diff options
| author |   beck <beck@openbsd.org> | 2017-01-26 10:40:21 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2017-01-26 10:40:21 +0000 |
| commit | c37c9edfef0160532e31e5d5ada0f7781b5704ec (patch) | |
| tree | 8908d6759fe63c8c13e26f076c1b158713415580 /lib/libssl/ssl_pkt.c | |
| parent | Merge the single two line function from ssl_err2.c into ssl_err.c. (diff) | |
| download | wireguard-openbsd-c37c9edfef0160532e31e5d5ada0f7781b5704ec.tar.xz wireguard-openbsd-c37c9edfef0160532e31e5d5ada0f7781b5704ec.zip | |
Send the error function codes to rot in the depths of hell where they belong
We leave a single funciton code (0xFFF) to say "SSL_internal" so the public
API will not break, and we replace all internal use of the two argument
SSL_err() with the internal only SSL_error() that only takes a reason code.
ok jsing@
Diffstat (limited to 'lib/libssl/ssl_pkt.c')
| -rw-r--r-- | lib/libssl/ssl_pkt.c | 74 |
1 files changed, 37 insertions, 37 deletions
diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index 2fa7852b80b..f354fb82bf9 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.5 2017/01/26 08:19:43 beck Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.6 2017/01/26 10:40:21 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -224,7 +224,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) if (n > (int)(rb->len - rb->offset)) { /* does not happen */ - SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } @@ -248,7 +248,7 @@ ssl3_read_n(SSL *s, int n, int max, int extend) s->internal->rwstate = SSL_READING; i = BIO_read(s->rbio, pkt + len + left, max - left); } else { - SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET); + SSLerror(SSL_R_READ_BIO_NOT_SET); i = -1; } @@ -364,7 +364,7 @@ ssl3_get_record(SSL *s) if (!CBS_get_u8(&header, &type) || !CBS_get_u16(&header, &ssl_version) || !CBS_get_u16(&header, &len)) { - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_BAD_PACKET_LENGTH); goto err; } @@ -374,7 +374,7 @@ ssl3_get_record(SSL *s) /* Lets check version */ if (!s->internal->first_packet && ssl_version != s->version) { - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (ssl_version & 0xFF00) && !s->internal->enc_write_ctx && !s->internal->write_hash) @@ -385,14 +385,14 @@ ssl3_get_record(SSL *s) } if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) { - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_WRONG_VERSION_NUMBER); goto err; } if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_PACKET_LENGTH_TOO_LONG); goto f_err; } @@ -428,7 +428,7 @@ ssl3_get_record(SSL *s) /* check is not needed I believe */ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + SSLerror(SSL_R_ENCRYPTED_LENGTH_TOO_LONG); goto f_err; } @@ -442,7 +442,7 @@ ssl3_get_record(SSL *s) * -1: if the padding is invalid */ if (enc_err == 0) { al = SSL_AD_DECRYPTION_FAILED; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + SSLerror(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); goto f_err; } @@ -470,7 +470,7 @@ ssl3_get_record(SSL *s) (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && orig_len < mac_size + 1)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); + SSLerror(SSL_R_LENGTH_TOO_SHORT); goto f_err; } @@ -510,14 +510,14 @@ ssl3_get_record(SSL *s) * (e.g. via a logfile) */ al = SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); goto f_err; } if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); + SSLerror(SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } @@ -543,7 +543,7 @@ ssl3_get_record(SSL *s) * empty record without forcing want_read. */ if (s->internal->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) { - SSLerr(SSL_F_SSL3_GET_RECORD, + SSLerror( SSL_R_PEER_BEHAVING_BADLY); return -1; } @@ -575,7 +575,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) int i; if (len < 0) { - SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } @@ -588,7 +588,7 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_WRITE_BYTES, + SSLerror( SSL_R_SSL_HANDSHAKE_FAILURE); return -1; } @@ -698,7 +698,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (prefix_len > (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { /* insufficient space */ - SSLerr(SSL_F_DO_SSL3_WRITE, + SSLerror( ERR_R_INTERNAL_ERROR); goto err; } @@ -842,7 +842,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) && !(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || (S3I(s)->wpend_type != type)) { - SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); + SSLerror(SSL_R_BAD_WRITE_RETRY); return (-1); } @@ -854,7 +854,7 @@ ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) (char *)&(wb->buf[wb->offset]), (unsigned int)wb->left); } else { - SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET); + SSLerror(SSL_R_BIO_NOT_SET); i = -1; } if (i == wb->left) { @@ -919,14 +919,14 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) return (-1); if (len < 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } if ((type && type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return -1; } @@ -961,7 +961,7 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -1004,7 +1004,7 @@ start: * reset by ssl3_get_finished */ && (rr->type != SSL3_RT_HANDSHAKE)) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); goto f_err; } @@ -1025,7 +1025,7 @@ start: if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_APP_DATA_IN_HANDSHAKE); goto f_err; } @@ -1108,7 +1108,7 @@ start: (S3I(s)->handshake_fragment[2] != 0) || (S3I(s)->handshake_fragment[3] != 0)) { al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); + SSLerror(SSL_R_BAD_HELLO_REQUEST); goto f_err; } @@ -1126,7 +1126,7 @@ start: if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -1200,14 +1200,14 @@ start: */ else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_NO_RENEGOTIATION); goto f_err; } } else if (alert_level == SSL3_AL_FATAL) { s->internal->rwstate = SSL_NOTHING; S3I(s)->fatal_alert = alert_descr; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_AD_REASON_OFFSET + alert_descr); ERR_asprintf_error_data("SSL alert number %d", alert_descr); @@ -1216,7 +1216,7 @@ start: return (0); } else { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); + SSLerror(SSL_R_UNKNOWN_ALERT_TYPE); goto f_err; } @@ -1236,7 +1236,7 @@ start: if ((rr->length != 1) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_BAD_CHANGE_CIPHER_SPEC); goto f_err; } @@ -1244,7 +1244,7 @@ start: /* Check we have a cipher to change to */ if (S3I(s)->tmp.new_cipher == NULL) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_CCS_RECEIVED_EARLY); goto f_err; } @@ -1252,7 +1252,7 @@ start: /* Check that we should be receiving a Change Cipher Spec. */ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_CCS_RECEIVED_EARLY); goto f_err; } @@ -1285,7 +1285,7 @@ start: if (i < 0) return (i); if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, + SSLerror( SSL_R_SSL_HANDSHAKE_FAILURE); return (-1); } @@ -1315,7 +1315,7 @@ start: goto start; } al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); + SSLerror(SSL_R_UNEXPECTED_RECORD); goto f_err; case SSL3_RT_CHANGE_CIPHER_SPEC: case SSL3_RT_ALERT: @@ -1324,7 +1324,7 @@ start: * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that * should not happen when type != rr->type */ al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); goto f_err; case SSL3_RT_APPLICATION_DATA: /* At this point, we were expecting handshake data, @@ -1346,7 +1346,7 @@ start: return (-1); } else { al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); + SSLerror(SSL_R_UNEXPECTED_RECORD); goto f_err; } } @@ -1373,7 +1373,7 @@ ssl3_do_change_cipher_spec(SSL *s) if (S3I(s)->tmp.key_block == NULL) { if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ - SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, + SSLerror( SSL_R_CCS_RECEIVED_EARLY); return (0); } @@ -1400,7 +1400,7 @@ ssl3_do_change_cipher_spec(SSL *s) i = tls1_final_finish_mac(s, sender, slen, S3I(s)->tmp.peer_finish_md); if (i == 0) { - SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); + SSLerror(ERR_R_INTERNAL_ERROR); return 0; } S3I(s)->tmp.peer_finish_md_len = i; |