From 59161dbdf4da5b82b27402f93d7007a11b2d1cc1 Mon Sep 17 00:00:00 2001 From: beck <> Date: Thu, 26 Jan 2017 10:40:21 +0000 Subject: Send the error function codes to rot in the depths of hell where they belong We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@ --- src/lib/libssl/ssl_pkt.c | 74 ++++++++++++++++++++++++------------------------ 1 file changed, 37 insertions(+), 37 deletions(-) (limited to 'src/lib/libssl/ssl_pkt.c') diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 2fa7852b80..f354fb82bf 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.5 2017/01/26 08:19:43 beck Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.6 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -224,7 +224,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) if (n > (int)(rb->len - rb->offset)) { /* does not happen */ - SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } @@ -248,7 +248,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) s->internal->rwstate = SSL_READING; i = BIO_read(s->rbio, pkt + len + left, max - left); } else { - SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET); + SSLerror(SSL_R_READ_BIO_NOT_SET); i = -1; } @@ -364,7 +364,7 @@ ssl3_get_record(SSL *s) if (!CBS_get_u8(&header, &type) || !CBS_get_u16(&header, &ssl_version) || !CBS_get_u16(&header, &len)) { - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_BAD_PACKET_LENGTH); goto err; } @@ -374,7 +374,7 @@ ssl3_get_record(SSL *s) /* Lets check version */ if (!s->internal->first_packet && ssl_version != s->version) { - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && !s->internal->enc_write_ctx && !s->internal->write_hash) @@ -385,14 +385,14 @@ ssl3_get_record(SSL *s) } if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) { - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_WRONG_VERSION_NUMBER); goto err; } if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_PACKET_LENGTH_TOO_LONG); goto f_err; } @@ -428,7 +428,7 @@ ssl3_get_record(SSL *s) /* check is not needed I believe */ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + SSLerror(SSL_R_ENCRYPTED_LENGTH_TOO_LONG); goto f_err; } @@ -442,7 +442,7 @@ ssl3_get_record(SSL *s) * -1: if the padding is invalid */ if (enc_err == 0) { al = SSL_AD_DECRYPTION_FAILED; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + SSLerror(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); goto f_err; } @@ -470,7 +470,7 @@ ssl3_get_record(SSL *s) (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && orig_len < mac_size + 1)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); + SSLerror(SSL_R_LENGTH_TOO_SHORT); goto f_err; } @@ -510,14 +510,14 @@ ssl3_get_record(SSL *s) * (e.g. via a logfile) */ al = SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); goto f_err; } if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); + SSLerror(SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } @@ -543,7 +543,7 @@ ssl3_get_record(SSL *s) * empty record without forcing want_read. */ if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) { - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_PEER_BEHAVING_BADLY); return -1; } @@ -575,7 +575,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) int i; if (len < 0) { - SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } @@ -588,7 +588,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_WRITE_BYTES, + SSLerror( SSL_R_SSL_HANDSHAKE_FAILURE); return -1; } @@ -698,7 +698,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (prefix_len > (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { /* insufficient space */ - SSLerr(SSL_F_DO_SSL3_WRITE, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -842,7 +842,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) && !(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || (S3I(s)->wpend_type != type)) { - SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); + SSLerror(SSL_R_BAD_WRITE_RETRY); return (-1); } @@ -854,7 +854,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) (char *)&(wb->buf[wb->offset]), (unsigned int)wb->left); } else { - SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET); + SSLerror(SSL_R_BIO_NOT_SET); i = -1; } if (i == wb->left) { @@ -919,14 +919,14 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) return (-1); if (len < 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } if ((type && type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } @@ -961,7 +961,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -1004,7 +1004,7 @@ start: * reset by ssl3_get_finished */ && (rr->type != SSL3_RT_HANDSHAKE)) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); goto f_err; } @@ -1025,7 +1025,7 @@ start: if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_APP_DATA_IN_HANDSHAKE); goto f_err; } @@ -1108,7 +1108,7 @@ start: (S3I(s)->handshake_fragment[2] != 0) || (S3I(s)->handshake_fragment[3] != 0)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); + SSLerror(SSL_R_BAD_HELLO_REQUEST); goto f_err; } @@ -1126,7 +1126,7 @@ start: if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -1200,14 +1200,14 @@ start: */ else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_NO_RENEGOTIATION); goto f_err; } } else if (alert_level == SSL3_AL_FATAL) { s->internal->rwstate = SSL_NOTHING; S3I(s)->fatal_alert = alert_descr; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_AD_REASON_OFFSET + alert_descr); ERR_asprintf_error_data("SSL alert number %d", alert_descr); @@ -1216,7 +1216,7 @@ start: return (0); } else { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); + SSLerror(SSL_R_UNKNOWN_ALERT_TYPE); goto f_err; } @@ -1236,7 +1236,7 @@ start: if ((rr->length != 1) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_BAD_CHANGE_CIPHER_SPEC); goto f_err; } @@ -1244,7 +1244,7 @@ start: /* Check we have a cipher to change to */ if (S3I(s)->tmp.new_cipher == NULL) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_CCS_RECEIVED_EARLY); goto f_err; } @@ -1252,7 +1252,7 @@ start: /* Check that we should be receiving a Change Cipher Spec. */ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_CCS_RECEIVED_EARLY); goto f_err; } @@ -1285,7 +1285,7 @@ start: if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -1315,7 +1315,7 @@ start: goto start; } al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); + SSLerror(SSL_R_UNEXPECTED_RECORD); goto f_err; case SSL3_RT_CHANGE_CIPHER_SPEC: case SSL3_RT_ALERT: @@ -1324,7 +1324,7 @@ start: * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that * should not happen when type != rr->type */ al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); goto f_err; case SSL3_RT_APPLICATION_DATA: /* At this point, we were expecting handshake data, @@ -1346,7 +1346,7 @@ start: return (-1); } else { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); + SSLerror(SSL_R_UNEXPECTED_RECORD); goto f_err; } } @@ -1373,7 +1373,7 @@ ssl3_do_change_cipher_spec(SSL *s) if (S3I(s)->tmp.key_block == NULL) { if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ - SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, + SSLerror( SSL_R_CCS_RECEIVED_EARLY); return (0); } @@ -1400,7 +1400,7 @@ ssl3_do_change_cipher_spec(SSL *s) i = tls1_final_finish_mac(s, sender, slen, S3I(s)->tmp.peer_finish_md); if (i == 0) { - SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return 0; } S3I(s)->tmp.peer_finish_md_len = i; -- cgit v1.2.3-55-g6feb