1 files changed, 22 insertions, 22 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 2ee521b073..85d28298bf 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.95 2017/01/26 12:16:13 beck Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.96 2017/02/07 02:08:38 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -203,7 +203,7 @@ tls1_finish_mac(SSL *s, const unsigned char *buf, int len)
                if (S3I(s)->handshake_dgst[i] == NULL)
                        continue;
                if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {
-                        SSLerror(ERR_R_EVP_LIB);
+                        SSLerror(s, ERR_R_EVP_LIB);
                        return 0;
                }
        }
@@ -223,12 +223,12 @@ tls1_digest_cached_records(SSL *s)
        S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
        if (S3I(s)->handshake_dgst == NULL) {
-                SSLerror(ERR_R_MALLOC_FAILURE);
+                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
        if (hdatalen <= 0) {
-                SSLerror(SSL_R_BAD_HANDSHAKE_LENGTH);
+                SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);
                goto err;
        }
@@ -239,16 +239,16 @@ tls1_digest_cached_records(SSL *s)
                S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();
                if (S3I(s)->handshake_dgst[i] == NULL) {
-                        SSLerror(ERR_R_MALLOC_FAILURE);
+                        SSLerror(s, ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {
-                        SSLerror(ERR_R_EVP_LIB);
+                        SSLerror(s, ERR_R_EVP_LIB);
                        goto err;
                }
                if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,
                    hdatalen)) {
-                        SSLerror(ERR_R_EVP_LIB);
+                        SSLerror(s, ERR_R_EVP_LIB);
                        goto err;
                }
        }
@@ -383,7 +383,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
                        count++;
        }
        if (count == 0) {
-                SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);
+                SSLerrorx(SSL_R_SSL_HANDSHAKE_FAILURE);
                goto err;
        }
        len = slen / count;
@@ -394,7 +394,7 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
        for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
                if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
                        if (!md) {
-                                SSLerror(SSL_R_UNSUPPORTED_DIGEST_TYPE);
+                                SSLerrorx(SSL_R_UNSUPPORTED_DIGEST_TYPE);
                                goto err;
                        }
                        if (!tls1_P_hash(md , S1, len + (slen&1), seed1,
@@ -442,7 +442,7 @@ tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx)
        *aead_ctx = malloc(sizeof(SSL_AEAD_CTX));
        if (*aead_ctx == NULL) {
-                SSLerror(ERR_R_MALLOC_FAILURE);
+                SSLerrorx(ERR_R_MALLOC_FAILURE);
                return (0);
        }
@@ -470,7 +470,7 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
            EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))
                return (0);
        if (iv_len > sizeof(aead_ctx->fixed_nonce)) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerrorx(ERR_R_INTERNAL_ERROR);
                return (0);
        }
        memcpy(aead_ctx->fixed_nonce, iv, iv_len);
@@ -486,13 +486,13 @@ tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
        if (aead_ctx->xor_fixed_nonce) {
                if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) ||
                    aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) {
-                        SSLerror(ERR_R_INTERNAL_ERROR);
+                        SSLerrorx(ERR_R_INTERNAL_ERROR);
                        return (0);
                }
        } else {
                if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len !=
                    EVP_AEAD_nonce_length(aead)) {
-                        SSLerror(ERR_R_INTERNAL_ERROR);
+                        SSLerrorx(ERR_R_INTERNAL_ERROR);
                        return (0);
                }
        }
@@ -603,7 +603,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
        return (1);
 err:
-        SSLerror(ERR_R_MALLOC_FAILURE);
+        SSLerrorx(ERR_R_MALLOC_FAILURE);
        return (0);
 }
@@ -688,7 +688,7 @@ tls1_change_cipher_state(SSL *s, int which)
        }
        if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                goto err2;
        }
@@ -729,7 +729,7 @@ tls1_setup_key_block(SSL *s)
        if (s->session->cipher &&
            (s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) {
                if (!ssl_cipher_get_evp_aead(s->session, &aead)) {
-                        SSLerror(SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+                        SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
                        return (0);
                }
                key_len = EVP_AEAD_key_length(aead);
@@ -737,7 +737,7 @@ tls1_setup_key_block(SSL *s)
        } else {
                if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type,
                    &mac_secret_size)) {
-                        SSLerror(SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+                        SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
                        return (0);
                }
                key_len = EVP_CIPHER_key_length(cipher);
@@ -758,7 +758,7 @@ tls1_setup_key_block(SSL *s)
        if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len,
            2)) == NULL) {
-                SSLerror(ERR_R_MALLOC_FAILURE);
+                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        key_block_len = (mac_secret_size + key_len + iv_len) * 2;
@@ -767,7 +767,7 @@ tls1_setup_key_block(SSL *s)
        S3I(s)->tmp.key_block = key_block;
        if ((tmp_block = malloc(key_block_len)) == NULL) {
-                SSLerror(ERR_R_MALLOC_FAILURE);
+                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto err;
        }
@@ -1105,7 +1105,7 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
                }
        }
        if (d == NULL) {
-                SSLerror(SSL_R_NO_REQUIRED_DIGEST);
+                SSLerror(s, SSL_R_NO_REQUIRED_DIGEST);
                return 0;
        }
@@ -1336,11 +1336,11 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
        goto ret;
 err1:
-        SSLerror(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
+        SSLerror(s, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
        rv = 0;
        goto ret;
 err2:
-        SSLerror(ERR_R_MALLOC_FAILURE);
+        SSLerror(s, ERR_R_MALLOC_FAILURE);
        rv = 0;
 ret:
        free(buff);

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 2ee521b073..85d28298bf 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.95 2017/01/26 12:16:13 beck Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.96 2017/02/07 02:08:38 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -203,7 +203,7 @@ tls1_finish_mac(SSL s, const unsigned char buf, int len)
203	if (S3I(s)->handshake_dgst[i] == NULL)	203	if (S3I(s)->handshake_dgst[i] == NULL)
204	continue;	204	continue;
205	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {	205	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], buf, len)) {
206	SSLerror(ERR_R_EVP_LIB);	206	SSLerror(s, ERR_R_EVP_LIB);
207	return 0;	207	return 0;
208	}	208	}
209	}	209	}
@@ -223,12 +223,12 @@ tls1_digest_cached_records(SSL *s)
223		223
224	S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));	224	S3I(s)->handshake_dgst = calloc(SSL_MAX_DIGEST, sizeof(EVP_MD_CTX *));
225	if (S3I(s)->handshake_dgst == NULL) {	225	if (S3I(s)->handshake_dgst == NULL) {
226	SSLerror(ERR_R_MALLOC_FAILURE);	226	SSLerror(s, ERR_R_MALLOC_FAILURE);
227	goto err;	227	goto err;
228	}	228	}
229	hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);	229	hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
230	if (hdatalen <= 0) {	230	if (hdatalen <= 0) {
231	SSLerror(SSL_R_BAD_HANDSHAKE_LENGTH);	231	SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);
232	goto err;	232	goto err;
233	}	233	}
234		234
@@ -239,16 +239,16 @@ tls1_digest_cached_records(SSL *s)
239		239
240	S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();	240	S3I(s)->handshake_dgst[i] = EVP_MD_CTX_create();
241	if (S3I(s)->handshake_dgst[i] == NULL) {	241	if (S3I(s)->handshake_dgst[i] == NULL) {
242	SSLerror(ERR_R_MALLOC_FAILURE);	242	SSLerror(s, ERR_R_MALLOC_FAILURE);
243	goto err;	243	goto err;
244	}	244	}
245	if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {	245	if (!EVP_DigestInit_ex(S3I(s)->handshake_dgst[i], md, NULL)) {
246	SSLerror(ERR_R_EVP_LIB);	246	SSLerror(s, ERR_R_EVP_LIB);
247	goto err;	247	goto err;
248	}	248	}
249	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,	249	if (!EVP_DigestUpdate(S3I(s)->handshake_dgst[i], hdata,
250	hdatalen)) {	250	hdatalen)) {
251	SSLerror(ERR_R_EVP_LIB);	251	SSLerror(s, ERR_R_EVP_LIB);
252	goto err;	252	goto err;
253	}	253	}
254	}	254	}
@@ -383,7 +383,7 @@ tls1_PRF(long digest_mask, const void seed1, int seed1_len, const void seed2,
383	count++;	383	count++;
384	}	384	}
385	if (count == 0) {	385	if (count == 0) {
386	SSLerror(SSL_R_SSL_HANDSHAKE_FAILURE);	386	SSLerrorx(SSL_R_SSL_HANDSHAKE_FAILURE);
387	goto err;	387	goto err;
388	}	388	}
389	len = slen / count;	389	len = slen / count;
@@ -394,7 +394,7 @@ tls1_PRF(long digest_mask, const void seed1, int seed1_len, const void seed2,
394	for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {	394	for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
395	if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {	395	if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
396	if (!md) {	396	if (!md) {
397	SSLerror(SSL_R_UNSUPPORTED_DIGEST_TYPE);	397	SSLerrorx(SSL_R_UNSUPPORTED_DIGEST_TYPE);
398	goto err;	398	goto err;
399	}	399	}
400	if (!tls1_P_hash(md , S1, len + (slen&1), seed1,	400	if (!tls1_P_hash(md , S1, len + (slen&1), seed1,
@@ -442,7 +442,7 @@ tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx)
442		442
443	*aead_ctx = malloc(sizeof(SSL_AEAD_CTX));	443	*aead_ctx = malloc(sizeof(SSL_AEAD_CTX));
444	if (*aead_ctx == NULL) {	444	if (*aead_ctx == NULL) {
445	SSLerror(ERR_R_MALLOC_FAILURE);	445	SSLerrorx(ERR_R_MALLOC_FAILURE);
446	return (0);	446	return (0);
447	}	447	}
448		448
@@ -470,7 +470,7 @@ tls1_change_cipher_state_aead(SSL s, char is_read, const unsigned char key,
470	EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))	470	EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))
471	return (0);	471	return (0);
472	if (iv_len > sizeof(aead_ctx->fixed_nonce)) {	472	if (iv_len > sizeof(aead_ctx->fixed_nonce)) {
473	SSLerror(ERR_R_INTERNAL_ERROR);	473	SSLerrorx(ERR_R_INTERNAL_ERROR);
474	return (0);	474	return (0);
475	}	475	}
476	memcpy(aead_ctx->fixed_nonce, iv, iv_len);	476	memcpy(aead_ctx->fixed_nonce, iv, iv_len);
@@ -486,13 +486,13 @@ tls1_change_cipher_state_aead(SSL s, char is_read, const unsigned char key,
486	if (aead_ctx->xor_fixed_nonce) {	486	if (aead_ctx->xor_fixed_nonce) {
487	if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) \|\|	487	if (aead_ctx->fixed_nonce_len != EVP_AEAD_nonce_length(aead) \|\|
488	aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) {	488	aead_ctx->variable_nonce_len > EVP_AEAD_nonce_length(aead)) {
489	SSLerror(ERR_R_INTERNAL_ERROR);	489	SSLerrorx(ERR_R_INTERNAL_ERROR);
490	return (0);	490	return (0);
491	}	491	}
492	} else {	492	} else {
493	if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len !=	493	if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len !=
494	EVP_AEAD_nonce_length(aead)) {	494	EVP_AEAD_nonce_length(aead)) {
495	SSLerror(ERR_R_INTERNAL_ERROR);	495	SSLerrorx(ERR_R_INTERNAL_ERROR);
496	return (0);	496	return (0);
497	}	497	}
498	}	498	}
@@ -603,7 +603,7 @@ tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
603	return (1);	603	return (1);
604		604
605	err:	605	err:
606	SSLerror(ERR_R_MALLOC_FAILURE);	606	SSLerrorx(ERR_R_MALLOC_FAILURE);
607	return (0);	607	return (0);
608	}	608	}
609		609
@@ -688,7 +688,7 @@ tls1_change_cipher_state(SSL *s, int which)
688	}	688	}
689		689
690	if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) {	690	if (key_block - S3I(s)->tmp.key_block != S3I(s)->tmp.key_block_length) {
691	SSLerror(ERR_R_INTERNAL_ERROR);	691	SSLerror(s, ERR_R_INTERNAL_ERROR);
692	goto err2;	692	goto err2;
693	}	693	}
694		694
@@ -729,7 +729,7 @@ tls1_setup_key_block(SSL *s)
729	if (s->session->cipher &&	729	if (s->session->cipher &&
730	(s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) {	730	(s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) {
731	if (!ssl_cipher_get_evp_aead(s->session, &aead)) {	731	if (!ssl_cipher_get_evp_aead(s->session, &aead)) {
732	SSLerror(SSL_R_CIPHER_OR_HASH_UNAVAILABLE);	732	SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
733	return (0);	733	return (0);
734	}	734	}
735	key_len = EVP_AEAD_key_length(aead);	735	key_len = EVP_AEAD_key_length(aead);
@@ -737,7 +737,7 @@ tls1_setup_key_block(SSL *s)
737	} else {	737	} else {
738	if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type,	738	if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type,
739	&mac_secret_size)) {	739	&mac_secret_size)) {
740	SSLerror(SSL_R_CIPHER_OR_HASH_UNAVAILABLE);	740	SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
741	return (0);	741	return (0);
742	}	742	}
743	key_len = EVP_CIPHER_key_length(cipher);	743	key_len = EVP_CIPHER_key_length(cipher);
@@ -758,7 +758,7 @@ tls1_setup_key_block(SSL *s)
758		758
759	if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len,	759	if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len,
760	2)) == NULL) {	760	2)) == NULL) {
761	SSLerror(ERR_R_MALLOC_FAILURE);	761	SSLerror(s, ERR_R_MALLOC_FAILURE);
762	goto err;	762	goto err;
763	}	763	}
764	key_block_len = (mac_secret_size + key_len + iv_len) * 2;	764	key_block_len = (mac_secret_size + key_len + iv_len) * 2;
@@ -767,7 +767,7 @@ tls1_setup_key_block(SSL *s)
767	S3I(s)->tmp.key_block = key_block;	767	S3I(s)->tmp.key_block = key_block;
768		768
769	if ((tmp_block = malloc(key_block_len)) == NULL) {	769	if ((tmp_block = malloc(key_block_len)) == NULL) {
770	SSLerror(ERR_R_MALLOC_FAILURE);	770	SSLerror(s, ERR_R_MALLOC_FAILURE);
771	goto err;	771	goto err;
772	}	772	}
773		773
@@ -1105,7 +1105,7 @@ tls1_cert_verify_mac(SSL s, int md_nid, unsigned char out)
1105	}	1105	}
1106	}	1106	}
1107	if (d == NULL) {	1107	if (d == NULL) {
1108	SSLerror(SSL_R_NO_REQUIRED_DIGEST);	1108	SSLerror(s, SSL_R_NO_REQUIRED_DIGEST);
1109	return 0;	1109	return 0;
1110	}	1110	}
1111		1111
@@ -1336,11 +1336,11 @@ tls1_export_keying_material(SSL s, unsigned char out, size_t olen,
1336		1336
1337	goto ret;	1337	goto ret;
1338	err1:	1338	err1:
1339	SSLerror(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);	1339	SSLerror(s, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
1340	rv = 0;	1340	rv = 0;
1341	goto ret;	1341	goto ret;
1342	err2:	1342	err2:
1343	SSLerror(ERR_R_MALLOC_FAILURE);	1343	SSLerror(s, ERR_R_MALLOC_FAILURE);
1344	rv = 0;	1344	rv = 0;
1345	ret:	1345	ret:
1346	free(buff);	1346	free(buff);