Send the error function codes to rot in the depths of hell where they belong

We leave a single funciton code (0xFFF) to say "SSL_internal" so the public API will not break, and we replace all internal use of the two argument SSL_err() with the internal only SSL_error() that only takes a reason code. ok jsing@
author: beck <beck@openbsd.org> 2017-01-26 10:40:21 +0000
committer: beck <beck@openbsd.org> 2017-01-26 10:40:21 +0000
commit: c37c9edfef0160532e31e5d5ada0f7781b5704ec (patch)
tree: 8908d6759fe63c8c13e26f076c1b158713415580 /lib/libssl/ssl_srvr.c
parent: Merge the single two line function from ssl_err2.c into ssl_err.c. (diff)
download: wireguard-openbsd-c37c9edfef0160532e31e5d5ada0f7781b5704ec.tar.xz
wireguard-openbsd-c37c9edfef0160532e31e5d5ada0f7781b5704ec.zip
1 files changed, 106 insertions, 114 deletions
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index a716947ab9f..46ca4d6c9ce 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.2 2017/01/26 06:32:58 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.3 2017/01/26 10:40:21 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -189,7 +189,7 @@ ssl3_accept(SSL *s)
 		SSL_clear(s);
 
 	if (s->cert == NULL) {
-		SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
+		SSLerror(SSL_R_NO_CERTIFICATE_SET);
 		ret = -1;
 		goto end;
 	}
@@ -212,7 +212,7 @@ ssl3_accept(SSL *s)
 				cb(s, SSL_CB_HANDSHAKE_START, 1);
 
 			if ((s->version >> 8) != 3) {
-				SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
+				SSLerror(ERR_R_INTERNAL_ERROR);
 				ret = -1;
 				goto end;
 			}
@@ -253,7 +253,7 @@ ssl3_accept(SSL *s)
 				 * client that doesn't support secure
 				 * renegotiation.
 				 */
-				SSLerr(SSL_F_SSL3_ACCEPT,
+				SSLerror(
 				    SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
 				ssl3_send_alert(s, SSL3_AL_FATAL,
 				    SSL_AD_HANDSHAKE_FAILURE);
@@ -484,7 +484,7 @@ ssl3_accept(SSL *s)
 				 * at this point and digest cached records.
 				 */
 				if (!S3I(s)->handshake_buffer) {
-					SSLerr(SSL_F_SSL3_ACCEPT,
+					SSLerror(
 					    ERR_R_INTERNAL_ERROR);
 					ret = -1;
 					goto end;
@@ -673,7 +673,7 @@ ssl3_accept(SSL *s)
 			/* break; */
 
 		default:
-			SSLerr(SSL_F_SSL3_ACCEPT,
+			SSLerror(
 			    SSL_R_UNKNOWN_STATE);
 			ret = -1;
 			goto end;
@@ -765,7 +765,7 @@ ssl3_get_client_hello(SSL *s)
 	p += 2;
 
 	if (ssl_max_shared_version(s, s->client_version, &shared_version) != 1) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
+		SSLerror(SSL_R_WRONG_VERSION_NUMBER);
 		if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
 		    !s->internal->enc_write_ctx && !s->internal->write_hash) {
 			/*
@@ -782,7 +782,7 @@ ssl3_get_client_hello(SSL *s)
 	if ((method = tls1_get_server_method(shared_version)) == NULL)
 		method = dtls1_get_server_method(shared_version);
 	if (method == NULL) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+		SSLerror(ERR_R_INTERNAL_ERROR);
 		goto err;
 	}
 	s->method = method;
@@ -868,7 +868,7 @@ ssl3_get_client_hello(SSL *s)
 		if (cookie_len > sizeof(D1I(s)->rcvd_cookie)) {
 			/* too much data */
 			al = SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+			SSLerror(
 			    SSL_R_COOKIE_MISMATCH);
 			goto f_err;
 		}
@@ -885,7 +885,7 @@ ssl3_get_client_hello(SSL *s)
 				if (s->ctx->internal->app_verify_cookie_cb(s,
 				    D1I(s)->rcvd_cookie, cookie_len) == 0) {
 					al = SSL_AD_HANDSHAKE_FAILURE;
-					SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+					SSLerror(
 					    SSL_R_COOKIE_MISMATCH);
 					goto f_err;
 				}
@@ -894,7 +894,7 @@ ssl3_get_client_hello(SSL *s)
 			    D1I(s)->cookie_len) != 0) {
 				/* default verification */
 				al = SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+				SSLerror(
 				    SSL_R_COOKIE_MISMATCH);
 				goto f_err;
 			}
@@ -911,7 +911,7 @@ ssl3_get_client_hello(SSL *s)
 	if ((i == 0) && (j != 0)) {
 		/* we need a cipher if we are not resuming a session */
 		al = SSL_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+		SSLerror(
 		    SSL_R_NO_CIPHERS_SPECIFIED);
 		goto f_err;
 	}
@@ -941,7 +941,7 @@ ssl3_get_client_hello(SSL *s)
 			 * list if we are asked to reuse it
 			 */
 			al = SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+			SSLerror(
 			    SSL_R_REQUIRED_CIPHER_MISSING);
 			goto f_err;
 		}
@@ -962,7 +962,7 @@ ssl3_get_client_hello(SSL *s)
 	if (j >= i) {
 		/* no compress */
 		al = SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+		SSLerror(
 		    SSL_R_NO_COMPRESSION_SPECIFIED);
 		goto f_err;
 	}
@@ -970,11 +970,11 @@ ssl3_get_client_hello(SSL *s)
 	/* TLS extensions*/
 	if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) {
 		/* 'al' set by ssl_parse_clienthello_tlsext */
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
+		SSLerror(SSL_R_PARSE_TLSEXT);
 		goto f_err;
 	}
 	if (ssl_check_clienthello_tlsext_early(s) <= 0) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+		SSLerror(
 		    SSL_R_CLIENTHELLO_TLSEXT);
 		goto err;
 	}
@@ -1006,7 +1006,7 @@ ssl3_get_client_hello(SSL *s)
 			    SSL_get_ciphers(s));
 			if (pref_cipher == NULL) {
 				al = SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+				SSLerror(
 				    SSL_R_NO_SHARED_CIPHER);
 				goto f_err;
 			}
@@ -1032,7 +1032,7 @@ ssl3_get_client_hello(SSL *s)
 		s->session->ciphers = ciphers;
 		if (ciphers == NULL) {
 			al = SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+			SSLerror(
 			    SSL_R_NO_CIPHERS_PASSED);
 			goto f_err;
 		}
@@ -1042,7 +1042,7 @@ ssl3_get_client_hello(SSL *s)
 
 		if (c == NULL) {
 			al = SSL_AD_HANDSHAKE_FAILURE;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+			SSLerror(
 			    SSL_R_NO_SHARED_CIPHER);
 			goto f_err;
 		}
@@ -1074,7 +1074,7 @@ ssl3_get_client_hello(SSL *s)
 
 	/* Handles TLS extensions that we couldn't check earlier */
 	if (ssl_check_clienthello_tlsext_late(s) <= 0) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+		SSLerror(SSL_R_CLIENTHELLO_TLSEXT);
 		goto err;
 	}
 
@@ -1083,7 +1083,7 @@ ssl3_get_client_hello(SSL *s)
 	if (0) {
 truncated:
 		al = SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_BAD_PACKET_LENGTH);
+		SSLerror(SSL_R_BAD_PACKET_LENGTH);
 f_err:
 		ssl3_send_alert(s, SSL3_AL_FATAL, al);
 	}
@@ -1142,7 +1142,7 @@ ssl3_send_server_hello(SSL *s)
 
 		sl = s->session->session_id_length;
 		if (sl > (int)sizeof(s->session->session_id)) {
-			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
+			SSLerror(
 			    ERR_R_INTERNAL_ERROR);
 			goto err;
 		}
@@ -1166,7 +1166,7 @@ ssl3_send_server_hello(SSL *s)
 
 		if ((p = ssl_add_serverhello_tlsext(s, p + outlen,
 		    bufend)) == NULL) {
-			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
+			SSLerror(
 			    ERR_R_INTERNAL_ERROR);
 			goto err;
 		}
@@ -1208,7 +1208,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
 	if (s->cert->dh_tmp_auto != 0) {
 		if ((dhp = ssl_get_auto_dh(s)) == NULL) {
 			al = SSL_AD_INTERNAL_ERROR;
-			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+			SSLerror(
 			    ERR_R_INTERNAL_ERROR);
 			goto f_err;
 		}
@@ -1221,13 +1221,13 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
 
 	if (dhp == NULL) {
 		al = SSL_AD_HANDSHAKE_FAILURE;
-		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+		SSLerror(
 		    SSL_R_MISSING_TMP_DH_KEY);
 		goto f_err;
 	}
 
 	if (S3I(s)->tmp.dh != NULL) {
-		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+		SSLerror(
 		    ERR_R_INTERNAL_ERROR);
 		goto err;
 	}
@@ -1235,12 +1235,12 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
 	if (s->cert->dh_tmp_auto != 0) {
 		dh = dhp;
 	} else if ((dh = DHparams_dup(dhp)) == NULL) {
-		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+		SSLerror(ERR_R_DH_LIB);
 		goto err;
 	}
 	S3I(s)->tmp.dh = dh;
 	if (!DH_generate_key(dh)) {
-		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+		SSLerror(ERR_R_DH_LIB);
 		goto err;
 	}
 
@@ -1299,13 +1299,13 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
 	}
 	if (ecdhp == NULL) {
 		al = SSL_AD_HANDSHAKE_FAILURE;
-		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+		SSLerror(
 		    SSL_R_MISSING_TMP_ECDH_KEY);
 		goto f_err;
 	}
 
 	if (S3I(s)->tmp.ecdh != NULL) {
-		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+		SSLerror(
 		    ERR_R_INTERNAL_ERROR);
 		goto err;
 	}
@@ -1314,7 +1314,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
 	if (s->cert->ecdh_tmp_auto != 0) {
 		ecdh = ecdhp;
 	} else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
-		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+		SSLerror(
 		    ERR_R_ECDH_LIB);
 		goto err;
 	}
@@ -1324,7 +1324,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
 	    (EC_KEY_get0_private_key(ecdh) == NULL) ||
 	    (s->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
 		if (!EC_KEY_generate_key(ecdh)) {
-			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+			SSLerror(
 			    ERR_R_ECDH_LIB);
 			goto err;
 		}
@@ -1333,7 +1333,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
 	if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
 	    (EC_KEY_get0_public_key(ecdh)  == NULL) ||
 	    (EC_KEY_get0_private_key(ecdh) == NULL)) {
-		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+		SSLerror(
 		    ERR_R_ECDH_LIB);
 		goto err;
 	}
@@ -1344,7 +1344,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
 	 */
 	if ((curve_id = tls1_ec_nid2curve_id(
 	    EC_GROUP_get_curve_name(group))) == 0) {
-		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+		SSLerror(
 		    SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
 		goto err;
 	}
@@ -1360,7 +1360,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
 
 	bn_ctx = BN_CTX_new();
 	if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
-		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+		SSLerror(
 		    ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
@@ -1369,7 +1369,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
 	    POINT_CONVERSION_UNCOMPRESSED, encodedPoint, encodedlen, bn_ctx);
 
 	if (encodedlen == 0) {
-		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+		SSLerror(ERR_R_ECDH_LIB);
 		goto err;
 	}
 
@@ -1421,7 +1421,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
 
 	/* Generate an X25519 key pair. */
 	if (S3I(s)->tmp.x25519 != NULL) {
-		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+		SSLerror(
 		    ERR_R_INTERNAL_ERROR);
 		goto err;
 	}
@@ -1433,7 +1433,7 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
 
 	/* Serialize public key. */
 	if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) {
-		SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+		SSLerror(
 		    SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
 		goto err;
 	}
@@ -1509,7 +1509,7 @@ ssl3_send_server_key_exchange(SSL *s)
 				goto err;
 		} else {
 			al = SSL_AD_HANDSHAKE_FAILURE;
-			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+			SSLerror(
 			    SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
 			goto f_err;
 		}
@@ -1531,7 +1531,7 @@ ssl3_send_server_key_exchange(SSL *s)
 
 		if (!BUF_MEM_grow_clean(buf, ssl3_handshake_msg_hdr_len(s) +
 		    params_len + kn)) {
-			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+			SSLerror(
 			    ERR_LIB_BUF);
 			goto err;
 		}
@@ -1575,9 +1575,7 @@ ssl3_send_server_key_exchange(SSL *s)
 				}
 				if (RSA_sign(NID_md5_sha1, md_buf, j,
 				    &(p[2]), &u, pkey->pkey.rsa) <= 0) {
-					SSLerr(
-					    SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-					    ERR_LIB_RSA);
+					SSLerror(ERR_R_RSA_LIB);
 					goto err;
 				}
 				s2n(u, p);
@@ -1588,9 +1586,7 @@ ssl3_send_server_key_exchange(SSL *s)
 					if (!tls12_get_sigandhash(p, pkey, md)) {
 						/* Should never happen */
 						al = SSL_AD_INTERNAL_ERROR;
-						SSLerr(
-						    SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-						    ERR_R_INTERNAL_ERROR);
+						SSLerror(ERR_R_INTERNAL_ERROR);
 						goto f_err;
 					}
 					p += 2;
@@ -1605,9 +1601,7 @@ ssl3_send_server_key_exchange(SSL *s)
 				EVP_SignUpdate(&md_ctx, d, n);
 				if (!EVP_SignFinal(&md_ctx, &p[2],
 					(unsigned int *)&i, pkey)) {
-					SSLerr(
-					    SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-					    ERR_LIB_EVP);
+					SSLerror(ERR_R_EVP_LIB);
 					goto err;
 				}
 				s2n(i, p);
@@ -1617,7 +1611,7 @@ ssl3_send_server_key_exchange(SSL *s)
 			} else {
 				/* Is this error check actually needed? */
 				al = SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+				SSLerror(
 				    SSL_R_UNKNOWN_PKEY_TYPE);
 				goto f_err;
 			}
@@ -1684,9 +1678,7 @@ ssl3_send_certificate_request(SSL *s)
 				if (!BUF_MEM_grow_clean(buf,
 				    ssl3_handshake_msg_hdr_len(s) + n + j
 				    + 2)) {
-					SSLerr(
-					    SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
-					    ERR_R_BUF_LIB);
+					SSLerror(ERR_R_BUF_LIB);
 					goto err;
 				}
 				p = ssl3_handshake_msg_start(s,
@@ -1732,7 +1724,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
 	if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) ||
 	    (pkey->pkey.rsa == NULL)) {
 		al = SSL_AD_HANDSHAKE_FAILURE;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+		SSLerror(
 		    SSL_R_MISSING_RSA_CERTIFICATE);
 		goto f_err;
 	}
@@ -1742,7 +1734,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
 		goto truncated;
 	n2s(p, i);
 	if (n != i + 2) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+		SSLerror(
 		    SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
 		goto err;
 	} else
@@ -1756,7 +1748,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
 
 	if (i != SSL_MAX_MASTER_KEY_LENGTH) {
 		al = SSL_AD_DECODE_ERROR;
-		/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
+		/* SSLerror(SSL_R_BAD_RSA_DECRYPT); */
 	}
 
 	if (p - d + 2 > n)	/* needed in the SSL3 case */
@@ -1778,7 +1770,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
 		    (p[0] == (s->version >> 8)) &&
 		    (p[1] == (s->version & 0xff)))) {
 			al = SSL_AD_DECODE_ERROR;
-			/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
+			/* SSLerror(SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
 
 			/*
 			 * The Klima-Pokorny-Rosa extension of
@@ -1816,7 +1808,7 @@ ssl3_get_client_kex_rsa(SSL *s, unsigned char *p, long n)
 	return (1);
 truncated:
 	al = SSL_AD_DECODE_ERROR;
-	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
+	SSLerror(SSL_R_BAD_PACKET_LENGTH);
 f_err:
 	ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
@@ -1844,21 +1836,21 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n)
 
 	if (S3I(s)->tmp.dh == NULL) {
 		al = SSL_AD_HANDSHAKE_FAILURE;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+		SSLerror(
 		    SSL_R_MISSING_TMP_DH_KEY);
 		goto f_err;
 	}
 	dh = S3I(s)->tmp.dh;
 
 	if ((bn = BN_bin2bn(CBS_data(&dh_Yc), CBS_len(&dh_Yc), NULL)) == NULL) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+		SSLerror(
 		    SSL_R_BN_LIB);
 		goto err;
 	}
 
 	key_size = DH_compute_key(p, bn, dh);
 	if (key_size <= 0) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+		SSLerror(ERR_R_DH_LIB);
 		BN_clear_free(bn);
 		goto err;
 	}
@@ -1878,7 +1870,7 @@ ssl3_get_client_kex_dhe(SSL *s, unsigned char *p, long n)
 
  truncated:
 	al = SSL_AD_DECODE_ERROR;
-	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
+	SSLerror(SSL_R_BAD_PACKET_LENGTH);
  f_err:
 	ssl3_send_alert(s, SSL3_AL_FATAL, al);
  err:
@@ -1902,7 +1894,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
 
 	/* Initialize structures for server's ECDH key pair. */
 	if ((srvr_ecdh = EC_KEY_new()) == NULL) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+		SSLerror(
 		    ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
@@ -1918,14 +1910,14 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
 
 	if (!EC_KEY_set_group(srvr_ecdh, group) ||
 	    !EC_KEY_set_private_key(srvr_ecdh, priv_key)) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+		SSLerror(
 		    ERR_R_EC_LIB);
 		goto err;
 	}
 
 	/* Let's get client's public key */
 	if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+		SSLerror(
 		    ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
@@ -1948,7 +1940,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
 			 * group.
 			 */
 			al = SSL_AD_HANDSHAKE_FAILURE;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+			SSLerror(
 			    SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
 			goto f_err;
 		}
@@ -1956,7 +1948,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
 		if (EC_POINT_copy(clnt_ecpoint,
 		    EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec))
 		    == 0) {
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+			SSLerror(
 			    ERR_R_EC_LIB);
 			goto err;
 		}
@@ -1967,7 +1959,7 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
 		 * in the ClientKeyExchange message.
 		 */
 		if ((bn_ctx = BN_CTX_new()) == NULL) {
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+			SSLerror(
 			    ERR_R_MALLOC_FAILURE);
 			goto err;
 		}
@@ -1977,13 +1969,13 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
 
 		p += 1;
 		if (n != 1 + i) {
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+			SSLerror(
 			    ERR_R_EC_LIB);
 			goto err;
 		}
 		if (EC_POINT_oct2point(group,
 			clnt_ecpoint, p, i, bn_ctx) == 0) {
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+			SSLerror(
 			    ERR_R_EC_LIB);
 			goto err;
 		}
@@ -1997,14 +1989,14 @@ ssl3_get_client_kex_ecdhe_ecp(SSL *s, unsigned char *p, long n)
 	/* Compute the shared pre-master secret */
 	key_size = ECDH_size(srvr_ecdh);
 	if (key_size <= 0) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+		SSLerror(
 		    ERR_R_ECDH_LIB);
 		goto err;
 	}
 	i = ECDH_compute_key(p, key_size, clnt_ecpoint, srvr_ecdh,
 	    NULL);
 	if (i <= 0) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+		SSLerror(
 		    ERR_R_ECDH_LIB);
 		goto err;
 	}
@@ -2122,7 +2114,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
 	if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag,
 	    &Tclass, n) != V_ASN1_CONSTRUCTED ||
 	    Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+		SSLerror(
 		    SSL_R_DECRYPTION_FAILED);
 		goto gerr;
 	}
@@ -2130,7 +2122,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
 	inlen = Tlen;
 	if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen,
 	    start, inlen) <=0) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+		SSLerror(
 		    SSL_R_DECRYPTION_FAILED);
 		goto gerr;
 	}
@@ -2154,7 +2146,7 @@ ssl3_get_client_kex_gost(SSL *s, unsigned char *p, long n)
 
  truncated:
 	al = SSL_AD_DECODE_ERROR;
-	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
+	SSLerror(SSL_R_BAD_PACKET_LENGTH);
 	ssl3_send_alert(s, SSL3_AL_FATAL, al);
  err:
 	return (-1);
@@ -2192,7 +2184,7 @@ ssl3_get_client_key_exchange(SSL *s)
 			goto err;
 	} else {
 		al = SSL_AD_HANDSHAKE_FAILURE;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+		SSLerror(
 		    SSL_R_UNKNOWN_CIPHER_TYPE);
 		goto f_err;
 	}
@@ -2236,7 +2228,7 @@ ssl3_get_cert_verify(SSL *s)
 		S3I(s)->tmp.reuse_message = 1;
 		if (peer != NULL) {
 			al = SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			SSLerror(
 			    SSL_R_MISSING_VERIFY_MESSAGE);
 			goto f_err;
 		}
@@ -2245,21 +2237,21 @@ ssl3_get_cert_verify(SSL *s)
 	}
 
 	if (peer == NULL) {
-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+		SSLerror(
 		    SSL_R_NO_CLIENT_CERT_RECEIVED);
 		al = SSL_AD_UNEXPECTED_MESSAGE;
 		goto f_err;
 	}
 
 	if (!(type & EVP_PKT_SIGN)) {
-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+		SSLerror(
 		    SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
 		al = SSL_AD_ILLEGAL_PARAMETER;
 		goto f_err;
 	}
 
 	if (S3I(s)->change_cipher_spec) {
-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+		SSLerror(
 		    SSL_R_CCS_RECEIVED_EARLY);
 		al = SSL_AD_UNEXPECTED_MESSAGE;
 		goto f_err;
@@ -2281,7 +2273,7 @@ ssl3_get_cert_verify(SSL *s)
 			int sigalg = tls12_get_sigid(pkey);
 			/* Should never happen */
 			if (sigalg == -1) {
-				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+				SSLerror(
 				    ERR_R_INTERNAL_ERROR);
 				al = SSL_AD_INTERNAL_ERROR;
 				goto f_err;
@@ -2290,14 +2282,14 @@ ssl3_get_cert_verify(SSL *s)
 				goto truncated;
 			/* Check key type is consistent with signature */
 			if (sigalg != (int)p[1]) {
-				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+				SSLerror(
 				    SSL_R_WRONG_SIGNATURE_TYPE);
 				al = SSL_AD_DECODE_ERROR;
 				goto f_err;
 			}
 			md = tls12_get_hash(p[0]);
 			if (md == NULL) {
-				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+				SSLerror(
 				    SSL_R_UNKNOWN_DIGEST);
 				al = SSL_AD_DECODE_ERROR;
 				goto f_err;
@@ -2314,7 +2306,7 @@ ssl3_get_cert_verify(SSL *s)
 	}
 	j = EVP_PKEY_size(pkey);
 	if ((i > j) || (n > j) || (n <= 0)) {
-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+		SSLerror(
 		    SSL_R_WRONG_SIGNATURE_SIZE);
 		al = SSL_AD_DECODE_ERROR;
 		goto f_err;
@@ -2325,14 +2317,14 @@ ssl3_get_cert_verify(SSL *s)
 		void *hdata;
 		hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
 		if (hdatalen <= 0) {
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			SSLerror(
 			    ERR_R_INTERNAL_ERROR);
 			al = SSL_AD_INTERNAL_ERROR;
 			goto f_err;
 		}
 		if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
 		    !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			SSLerror(
 			    ERR_R_EVP_LIB);
 			al = SSL_AD_INTERNAL_ERROR;
 			goto f_err;
@@ -2340,7 +2332,7 @@ ssl3_get_cert_verify(SSL *s)
 
 		if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
 			al = SSL_AD_DECRYPT_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			SSLerror(
 			    SSL_R_BAD_SIGNATURE);
 			goto f_err;
 		}
@@ -2351,13 +2343,13 @@ ssl3_get_cert_verify(SSL *s)
 		    pkey->pkey.rsa);
 		if (i < 0) {
 			al = SSL_AD_DECRYPT_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			SSLerror(
 			    SSL_R_BAD_RSA_DECRYPT);
 			goto f_err;
 		}
 		if (i == 0) {
 			al = SSL_AD_DECRYPT_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			SSLerror(
 			    SSL_R_BAD_RSA_SIGNATURE);
 			goto f_err;
 		}
@@ -2369,7 +2361,7 @@ ssl3_get_cert_verify(SSL *s)
 		if (j <= 0) {
 			/* bad signature */
 			al = SSL_AD_DECRYPT_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			SSLerror(
 			    SSL_R_BAD_DSA_SIGNATURE);
 			goto f_err;
 		}
@@ -2381,7 +2373,7 @@ ssl3_get_cert_verify(SSL *s)
 		if (j <= 0) {
 			/* bad signature */
 			al = SSL_AD_DECRYPT_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			SSLerror(
 			    SSL_R_BAD_ECDSA_SIGNATURE);
 			goto f_err;
 		}
@@ -2398,21 +2390,21 @@ ssl3_get_cert_verify(SSL *s)
 
 		hdatalen = BIO_get_mem_data(S3I(s)->handshake_buffer, &hdata);
 		if (hdatalen <= 0) {
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			SSLerror(
 			    ERR_R_INTERNAL_ERROR);
 			al = SSL_AD_INTERNAL_ERROR;
 			goto f_err;
 		}
 		if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
 				!(md = EVP_get_digestbynid(nid))) {
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			SSLerror(
 					ERR_R_EVP_LIB);
 			al = SSL_AD_INTERNAL_ERROR;
 			goto f_err;
 		}
 		pctx = EVP_PKEY_CTX_new(pkey, NULL);
 		if (!pctx) {
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			SSLerror(
 			    ERR_R_EVP_LIB);
 			al = SSL_AD_INTERNAL_ERROR;
 			goto f_err;
@@ -2426,7 +2418,7 @@ ssl3_get_cert_verify(SSL *s)
 				       EVP_PKEY_CTRL_GOST_SIG_FORMAT,
 				       GOST_SIG_FORMAT_RS_LE,
 				       NULL) <= 0)) {
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			SSLerror(
 			    ERR_R_EVP_LIB);
 			al = SSL_AD_INTERNAL_ERROR;
 			EVP_PKEY_CTX_free(pctx);
@@ -2435,7 +2427,7 @@ ssl3_get_cert_verify(SSL *s)
 
 		if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) {
 			al = SSL_AD_DECRYPT_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			SSLerror(
 			    SSL_R_BAD_SIGNATURE);
 			EVP_PKEY_CTX_free(pctx);
 			goto f_err;
@@ -2445,7 +2437,7 @@ ssl3_get_cert_verify(SSL *s)
 	} else
 #endif
 	{
-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+		SSLerror(
 		    ERR_R_INTERNAL_ERROR);
 		al = SSL_AD_UNSUPPORTED_CERTIFICATE;
 		goto f_err;
@@ -2456,7 +2448,7 @@ ssl3_get_cert_verify(SSL *s)
 	if (0) {
 truncated:
 		al = SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_PACKET_LENGTH);
+		SSLerror(SSL_R_BAD_PACKET_LENGTH);
 f_err:
 		ssl3_send_alert(s, SSL3_AL_FATAL, al);
 	}
@@ -2490,7 +2482,7 @@ ssl3_get_client_certificate(SSL *s)
 	if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
 		if ((s->verify_mode & SSL_VERIFY_PEER) &&
 		    (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
-		    	SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+		    	SSLerror(
 			    SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
 			al = SSL_AD_HANDSHAKE_FAILURE;
 			goto f_err;
@@ -2500,7 +2492,7 @@ ssl3_get_client_certificate(SSL *s)
 		 * the client must return a 0 list.
 		 */
 		if (S3I(s)->tmp.cert_request) {
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+			SSLerror(
 			    SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
 			    );
 			al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -2512,7 +2504,7 @@ ssl3_get_client_certificate(SSL *s)
 
 	if (S3I(s)->tmp.message_type != SSL3_MT_CERTIFICATE) {
 		al = SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+		SSLerror(
 		    SSL_R_WRONG_MESSAGE_TYPE);
 		goto f_err;
 	}
@@ -2523,7 +2515,7 @@ ssl3_get_client_certificate(SSL *s)
 	CBS_init(&cbs, s->internal->init_msg, n);
 
 	if ((sk = sk_X509_new_null()) == NULL) {
-		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+		SSLerror(
 		    ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
@@ -2537,7 +2529,7 @@ ssl3_get_client_certificate(SSL *s)
 
 		if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
 			al = SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+			SSLerror(
 			    SSL_R_CERT_LENGTH_MISMATCH);
 			goto f_err;
 		}
@@ -2545,18 +2537,18 @@ ssl3_get_client_certificate(SSL *s)
 		q = CBS_data(&cert);
 		x = d2i_X509(NULL, &q, CBS_len(&cert));
 		if (x == NULL) {
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+			SSLerror(
 			    ERR_R_ASN1_LIB);
 			goto err;
 		}
 		if (q != CBS_data(&cert) + CBS_len(&cert)) {
 			al = SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+			SSLerror(
 			    SSL_R_CERT_LENGTH_MISMATCH);
 			goto f_err;
 		}
 		if (!sk_X509_push(sk, x)) {
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+			SSLerror(
 			    ERR_R_MALLOC_FAILURE);
 			goto err;
 		}
@@ -2570,7 +2562,7 @@ ssl3_get_client_certificate(SSL *s)
 		 */
 		if ((s->verify_mode & SSL_VERIFY_PEER) &&
 		    (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+			SSLerror(
 			    SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
 			al = SSL_AD_HANDSHAKE_FAILURE;
 			goto f_err;
@@ -2584,7 +2576,7 @@ ssl3_get_client_certificate(SSL *s)
 		i = ssl_verify_cert_chain(s, sk);
 		if (i <= 0) {
 			al = ssl_verify_alarm_type(s->verify_result);
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+			SSLerror(
 			    SSL_R_NO_CERTIFICATE_RETURNED);
 			goto f_err;
 		}
@@ -2601,7 +2593,7 @@ ssl3_get_client_certificate(SSL *s)
 	if (SSI(s)->sess_cert == NULL) {
 		SSI(s)->sess_cert = ssl_sess_cert_new();
 		if (SSI(s)->sess_cert == NULL) {
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+			SSLerror(
 			    ERR_R_MALLOC_FAILURE);
 			goto err;
 		}
@@ -2620,7 +2612,7 @@ ssl3_get_client_certificate(SSL *s)
 	if (0) {
 truncated:
 		al = SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+		SSLerror(
 		    SSL_R_BAD_PACKET_LENGTH);
 f_err:
 		ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -2646,7 +2638,7 @@ ssl3_send_server_certificate(SSL *s)
 
 	if (s->internal->state == SSL3_ST_SW_CERT_A) {
 		if ((x = ssl_get_server_send_cert(s)) == NULL) {
-			SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
+			SSLerror(
 			    ERR_R_INTERNAL_ERROR);
 			return (0);
 		}
@@ -2865,7 +2857,7 @@ ssl3_get_next_proto(SSL *s)
 	 * extension in their ClientHello
 	 */
 	if (!S3I(s)->next_proto_neg_seen) {
-		SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
+		SSLerror(
 		    SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
 		return (-1);
 	}
@@ -2882,7 +2874,7 @@ ssl3_get_next_proto(SSL *s)
 	 * by ssl3_get_finished).
 	 */
 	if (!S3I(s)->change_cipher_spec) {
-		SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
+		SSLerror(
 		    SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
 		return (-1);
 	}
@@ -2913,7 +2905,7 @@ ssl3_get_next_proto(SSL *s)
 	s->internal->next_proto_negotiated_len = 0;
 
 	if (!CBS_stow(&proto, &s->internal->next_proto_negotiated, &len)) {
-		SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
+		SSLerror(
 		    ERR_R_MALLOC_FAILURE);
 		return (0);
 	}
author	beck <beck@openbsd.org>	2017-01-26 10:40:21 +0000
committer	beck <beck@openbsd.org>	2017-01-26 10:40:21 +0000
commit	c37c9edfef0160532e31e5d5ada0f7781b5704ec (patch)
tree	8908d6759fe63c8c13e26f076c1b158713415580 /lib/libssl/ssl_srvr.c
parent	Merge the single two line function from ssl_err2.c into ssl_err.c. (diff)
download	wireguard-openbsd-c37c9edfef0160532e31e5d5ada0f7781b5704ec.tar.xz wireguard-openbsd-c37c9edfef0160532e31e5d5ada0f7781b5704ec.zip