diff options
| author | beck <> | 2017-02-07 02:08:38 +0000 |
|---|---|---|
| committer | beck <> | 2017-02-07 02:08:38 +0000 |
| commit | 91c389f89015a024212e73f5ec6e24166955ab6e (patch) | |
| tree | a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/t1_lib.c | |
| parent | 8a1ec4c748b269fba0669ee71234ec9a0f128613 (diff) | |
| download | openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.gz openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.bz2 openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.zip | |
Change SSLerror() back to taking two args, with the first one being an SSL *.
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 2e9d31112d..a42e414dec 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.114 2017/01/26 12:16:13 beck Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.115 2017/02/07 02:08:38 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -742,7 +742,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 742 | int el; | 742 | int el; |
| 743 | 743 | ||
| 744 | if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { | 744 | if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { |
| 745 | SSLerror(ERR_R_INTERNAL_ERROR); | 745 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 746 | return NULL; | 746 | return NULL; |
| 747 | } | 747 | } |
| 748 | 748 | ||
| @@ -753,7 +753,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 753 | s2n(el, ret); | 753 | s2n(el, ret); |
| 754 | 754 | ||
| 755 | if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { | 755 | if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { |
| 756 | SSLerror(ERR_R_INTERNAL_ERROR); | 756 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 757 | return NULL; | 757 | return NULL; |
| 758 | } | 758 | } |
| 759 | 759 | ||
| @@ -778,7 +778,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 778 | if (formatslen > lenmax) | 778 | if (formatslen > lenmax) |
| 779 | return NULL; | 779 | return NULL; |
| 780 | if (formatslen > 255) { | 780 | if (formatslen > 255) { |
| 781 | SSLerror(ERR_R_INTERNAL_ERROR); | 781 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 782 | return NULL; | 782 | return NULL; |
| 783 | } | 783 | } |
| 784 | 784 | ||
| @@ -800,7 +800,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 800 | if (curveslen * 2 > lenmax) | 800 | if (curveslen * 2 > lenmax) |
| 801 | return NULL; | 801 | return NULL; |
| 802 | if (curveslen * 2 > 65532) { | 802 | if (curveslen * 2 > 65532) { |
| 803 | SSLerror(ERR_R_INTERNAL_ERROR); | 803 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 804 | return NULL; | 804 | return NULL; |
| 805 | } | 805 | } |
| 806 | 806 | ||
| @@ -942,7 +942,7 @@ skip_ext: | |||
| 942 | s2n(el, ret); | 942 | s2n(el, ret); |
| 943 | 943 | ||
| 944 | if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) { | 944 | if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) { |
| 945 | SSLerror(ERR_R_INTERNAL_ERROR); | 945 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 946 | return NULL; | 946 | return NULL; |
| 947 | } | 947 | } |
| 948 | ret += el; | 948 | ret += el; |
| @@ -1020,7 +1020,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 1020 | int el; | 1020 | int el; |
| 1021 | 1021 | ||
| 1022 | if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { | 1022 | if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { |
| 1023 | SSLerror(ERR_R_INTERNAL_ERROR); | 1023 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 1024 | return NULL; | 1024 | return NULL; |
| 1025 | } | 1025 | } |
| 1026 | 1026 | ||
| @@ -1031,7 +1031,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 1031 | s2n(el, ret); | 1031 | s2n(el, ret); |
| 1032 | 1032 | ||
| 1033 | if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { | 1033 | if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { |
| 1034 | SSLerror(ERR_R_INTERNAL_ERROR); | 1034 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 1035 | return NULL; | 1035 | return NULL; |
| 1036 | } | 1036 | } |
| 1037 | 1037 | ||
| @@ -1054,7 +1054,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 1054 | if (formatslen > lenmax) | 1054 | if (formatslen > lenmax) |
| 1055 | return NULL; | 1055 | return NULL; |
| 1056 | if (formatslen > 255) { | 1056 | if (formatslen > 255) { |
| 1057 | SSLerror(ERR_R_INTERNAL_ERROR); | 1057 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 1058 | return NULL; | 1058 | return NULL; |
| 1059 | } | 1059 | } |
| 1060 | 1060 | ||
| @@ -1100,7 +1100,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 1100 | s2n(el, ret); | 1100 | s2n(el, ret); |
| 1101 | 1101 | ||
| 1102 | if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) { | 1102 | if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) { |
| 1103 | SSLerror(ERR_R_INTERNAL_ERROR); | 1103 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 1104 | return NULL; | 1104 | return NULL; |
| 1105 | } | 1105 | } |
| 1106 | ret += el; | 1106 | ret += el; |
| @@ -1618,7 +1618,7 @@ ri_check: | |||
| 1618 | 1618 | ||
| 1619 | if (!renegotiate_seen && s->internal->renegotiate) { | 1619 | if (!renegotiate_seen && s->internal->renegotiate) { |
| 1620 | *al = SSL_AD_HANDSHAKE_FAILURE; | 1620 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 1621 | SSLerror(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | 1621 | SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); |
| 1622 | return 0; | 1622 | return 0; |
| 1623 | } | 1623 | } |
| 1624 | 1624 | ||
| @@ -1870,7 +1870,7 @@ ri_check: | |||
| 1870 | if (!renegotiate_seen && | 1870 | if (!renegotiate_seen && |
| 1871 | !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) { | 1871 | !(s->internal->options & SSL_OP_LEGACY_SERVER_CONNECT)) { |
| 1872 | *al = SSL_AD_HANDSHAKE_FAILURE; | 1872 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 1873 | SSLerror(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | 1873 | SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); |
| 1874 | return 0; | 1874 | return 0; |
| 1875 | } | 1875 | } |
| 1876 | 1876 | ||
| @@ -2005,7 +2005,7 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 2005 | } | 2005 | } |
| 2006 | } | 2006 | } |
| 2007 | if (!found_uncompressed) { | 2007 | if (!found_uncompressed) { |
| 2008 | SSLerror(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); | 2008 | SSLerror(s, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); |
| 2009 | return -1; | 2009 | return -1; |
| 2010 | } | 2010 | } |
| 2011 | } | 2011 | } |