From 91c389f89015a024212e73f5ec6e24166955ab6e Mon Sep 17 00:00:00 2001 From: beck <> Date: Tue, 7 Feb 2017 02:08:38 +0000 Subject: Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible --- src/lib/libssl/s3_lib.c | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) (limited to 'src/lib/libssl/s3_lib.c') diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index fbc2d511d3..d18a2388c3 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.134 2017/02/05 15:06:05 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.135 2017/02/07 02:08:38 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1980,7 +1980,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { - SSLerror(ERR_R_MALLOC_FAILURE); + SSLerror(s, ERR_R_MALLOC_FAILURE); return (0); } } @@ -2009,17 +2009,17 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_RSA: case SSL_CTRL_SET_TMP_RSA_CB: - SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); break; case SSL_CTRL_SET_TMP_DH: { DH *dh = (DH *)parg; if (dh == NULL) { - SSLerror(ERR_R_PASSED_NULL_PARAMETER); + SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); return (ret); } if ((dh = DHparams_dup(dh)) == NULL) { - SSLerror(ERR_R_DH_LIB); + SSLerror(s, ERR_R_DH_LIB); return (ret); } DH_free(s->cert->dh_tmp); @@ -2029,7 +2029,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_DH_CB: - SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); case SSL_CTRL_SET_DH_AUTO: @@ -2041,18 +2041,18 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EC_KEY *ecdh = NULL; if (parg == NULL) { - SSLerror(ERR_R_PASSED_NULL_PARAMETER); + SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); return (ret); } if (!EC_KEY_up_ref((EC_KEY *)parg)) { - SSLerror(ERR_R_ECDH_LIB); + SSLerror(s, ERR_R_ECDH_LIB); return (ret); } ecdh = (EC_KEY *)parg; if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) { if (!EC_KEY_generate_key(ecdh)) { EC_KEY_free(ecdh); - SSLerror(ERR_R_ECDH_LIB); + SSLerror(s, ERR_R_ECDH_LIB); return (ret); } } @@ -2063,7 +2063,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; case SSL_CTRL_SET_TMP_ECDH_CB: { - SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } break; @@ -2076,16 +2076,16 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (parg == NULL) break; if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { - SSLerror(SSL_R_SSL3_EXT_INVALID_SERVERNAME); + SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; } if ((s->tlsext_hostname = strdup((char *)parg)) == NULL) { - SSLerror(ERR_R_INTERNAL_ERROR); + SSLerror(s, ERR_R_INTERNAL_ERROR); return 0; } } else { - SSLerror(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); + SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); return 0; } break; @@ -2173,14 +2173,14 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) if (cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { - SSLerror(ERR_R_MALLOC_FAILURE); + SSLerror(s, ERR_R_MALLOC_FAILURE); return (0); } } switch (cmd) { case SSL_CTRL_SET_TMP_RSA_CB: - SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); break; case SSL_CTRL_SET_TMP_DH_CB: s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; @@ -2210,7 +2210,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return (0); case SSL_CTRL_SET_TMP_RSA: case SSL_CTRL_SET_TMP_RSA_CB: - SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); case SSL_CTRL_SET_TMP_DH: { @@ -2218,7 +2218,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) dh = (DH *)parg; if ((new = DHparams_dup(dh)) == NULL) { - SSLerror(ERR_R_DH_LIB); + SSLerrorx(ERR_R_DH_LIB); return 0; } DH_free(cert->dh_tmp); @@ -2228,7 +2228,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) /*break; */ case SSL_CTRL_SET_TMP_DH_CB: - SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); case SSL_CTRL_SET_DH_AUTO: @@ -2240,18 +2240,18 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) EC_KEY *ecdh = NULL; if (parg == NULL) { - SSLerror(ERR_R_ECDH_LIB); + SSLerrorx(ERR_R_ECDH_LIB); return 0; } ecdh = EC_KEY_dup((EC_KEY *)parg); if (ecdh == NULL) { - SSLerror(ERR_R_EC_LIB); + SSLerrorx(ERR_R_EC_LIB); return 0; } if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) { if (!EC_KEY_generate_key(ecdh)) { EC_KEY_free(ecdh); - SSLerror(ERR_R_ECDH_LIB); + SSLerrorx(ERR_R_ECDH_LIB); return 0; } } @@ -2263,7 +2263,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) /* break; */ case SSL_CTRL_SET_TMP_ECDH_CB: { - SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } break; @@ -2277,7 +2277,7 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) if (!keys) return 48; if (larg != 48) { - SSLerror(SSL_R_INVALID_TICKET_KEYS_LENGTH); + SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH); return 0; } if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { @@ -2356,7 +2356,7 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) switch (cmd) { case SSL_CTRL_SET_TMP_RSA_CB: - SSLerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); case SSL_CTRL_SET_TMP_DH_CB: cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; -- cgit v1.2.3-55-g6feb