Change SSLerror() back to taking two args, with the first one being an SSL *.

Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible
author: beck <> 2017-02-07 02:08:38 +0000
committer: beck <> 2017-02-07 02:08:38 +0000
commit: 91c389f89015a024212e73f5ec6e24166955ab6e (patch)
tree: a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/t1_reneg.c
parent: 8a1ec4c748b269fba0669ee71234ec9a0f128613 (diff)
download: openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.gz
openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.bz2
openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.zip
1 files changed, 12 insertions, 12 deletions
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
index 596b96edd3..4e194dd5df 100644
--- a/src/lib/libssl/t1_reneg.c
+++ b/src/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_reneg.c,v 1.14 2017/01/26 12:16:13 beck Exp $ */
+/* $OpenBSD: t1_reneg.c,v 1.15 2017/02/07 02:08:38 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -123,7 +123,7 @@ ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
 {
        if (p) {
                if ((S3I(s)->previous_client_finished_len + 1) > maxlen) {
-                        SSLerror(SSL_R_RENEGOTIATE_EXT_TOO_LONG);
+                        SSLerror(s, SSL_R_RENEGOTIATE_EXT_TOO_LONG);
                        return 0;
                }
@@ -150,7 +150,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len,
        CBS cbs, reneg;
        if (len < 0) {
-                SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);
+                SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
                *al = SSL_AD_ILLEGAL_PARAMETER;
                return 0;
        }
@@ -159,21 +159,21 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len,
        if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
            /* Consistency check */
            CBS_len(&cbs) != 0) {
-                SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);
+                SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
                *al = SSL_AD_ILLEGAL_PARAMETER;
                return 0;
        }
        /* Check that the extension matches */
        if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) {
-                SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
+                SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
                return 0;
        }
        if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished,
            S3I(s)->previous_client_finished_len)) {
-                SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
+                SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
                return 0;
        }
@@ -191,7 +191,7 @@ ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
        if (p) {
                if ((S3I(s)->previous_client_finished_len +
                    S3I(s)->previous_server_finished_len + 1) > maxlen) {
-                        SSLerror(SSL_R_RENEGOTIATE_EXT_TOO_LONG);
+                        SSLerror(s, SSL_R_RENEGOTIATE_EXT_TOO_LONG);
                        return 0;
                }
@@ -229,7 +229,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
        OPENSSL_assert(!expected_len || S3I(s)->previous_server_finished_len);
        if (len < 0) {
-                SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);
+                SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
                *al = SSL_AD_ILLEGAL_PARAMETER;
                return 0;
        }
@@ -239,7 +239,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
        if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
            /* Consistency check */
            CBS_len(&cbs) != 0) {
-                SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);
+                SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
                *al = SSL_AD_ILLEGAL_PARAMETER;
                return 0;
        }
@@ -251,20 +251,20 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, i
            !CBS_get_bytes(&reneg, &previous_server,
            S3I(s)->previous_server_finished_len) ||
            CBS_len(&reneg) != 0) {
-                SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
+                SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
                return 0;
        }
        if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished,
            CBS_len(&previous_client))) {
-                SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
+                SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
                return 0;
        }
        if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished,
            CBS_len(&previous_server))) {
-                SSLerror(SSL_R_RENEGOTIATION_MISMATCH);
+                SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_ILLEGAL_PARAMETER;
                return 0;
        }
author	beck <>	2017-02-07 02:08:38 +0000
committer	beck <>	2017-02-07 02:08:38 +0000
commit	91c389f89015a024212e73f5ec6e24166955ab6e (patch)
tree	a4e6a6d2d23329b576b63c8698e62a87e7388b69 /src/lib/libssl/t1_reneg.c
parent	8a1ec4c748b269fba0669ee71234ec9a0f128613 (diff)
download	openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.gz openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.tar.bz2 openbsd-91c389f89015a024212e73f5ec6e24166955ab6e.zip

diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 596b96edd3..4e194dd5df 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_reneg.c,v 1.14 2017/01/26 12:16:13 beck Exp $ */	1	/* $OpenBSD: t1_reneg.c,v 1.15 2017/02/07 02:08:38 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -123,7 +123,7 @@ ssl_add_clienthello_renegotiate_ext(SSL s, unsigned char p, int *len,
123	{	123	{
124	if (p) {	124	if (p) {
125	if ((S3I(s)->previous_client_finished_len + 1) > maxlen) {	125	if ((S3I(s)->previous_client_finished_len + 1) > maxlen) {
126	SSLerror(SSL_R_RENEGOTIATE_EXT_TOO_LONG);	126	SSLerror(s, SSL_R_RENEGOTIATE_EXT_TOO_LONG);
127	return 0;	127	return 0;
128	}	128	}
129		129
@@ -150,7 +150,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL s, const unsigned char d, int len,
150	CBS cbs, reneg;	150	CBS cbs, reneg;
151		151
152	if (len < 0) {	152	if (len < 0) {
153	SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);	153	SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
154	*al = SSL_AD_ILLEGAL_PARAMETER;	154	*al = SSL_AD_ILLEGAL_PARAMETER;
155	return 0;	155	return 0;
156	}	156	}
@@ -159,21 +159,21 @@ ssl_parse_clienthello_renegotiate_ext(SSL s, const unsigned char d, int len,
159	if (!CBS_get_u8_length_prefixed(&cbs, &reneg) \|\|	159	if (!CBS_get_u8_length_prefixed(&cbs, &reneg) \|\|
160	/* Consistency check */	160	/* Consistency check */
161	CBS_len(&cbs) != 0) {	161	CBS_len(&cbs) != 0) {
162	SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);	162	SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
163	*al = SSL_AD_ILLEGAL_PARAMETER;	163	*al = SSL_AD_ILLEGAL_PARAMETER;
164	return 0;	164	return 0;
165	}	165	}
166		166
167	/* Check that the extension matches */	167	/* Check that the extension matches */
168	if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) {	168	if (CBS_len(&reneg) != S3I(s)->previous_client_finished_len) {
169	SSLerror(SSL_R_RENEGOTIATION_MISMATCH);	169	SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
170	*al = SSL_AD_HANDSHAKE_FAILURE;	170	*al = SSL_AD_HANDSHAKE_FAILURE;
171	return 0;	171	return 0;
172	}	172	}
173		173
174	if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished,	174	if (!CBS_mem_equal(&reneg, S3I(s)->previous_client_finished,
175	S3I(s)->previous_client_finished_len)) {	175	S3I(s)->previous_client_finished_len)) {
176	SSLerror(SSL_R_RENEGOTIATION_MISMATCH);	176	SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
177	*al = SSL_AD_HANDSHAKE_FAILURE;	177	*al = SSL_AD_HANDSHAKE_FAILURE;
178	return 0;	178	return 0;
179	}	179	}
@@ -191,7 +191,7 @@ ssl_add_serverhello_renegotiate_ext(SSL s, unsigned char p, int *len,
191	if (p) {	191	if (p) {
192	if ((S3I(s)->previous_client_finished_len +	192	if ((S3I(s)->previous_client_finished_len +
193	S3I(s)->previous_server_finished_len + 1) > maxlen) {	193	S3I(s)->previous_server_finished_len + 1) > maxlen) {
194	SSLerror(SSL_R_RENEGOTIATE_EXT_TOO_LONG);	194	SSLerror(s, SSL_R_RENEGOTIATE_EXT_TOO_LONG);
195	return 0;	195	return 0;
196	}	196	}
197		197
@@ -229,7 +229,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, const unsigned char d, int len, i
229	OPENSSL_assert(!expected_len \|\| S3I(s)->previous_server_finished_len);	229	OPENSSL_assert(!expected_len \|\| S3I(s)->previous_server_finished_len);
230		230
231	if (len < 0) {	231	if (len < 0) {
232	SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);	232	SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
233	*al = SSL_AD_ILLEGAL_PARAMETER;	233	*al = SSL_AD_ILLEGAL_PARAMETER;
234	return 0;	234	return 0;
235	}	235	}
@@ -239,7 +239,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, const unsigned char d, int len, i
239	if (!CBS_get_u8_length_prefixed(&cbs, &reneg) \|\|	239	if (!CBS_get_u8_length_prefixed(&cbs, &reneg) \|\|
240	/* Consistency check */	240	/* Consistency check */
241	CBS_len(&cbs) != 0) {	241	CBS_len(&cbs) != 0) {
242	SSLerror(SSL_R_RENEGOTIATION_ENCODING_ERR);	242	SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
243	*al = SSL_AD_ILLEGAL_PARAMETER;	243	*al = SSL_AD_ILLEGAL_PARAMETER;
244	return 0;	244	return 0;
245	}	245	}
@@ -251,20 +251,20 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, const unsigned char d, int len, i
251	!CBS_get_bytes(&reneg, &previous_server,	251	!CBS_get_bytes(&reneg, &previous_server,
252	S3I(s)->previous_server_finished_len) \|\|	252	S3I(s)->previous_server_finished_len) \|\|
253	CBS_len(&reneg) != 0) {	253	CBS_len(&reneg) != 0) {
254	SSLerror(SSL_R_RENEGOTIATION_MISMATCH);	254	SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
255	*al = SSL_AD_HANDSHAKE_FAILURE;	255	*al = SSL_AD_HANDSHAKE_FAILURE;
256	return 0;	256	return 0;
257	}	257	}
258		258
259	if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished,	259	if (!CBS_mem_equal(&previous_client, S3I(s)->previous_client_finished,
260	CBS_len(&previous_client))) {	260	CBS_len(&previous_client))) {
261	SSLerror(SSL_R_RENEGOTIATION_MISMATCH);	261	SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
262	*al = SSL_AD_HANDSHAKE_FAILURE;	262	*al = SSL_AD_HANDSHAKE_FAILURE;
263	return 0;	263	return 0;
264	}	264	}
265	if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished,	265	if (!CBS_mem_equal(&previous_server, S3I(s)->previous_server_finished,
266	CBS_len(&previous_server))) {	266	CBS_len(&previous_server))) {
267	SSLerror(SSL_R_RENEGOTIATION_MISMATCH);	267	SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
268	*al = SSL_AD_ILLEGAL_PARAMETER;	268	*al = SSL_AD_ILLEGAL_PARAMETER;
269	return 0;	269	return 0;
270	}	270	}