Change SSLerror() back to taking two args, with the first one being an SSL *.

Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
author: beck <> 2017-02-07 02:08:38 +0000
committer: beck <> 2017-02-07 02:08:38 +0000
commit: 91c389f89015a024212e73f5ec6e24166955ab6e (patch)
tree: a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/ssl_sess.c
parent: 8a1ec4c748b269fba0669ee71234ec9a0f128613 (diff)
download: openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.gz
openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.bz2
openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.zip
1 files changed, 15 insertions, 15 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 5477e9a168..5d80e58196 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.69 2017/01/26 12:16:13 beck Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.70 2017/02/07 02:08:38 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -200,12 +200,12 @@ SSL_SESSION_new(void)
        SSL_SESSION *ss;
        if ((ss = calloc(1, sizeof(*ss))) == NULL) {
-                SSLerror(ERR_R_MALLOC_FAILURE);
+                SSLerrorx(ERR_R_MALLOC_FAILURE);
                return (NULL);
        }
        if ((ss->internal = calloc(1, sizeof(*ss->internal))) == NULL) {
                free(ss);
-                SSLerror(ERR_R_MALLOC_FAILURE);
+                SSLerrorx(ERR_R_MALLOC_FAILURE);
                return (NULL);
        }
@@ -312,7 +312,7 @@ ssl_get_new_session(SSL *s, int session)
                        ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
                        break;
                default:
-                        SSLerror(SSL_R_UNSUPPORTED_SSL_VERSION);
+                        SSLerror(s, SSL_R_UNSUPPORTED_SSL_VERSION);
                        SSL_SESSION_free(ss);
                        return (0);
                }
@@ -335,7 +335,7 @@ ssl_get_new_session(SSL *s, int session)
                tmp = ss->session_id_length;
                if (!cb(s, ss->session_id, &tmp)) {
                        /* The callback failed */
-                        SSLerror(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
+                        SSLerror(s, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
                        SSL_SESSION_free(ss);
                        return (0);
                }
@@ -346,7 +346,7 @@ ssl_get_new_session(SSL *s, int session)
                 */
                if (!tmp || (tmp > ss->session_id_length)) {
                        /* The callback set an illegal length */
-                        SSLerror(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
+                        SSLerror(s, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
                        SSL_SESSION_free(ss);
                        return (0);
                }
@@ -355,7 +355,7 @@ ssl_get_new_session(SSL *s, int session)
                /* Finally, check for a conflict. */
                if (SSL_has_matching_session_id(s, ss->session_id,
                        ss->session_id_length)) {
-                        SSLerror(SSL_R_SSL_SESSION_ID_CONFLICT);
+                        SSLerror(s, SSL_R_SSL_SESSION_ID_CONFLICT);
                        SSL_SESSION_free(ss);
                        return (0);
                }
@@ -364,7 +364,7 @@ sess_id_done:
                if (s->tlsext_hostname) {
                        ss->tlsext_hostname = strdup(s->tlsext_hostname);
                        if (ss->tlsext_hostname == NULL) {
-                                SSLerror(ERR_R_INTERNAL_ERROR);
+                                SSLerror(s, ERR_R_INTERNAL_ERROR);
                                SSL_SESSION_free(ss);
                                return 0;
                        }
@@ -374,7 +374,7 @@ sess_id_done:
        }
        if (s->sid_ctx_length > sizeof ss->sid_ctx) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                SSL_SESSION_free(ss);
                return 0;
        }
@@ -523,7 +523,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                 * applications to effectively disable the session cache by
                 * accident without anyone noticing).
                 */
-                SSLerror(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+                SSLerror(s, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
                fatal = 1;
                goto err;
        }
@@ -723,7 +723,7 @@ SSL_set_session(SSL *s, SSL_SESSION *session)
                if (meth == NULL)
                        meth = s->method->internal->get_ssl_method(session->ssl_version);
                if (meth == NULL) {
-                        SSLerror(SSL_R_UNABLE_TO_FIND_SSL_METHOD);
+                        SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
                        return (0);
                }
@@ -803,7 +803,7 @@ SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
    unsigned int sid_ctx_len)
 {
        if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
-                SSLerror(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+                SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
                return 0;
        }
        s->sid_ctx_length = sid_ctx_len;
@@ -864,7 +864,7 @@ SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
                s->internal->tlsext_session_ticket =
                    malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
                if (!s->internal->tlsext_session_ticket) {
-                        SSLerror(ERR_R_MALLOC_FAILURE);
+                        SSLerror(s, ERR_R_MALLOC_FAILURE);
                        return 0;
                }
@@ -1071,11 +1071,11 @@ int
 SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
 {
        if (!ENGINE_init(e)) {
-                SSLerror(ERR_R_ENGINE_LIB);
+                SSLerrorx(ERR_R_ENGINE_LIB);
                return 0;
        }
        if (!ENGINE_get_ssl_client_cert_function(e)) {
-                SSLerror(SSL_R_NO_CLIENT_CERT_METHOD);
+                SSLerrorx(SSL_R_NO_CLIENT_CERT_METHOD);
                ENGINE_finish(e);
                return 0;
        }
author	beck <>	2017-02-07 02:08:38 +0000
committer	beck <>	2017-02-07 02:08:38 +0000
commit	91c389f89015a024212e73f5ec6e24166955ab6e (patch)
tree	a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/ssl_sess.c
parent	8a1ec4c748b269fba0669ee71234ec9a0f128613 (diff)
download	openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.gz openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.bz2 openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.zip

diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 5477e9a168..5d80e58196 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sess.c,v 1.69 2017/01/26 12:16:13 beck Exp $ */	1	/* $OpenBSD: ssl_sess.c,v 1.70 2017/02/07 02:08:38 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -200,12 +200,12 @@ SSL_SESSION_new(void)
200	SSL_SESSION *ss;	200	SSL_SESSION *ss;
201		201
202	if ((ss = calloc(1, sizeof(*ss))) == NULL) {	202	if ((ss = calloc(1, sizeof(*ss))) == NULL) {
203	SSLerror(ERR_R_MALLOC_FAILURE);	203	SSLerrorx(ERR_R_MALLOC_FAILURE);
204	return (NULL);	204	return (NULL);
205	}	205	}
206	if ((ss->internal = calloc(1, sizeof(*ss->internal))) == NULL) {	206	if ((ss->internal = calloc(1, sizeof(*ss->internal))) == NULL) {
207	free(ss);	207	free(ss);
208	SSLerror(ERR_R_MALLOC_FAILURE);	208	SSLerrorx(ERR_R_MALLOC_FAILURE);
209	return (NULL);	209	return (NULL);
210	}	210	}
211		211
@@ -312,7 +312,7 @@ ssl_get_new_session(SSL *s, int session)
312	ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;	312	ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
313	break;	313	break;
314	default:	314	default:
315	SSLerror(SSL_R_UNSUPPORTED_SSL_VERSION);	315	SSLerror(s, SSL_R_UNSUPPORTED_SSL_VERSION);
316	SSL_SESSION_free(ss);	316	SSL_SESSION_free(ss);
317	return (0);	317	return (0);
318	}	318	}
@@ -335,7 +335,7 @@ ssl_get_new_session(SSL *s, int session)
335	tmp = ss->session_id_length;	335	tmp = ss->session_id_length;
336	if (!cb(s, ss->session_id, &tmp)) {	336	if (!cb(s, ss->session_id, &tmp)) {
337	/* The callback failed */	337	/* The callback failed */
338	SSLerror(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);	338	SSLerror(s, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
339	SSL_SESSION_free(ss);	339	SSL_SESSION_free(ss);
340	return (0);	340	return (0);
341	}	341	}
@@ -346,7 +346,7 @@ ssl_get_new_session(SSL *s, int session)
346	*/	346	*/
347	if (!tmp \|\| (tmp > ss->session_id_length)) {	347	if (!tmp \|\| (tmp > ss->session_id_length)) {
348	/* The callback set an illegal length */	348	/* The callback set an illegal length */
349	SSLerror(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);	349	SSLerror(s, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
350	SSL_SESSION_free(ss);	350	SSL_SESSION_free(ss);
351	return (0);	351	return (0);
352	}	352	}
@@ -355,7 +355,7 @@ ssl_get_new_session(SSL *s, int session)
355	/* Finally, check for a conflict. */	355	/* Finally, check for a conflict. */
356	if (SSL_has_matching_session_id(s, ss->session_id,	356	if (SSL_has_matching_session_id(s, ss->session_id,
357	ss->session_id_length)) {	357	ss->session_id_length)) {
358	SSLerror(SSL_R_SSL_SESSION_ID_CONFLICT);	358	SSLerror(s, SSL_R_SSL_SESSION_ID_CONFLICT);
359	SSL_SESSION_free(ss);	359	SSL_SESSION_free(ss);
360	return (0);	360	return (0);
361	}	361	}
@@ -364,7 +364,7 @@ sess_id_done:
364	if (s->tlsext_hostname) {	364	if (s->tlsext_hostname) {
365	ss->tlsext_hostname = strdup(s->tlsext_hostname);	365	ss->tlsext_hostname = strdup(s->tlsext_hostname);
366	if (ss->tlsext_hostname == NULL) {	366	if (ss->tlsext_hostname == NULL) {
367	SSLerror(ERR_R_INTERNAL_ERROR);	367	SSLerror(s, ERR_R_INTERNAL_ERROR);
368	SSL_SESSION_free(ss);	368	SSL_SESSION_free(ss);
369	return 0;	369	return 0;
370	}	370	}
@@ -374,7 +374,7 @@ sess_id_done:
374	}	374	}
375		375
376	if (s->sid_ctx_length > sizeof ss->sid_ctx) {	376	if (s->sid_ctx_length > sizeof ss->sid_ctx) {
377	SSLerror(ERR_R_INTERNAL_ERROR);	377	SSLerror(s, ERR_R_INTERNAL_ERROR);
378	SSL_SESSION_free(ss);	378	SSL_SESSION_free(ss);
379	return 0;	379	return 0;
380	}	380	}
@@ -523,7 +523,7 @@ ssl_get_prev_session(SSL s, unsigned char session_id, int len,
523	* applications to effectively disable the session cache by	523	* applications to effectively disable the session cache by
524	* accident without anyone noticing).	524	* accident without anyone noticing).
525	*/	525	*/
526	SSLerror(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);	526	SSLerror(s, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
527	fatal = 1;	527	fatal = 1;
528	goto err;	528	goto err;
529	}	529	}
@@ -723,7 +723,7 @@ SSL_set_session(SSL s, SSL_SESSION session)
723	if (meth == NULL)	723	if (meth == NULL)
724	meth = s->method->internal->get_ssl_method(session->ssl_version);	724	meth = s->method->internal->get_ssl_method(session->ssl_version);
725	if (meth == NULL) {	725	if (meth == NULL) {
726	SSLerror(SSL_R_UNABLE_TO_FIND_SSL_METHOD);	726	SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
727	return (0);	727	return (0);
728	}	728	}
729		729
@@ -803,7 +803,7 @@ SSL_SESSION_set1_id_context(SSL_SESSION s, const unsigned char sid_ctx,
803	unsigned int sid_ctx_len)	803	unsigned int sid_ctx_len)
804	{	804	{
805	if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {	805	if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
806	SSLerror(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);	806	SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
807	return 0;	807	return 0;
808	}	808	}
809	s->sid_ctx_length = sid_ctx_len;	809	s->sid_ctx_length = sid_ctx_len;
@@ -864,7 +864,7 @@ SSL_set_session_ticket_ext(SSL s, void ext_data, int ext_len)
864	s->internal->tlsext_session_ticket =	864	s->internal->tlsext_session_ticket =
865	malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);	865	malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
866	if (!s->internal->tlsext_session_ticket) {	866	if (!s->internal->tlsext_session_ticket) {
867	SSLerror(ERR_R_MALLOC_FAILURE);	867	SSLerror(s, ERR_R_MALLOC_FAILURE);
868	return 0;	868	return 0;
869	}	869	}
870		870
@@ -1071,11 +1071,11 @@ int
1071	SSL_CTX_set_client_cert_engine(SSL_CTX ctx, ENGINE e)	1071	SSL_CTX_set_client_cert_engine(SSL_CTX ctx, ENGINE e)
1072	{	1072	{
1073	if (!ENGINE_init(e)) {	1073	if (!ENGINE_init(e)) {
1074	SSLerror(ERR_R_ENGINE_LIB);	1074	SSLerrorx(ERR_R_ENGINE_LIB);
1075	return 0;	1075	return 0;
1076	}	1076	}
1077	if (!ENGINE_get_ssl_client_cert_function(e)) {	1077	if (!ENGINE_get_ssl_client_cert_function(e)) {
1078	SSLerror(SSL_R_NO_CLIENT_CERT_METHOD);	1078	SSLerrorx(SSL_R_NO_CLIENT_CERT_METHOD);
1079	ENGINE_finish(e);	1079	ENGINE_finish(e);
1080	return 0;	1080	return 0;
1081	}	1081	}