From 91c389f89015a024212e73f5ec6e24166955ab6e Mon Sep 17 00:00:00 2001 From: beck <> Date: Tue, 7 Feb 2017 02:08:38 +0000 Subject: Change SSLerror() back to taking two args, with the first one being an SSL *. Make a table of "function codes" which maps the internal state of the SSL * to something like a useful name so in a typical error in the connection you know in what sort of place in the handshake things happened. (instead of by arcane function name). Add SSLerrorx() for when we don't have an SSL * ok jsing@ after us both being prodded by bluhm@ to make it not terrible --- src/lib/libssl/ssl_rsa.c | 104 +++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 52 deletions(-) (limited to 'src/lib/libssl/ssl_rsa.c') diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index facb8ac274..e99ce1e3ae 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_rsa.c,v 1.27 2017/01/26 12:16:13 beck Exp $ */ +/* $OpenBSD: ssl_rsa.c,v 1.28 2017/02/07 02:08:38 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,11 +74,11 @@ int SSL_use_certificate(SSL *ssl, X509 *x) { if (x == NULL) { - SSLerror(ERR_R_PASSED_NULL_PARAMETER); + SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); return (0); } if (!ssl_cert_inst(&ssl->cert)) { - SSLerror(ERR_R_MALLOC_FAILURE); + SSLerror(ssl, ERR_R_MALLOC_FAILURE); return (0); } return (ssl_set_cert(ssl->cert, x)); @@ -94,12 +94,12 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerror(ERR_R_BUF_LIB); + SSLerror(ssl, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerror(ERR_R_SYS_LIB); + SSLerror(ssl, ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_ASN1) { @@ -111,12 +111,12 @@ SSL_use_certificate_file(SSL *ssl, const char *file, int type) ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); } else { - SSLerror(SSL_R_BAD_SSL_FILETYPE); + SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE); goto end; } if (x == NULL) { - SSLerror(j); + SSLerror(ssl, j); goto end; } @@ -135,7 +135,7 @@ SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) x = d2i_X509(NULL, &d,(long)len); if (x == NULL) { - SSLerror(ERR_R_ASN1_LIB); + SSLerror(ssl, ERR_R_ASN1_LIB); return (0); } @@ -151,15 +151,15 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) int ret; if (rsa == NULL) { - SSLerror(ERR_R_PASSED_NULL_PARAMETER); + SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); return (0); } if (!ssl_cert_inst(&ssl->cert)) { - SSLerror(ERR_R_MALLOC_FAILURE); + SSLerror(ssl, ERR_R_MALLOC_FAILURE); return (0); } if ((pkey = EVP_PKEY_new()) == NULL) { - SSLerror(ERR_R_EVP_LIB); + SSLerror(ssl, ERR_R_EVP_LIB); return (0); } @@ -178,7 +178,7 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey) i = ssl_cert_type(NULL, pkey); if (i < 0) { - SSLerror(SSL_R_UNKNOWN_CERTIFICATE_TYPE); + SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE); return (0); } @@ -222,12 +222,12 @@ SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerror(ERR_R_BUF_LIB); + SSLerror(ssl, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerror(ERR_R_SYS_LIB); + SSLerror(ssl, ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_ASN1) { @@ -239,11 +239,11 @@ SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); } else { - SSLerror(SSL_R_BAD_SSL_FILETYPE); + SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE); goto end; } if (rsa == NULL) { - SSLerror(j); + SSLerror(ssl, j); goto end; } ret = SSL_use_RSAPrivateKey(ssl, rsa); @@ -262,7 +262,7 @@ SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) p = d; if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { - SSLerror(ERR_R_ASN1_LIB); + SSLerror(ssl, ERR_R_ASN1_LIB); return (0); } @@ -277,11 +277,11 @@ SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) int ret; if (pkey == NULL) { - SSLerror(ERR_R_PASSED_NULL_PARAMETER); + SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); return (0); } if (!ssl_cert_inst(&ssl->cert)) { - SSLerror(ERR_R_MALLOC_FAILURE); + SSLerror(ssl, ERR_R_MALLOC_FAILURE); return (0); } ret = ssl_set_pkey(ssl->cert, pkey); @@ -297,12 +297,12 @@ SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerror(ERR_R_BUF_LIB); + SSLerror(ssl, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerror(ERR_R_SYS_LIB); + SSLerror(ssl, ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_PEM) { @@ -314,11 +314,11 @@ SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) j = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_bio(in, NULL); } else { - SSLerror(SSL_R_BAD_SSL_FILETYPE); + SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE); goto end; } if (pkey == NULL) { - SSLerror(j); + SSLerror(ssl, j); goto end; } ret = SSL_use_PrivateKey(ssl, pkey); @@ -337,7 +337,7 @@ SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) p = d; if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { - SSLerror(ERR_R_ASN1_LIB); + SSLerror(ssl, ERR_R_ASN1_LIB); return (0); } @@ -350,11 +350,11 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) { if (x == NULL) { - SSLerror(ERR_R_PASSED_NULL_PARAMETER); + SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); return (0); } if (!ssl_cert_inst(&ctx->internal->cert)) { - SSLerror(ERR_R_MALLOC_FAILURE); + SSLerrorx(ERR_R_MALLOC_FAILURE); return (0); } return (ssl_set_cert(ctx->internal->cert, x)); @@ -368,13 +368,13 @@ ssl_set_cert(CERT *c, X509 *x) pkey = X509_get_pubkey(x); if (pkey == NULL) { - SSLerror(SSL_R_X509_LIB); + SSLerrorx(SSL_R_X509_LIB); return (0); } i = ssl_cert_type(x, pkey); if (i < 0) { - SSLerror(SSL_R_UNKNOWN_CERTIFICATE_TYPE); + SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE); EVP_PKEY_free(pkey); return (0); } @@ -427,12 +427,12 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerror(ERR_R_BUF_LIB); + SSLerrorx(ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerror(ERR_R_SYS_LIB); + SSLerrorx(ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_ASN1) { @@ -443,12 +443,12 @@ SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); } else { - SSLerror(SSL_R_BAD_SSL_FILETYPE); + SSLerrorx(SSL_R_BAD_SSL_FILETYPE); goto end; } if (x == NULL) { - SSLerror(j); + SSLerrorx(j); goto end; } @@ -467,7 +467,7 @@ SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) x = d2i_X509(NULL, &d,(long)len); if (x == NULL) { - SSLerror(ERR_R_ASN1_LIB); + SSLerrorx(ERR_R_ASN1_LIB); return (0); } @@ -483,15 +483,15 @@ SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) EVP_PKEY *pkey; if (rsa == NULL) { - SSLerror(ERR_R_PASSED_NULL_PARAMETER); + SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); return (0); } if (!ssl_cert_inst(&ctx->internal->cert)) { - SSLerror(ERR_R_MALLOC_FAILURE); + SSLerrorx(ERR_R_MALLOC_FAILURE); return (0); } if ((pkey = EVP_PKEY_new()) == NULL) { - SSLerror(ERR_R_EVP_LIB); + SSLerrorx(ERR_R_EVP_LIB); return (0); } @@ -512,12 +512,12 @@ SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerror(ERR_R_BUF_LIB); + SSLerrorx(ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerror(ERR_R_SYS_LIB); + SSLerrorx(ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_ASN1) { @@ -529,11 +529,11 @@ SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); } else { - SSLerror(SSL_R_BAD_SSL_FILETYPE); + SSLerrorx(SSL_R_BAD_SSL_FILETYPE); goto end; } if (rsa == NULL) { - SSLerror(j); + SSLerrorx(j); goto end; } ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); @@ -552,7 +552,7 @@ SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) p = d; if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { - SSLerror(ERR_R_ASN1_LIB); + SSLerrorx(ERR_R_ASN1_LIB); return (0); } @@ -565,11 +565,11 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { if (pkey == NULL) { - SSLerror(ERR_R_PASSED_NULL_PARAMETER); + SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); return (0); } if (!ssl_cert_inst(&ctx->internal->cert)) { - SSLerror(ERR_R_MALLOC_FAILURE); + SSLerrorx(ERR_R_MALLOC_FAILURE); return (0); } return (ssl_set_pkey(ctx->internal->cert, pkey)); @@ -584,12 +584,12 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerror(ERR_R_BUF_LIB); + SSLerrorx(ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerror(ERR_R_SYS_LIB); + SSLerrorx(ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_PEM) { @@ -601,11 +601,11 @@ SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) j = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_bio(in, NULL); } else { - SSLerror(SSL_R_BAD_SSL_FILETYPE); + SSLerrorx(SSL_R_BAD_SSL_FILETYPE); goto end; } if (pkey == NULL) { - SSLerror(j); + SSLerrorx(j); goto end; } ret = SSL_CTX_use_PrivateKey(ctx, pkey); @@ -625,7 +625,7 @@ SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, p = d; if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { - SSLerror(ERR_R_ASN1_LIB); + SSLerrorx(ERR_R_ASN1_LIB); return (0); } @@ -651,7 +651,7 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); if (x == NULL) { - SSLerror(ERR_R_PEM_LIB); + SSLerrorx(ERR_R_PEM_LIB); goto end; } @@ -711,12 +711,12 @@ SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerror(ERR_R_BUF_LIB); + SSLerrorx(ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerror(ERR_R_SYS_LIB); + SSLerrorx(ERR_R_SYS_LIB); goto end; } @@ -735,7 +735,7 @@ SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) in = BIO_new_mem_buf(buf, len); if (in == NULL) { - SSLerror(ERR_R_BUF_LIB); + SSLerrorx(ERR_R_BUF_LIB); goto end; } -- cgit v1.2.3-55-g6feb