diff options
| author | beck <> | 2017-01-26 10:40:21 +0000 |
|---|---|---|
| committer | beck <> | 2017-01-26 10:40:21 +0000 |
| commit | 59161dbdf4da5b82b27402f93d7007a11b2d1cc1 (patch) | |
| tree | e105a2b33d3aefb54727a955e9c746cc8edb0e50 /src/lib/libssl/t1_enc.c | |
| parent | a2e1efdba084d65702b419bc510c30a144eb5d7f (diff) | |
| download | openbsd-59161dbdf4da5b82b27402f93d7007a11b2d1cc1.tar.gz openbsd-59161dbdf4da5b82b27402f93d7007a11b2d1cc1.tar.bz2 openbsd-59161dbdf4da5b82b27402f93d7007a11b2d1cc1.zip | |
Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@
Diffstat (limited to 'src/lib/libssl/t1_enc.c')
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 3181b63e39..f79219561a 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.93 2017/01/23 14:35:42 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.94 2017/01/26 10:40:21 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -203,7 +203,7 @@ tls1_finish_mac(SSL *s, const unsigned char *buf, int len) | |||
| 203 | if (S3I(s)->handshake_dgst[i] == NULL) | 203 | if (S3I(s)->handshake_dgst[i] == NULL) |
| 204 | continue; | 204 | continue; |
| 205 | if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) { | 205 | if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) { |
| 206 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); | 206 | SSLerror(ERR_R_EVP_LIB); |
| 207 | return 0; | 207 | return 0; |
| 208 | } | 208 | } |
| 209 | } | 209 | } |
| @@ -223,12 +223,12 @@ tls1_digest_cached_records(SSL *s) | |||
| 223 | 223 | ||
| 224 | S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *)); | 224 | S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *)); |
| 225 | if (S3I(s)->handshake_dgst == NULL) { | 225 | if (S3I(s)->handshake_dgst == NULL) { |
| 226 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); | 226 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 227 | goto err; | 227 | goto err; |
| 228 | } | 228 | } |
| 229 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); | 229 | hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata); |
| 230 | if (hdatalen <= 0) { | 230 | if (hdatalen <= 0) { |
| 231 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, | 231 | SSLerror( |
| 232 | SSL_R_BAD_HANDSHAKE_LENGTH); | 232 | SSL_R_BAD_HANDSHAKE_LENGTH); |
| 233 | goto err; | 233 | goto err; |
| 234 | } | 234 | } |
| @@ -240,17 +240,17 @@ tls1_digest_cached_records(SSL *s) | |||
| 240 | 240 | ||
| 241 | S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create(); | 241 | S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create(); |
| 242 | if (S3I(s)->handshake_dgst[i] == NULL) { | 242 | if (S3I(s)->handshake_dgst[i] == NULL) { |
| 243 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, | 243 | SSLerror( |
| 244 | ERR_R_MALLOC_FAILURE); | 244 | ERR_R_MALLOC_FAILURE); |
| 245 | goto err; | 245 | goto err; |
| 246 | } | 246 | } |
| 247 | if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) { | 247 | if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) { |
| 248 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); | 248 | SSLerror(ERR_R_EVP_LIB); |
| 249 | goto err; | 249 | goto err; |
| 250 | } | 250 | } |
| 251 | if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata, | 251 | if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata, |
| 252 | hdatalen)) { | 252 | hdatalen)) { |
| 253 | SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_EVP_LIB); | 253 | SSLerror(ERR_R_EVP_LIB); |
| 254 | goto err; | 254 | goto err; |
| 255 | } | 255 | } |
| 256 | } | 256 | } |
| @@ -385,7 +385,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, | |||
| 385 | count++; | 385 | count++; |
| 386 | } | 386 | } |
| 387 | if (count == 0) { | 387 | if (count == 0) { |
| 388 | SSLerr(SSL_F_TLS1_PRF, | 388 | SSLerror( |
| 389 | SSL_R_SSL_HANDSHAKE_FAILURE); | 389 | SSL_R_SSL_HANDSHAKE_FAILURE); |
| 390 | goto err; | 390 | goto err; |
| 391 | } | 391 | } |
| @@ -397,7 +397,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, | |||
| 397 | for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) { | 397 | for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) { |
| 398 | if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) { | 398 | if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) { |
| 399 | if (!md) { | 399 | if (!md) { |
| 400 | SSLerr(SSL_F_TLS1_PRF, | 400 | SSLerror( |
| 401 | SSL_R_UNSUPPORTED_DIGEST_TYPE); | 401 | SSL_R_UNSUPPORTED_DIGEST_TYPE); |
| 402 | goto err; | 402 | goto err; |
| 403 | } | 403 | } |
| @@ -446,7 +446,7 @@ tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx) | |||
| 446 | 446 | ||
| 447 | *aead_ctx = malloc(sizeof(SSL_AEAD_CTX)); | 447 | *aead_ctx = malloc(sizeof(SSL_AEAD_CTX)); |
| 448 | if (*aead_ctx == NULL) { | 448 | if (*aead_ctx == NULL) { |
| 449 | SSLerr(SSL_F_TLS1_AEAD_CTX_INIT, ERR_R_MALLOC_FAILURE); | 449 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 450 | return (0); | 450 | return (0); |
| 451 | } | 451 | } |
| 452 | 452 | ||
| @@ -474,7 +474,7 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, | |||
| 474 | EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) | 474 | EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) |
| 475 | return (0); | 475 | return (0); |
| 476 | if (iv_len > sizeof(aead_ctx->fixed_nonce)) { | 476 | if (iv_len > sizeof(aead_ctx->fixed_nonce)) { |
| 477 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD, | 477 | SSLerror( |
| 478 | ERR_R_INTERNAL_ERROR); | 478 | ERR_R_INTERNAL_ERROR); |
| 479 | return (0); | 479 | return (0); |
| 480 | } | 480 | } |
| @@ -491,14 +491,14 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, | |||
| 491 | if (aead_ctx->xor_fixed_nonce) { | 491 | if (aead_ctx->xor_fixed_nonce) { |
| 492 | if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) || | 492 | if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) || |
| 493 | aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) { | 493 | aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) { |
| 494 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD, | 494 | SSLerror( |
| 495 | ERR_R_INTERNAL_ERROR); | 495 | ERR_R_INTERNAL_ERROR); |
| 496 | return (0); | 496 | return (0); |
| 497 | } | 497 | } |
| 498 | } else { | 498 | } else { |
| 499 | if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len != | 499 | if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len != |
| 500 | EVP_AEAD_nonce_length(aead)) { | 500 | EVP_AEAD_nonce_length(aead)) { |
| 501 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD, | 501 | SSLerror( |
| 502 | ERR_R_INTERNAL_ERROR); | 502 | ERR_R_INTERNAL_ERROR); |
| 503 | return (0); | 503 | return (0); |
| 504 | } | 504 | } |
| @@ -610,7 +610,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, | |||
| 610 | return (1); | 610 | return (1); |
| 611 | 611 | ||
| 612 | err: | 612 | err: |
| 613 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER, ERR_R_MALLOC_FAILURE); | 613 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 614 | return (0); | 614 | return (0); |
| 615 | } | 615 | } |
| 616 | 616 | ||
| @@ -695,7 +695,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 695 | } | 695 | } |
| 696 | 696 | ||
| 697 | if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) { | 697 | if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) { |
| 698 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); | 698 | SSLerror(ERR_R_INTERNAL_ERROR); |
| 699 | goto err2; | 699 | goto err2; |
| 700 | } | 700 | } |
| 701 | 701 | ||
| @@ -736,7 +736,7 @@ tls1_setup_key_block(SSL *s) | |||
| 736 | if (s->session->cipher && | 736 | if (s->session->cipher && |
| 737 | (s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) { | 737 | (s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) { |
| 738 | if (!ssl_cipher_get_evp_aead(s->session, &aead)) { | 738 | if (!ssl_cipher_get_evp_aead(s->session, &aead)) { |
| 739 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, | 739 | SSLerror( |
| 740 | SSL_R_CIPHER_OR_HASH_UNAVAILABLE); | 740 | SSL_R_CIPHER_OR_HASH_UNAVAILABLE); |
| 741 | return (0); | 741 | return (0); |
| 742 | } | 742 | } |
| @@ -745,7 +745,7 @@ tls1_setup_key_block(SSL *s) | |||
| 745 | } else { | 745 | } else { |
| 746 | if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type, | 746 | if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type, |
| 747 | &mac_secret_size)) { | 747 | &mac_secret_size)) { |
| 748 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, | 748 | SSLerror( |
| 749 | SSL_R_CIPHER_OR_HASH_UNAVAILABLE); | 749 | SSL_R_CIPHER_OR_HASH_UNAVAILABLE); |
| 750 | return (0); | 750 | return (0); |
| 751 | } | 751 | } |
| @@ -767,7 +767,7 @@ tls1_setup_key_block(SSL *s) | |||
| 767 | 767 | ||
| 768 | if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len, | 768 | if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len, |
| 769 | 2)) == NULL) { | 769 | 2)) == NULL) { |
| 770 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); | 770 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 771 | goto err; | 771 | goto err; |
| 772 | } | 772 | } |
| 773 | key_block_len = (mac_secret_size + key_len + iv_len) * 2; | 773 | key_block_len = (mac_secret_size + key_len + iv_len) * 2; |
| @@ -776,7 +776,7 @@ tls1_setup_key_block(SSL *s) | |||
| 776 | S3I(s)->tmp.key_block = key_block; | 776 | S3I(s)->tmp.key_block = key_block; |
| 777 | 777 | ||
| 778 | if ((tmp_block = malloc(key_block_len)) == NULL) { | 778 | if ((tmp_block = malloc(key_block_len)) == NULL) { |
| 779 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); | 779 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 780 | goto err; | 780 | goto err; |
| 781 | } | 781 | } |
| 782 | 782 | ||
| @@ -1114,7 +1114,7 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) | |||
| 1114 | } | 1114 | } |
| 1115 | } | 1115 | } |
| 1116 | if (d == NULL) { | 1116 | if (d == NULL) { |
| 1117 | SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST); | 1117 | SSLerror(SSL_R_NO_REQUIRED_DIGEST); |
| 1118 | return 0; | 1118 | return 0; |
| 1119 | } | 1119 | } |
| 1120 | 1120 | ||
| @@ -1345,12 +1345,12 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, | |||
| 1345 | 1345 | ||
| 1346 | goto ret; | 1346 | goto ret; |
| 1347 | err1: | 1347 | err1: |
| 1348 | SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, | 1348 | SSLerror( |
| 1349 | SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); | 1349 | SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); |
| 1350 | rv = 0; | 1350 | rv = 0; |
| 1351 | goto ret; | 1351 | goto ret; |
| 1352 | err2: | 1352 | err2: |
| 1353 | SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); | 1353 | SSLerror(ERR_R_MALLOC_FAILURE); |
| 1354 | rv = 0; | 1354 | rv = 0; |
| 1355 | ret: | 1355 | ret: |
| 1356 | free(buff); | 1356 | free(buff); |