From 91c389f89015a024212e73f5ec6e24166955ab6e Mon Sep 17 00:00:00 2001
From: beck <>
Date: Tue, 7 Feb 2017 02:08:38 +0000
Subject: Change SSLerror() back to taking two args, with the first one being
 an SSL *. Make a table of "function codes" which maps the internal state of
 the SSL * to something like a useful name so in a typical error in the
 connection you know in what sort of place in the handshake things happened.
 (instead of by arcane function name). Add SSLerrorx() for when we don't have
 an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not
 terrible

---
 src/lib/libssl/d1_srtp.c | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

(limited to 'src/lib/libssl/d1_srtp.c')

diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
index 82dc8bfdef..26c14543fc 100644
--- a/src/lib/libssl/d1_srtp.c
+++ b/src/lib/libssl/d1_srtp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srtp.c,v 1.20 2017/01/26 12:16:13 beck Exp $ */
+/* $OpenBSD: d1_srtp.c,v 1.21 2017/02/07 02:08:38 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -187,7 +187,7 @@ ssl_ctx_make_profiles(const char *profiles_string,
 	SRTP_PROTECTION_PROFILE *p;
 
 	if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
-		SSLerror(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
+		SSLerrorx(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
 		return 1;
 	}
 
@@ -198,7 +198,7 @@ ssl_ctx_make_profiles(const char *profiles_string,
 		    col ? col - ptr : (int)strlen(ptr))) {
 			sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
 		} else {
-			SSLerror(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
+			SSLerrorx(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
 			sk_SRTP_PROTECTION_PROFILE_free(profiles);
 			return 1;
 		}
@@ -262,12 +262,12 @@ ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
 
 	if (p) {
 		if (ct == 0) {
-			SSLerror(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
+			SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
 			return 1;
 		}
 
 		if ((2 + ct * 2 + 1) > maxlen) {
-			SSLerror(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
+			SSLerror(s, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
 			return 1;
 		}
 
@@ -300,7 +300,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
 	CBS cbs, ciphers, mki;
 
 	if (len < 0) {
-		SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+		SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
 		*al = SSL_AD_DECODE_ERROR;
 		goto done;
 	}
@@ -309,7 +309,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
 	/* Pull off the cipher suite list */
 	if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
 	    CBS_len(&ciphers) % 2) {
-		SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+		SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
 		*al = SSL_AD_DECODE_ERROR;
 		goto done;
 	}
@@ -318,7 +318,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
 
 	while (CBS_len(&ciphers) > 0) {
 		if (!CBS_get_u16(&ciphers, &id)) {
-			SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+			SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
 			*al = SSL_AD_DECODE_ERROR;
 			goto done;
 		}
@@ -332,7 +332,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
 	/* Extract the MKI value as a sanity check, but discard it for now. */
 	if (!CBS_get_u8_length_prefixed(&cbs, &mki) ||
 	    CBS_len(&cbs) != 0) {
-		SSLerror(SSL_R_BAD_SRTP_MKI_VALUE);
+		SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE);
 		*al = SSL_AD_DECODE_ERROR;
 		goto done;
 	}
@@ -373,12 +373,12 @@ ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
 {
 	if (p) {
 		if (maxlen < 5) {
-			SSLerror(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
+			SSLerror(s, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
 			return 1;
 		}
 
 		if (s->internal->srtp_profile == 0) {
-			SSLerror(SSL_R_USE_SRTP_NOT_NEGOTIATED);
+			SSLerror(s, SSL_R_USE_SRTP_NOT_NEGOTIATED);
 			return 1;
 		}
 		s2n(2, p);
@@ -401,7 +401,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
 	CBS cbs, profile_ids, mki;
 
 	if (len < 0) {
-		SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+		SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
 		*al = SSL_AD_DECODE_ERROR;
 		return 1;
 	}
@@ -414,14 +414,14 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
 	 */
 	if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) ||
 	    !CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) {
-		SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+		SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
 		*al = SSL_AD_DECODE_ERROR;
 		return 1;
 	}
 
 	/* Must be no MKI, since we never offer one. */
 	if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&mki) != 0) {
-		SSLerror(SSL_R_BAD_SRTP_MKI_VALUE);
+		SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE);
 		*al = SSL_AD_ILLEGAL_PARAMETER;
 		return 1;
 	}
@@ -430,7 +430,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
 
 	/* Throw an error if the server gave us an unsolicited extension. */
 	if (clnt == NULL) {
-		SSLerror(SSL_R_NO_SRTP_PROFILES);
+		SSLerror(s, SSL_R_NO_SRTP_PROFILES);
 		*al = SSL_AD_DECODE_ERROR;
 		return 1;
 	}
@@ -449,7 +449,7 @@ ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int
 		}
 	}
 
-	SSLerror(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+	SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
 	*al = SSL_AD_DECODE_ERROR;
 	return 1;
 }
-- 
cgit v1.2.3-55-g6feb