From 957b11334a7afb14537322f0e4795b2e368b3f59 Mon Sep 17 00:00:00 2001 From: beck <> Date: Sun, 29 Jan 2017 17:49:23 +0000 Subject: Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@ --- src/lib/libcrypto/pkcs7/pk7_smime.c | 81 ++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 47 deletions(-) (limited to 'src/lib/libcrypto/pkcs7/pk7_smime.c') diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c index a2f23b37f3..bf9f2dd82a 100644 --- a/src/lib/libcrypto/pkcs7/pk7_smime.c +++ b/src/lib/libcrypto/pkcs7/pk7_smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_smime.c,v 1.21 2016/11/05 15:19:07 miod Exp $ */ +/* $OpenBSD: pk7_smime.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -74,7 +74,7 @@ PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int i; if (!(p7 = PKCS7_new())) { - PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); + PKCS7error(ERR_R_MALLOC_FAILURE); return NULL; } @@ -85,7 +85,7 @@ PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, goto err; if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) { - PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR); + PKCS7error(PKCS7_R_PKCS7_ADD_SIGNER_ERROR); goto err; } @@ -117,7 +117,7 @@ PKCS7_final(PKCS7 *p7, BIO *data, int flags) int ret = 0; if (!(p7bio = PKCS7_dataInit(p7, NULL))) { - PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE); + PKCS7error(ERR_R_MALLOC_FAILURE); return 0; } @@ -126,7 +126,7 @@ PKCS7_final(PKCS7 *p7, BIO *data, int flags) (void)BIO_flush(p7bio); if (!PKCS7_dataFinal(p7, p7bio)) { - PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN); + PKCS7error(PKCS7_R_PKCS7_DATASIGN); goto err; } @@ -164,14 +164,12 @@ PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509_ALGOR) *smcap = NULL; if (!X509_check_private_key(signcert, pkey)) { - PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, - PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + PKCS7error(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); return NULL; } if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) { - PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, - PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + PKCS7error(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); return NULL; } @@ -186,8 +184,7 @@ PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, /* Add SMIMECapabilities */ if (!(flags & PKCS7_NOSMIMECAP)) { if (!(smcap = sk_X509_ALGOR_new_null())) { - PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, - ERR_R_MALLOC_FAILURE); + PKCS7error(ERR_R_MALLOC_FAILURE); goto err; } if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) || @@ -253,8 +250,7 @@ pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si) if (osdig) return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length); - PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, - PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND); + PKCS7error(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND); return 0; } @@ -273,18 +269,18 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *tmpin, *tmpout; if (!p7) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER); + PKCS7error(PKCS7_R_INVALID_NULL_POINTER); return 0; } if (!PKCS7_type_is_signed(p7)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE); + PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); return 0; } /* Check for no data and no content: no data to verify signature */ if (PKCS7_get_detached(p7) && !indata) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT); + PKCS7error(PKCS7_R_NO_CONTENT); return 0; } @@ -294,14 +290,14 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, */ /* Check for data and content: two sets of data */ if (!PKCS7_get_detached(p7) && indata) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); + PKCS7error(PKCS7_R_CONTENT_AND_DATA_PRESENT); return 0; } sinfos = PKCS7_get_signer_info(p7); if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA); + PKCS7error(PKCS7_R_NO_SIGNATURES_ON_DATA); return 0; } @@ -319,8 +315,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, if (!(flags & PKCS7_NOCHAIN)) { if (!X509_STORE_CTX_init(&cert_ctx, store, signer, p7->d.sign->cert)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, - ERR_R_X509_LIB); + PKCS7error(ERR_R_X509_LIB); sk_X509_free(signers); return 0; } @@ -331,7 +326,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, } } else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); + PKCS7error(ERR_R_X509_LIB); sk_X509_free(signers); return 0; } @@ -342,8 +337,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, j = X509_STORE_CTX_get_error(&cert_ctx); X509_STORE_CTX_cleanup(&cert_ctx); if (i <= 0) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, - PKCS7_R_CERTIFICATE_VERIFY_ERROR); + PKCS7error(PKCS7_R_CERTIFICATE_VERIFY_ERROR); ERR_asprintf_error_data("Verify error:%s", X509_verify_cert_error_string(j)); sk_X509_free(signers); @@ -366,7 +360,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, len = BIO_get_mem_data(indata, &ptr); tmpin = BIO_new_mem_buf(ptr, len); if (tmpin == NULL) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); + PKCS7error(ERR_R_MALLOC_FAILURE); return 0; } } else @@ -378,7 +372,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, if (flags & PKCS7_TEXT) { if (!(tmpout = BIO_new(BIO_s_mem()))) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); + PKCS7error(ERR_R_MALLOC_FAILURE); goto err; } BIO_set_mem_eof_return(tmpout, 0); @@ -396,8 +390,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, if (flags & PKCS7_TEXT) { if (!SMIME_text(tmpout, out)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, - PKCS7_R_SMIME_TEXT_ERROR); + PKCS7error(PKCS7_R_SMIME_TEXT_ERROR); BIO_free(tmpout); goto err; } @@ -411,8 +404,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, signer = sk_X509_value (signers, i); j = PKCS7_signatureVerify(p7bio, p7, si, signer); if (j <= 0) { - PKCS7err(PKCS7_F_PKCS7_VERIFY, - PKCS7_R_SIGNATURE_FAILURE); + PKCS7error(PKCS7_R_SIGNATURE_FAILURE); goto err; } } @@ -441,26 +433,24 @@ PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) int i; if (!p7) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, - PKCS7_R_INVALID_NULL_POINTER); + PKCS7error(PKCS7_R_INVALID_NULL_POINTER); return NULL; } if (!PKCS7_type_is_signed(p7)) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, - PKCS7_R_WRONG_CONTENT_TYPE); + PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); return NULL; } /* Collect all the signers together */ sinfos = PKCS7_get_signer_info(p7); if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS); + PKCS7error(PKCS7_R_NO_SIGNERS); return 0; } if (!(signers = sk_X509_new_null())) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE); + PKCS7error(ERR_R_MALLOC_FAILURE); return NULL; } @@ -477,8 +467,7 @@ PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) X509_find_by_issuer_and_serial(p7->d.sign->cert, ias->issuer, ias->serial); if (!signer) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, - PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); + PKCS7error(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); sk_X509_free(signers); return 0; } @@ -503,22 +492,21 @@ PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, X509 *x509; if (!(p7 = PKCS7_new())) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE); + PKCS7error(ERR_R_MALLOC_FAILURE); return NULL; } if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) goto err; if (!PKCS7_set_cipher(p7, cipher)) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER); + PKCS7error(PKCS7_R_ERROR_SETTING_CIPHER); goto err; } for (i = 0; i < sk_X509_num(certs); i++) { x509 = sk_X509_value(certs, i); if (!PKCS7_add_recipient(p7, x509)) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT, - PKCS7_R_ERROR_ADDING_RECIPIENT); + PKCS7error(PKCS7_R_ERROR_ADDING_RECIPIENT); goto err; } } @@ -543,23 +531,22 @@ PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) char buf[4096]; if (!p7) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER); + PKCS7error(PKCS7_R_INVALID_NULL_POINTER); return 0; } if (!PKCS7_type_is_enveloped(p7)) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE); + PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); return 0; } if (cert && !X509_check_private_key(cert, pkey)) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, - PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + PKCS7error(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); return 0; } if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); + PKCS7error(PKCS7_R_DECRYPT_ERROR); return 0; } @@ -568,7 +555,7 @@ PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ if (!(tmpbuf = BIO_new(BIO_f_buffer()))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); + PKCS7error(ERR_R_MALLOC_FAILURE); BIO_free_all(tmpmem); return 0; } -- cgit v1.2.3-55-g6feb