Send the error function codes to rot in the depths of hell where they belong

We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@

1 files changed, 49 insertions, 49 deletions

diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 6d5d5c468b8..605fc428ad8 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.153 2017/01/26 06:32:58 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.154 2017/01/26 10:40:21 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -163,7 +163,7 @@ int
 SSL_clear(SSL *s)
 {
 	if (s->method == NULL) {
-		SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
+		SSLerror(SSL_R_NO_METHOD_SPECIFIED);
 		return (0);
 	}
 
@@ -177,7 +177,7 @@ SSL_clear(SSL *s)
 	s->internal->shutdown = 0;
 
 	if (s->internal->renegotiate) {
-		SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
+		SSLerror(ERR_R_INTERNAL_ERROR);
 		return (0);
 	}
 
@@ -226,7 +226,7 @@ SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
 	sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
 	    &(ctx->internal->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
-		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
+		SSLerror(
 		    SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
 		return (0);
 	}
@@ -239,21 +239,21 @@ SSL_new(SSL_CTX *ctx)
 	SSL	*s;
 
 	if (ctx == NULL) {
-		SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
+		SSLerror(SSL_R_NULL_SSL_CTX);
 		return (NULL);
 	}
 	if (ctx->method == NULL) {
-		SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
+		SSLerror(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
 		return (NULL);
 	}
 
 	if ((s = calloc(1, sizeof(*s))) == NULL) {
-		SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+		SSLerror(ERR_R_MALLOC_FAILURE);
 		return (NULL);
 	}
 	if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL) {
 		free(s);
-		SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+		SSLerror(ERR_R_MALLOC_FAILURE);
 		return (NULL);
 	}
 
@@ -372,7 +372,7 @@ SSL_new(SSL_CTX *ctx)
 
  err:
 	SSL_free(s);
-	SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+	SSLerror(ERR_R_MALLOC_FAILURE);
 	return (NULL);
 }
 
@@ -381,7 +381,7 @@ SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
     unsigned int sid_ctx_len)
 {
 	if (sid_ctx_len > sizeof ctx->sid_ctx) {
-		SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
+		SSLerror(
 		    SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
 		return (0);
 	}
@@ -396,7 +396,7 @@ SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
     unsigned int sid_ctx_len)
 {
 	if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
-		SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
+		SSLerror(
 		    SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
 		return (0);
 	}
@@ -634,7 +634,7 @@ SSL_set_fd(SSL *s, int fd)
 	bio = BIO_new(BIO_s_socket());
 
 	if (bio == NULL) {
-		SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+		SSLerror(ERR_R_BUF_LIB);
 		goto err;
 	}
 	BIO_set_fd(bio, fd, BIO_NOCLOSE);
@@ -655,7 +655,7 @@ SSL_set_wfd(SSL *s, int fd)
 		bio = BIO_new(BIO_s_socket());
 
 		if (bio == NULL) {
-			SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
+			SSLerror(ERR_R_BUF_LIB);
 			goto err;
 		}
 		BIO_set_fd(bio, fd, BIO_NOCLOSE);
@@ -678,7 +678,7 @@ SSL_set_rfd(SSL *s, int fd)
 		bio = BIO_new(BIO_s_socket());
 
 		if (bio == NULL) {
-			SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
+			SSLerror(ERR_R_BUF_LIB);
 			goto err;
 		}
 		BIO_set_fd(bio, fd, BIO_NOCLOSE);
@@ -873,12 +873,12 @@ SSL_CTX_check_private_key(const SSL_CTX *ctx)
 {
 	if ((ctx == NULL) || (ctx->internal->cert == NULL) ||
 	    (ctx->internal->cert->key->x509 == NULL)) {
-		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
+		SSLerror(
 		    SSL_R_NO_CERTIFICATE_ASSIGNED);
 		return (0);
 	}
 	if (ctx->internal->cert->key->privatekey == NULL) {
-		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
+		SSLerror(
 		    SSL_R_NO_PRIVATE_KEY_ASSIGNED);
 		return (0);
 	}
@@ -891,22 +891,22 @@ int
 SSL_check_private_key(const SSL *ssl)
 {
 	if (ssl == NULL) {
-		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
+		SSLerror(
 		    ERR_R_PASSED_NULL_PARAMETER);
 		return (0);
 	}
 	if (ssl->cert == NULL) {
-		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
+		SSLerror(
 		    SSL_R_NO_CERTIFICATE_ASSIGNED);
 		return (0);
 	}
 	if (ssl->cert->key->x509 == NULL) {
-		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
+		SSLerror(
 		    SSL_R_NO_CERTIFICATE_ASSIGNED);
 		return (0);
 	}
 	if (ssl->cert->key->privatekey == NULL) {
-		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
+		SSLerror(
 		    SSL_R_NO_PRIVATE_KEY_ASSIGNED);
 		return (0);
 	}
@@ -942,7 +942,7 @@ int
 SSL_read(SSL *s, void *buf, int num)
 {
 	if (s->internal->handshake_func == NULL) {
-		SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+		SSLerror(SSL_R_UNINITIALIZED);
 		return (-1);
 	}
 
@@ -957,7 +957,7 @@ int
 SSL_peek(SSL *s, void *buf, int num)
 {
 	if (s->internal->handshake_func == NULL) {
-		SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
+		SSLerror(SSL_R_UNINITIALIZED);
 		return (-1);
 	}
 
@@ -971,13 +971,13 @@ int
 SSL_write(SSL *s, const void *buf, int num)
 {
 	if (s->internal->handshake_func == NULL) {
-		SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
+		SSLerror(SSL_R_UNINITIALIZED);
 		return (-1);
 	}
 
 	if (s->internal->shutdown & SSL_SENT_SHUTDOWN) {
 		s->internal->rwstate = SSL_NOTHING;
-		SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
+		SSLerror(SSL_R_PROTOCOL_IS_SHUTDOWN);
 		return (-1);
 	}
 	return (s->method->internal->ssl_write(s, buf, num));
@@ -994,7 +994,7 @@ SSL_shutdown(SSL *s)
 	 */
 
 	if (s->internal->handshake_func == NULL) {
-		SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
+		SSLerror(SSL_R_UNINITIALIZED);
 		return (-1);
 	}
 
@@ -1306,7 +1306,7 @@ SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
 	if (sk == NULL)
 		return (0);
 	else if (sk_SSL_CIPHER_num(sk) == 0) {
-		SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+		SSLerror(SSL_R_NO_CIPHER_MATCH);
 		return (0);
 	}
 	return (1);
@@ -1324,7 +1324,7 @@ SSL_set_cipher_list(SSL *s, const char *str)
 	if (sk == NULL)
 		return (0);
 	else if (sk_SSL_CIPHER_num(sk) == 0) {
-		SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+		SSLerror(SSL_R_NO_CIPHER_MATCH);
 		return (0);
 	}
 	return (1);
@@ -1428,20 +1428,20 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
 	 * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
 	 */
 	if (num < 2 || num > 0x10000 - 2) {
-		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+		SSLerror(
 		    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
 		return (NULL);
 	}
 
 	if ((sk = sk_SSL_CIPHER_new_null()) == NULL) {
-		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+		SSLerror(ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
 
 	CBS_init(&cbs, p, num);
 	while (CBS_len(&cbs) > 0) {
 		if (!CBS_get_u16(&cbs, &cipher_value)) {
-			SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+			SSLerror(
 			    SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
 			goto err;
 		}
@@ -1454,7 +1454,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
 			 * renegotiating.
 			 */
 			if (s->internal->renegotiate) {
-				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+				SSLerror(
 				    SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
 				ssl3_send_alert(s, SSL3_AL_FATAL,
 				    SSL_AD_HANDSHAKE_FAILURE);
@@ -1474,7 +1474,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
 			 */
 			max_version = ssl_max_server_version(s);
 			if (max_version == 0 || s->version < max_version) {
-				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+				SSLerror(
 				    SSL_R_INAPPROPRIATE_FALLBACK);
 				if (s->s3 != NULL)
 					ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -1486,7 +1486,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
 
 		if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
 			if (!sk_SSL_CIPHER_push(sk, c)) {
-				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+				SSLerror(
 				    ERR_R_MALLOC_FAILURE);
 				goto err;
 			}
@@ -1797,22 +1797,22 @@ SSL_CTX_new(const SSL_METHOD *meth)
 	SSL_CTX	*ret;
 
 	if (meth == NULL) {
-		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
+		SSLerror(SSL_R_NULL_SSL_METHOD_PASSED);
 		return (NULL);
 	}
 
 	if ((ret = calloc(1, sizeof(*ret))) == NULL) {
-		SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+		SSLerror(ERR_R_MALLOC_FAILURE);
 		return (NULL);
 	}
 	if ((ret->internal = calloc(1, sizeof(*ret->internal))) == NULL) {
 		free(ret);
-		SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+		SSLerror(ERR_R_MALLOC_FAILURE);
 		return (NULL);
 	}
 
 	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
-		SSLerr(SSL_F_SSL_CTX_NEW,
+		SSLerror(
 		    SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
 		goto err;
 	}
@@ -1872,7 +1872,7 @@ SSL_CTX_new(const SSL_METHOD *meth)
 	    &ret->internal->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
 	if (ret->cipher_list == NULL ||
 	    sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
-		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
+		SSLerror(SSL_R_LIBRARY_HAS_NO_CIPHERS);
 		goto err2;
 	}
 
@@ -1881,12 +1881,12 @@ SSL_CTX_new(const SSL_METHOD *meth)
 		goto err;
 
 	if ((ret->internal->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
-		SSLerr(SSL_F_SSL_CTX_NEW,
+		SSLerror(
 		    SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
 		goto err2;
 	}
 	if ((ret->internal->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
-		SSLerr(SSL_F_SSL_CTX_NEW,
+		SSLerror(
 		    SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
 		goto err2;
 	}
@@ -1942,7 +1942,7 @@ SSL_CTX_new(const SSL_METHOD *meth)
 
 	return (ret);
 err:
-	SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+	SSLerror(ERR_R_MALLOC_FAILURE);
 err2:
 	SSL_CTX_free(ret);
 	return (NULL);
@@ -2126,7 +2126,7 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
 		/* Key usage, if present, must allow signing. */
 		if ((x->ex_flags & EXFLAG_KUSAGE) &&
 		    ((x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) == 0)) {
-			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
+			SSLerror(
 			    SSL_R_ECC_CERT_NOT_FOR_SIGNING);
 			return (0);
 		}
@@ -2159,7 +2159,7 @@ ssl_get_server_send_pkey(const SSL *s)
 	} else if (alg_a & SSL_aGOST01) {
 		i = SSL_PKEY_GOST01;
 	} else { /* if (alg_a & SSL_aNULL) */
-		SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR);
+		SSLerror(ERR_R_INTERNAL_ERROR);
 		return (NULL);
 	}
 
@@ -2199,7 +2199,7 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
 	    (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
 		idx = SSL_PKEY_ECC;
 	if (idx == -1) {
-		SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
+		SSLerror(ERR_R_INTERNAL_ERROR);
 		return (NULL);
 	}
 	if (pmd)
@@ -2403,7 +2403,7 @@ SSL_do_handshake(SSL *s)
 	int	ret = 1;
 
 	if (s->internal->handshake_func == NULL) {
-		SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
+		SSLerror(SSL_R_CONNECTION_TYPE_NOT_SET);
 		return (-1);
 	}
 
@@ -2448,7 +2448,7 @@ SSL_set_connect_state(SSL *s)
 int
 ssl_undefined_function(SSL *s)
 {
-	SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,
+	SSLerror(
 	    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 	return (0);
 }
@@ -2456,7 +2456,7 @@ ssl_undefined_function(SSL *s)
 int
 ssl_undefined_void_function(void)
 {
-	SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
+	SSLerror(
 	    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 	return (0);
 }
@@ -2464,7 +2464,7 @@ ssl_undefined_void_function(void)
 int
 ssl_undefined_const_function(const SSL *s)
 {
-	SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,
+	SSLerror(
 	    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 	return (0);
 }
@@ -2700,7 +2700,7 @@ ssl_init_wbio_buffer(SSL *s, int push)
 	(void)BIO_reset(bbio);
 /*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */
 	if (!BIO_set_read_buffer_size(bbio, 1)) {
-		SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
+		SSLerror(ERR_R_BUF_LIB);
 		return (0);
 	}
 	if (push) {