Send the function codes from the error functions to the bit bucket,

as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
author: beck <beck@openbsd.org> 2017-01-29 17:49:22 +0000
committer: beck <beck@openbsd.org> 2017-01-29 17:49:22 +0000
commit: 5067ae9f807f8af9e6350e51e6a54619386c06ba (patch)
tree: f2455d670f0ea5c04a6e9cbdf4d8ef0d4ff40c47 /lib/libcrypto/rsa/rsa_sign.c
parent: Ensure the build user can write to the GLOBAL_AUTOCONF_CACHE file by (diff)
download: wireguard-openbsd-5067ae9f807f8af9e6350e51e6a54619386c06ba.tar.xz
wireguard-openbsd-5067ae9f807f8af9e6350e51e6a54619386c06ba.zip
1 files changed, 15 insertions, 17 deletions
diff --git a/lib/libcrypto/rsa/rsa_sign.c b/lib/libcrypto/rsa/rsa_sign.c
index 7be08f544b0..52cbc3dfe35 100644
--- a/lib/libcrypto/rsa/rsa_sign.c
+++ b/lib/libcrypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_sign.c,v 1.25 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -88,7 +88,7 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
 	/* Special case: SSL signature, just check the length */
 	if (type == NID_md5_sha1) {
 		if (m_len != SSL_SIG_LENGTH) {
-			RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
+			RSAerror(RSA_R_INVALID_MESSAGE_LENGTH);
 			return 0;
 		}
 		i = SSL_SIG_LENGTH;
@@ -97,12 +97,11 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
 		sig.algor = &algor;
 		sig.algor->algorithm = OBJ_nid2obj(type);
 		if (sig.algor->algorithm == NULL) {
-			RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+			RSAerror(RSA_R_UNKNOWN_ALGORITHM_TYPE);
 			return 0;
 		}
 		if (sig.algor->algorithm->length == 0) {
-			RSAerr(RSA_F_RSA_SIGN,
-			    RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+			RSAerror(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
 			return 0;
 		}
 		parameter.type = V_ASN1_NULL;
@@ -117,13 +116,13 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
 	}
 	j = RSA_size(rsa);
 	if (i > j - RSA_PKCS1_PADDING_SIZE) {
-		RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+		RSAerror(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
 		return 0;
 	}
 	if (type != NID_md5_sha1) {
 		tmps = malloc(j + 1);
 		if (tmps == NULL) {
-			RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+			RSAerror(ERR_R_MALLOC_FAILURE);
 			return 0;
 		}
 		p = tmps;
@@ -153,7 +152,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 	X509_SIG *sig = NULL;
 
 	if (siglen != (unsigned int)RSA_size(rsa)) {
-		RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
+		RSAerror(RSA_R_WRONG_SIGNATURE_LENGTH);
 		return 0;
 	}
 
@@ -168,11 +167,11 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 
 	s = malloc(siglen);
 	if (s == NULL) {
-		RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
+		RSAerror(ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
 	if (dtype == NID_md5_sha1 && m_len != SSL_SIG_LENGTH) {
-		RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
+		RSAerror(RSA_R_INVALID_MESSAGE_LENGTH);
 		goto err;
 	}
 	i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
@@ -183,7 +182,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 	/* Special case: SSL signature */
 	if (dtype == NID_md5_sha1) {
 		if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
-			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+			RSAerror(RSA_R_BAD_SIGNATURE);
 		else
 			ret = 1;
 	} else {
@@ -196,7 +195,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 
 		/* Excess data can be used to create forgeries */
 		if (p != s + i) {
-			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+			RSAerror(RSA_R_BAD_SIGNATURE);
 			goto err;
 		}
 
@@ -204,14 +203,14 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 		   create forgeries */
 		if (sig->algor->parameter &&
 		    ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
-			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+			RSAerror(RSA_R_BAD_SIGNATURE);
 			goto err;
 		}
 
 		sigtype = OBJ_obj2nid(sig->algor->algorithm);
 
 		if (sigtype != dtype) {
-			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
+			RSAerror(RSA_R_ALGORITHM_MISMATCH);
 			goto err;
 		}
 		if (rm) {
@@ -219,8 +218,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 
 			md = EVP_get_digestbynid(dtype);
 			if (md && (EVP_MD_size(md) != sig->digest->length))
-				RSAerr(RSA_F_INT_RSA_VERIFY,
-				    RSA_R_INVALID_DIGEST_LENGTH);
+				RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
 			else {
 				memcpy(rm, sig->digest->data,
 				    sig->digest->length);
@@ -229,7 +227,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 			}
 		} else if ((unsigned int)sig->digest->length != m_len ||
 		    memcmp(m, sig->digest->data, m_len) != 0) {
-			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+			RSAerror(RSA_R_BAD_SIGNATURE);
 		} else
 			ret = 1;
 	}
author	beck <beck@openbsd.org>	2017-01-29 17:49:22 +0000
committer	beck <beck@openbsd.org>	2017-01-29 17:49:22 +0000
commit	5067ae9f807f8af9e6350e51e6a54619386c06ba (patch)
tree	f2455d670f0ea5c04a6e9cbdf4d8ef0d4ff40c47 /lib/libcrypto/rsa/rsa_sign.c
parent	Ensure the build user can write to the GLOBAL_AUTOCONF_CACHE file by (diff)
download	wireguard-openbsd-5067ae9f807f8af9e6350e51e6a54619386c06ba.tar.xz wireguard-openbsd-5067ae9f807f8af9e6350e51e6a54619386c06ba.zip