Change SSLerror() back to taking two args, with the first one being an SSL *.

Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
author: beck <> 2017-02-07 02:08:38 +0000
committer: beck <> 2017-02-07 02:08:38 +0000
commit: 9a5920738bea15430db1fdd138e67d9bbc3a95d3 (patch)
tree: a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/t1_enc.c
parent: 39e6b39981109a910f15cb187f48bd78dc3e75bb (diff)
download: openbsd-9a5920738bea15430db1fdd138e67d9bbc3a95d3.tar.gz
openbsd-9a5920738bea15430db1fdd138e67d9bbc3a95d3.tar.bz2
openbsd-9a5920738bea15430db1fdd138e67d9bbc3a95d3.zip
1 files changed, 22 insertions, 22 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 2ee521b073..85d28298bf 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.95 2017/01/26 12:16:13 beck Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.96 2017/02/07 02:08:38 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -203,7 +203,7 @@ tls1_finish_mac(SSL *s, const unsigned char *buf, int len)
                if (S3I(s)->handshake_dgst[i] == NULL)
                        continue;
                if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {
-                        SSLerror(ERR_R_EVP_LIB);
+                        SSLerror(s, ERR_R_EVP_LIB);
                        return 0;
                }
        }
@@ -223,12 +223,12 @@ tls1_digest_cached_records(SSL *s)
        S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
        if (S3I(s)->handshake_dgst == NULL) {
-                SSLerror(ERR_R_MALLOC_FAILURE);
+                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
        if (hdatalen <= 0) {
-                SSLerror(SSL_R_BAD_HANDSHAKE_LENGTH);
+                SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);
                goto err;
        }
@@ -239,16 +239,16 @@ tls1_digest_cached_records(SSL *s)
                S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();
                if (S3I(s)->handshake_dgst[i] == NULL) {
-                        SSLerror(ERR_R_MALLOC_FAILURE);
+                        SSLerror(s, ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {
-                        SSLerror(ERR_R_EVP_LIB);
+                        SSLerror(s, ERR_R_EVP_LIB);
                        goto err;
                }
                if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,
                    hdatalen)) {
-                        SSLerror(ERR_R_EVP_LIB);
+                        SSLerror(s, ERR_R_EVP_LIB);
                        goto err;
                }
        }
@@ -383,7 +383,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
                        count++;
        }
        if (count == 0) {
-                SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                SSLerrorx(SSL_R_SSL_HANDSHAKE_FAILURE);
                goto err;
        }
        len = slen / count;
@@ -394,7 +394,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
        for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
                if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
                        if (!md) {
-                                SSLerror(SSL_R_UNSUPPORTED_DIGEST_TYPE);
+                                SSLerrorx(SSL_R_UNSUPPORTED_DIGEST_TYPE);
                                goto err;
                        }
                        if (!tls1_P_hash(md , S1, len + (slen&1), seed1,
@@ -442,7 +442,7 @@ tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx)
        *aead_ctx = malloc(sizeof(SSL_AEAD_CTX));
        if (*aead_ctx == NULL) {
-                SSLerror(ERR_R_MALLOC_FAILURE);
+                SSLerrorx(ERR_R_MALLOC_FAILURE);
                return (0);
        }
@@ -470,7 +470,7 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
            EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))
                return (0);
        if (iv_len > sizeof(aead_ctx->fixed_nonce)) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerrorx(ERR_R_INTERNAL_ERROR);
                return (0);
        }
        memcpy(aead_ctx->fixed_nonce, iv, iv_len);
@@ -486,13 +486,13 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
        if (aead_ctx->xor_fixed_nonce) {
                if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) ||
                    aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) {
-                        SSLerror(ERR_R_INTERNAL_ERROR);
+                        SSLerrorx(ERR_R_INTERNAL_ERROR);
                        return (0);
                }
        } else {
                if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len !=
                    EVP_AEAD_nonce_length(aead)) {
-                        SSLerror(ERR_R_INTERNAL_ERROR);
+                        SSLerrorx(ERR_R_INTERNAL_ERROR);
                        return (0);
                }
        }
@@ -603,7 +603,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
        return (1);
 err:
-        SSLerror(ERR_R_MALLOC_FAILURE);
+        SSLerrorx(ERR_R_MALLOC_FAILURE);
        return (0);
 }
@@ -688,7 +688,7 @@ tls1_change_cipher_state(SSL *s, int which)
        }
        if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                goto err2;
        }
@@ -729,7 +729,7 @@ tls1_setup_key_block(SSL *s)
        if (s->session->cipher &&
            (s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) {
                if (!ssl_cipher_get_evp_aead(s->session, &aead)) {
-                        SSLerror(SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+                        SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
                        return (0);
                }
                key_len = EVP_AEAD_key_length(aead);
@@ -737,7 +737,7 @@ tls1_setup_key_block(SSL *s)
        } else {
                if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type,
                    &mac_secret_size)) {
-                        SSLerror(SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+                        SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
                        return (0);
                }
                key_len = EVP_CIPHER_key_length(cipher);
@@ -758,7 +758,7 @@ tls1_setup_key_block(SSL *s)
        if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len,
            2)) == NULL) {
-                SSLerror(ERR_R_MALLOC_FAILURE);
+                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        key_block_len = (mac_secret_size + key_len + iv_len) * 2;
@@ -767,7 +767,7 @@ tls1_setup_key_block(SSL *s)
        S3I(s)->tmp.key_block = key_block;
        if ((tmp_block = malloc(key_block_len)) == NULL) {
-                SSLerror(ERR_R_MALLOC_FAILURE);
+                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
@@ -1105,7 +1105,7 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
                }
        }
        if (d == NULL) {
-                SSLerror(SSL_R_NO_REQUIRED_DIGEST);
+                SSLerror(s, SSL_R_NO_REQUIRED_DIGEST);
                return 0;
        }
@@ -1336,11 +1336,11 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
        goto ret;
 err1:
-        SSLerror(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
+        SSLerror(s, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
        rv = 0;
        goto ret;
 err2:
-        SSLerror(ERR_R_MALLOC_FAILURE);
+        SSLerror(s, ERR_R_MALLOC_FAILURE);
        rv = 0;
 ret:
        free(buff);
author	beck <>	2017-02-07 02:08:38 +0000
committer	beck <>	2017-02-07 02:08:38 +0000
commit	9a5920738bea15430db1fdd138e67d9bbc3a95d3 (patch)
tree	a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/t1_enc.c
parent	39e6b39981109a910f15cb187f48bd78dc3e75bb (diff)
download	openbsd-9a5920738bea15430db1fdd138e67d9bbc3a95d3.tar.gz openbsd-9a5920738bea15430db1fdd138e67d9bbc3a95d3.tar.bz2 openbsd-9a5920738bea15430db1fdd138e67d9bbc3a95d3.zip

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 2ee521b073..85d28298bf 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.95 2017/01/26 12:16:13 beck Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.96 2017/02/07 02:08:38 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -203,7 +203,7 @@ tls1_finish_mac(SSL s, const unsigned char buf, int len)
203	if (S3I(s)->handshake_dgst[i] == NULL)	203	if (S3I(s)->handshake_dgst[i] == NULL)
204	continue;	204	continue;
205	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {	205	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {
206	SSLerror(ERR_R_EVP_LIB);	206	SSLerror(s, ERR_R_EVP_LIB);
207	return 0;	207	return 0;
208	}	208	}
209	}	209	}
@@ -223,12 +223,12 @@ tls1_digest_cached_records(SSL *s)
223		223
224	S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));	224	S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
225	if (S3I(s)->handshake_dgst == NULL) {	225	if (S3I(s)->handshake_dgst == NULL) {
226	SSLerror(ERR_R_MALLOC_FAILURE);	226	SSLerror(s, ERR_R_MALLOC_FAILURE);
227	goto err;	227	goto err;
228	}	228	}
229	hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);	229	hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
230	if (hdatalen <= 0) {	230	if (hdatalen <= 0) {
231	SSLerror(SSL_R_BAD_HANDSHAKE_LENGTH);	231	SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);
232	goto err;	232	goto err;
233	}	233	}
234		234
@@ -239,16 +239,16 @@ tls1_digest_cached_records(SSL *s)
239		239
240	S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();	240	S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();
241	if (S3I(s)->handshake_dgst[i] == NULL) {	241	if (S3I(s)->handshake_dgst[i] == NULL) {
242	SSLerror(ERR_R_MALLOC_FAILURE);	242	SSLerror(s, ERR_R_MALLOC_FAILURE);
243	goto err;	243	goto err;
244	}	244	}
245	if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {	245	if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {
246	SSLerror(ERR_R_EVP_LIB);	246	SSLerror(s, ERR_R_EVP_LIB);
247	goto err;	247	goto err;
248	}	248	}
249	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,	249	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,
250	hdatalen)) {	250	hdatalen)) {
251	SSLerror(ERR_R_EVP_LIB);	251	SSLerror(s, ERR_R_EVP_LIB);
252	goto err;	252	goto err;
253	}	253	}
254	}	254	}
@@ -383,7 +383,7 @@ tls1_PRF(long digest_mask, const void seed1, int seed1_len, const void seed2,
383	count++;	383	count++;
384	}	384	}
385	if (count == 0) {	385	if (count == 0) {
386	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	386	SSLerrorx(SSL_R_SSL_HANDSHAKE_FAILURE);
387	goto err;	387	goto err;
388	}	388	}
389	len = slen / count;	389	len = slen / count;
@@ -394,7 +394,7 @@ tls1_PRF(long digest_mask, const void seed1, int seed1_len, const void seed2,
394	for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {	394	for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
395	if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {	395	if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
396	if (!md) {	396	if (!md) {
397	SSLerror(SSL_R_UNSUPPORTED_DIGEST_TYPE);	397	SSLerrorx(SSL_R_UNSUPPORTED_DIGEST_TYPE);
398	goto err;	398	goto err;
399	}	399	}
400	if (!tls1_P_hash(md , S1, len + (slen&1), seed1,	400	if (!tls1_P_hash(md , S1, len + (slen&1), seed1,
@@ -442,7 +442,7 @@ tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx)
442		442
443	*aead_ctx = malloc(sizeof(SSL_AEAD_CTX));	443	*aead_ctx = malloc(sizeof(SSL_AEAD_CTX));
444	if (*aead_ctx == NULL) {	444	if (*aead_ctx == NULL) {
445	SSLerror(ERR_R_MALLOC_FAILURE);	445	SSLerrorx(ERR_R_MALLOC_FAILURE);
446	return (0);	446	return (0);
447	}	447	}
448		448
@@ -470,7 +470,7 @@ tls1_change_cipher_state_aead(SSL s, char is_read, const unsigned char key,
470	EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))	470	EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))
471	return (0);	471	return (0);
472	if (iv_len > sizeof(aead_ctx->fixed_nonce)) {	472	if (iv_len > sizeof(aead_ctx->fixed_nonce)) {
473	SSLerror(ERR_R_INTERNAL_ERROR);	473	SSLerrorx(ERR_R_INTERNAL_ERROR);
474	return (0);	474	return (0);
475	}	475	}
476	memcpy(aead_ctx->fixed_nonce, iv, iv_len);	476	memcpy(aead_ctx->fixed_nonce, iv, iv_len);
@@ -486,13 +486,13 @@ tls1_change_cipher_state_aead(SSL s, char is_read, const unsigned char key,
486	if (aead_ctx->xor_fixed_nonce) {	486	if (aead_ctx->xor_fixed_nonce) {
487	if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) \|\|	487	if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) \|\|
488	aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) {	488	aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) {
489	SSLerror(ERR_R_INTERNAL_ERROR);	489	SSLerrorx(ERR_R_INTERNAL_ERROR);
490	return (0);	490	return (0);
491	}	491	}
492	} else {	492	} else {
493	if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len !=	493	if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len !=
494	EVP_AEAD_nonce_length(aead)) {	494	EVP_AEAD_nonce_length(aead)) {
495	SSLerror(ERR_R_INTERNAL_ERROR);	495	SSLerrorx(ERR_R_INTERNAL_ERROR);
496	return (0);	496	return (0);
497	}	497	}
498	}	498	}
@@ -603,7 +603,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
603	return (1);	603	return (1);
604		604
605	err:	605	err:
606	SSLerror(ERR_R_MALLOC_FAILURE);	606	SSLerrorx(ERR_R_MALLOC_FAILURE);
607	return (0);	607	return (0);
608	}	608	}
609		609
@@ -688,7 +688,7 @@ tls1_change_cipher_state(SSL *s, int which)
688	}	688	}
689		689
690	if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) {	690	if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) {
691	SSLerror(ERR_R_INTERNAL_ERROR);	691	SSLerror(s, ERR_R_INTERNAL_ERROR);
692	goto err2;	692	goto err2;
693	}	693	}
694		694
@@ -729,7 +729,7 @@ tls1_setup_key_block(SSL *s)
729	if (s->session->cipher &&	729	if (s->session->cipher &&
730	(s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) {	730	(s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) {
731	if (!ssl_cipher_get_evp_aead(s->session, &aead)) {	731	if (!ssl_cipher_get_evp_aead(s->session, &aead)) {
732	SSLerror(SSL_R_CIPHER_OR_HASH_UNAVAILABLE);	732	SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
733	return (0);	733	return (0);
734	}	734	}
735	key_len = EVP_AEAD_key_length(aead);	735	key_len = EVP_AEAD_key_length(aead);
@@ -737,7 +737,7 @@ tls1_setup_key_block(SSL *s)
737	} else {	737	} else {
738	if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type,	738	if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type,
739	&mac_secret_size)) {	739	&mac_secret_size)) {
740	SSLerror(SSL_R_CIPHER_OR_HASH_UNAVAILABLE);	740	SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
741	return (0);	741	return (0);
742	}	742	}
743	key_len = EVP_CIPHER_key_length(cipher);	743	key_len = EVP_CIPHER_key_length(cipher);
@@ -758,7 +758,7 @@ tls1_setup_key_block(SSL *s)
758		758
759	if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len,	759	if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len,
760	2)) == NULL) {	760	2)) == NULL) {
761	SSLerror(ERR_R_MALLOC_FAILURE);	761	SSLerror(s, ERR_R_MALLOC_FAILURE);
762	goto err;	762	goto err;
763	}	763	}
764	key_block_len = (mac_secret_size + key_len + iv_len) * 2;	764	key_block_len = (mac_secret_size + key_len + iv_len) * 2;
@@ -767,7 +767,7 @@ tls1_setup_key_block(SSL *s)
767	S3I(s)->tmp.key_block = key_block;	767	S3I(s)->tmp.key_block = key_block;
768		768
769	if ((tmp_block = malloc(key_block_len)) == NULL) {	769	if ((tmp_block = malloc(key_block_len)) == NULL) {
770	SSLerror(ERR_R_MALLOC_FAILURE);	770	SSLerror(s, ERR_R_MALLOC_FAILURE);
771	goto err;	771	goto err;
772	}	772	}
773		773
@@ -1105,7 +1105,7 @@ tls1_cert_verify_mac(SSL s, int md_nid, unsigned char out)
1105	}	1105	}
1106	}	1106	}
1107	if (d == NULL) {	1107	if (d == NULL) {
1108	SSLerror(SSL_R_NO_REQUIRED_DIGEST);	1108	SSLerror(s, SSL_R_NO_REQUIRED_DIGEST);
1109	return 0;	1109	return 0;
1110	}	1110	}
1111		1111
@@ -1336,11 +1336,11 @@ tls1_export_keying_material(SSL s, unsigned char out, size_t olen,
1336		1336
1337	goto ret;	1337	goto ret;
1338	err1:	1338	err1:
1339	SSLerror(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);	1339	SSLerror(s, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
1340	rv = 0;	1340	rv = 0;
1341	goto ret;	1341	goto ret;
1342	err2:	1342	err2:
1343	SSLerror(ERR_R_MALLOC_FAILURE);	1343	SSLerror(s, ERR_R_MALLOC_FAILURE);
1344	rv = 0;	1344	rv = 0;
1345	ret:	1345	ret:
1346	free(buff);	1346	free(buff);