 +244,7 @@ ssl_server_legacy_first_packet(SSL *s)
                        return 1;
                if (ssl_convert_sslv2_client_hello(s) != 1) {
-                        SSLerr(SSL_F_SSL23_CLIENT_HELLO,
+                        SSLerror(
                            SSL_R_BAD_PACKET_LENGTH);
                        return -1;
                }
@@ -254,7 +254,7 @@ ssl_server_legacy_first_packet(SSL *s)
        /* Ensure that we have SSL3_RT_HEADER_LENGTH (5 bytes) of the packet. */
        if (CBS_len(&header) != SSL3_RT_HEADER_LENGTH) {
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                SSLerror(ERR_R_INTERNAL_ERROR);
                return -1;
        }
        data = (const char *)CBS_data(&header);
@@ -264,15 +264,15 @@ ssl_server_legacy_first_packet(SSL *s)
            strncmp("POST ", data, 5) == 0 ||
            strncmp("HEAD ", data, 5) == 0 ||
            strncmp("PUT ", data, 4) == 0) {
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST);
+                SSLerror(SSL_R_HTTP_REQUEST);
                return -1;
        }
        if (strncmp("CONNE", data, 5) == 0) {
-                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST);
+                SSLerror(SSL_R_HTTPS_PROXY_REQUEST);
                return -1;
        }
-        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
+        SSLerror(SSL_R_UNKNOWN_PROTOCOL);
        return -1;
 }
author	beck <>	2017-01-26 10:40:21 +0000
committer	beck <>	2017-01-26 10:40:21 +0000
commit	a4abf558fd44464a5a48bfeb5393b01002f66c5e (patch)
tree	e105a2b33d3aefb54727a955e9c746cc8edb0e50 /src/lib/libssl/ssl_packet.c
parent	b7978753e566fd60946300b252a9d9d89559733e (diff)
download	openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.tar.gz openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.tar.bz2 openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.zip

diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c index 0c5b4c463b..a8462ffd84 100644 --- a/src/lib/libssl/ssl_packet.c +++ b/src/lib/libssl/ssl_packet.c
@@ -106,12 +106,12 @@ ssl_convert_sslv2_client_hello(SSL *s)
106	return -1;	106	return -1;
107		107
108	if (record_length < 9) {	108	if (record_length < 9) {
109	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,	109	SSLerror(
110	SSL_R_RECORD_LENGTH_MISMATCH);	110	SSL_R_RECORD_LENGTH_MISMATCH);
111	return -1;	111	return -1;
112	}	112	}
113	if (record_length > 4096) {	113	if (record_length > 4096) {
114	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE);	114	SSLerror(SSL_R_RECORD_TOO_LARGE);
115	return -1;	115	return -1;
116	}	116	}
117		117
@@ -150,7 +150,7 @@ ssl_convert_sslv2_client_hello(SSL *s)
150	if (!CBS_get_bytes(&cbs, &challenge, challenge_length))	150	if (!CBS_get_bytes(&cbs, &challenge, challenge_length))
151	return -1;	151	return -1;
152	if (CBS_len(&cbs) != 0) {	152	if (CBS_len(&cbs) != 0) {
153	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,	153	SSLerror(
154	SSL_R_RECORD_LENGTH_MISMATCH);	154	SSL_R_RECORD_LENGTH_MISMATCH);
155	return -1;	155	return -1;
156	}	156	}
@@ -236,7 +236,7 @@ ssl_server_legacy_first_packet(SSL *s)
236	if (ssl_is_sslv2_client_hello(&header) == 1) {	236	if (ssl_is_sslv2_client_hello(&header) == 1) {
237	/* Only permit SSLv2 client hellos if TLSv1.0 is enabled. */	237	/* Only permit SSLv2 client hellos if TLSv1.0 is enabled. */
238	if (ssl_enabled_version_range(s, &min_version, NULL) != 1) {	238	if (ssl_enabled_version_range(s, &min_version, NULL) != 1) {
239	SSLerr(SSL_F_SSL23_CLIENT_HELLO,	239	SSLerror(
240	SSL_R_NO_PROTOCOLS_AVAILABLE);	240	SSL_R_NO_PROTOCOLS_AVAILABLE);
241	return -1;	241	return -1;
242	}	242	}
@@ -244,7 +244,7 @@ ssl_server_legacy_first_packet(SSL *s)
244	return 1;	244	return 1;
245		245
246	if (ssl_convert_sslv2_client_hello(s) != 1) {	246	if (ssl_convert_sslv2_client_hello(s) != 1) {
247	SSLerr(SSL_F_SSL23_CLIENT_HELLO,	247	SSLerror(
248	SSL_R_BAD_PACKET_LENGTH);	248	SSL_R_BAD_PACKET_LENGTH);
249	return -1;	249	return -1;
250	}	250	}
@@ -254,7 +254,7 @@ ssl_server_legacy_first_packet(SSL *s)
254		254
255	/* Ensure that we have SSL3_RT_HEADER_LENGTH (5 bytes) of the packet. */	255	/* Ensure that we have SSL3_RT_HEADER_LENGTH (5 bytes) of the packet. */
256	if (CBS_len(&header) != SSL3_RT_HEADER_LENGTH) {	256	if (CBS_len(&header) != SSL3_RT_HEADER_LENGTH) {
257	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);	257	SSLerror(ERR_R_INTERNAL_ERROR);
258	return -1;	258	return -1;
259	}	259	}
260	data = (const char *)CBS_data(&header);	260	data = (const char *)CBS_data(&header);
@@ -264,15 +264,15 @@ ssl_server_legacy_first_packet(SSL *s)
264	strncmp("POST ", data, 5) == 0 \|\|	264	strncmp("POST ", data, 5) == 0 \|\|
265	strncmp("HEAD ", data, 5) == 0 \|\|	265	strncmp("HEAD ", data, 5) == 0 \|\|
266	strncmp("PUT ", data, 4) == 0) {	266	strncmp("PUT ", data, 4) == 0) {
267	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST);	267	SSLerror(SSL_R_HTTP_REQUEST);
268	return -1;	268	return -1;
269	}	269	}
270	if (strncmp("CONNE", data, 5) == 0) {	270	if (strncmp("CONNE", data, 5) == 0) {
271	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST);	271	SSLerror(SSL_R_HTTPS_PROXY_REQUEST);
272	return -1;	272	return -1;
273	}	273	}
274		274
275	SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);	275	SSLerror(SSL_R_UNKNOWN_PROTOCOL);
276		276
277	return -1;	277	return -1;
278	}	278	}