diff options
| author | beck <> | 2017-01-26 10:40:21 +0000 |
|---|---|---|
| committer | beck <> | 2017-01-26 10:40:21 +0000 |
| commit | a4abf558fd44464a5a48bfeb5393b01002f66c5e (patch) | |
| tree | e105a2b33d3aefb54727a955e9c746cc8edb0e50 /src/lib/libssl/t1_reneg.c | |
| parent | b7978753e566fd60946300b252a9d9d89559733e (diff) | |
| download | openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.tar.gz openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.tar.bz2 openbsd-a4abf558fd44464a5a48bfeb5393b01002f66c5e.zip | |
Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/t1_reneg.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 52f17b7d2b..ea432554b0 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_reneg.c,v 1.12 2017/01/22 09:02:07 jsing Exp $ */ | 1 | /* $OpenBSD: t1_reneg.c,v 1.13 2017/01/26 10:40:21 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -123,7 +123,7 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | |||
| 123 | { | 123 | { |
| 124 | if (p) { | 124 | if (p) { |
| 125 | if ((S3I(s)->previous_client_finished_len + 1) > maxlen) { | 125 | if ((S3I(s)->previous_client_finished_len + 1) > maxlen) { |
| 126 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, | 126 | SSLerror( |
| 127 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); | 127 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); |
| 128 | return 0; | 128 | return 0; |
| 129 | } | 129 | } |
| @@ -151,7 +151,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len, | |||
| 151 | CBS cbs, reneg; | 151 | CBS cbs, reneg; |
| 152 | 152 | ||
| 153 | if (len < 0) { | 153 | if (len < 0) { |
| 154 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | 154 | SSLerror( |
| 155 | SSL_R_RENEGOTIATION_ENCODING_ERR); | 155 | SSL_R_RENEGOTIATION_ENCODING_ERR); |
| 156 | *al = SSL_AD_ILLEGAL_PARAMETER; | 156 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 157 | return 0; | 157 | return 0; |
| @@ -161,7 +161,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len, | |||
| 161 | if (!CBS_get_u8_length_prefixed(&cbs, &reneg) || | 161 | if (!CBS_get_u8_length_prefixed(&cbs, &reneg) || |
| 162 | /* Consistency check */ | 162 | /* Consistency check */ |
| 163 | CBS_len(&cbs) != 0) { | 163 | CBS_len(&cbs) != 0) { |
| 164 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | 164 | SSLerror( |
| 165 | SSL_R_RENEGOTIATION_ENCODING_ERR); | 165 | SSL_R_RENEGOTIATION_ENCODING_ERR); |
| 166 | *al = SSL_AD_ILLEGAL_PARAMETER; | 166 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 167 | return 0; | 167 | return 0; |
| @@ -169,7 +169,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len, | |||
| 169 | 169 | ||
| 170 | /* Check that the extension matches */ | 170 | /* Check that the extension matches */ |
| 171 | if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) { | 171 | if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) { |
| 172 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | 172 | SSLerror( |
| 173 | SSL_R_RENEGOTIATION_MISMATCH); | 173 | SSL_R_RENEGOTIATION_MISMATCH); |
| 174 | *al = SSL_AD_HANDSHAKE_FAILURE; | 174 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 175 | return 0; | 175 | return 0; |
| @@ -177,7 +177,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len, | |||
| 177 | 177 | ||
| 178 | if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished, | 178 | if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished, |
| 179 | S3I(s)->previous_client_finished_len)) { | 179 | S3I(s)->previous_client_finished_len)) { |
| 180 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | 180 | SSLerror( |
| 181 | SSL_R_RENEGOTIATION_MISMATCH); | 181 | SSL_R_RENEGOTIATION_MISMATCH); |
| 182 | *al = SSL_AD_HANDSHAKE_FAILURE; | 182 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 183 | return 0; | 183 | return 0; |
| @@ -196,7 +196,7 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | |||
| 196 | if (p) { | 196 | if (p) { |
| 197 | if ((S3I(s)->previous_client_finished_len + | 197 | if ((S3I(s)->previous_client_finished_len + |
| 198 | S3I(s)->previous_server_finished_len + 1) > maxlen) { | 198 | S3I(s)->previous_server_finished_len + 1) > maxlen) { |
| 199 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, | 199 | SSLerror( |
| 200 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); | 200 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); |
| 201 | return 0; | 201 | return 0; |
| 202 | } | 202 | } |
| @@ -235,7 +235,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i | |||
| 235 | OPENSSL_assert(!expected_len || S3I(s)->previous_server_finished_len); | 235 | OPENSSL_assert(!expected_len || S3I(s)->previous_server_finished_len); |
| 236 | 236 | ||
| 237 | if (len < 0) { | 237 | if (len < 0) { |
| 238 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 238 | SSLerror( |
| 239 | SSL_R_RENEGOTIATION_ENCODING_ERR); | 239 | SSL_R_RENEGOTIATION_ENCODING_ERR); |
| 240 | *al = SSL_AD_ILLEGAL_PARAMETER; | 240 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 241 | return 0; | 241 | return 0; |
| @@ -246,7 +246,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i | |||
| 246 | if (!CBS_get_u8_length_prefixed(&cbs, &reneg) || | 246 | if (!CBS_get_u8_length_prefixed(&cbs, &reneg) || |
| 247 | /* Consistency check */ | 247 | /* Consistency check */ |
| 248 | CBS_len(&cbs) != 0) { | 248 | CBS_len(&cbs) != 0) { |
| 249 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 249 | SSLerror( |
| 250 | SSL_R_RENEGOTIATION_ENCODING_ERR); | 250 | SSL_R_RENEGOTIATION_ENCODING_ERR); |
| 251 | *al = SSL_AD_ILLEGAL_PARAMETER; | 251 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 252 | return 0; | 252 | return 0; |
| @@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i | |||
| 259 | !CBS_get_bytes(&reneg, &previous_server, | 259 | !CBS_get_bytes(&reneg, &previous_server, |
| 260 | S3I(s)->previous_server_finished_len) || | 260 | S3I(s)->previous_server_finished_len) || |
| 261 | CBS_len(&reneg) != 0) { | 261 | CBS_len(&reneg) != 0) { |
| 262 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 262 | SSLerror( |
| 263 | SSL_R_RENEGOTIATION_MISMATCH); | 263 | SSL_R_RENEGOTIATION_MISMATCH); |
| 264 | *al = SSL_AD_HANDSHAKE_FAILURE; | 264 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 265 | return 0; | 265 | return 0; |
| @@ -267,14 +267,14 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i | |||
| 267 | 267 | ||
| 268 | if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished, | 268 | if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished, |
| 269 | CBS_len(&previous_client))) { | 269 | CBS_len(&previous_client))) { |
| 270 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 270 | SSLerror( |
| 271 | SSL_R_RENEGOTIATION_MISMATCH); | 271 | SSL_R_RENEGOTIATION_MISMATCH); |
| 272 | *al = SSL_AD_HANDSHAKE_FAILURE; | 272 | *al = SSL_AD_HANDSHAKE_FAILURE; |
| 273 | return 0; | 273 | return 0; |
| 274 | } | 274 | } |
| 275 | if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished, | 275 | if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished, |
| 276 | CBS_len(&previous_server))) { | 276 | CBS_len(&previous_server))) { |
| 277 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | 277 | SSLerror( |
| 278 | SSL_R_RENEGOTIATION_MISMATCH); | 278 | SSL_R_RENEGOTIATION_MISMATCH); |
| 279 | *al = SSL_AD_ILLEGAL_PARAMETER; | 279 | *al = SSL_AD_ILLEGAL_PARAMETER; |
| 280 | return 0; | 280 | return 0; |