QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-28 02:34:40 +00:00
Code Issues Projects Releases Wiki Activity

Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call

Browse Source 
This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)
This commit is contained in:
Richard Levitte 2020-11-04 12:18:33 +01:00
parent 9787b5b81f
commit 6849b73ccc
27 changed files with 340 additions and 370 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/bio_ssl.c
View File

@ -58,7 +58,7 @@ static int ssl_new(BIO *bi)
BIO_SSL *bs = OPENSSL_zalloc(sizeof(*bs));
if (bs == NULL) {
BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
return 0;
}
BIO_set_init(bi, 0);

40
ssl/d1_lib.c
View File

@ -471,7 +471,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
wbio = SSL_get_wbio(s);
if (!rbio || !wbio) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BIO_NOT_SET);
ERR_raise(ERR_LIB_SSL, SSL_R_BIO_NOT_SET);
return -1;
}
@ -483,7 +483,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
* SSL_accept)
*/
if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNSUPPORTED_SSL_VERSION);
ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_SSL_VERSION);
return -1;
}
@ -522,7 +522,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
}
if (!PACKET_buf_init(&pkt, buf, n)) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return -1;
}
@ -537,7 +537,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
/* this packet contained a partial record, dump it */
if (n < DTLS1_RT_HEADER_LENGTH) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_RECORD_TOO_SMALL);
ERR_raise(ERR_LIB_SSL, SSL_R_RECORD_TOO_SMALL);
goto end;
}
@ -548,12 +548,12 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
/* Get the record header */
if (!PACKET_get_1(&pkt, &rectype)
|| !PACKET_get_1(&pkt, &versmajor)) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
ERR_raise(ERR_LIB_SSL, SSL_R_LENGTH_MISMATCH);
goto end;
}
if (rectype != SSL3_RT_HANDSHAKE) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
ERR_raise(ERR_LIB_SSL, SSL_R_UNEXPECTED_MESSAGE);
goto end;
}
@ -562,7 +562,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
* the same.
*/
if (versmajor != DTLS1_VERSION_MAJOR) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
goto end;
}
@ -570,7 +570,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
/* Save the sequence number: 64 bits, with top 2 bytes = epoch */
|| !PACKET_copy_bytes(&pkt, seq, SEQ_NUM_SIZE)
|| !PACKET_get_length_prefixed_2(&pkt, &msgpkt)) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
ERR_raise(ERR_LIB_SSL, SSL_R_LENGTH_MISMATCH);
goto end;
}
reclen = PACKET_remaining(&msgpkt);
@ -581,7 +581,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
/* This is an initial ClientHello so the epoch has to be 0 */
if (seq[0] != 0 || seq[1] != 0) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
ERR_raise(ERR_LIB_SSL, SSL_R_UNEXPECTED_MESSAGE);
goto end;
}
@ -596,18 +596,18 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
|| !PACKET_get_net_3_len(&msgpkt, &fraglen)
|| !PACKET_get_sub_packet(&msgpkt, &msgpayload, fraglen)
|| PACKET_remaining(&msgpkt) != 0) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
ERR_raise(ERR_LIB_SSL, SSL_R_LENGTH_MISMATCH);
goto end;
}
if (msgtype != SSL3_MT_CLIENT_HELLO) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
ERR_raise(ERR_LIB_SSL, SSL_R_UNEXPECTED_MESSAGE);
goto end;
}
/* Message sequence number can only be 0 or 1 */
if (msgseq > 2) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_INVALID_SEQUENCE_NUMBER);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SEQUENCE_NUMBER);
goto end;
}
@ -620,7 +620,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
*/
if (fragoff != 0 || fraglen > msglen) {
/* Non initial ClientHello fragment (or bad fragment) */
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_FRAGMENTED_CLIENT_HELLO);
ERR_raise(ERR_LIB_SSL, SSL_R_FRAGMENTED_CLIENT_HELLO);
goto end;
}
@ -630,7 +630,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
s->msg_callback_arg);
if (!PACKET_get_net_2(&msgpayload, &clientvers)) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
ERR_raise(ERR_LIB_SSL, SSL_R_LENGTH_MISMATCH);
goto end;
}
@ -639,7 +639,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
*/
if (DTLS_VERSION_LT(clientvers, (unsigned int)s->method->version) &&
s->method->version != DTLS_ANY_VERSION) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_WRONG_VERSION_NUMBER);
ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_VERSION_NUMBER);
goto end;
}
@ -650,7 +650,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
* Could be malformed or the cookie does not fit within the initial
* ClientHello fragment. Either way we can't handle it.
*/
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
ERR_raise(ERR_LIB_SSL, SSL_R_LENGTH_MISMATCH);
goto end;
}
@ -665,7 +665,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
* We have a cookie, so lets check it.
*/
if (s->ctx->app_verify_cookie_cb == NULL) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_NO_VERIFY_COOKIE_CALLBACK);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_VERIFY_COOKIE_CALLBACK);
/* This is fatal */
return -1;
}
@ -697,7 +697,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
if (s->ctx->app_gen_cookie_cb == NULL ||
s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
cookielen > 255) {
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
ERR_raise(ERR_LIB_SSL, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
/* This is fatal */
return -1;
}
@ -760,7 +760,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
|| !WPACKET_close(&wpkt)
|| !WPACKET_get_total_written(&wpkt, &wreclen)
|| !WPACKET_finish(&wpkt)) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
WPACKET_cleanup(&wpkt);
/* This is fatal */
return -1;
@ -782,7 +782,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
if ((tmpclient = BIO_ADDR_new()) == NULL) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto end;
}

5
ssl/d1_msg.c
View File

@ -19,14 +19,13 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
if (i < 0)
return i;
if (i == 0) {
SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,
SSL_R_SSL_HANDSHAKE_FAILURE);
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_HANDSHAKE_FAILURE);
return -1;
}
}
if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
ERR_raise(ERR_LIB_SSL, SSL_R_DTLS_MESSAGE_TOO_BIG);
return -1;
}

12
ssl/d1_srtp.c
View File

@ -68,8 +68,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
SRTP_PROTECTION_PROFILE *p;
if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
return 1;
}
@ -79,19 +78,16 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
: strlen(ptr))) {
if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
goto err;
}
if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
goto err;
}
} else {
SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
ERR_raise(ERR_LIB_SSL, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
goto err;
}

4
ssl/pqueue.c
View File

@ -20,7 +20,7 @@ pitem *pitem_new(unsigned char *prio64be, void *data)
pitem *item = OPENSSL_malloc(sizeof(*item));
if (item == NULL) {
SSLerr(SSL_F_PITEM_NEW, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return NULL;
}
@ -40,7 +40,7 @@ pqueue *pqueue_new(void)
pqueue *pq = OPENSSL_zalloc(sizeof(*pq));
if (pq == NULL)
SSLerr(SSL_F_PQUEUE_NEW, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return pq;
}

2
ssl/record/rec_layer_d1.c
View File

@ -21,7 +21,7 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
DTLS_RECORD_LAYER *d;
if ((d = OPENSSL_malloc(sizeof(*d))) == NULL) {
SSLerr(SSL_F_DTLS_RECORD_LAYER_NEW, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}

42
ssl/s3_lib.c
View File

@ -3457,17 +3457,17 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
DH *dh = (DH *)parg;
EVP_PKEY *pkdh = NULL;
if (dh == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
pkdh = ssl_dh_to_pkey(dh);
if (pkdh == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!ssl_security(s, SSL_SECOP_TMP_DH,
EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
EVP_PKEY_free(pkdh);
return 0;
}
@ -3478,7 +3478,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
break;
case SSL_CTRL_SET_TMP_DH_CB:
{
SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return ret;
}
case SSL_CTRL_SET_DH_AUTO:
@ -3492,12 +3492,12 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
int nid;
if (parg == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
group = EC_KEY_get0_group((const EC_KEY *)parg);
if (group == NULL) {
SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
return 0;
}
nid = EC_GROUP_get_curve_name(group);
@ -3530,15 +3530,15 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
break;
len = strlen((char *)parg);
if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
return 0;
}
if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
} else {
SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
return 0;
}
break;
@ -3808,17 +3808,17 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
DH *dh = (DH *)parg;
EVP_PKEY *pkdh = NULL;
if (dh == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
pkdh = ssl_dh_to_pkey(dh);
if (pkdh == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
EVP_PKEY_free(pkdh);
return 0;
}
@ -3828,7 +3828,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
}
case SSL_CTRL_SET_TMP_DH_CB:
{
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
case SSL_CTRL_SET_DH_AUTO:
@ -3842,12 +3842,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
int nid;
if (parg == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
group = EC_KEY_get0_group((const EC_KEY *)parg);
if (group == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
return 0;
}
nid = EC_GROUP_get_curve_name(group);
@ -3871,7 +3871,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
if (keys == NULL)
return tick_keylen;
if (larg != tick_keylen) {
SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
return 0;
}
if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
@ -3925,11 +3925,11 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
if (parg == NULL)
break;
if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
return 0;
}
if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
break;
@ -3939,7 +3939,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
if (ctx->srp_ctx.info != NULL)
OPENSSL_free(ctx->srp_ctx.info);
if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
break;
@ -3993,12 +3993,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
case SSL_CTRL_EXTRA_CHAIN_CERT:
if (ctx->extra_certs == NULL) {
if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
}
if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
break;

2
ssl/s3_msg.c
View File

@ -21,7 +21,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
if (s->s3.tmp.key_block == NULL) {
if (s->session == NULL || s->session->master_key_length == 0) {
/* might happen if dtls1_read_bytes() calls this */
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
ERR_raise(ERR_LIB_SSL, SSL_R_CCS_RECEIVED_EARLY);
return 0;
}

8
ssl/ssl_asn1.c
View File

@ -259,21 +259,21 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
}
if (as->version != SSL_SESSION_ASN1_VERSION) {
SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_SSL_VERSION);
goto err;
}
if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR
&& (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR
&& as->ssl_version != DTLS1_BAD_VER) {
SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_SSL_VERSION);
goto err;
}
ret->ssl_version = (int)as->ssl_version;
if (as->cipher->length != 2) {
SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH);
ERR_raise(ERR_LIB_SSL, SSL_R_CIPHER_CODE_WRONG_LENGTH);
goto err;
}
@ -339,7 +339,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
#ifndef OPENSSL_NO_COMP
if (as->comp_id) {
if (as->comp_id->length != 1) {
SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
goto err;
}
ret->compress_meth = as->comp_id->data[0];

52
ssl/ssl_cert.c
View File

@ -53,7 +53,7 @@ CERT *ssl_cert_new(void)
CERT *ret = OPENSSL_zalloc(sizeof(*ret));
if (ret == NULL) {
SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return NULL;
}
@ -64,7 +64,7 @@ CERT *ssl_cert_new(void)
ret->sec_ex = NULL;
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
OPENSSL_free(ret);
return NULL;
}
@ -78,7 +78,7 @@ CERT *ssl_cert_dup(CERT *cert)
int i;
if (ret == NULL) {
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return NULL;
}
@ -86,7 +86,7 @@ CERT *ssl_cert_dup(CERT *cert)
ret->key = &ret->pkeys[cert->key - cert->pkeys];
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
OPENSSL_free(ret);
return NULL;
}
@ -115,7 +115,7 @@ CERT *ssl_cert_dup(CERT *cert)
if (cpk->chain) {
rpk->chain = X509_chain_up_ref(cpk->chain);
if (!rpk->chain) {
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
}
@ -124,7 +124,7 @@ CERT *ssl_cert_dup(CERT *cert)
ret->pkeys[i].serverinfo =
OPENSSL_malloc(cert->pkeys[i].serverinfo_length);
if (ret->pkeys[i].serverinfo == NULL) {
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length;
@ -262,7 +262,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
r = ssl_security_cert(s, ctx, x, 0, 0);
if (r != 1) {
SSLerr(SSL_F_SSL_CERT_SET0_CHAIN, r);
ERR_raise(ERR_LIB_SSL, r);
return 0;
}
}
@ -294,7 +294,7 @@ int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
return 0;
r = ssl_security_cert(s, ctx, x, 0, 0);
if (r != 1) {
SSLerr(SSL_F_SSL_CERT_ADD0_CHAIN_CERT, r);
ERR_raise(ERR_LIB_SSL, r);
return 0;
}
if (!cpk->chain)
@ -382,13 +382,13 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
ctx = X509_STORE_CTX_new_ex(s->ctx->libctx, s->ctx->propq);
if (ctx == NULL) {
SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
x = sk_X509_value(sk, 0);
if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {
SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
goto end;
}
param = X509_STORE_CTX_get0_param(ctx);
@ -436,7 +436,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
if (s->verified_chain == NULL) {
SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
i = 0;
}
}
@ -465,13 +465,13 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
ret = sk_X509_NAME_new_reserve(NULL, num);
if (ret == NULL) {
SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return NULL;
}
for (i = 0; i < num; i++) {
name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
if (name == NULL) {
SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
sk_X509_NAME_pop_free(ret, X509_NAME_free);
return NULL;
}
@ -617,13 +617,13 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
OSSL_LIB_CTX *prev_libctx = NULL;
if ((name_hash == NULL) || (in == NULL)) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
x = X509_new_ex(libctx, propq);
if (x == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!BIO_read_filename(in, file))
@ -637,7 +637,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
if (ret == NULL) {
ret = sk_X509_NAME_new_null();
if (ret == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
}
@ -693,7 +693,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
in = BIO_new(BIO_s_file());
if (in == NULL) {
SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
@ -743,8 +743,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
int r;
if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {
SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,
SSL_R_PATH_TOO_LONG);
ERR_raise(ERR_LIB_SSL, SSL_R_PATH_TOO_LONG);
goto err;
}
#ifdef OPENSSL_SYS_VMS
@ -760,9 +759,8 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
if (errno) {
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
"calling OPENSSL_dir_read(%s)",
dir);
SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
"calling OPENSSL_dir_read(%s)", dir);
ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
goto err;
}
@ -853,7 +851,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
int i, rv = 0;
if (!cpk->x509) {
SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_NO_CERTIFICATE_SET);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_SET);
goto err;
}
/* Rearranging and check the chain: add everything to a store */
@ -883,11 +881,11 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
xs_ctx = X509_STORE_CTX_new_ex(real_ctx->libctx, ctx->propq);
if (xs_ctx == NULL) {
SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) {
SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_X509_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_X509_LIB);
goto err;
}
/* Set suite B flags if needed */
@ -904,7 +902,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
if (i > 0)
chain = X509_STORE_CTX_get1_chain(xs_ctx);
if (i <= 0) {
SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_CERTIFICATE_VERIFY_FAILED);
ERR_raise(ERR_LIB_SSL, SSL_R_CERTIFICATE_VERIFY_FAILED);
i = X509_STORE_CTX_get_error(xs_ctx);
ERR_add_error_data(2, "Verify error:",
X509_verify_cert_error_string(i));
@ -932,7 +930,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
x = sk_X509_value(chain, i);
rv = ssl_security_cert(s, ctx, x, 0, 0);
if (rv != 1) {
SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, rv);
ERR_raise(ERR_LIB_SSL, rv);
sk_X509_pop_free(chain, X509_free);
rv = 0;
goto err;

36
ssl/ssl_ciph.c
View File

@ -947,7 +947,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
if (number_uses == NULL) {
SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
@ -1044,7 +1044,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* it is no command or separator nor
* alphanumeric, so we call this an error.
*/
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_COMMAND);
retval = found = 0;
l++;
break;
@ -1202,14 +1202,13 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
} else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
int level = buf[9] - '0';
if (level < 0 || level > 5) {
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
SSL_R_INVALID_COMMAND);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_COMMAND);
} else {
c->sec_level = level;
ok = 1;
}
} else {
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_COMMAND);
}
if (ok == 0)
retval = 0;
@ -1265,8 +1264,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
/* Check version: if TLS 1.2 ciphers allowed we can use Suite B */
if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)) {
SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE);
ERR_raise(ERR_LIB_SSL, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE);
return 0;
}
# ifndef OPENSSL_NO_EC
@ -1287,7 +1285,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
}
return 1;
# else
SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
ERR_raise(ERR_LIB_SSL, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
return 0;
# endif
}
@ -1301,7 +1299,7 @@ static int ciphersuite_cb(const char *elem, int len, void *arg)
char name[80];
if (len > (int)(sizeof(name) - 1)) {
SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
return 0;
}
@ -1310,12 +1308,12 @@ static int ciphersuite_cb(const char *elem, int len, void *arg)
cipher = ssl3_get_cipher_by_std_name(name);
if (cipher == NULL) {
SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
return 0;
}
if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) {
SSLerr(SSL_F_CIPHERSUITE_CB, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -1462,7 +1460,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return NULL; /* Failure */
}
@ -1576,7 +1574,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) {
OPENSSL_free(co_list);
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return NULL; /* Failure */
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
@ -1675,7 +1673,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
if (buf == NULL) {
len = 128;
if ((buf = OPENSSL_malloc(len)) == NULL) {
SSLerr(SSL_F_SSL_CIPHER_DESCRIPTION, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return NULL;
}
} else if (len < 128) {
@ -2014,14 +2012,13 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
* 193 to 255: reserved for private use
*/
if (id < 193 || id > 255) {
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
ERR_raise(ERR_LIB_SSL, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
return 1;
}
comp = OPENSSL_malloc(sizeof(*comp));
if (comp == NULL) {
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 1;
}
@ -2030,13 +2027,12 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
load_builtin_compressions();
if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
OPENSSL_free(comp);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
SSL_R_DUPLICATE_COMPRESSION_ID);
ERR_raise(ERR_LIB_SSL, SSL_R_DUPLICATE_COMPRESSION_ID);
return 1;
}
if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
OPENSSL_free(comp);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 1;
}
return 0;

6
ssl/ssl_conf.c
View File

@ -851,7 +851,7 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
{
const ssl_conf_cmd_tbl *runcmd;
if (cmd == NULL) {
SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_INVALID_NULL_CMD_NAME);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_NULL_CMD_NAME);
return 0;
}
@ -873,14 +873,14 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
if (rv == -2)
return -2;
if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) {
SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_BAD_VALUE);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_VALUE);
ERR_add_error_data(4, "cmd=", cmd, ", value=", value);
}
return 0;
}
if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) {
SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_UNKNOWN_CMD_NAME);
ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME);
ERR_add_error_data(2, "cmd=", cmd);
}

2
ssl/ssl_init.c
View File

@ -111,7 +111,7 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)
* sets an error etc
*/
stoperrset = 1;
SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL);
ERR_raise(ERR_LIB_SSL, ERR_R_INIT_FAIL);
}
return 0;
}

224
ssl/ssl_lib.c
View File

@ -126,7 +126,7 @@ static int dane_ctx_enable(struct dane_ctx_st *dctx)
if (mdord == NULL || mdevp == NULL) {
OPENSSL_free(mdord);
OPENSSL_free(mdevp);
SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
@ -200,7 +200,7 @@ static int ssl_dane_dup(SSL *to, SSL *from)
to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
if (to->dane.trecs == NULL) {
SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
@ -220,7 +220,7 @@ static int dane_mtype_set(struct dane_ctx_st *dctx,
int i;
if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
return 0;
}
@ -231,14 +231,14 @@ static int dane_mtype_set(struct dane_ctx_st *dctx,
mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
if (mdevp == NULL) {
SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return -1;
}
dctx->mdevp = mdevp;
mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
if (mdord == NULL) {
SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return -1;
}
dctx->mdord = mdord;
@ -278,44 +278,44 @@ static int dane_tlsa_add(SSL_DANE *dane,
int num;
if (dane->trecs == NULL) {
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_NOT_ENABLED);
return -1;
}
if (ilen < 0 || dlen != (size_t)ilen) {
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
return 0;
}
if (usage > DANETLS_USAGE_LAST) {
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
return 0;
}
if (selector > DANETLS_SELECTOR_LAST) {
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_SELECTOR);
return 0;
}
if (mtype != DANETLS_MATCHING_FULL) {
md = tlsa_md_get(dane, mtype);
if (md == NULL) {
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
return 0;
}
}
if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
return 0;
}
if (!data) {
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_NULL_DATA);
return 0;
}
if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return -1;
}
@ -325,7 +325,7 @@ static int dane_tlsa_add(SSL_DANE *dane,
t->data = OPENSSL_malloc(dlen);
if (t->data == NULL) {
tlsa_free(t);
SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return -1;
}
memcpy(t->data, data, dlen);
@ -342,12 +342,12 @@ static int dane_tlsa_add(SSL_DANE *dane,
if (!d2i_X509(&cert, &p, ilen) || p < data ||
dlen != (size_t)(p - data)) {
tlsa_free(t);
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
return 0;
}
if (X509_get0_pubkey(cert) == NULL) {
tlsa_free(t);
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
return 0;
}
@ -366,7 +366,7 @@ static int dane_tlsa_add(SSL_DANE *dane,
if ((dane->certs == NULL &&
(dane->certs = sk_X509_new_null()) == NULL) ||
!sk_X509_push(dane->certs, cert)) {
SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
X509_free(cert);
tlsa_free(t);
return -1;
@ -377,7 +377,7 @@ static int dane_tlsa_add(SSL_DANE *dane,
if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
dlen != (size_t)(p - data)) {
tlsa_free(t);
SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
return 0;
}
@ -427,7 +427,7 @@ static int dane_tlsa_add(SSL_DANE *dane,
if (!sk_danetls_record_insert(dane->trecs, t, i)) {
tlsa_free(t);
SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return -1;
}
dane->umask |= DANETLS_USAGE_BIT(usage);
@ -569,7 +569,7 @@ static void clear_ciphers(SSL *s)
int SSL_clear(SSL *s)
{
if (s->method == NULL) {
SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_METHOD_SPECIFIED);
return 0;
}
@ -590,7 +590,7 @@ int SSL_clear(SSL *s)
s->shutdown = 0;
if (s->renegotiate) {
SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -653,7 +653,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
ctx->method = meth;
if (!SSL_CTX_set_ciphersuites(ctx, OSSL_default_ciphersuites())) {
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return 0;
}
sk = ssl_create_cipher_list(ctx->method,
@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
&(ctx->cipher_list_by_id),
OSSL_default_cipher_list(), ctx->cert);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return 0;
}
return 1;
@ -674,11 +674,11 @@ SSL *SSL_new(SSL_CTX *ctx)
SSL *s;
if (ctx == NULL) {
SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_CTX);
return NULL;
}
if (ctx->method == NULL) {
SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
return NULL;
}
@ -846,7 +846,7 @@ SSL *SSL_new(SSL_CTX *ctx)
return s;
err:
SSL_free(s);
SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return NULL;
}
@ -871,8 +871,7 @@ int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
unsigned int sid_ctx_len)
{
if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
return 0;
}
ctx->sid_ctx_length = sid_ctx_len;
@ -885,8 +884,7 @@ int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
unsigned int sid_ctx_len)
{
if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
return 0;
}
ssl->sid_ctx_length = sid_ctx_len;
@ -1031,11 +1029,11 @@ int SSL_dane_enable(SSL *s, const char *basedomain)
SSL_DANE *dane = &s->dane;
if (s->ctx->dane.mdmax == 0) {
SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
ERR_raise(ERR_LIB_SSL, SSL_R_CONTEXT_NOT_DANE_ENABLED);
return 0;
}
if (dane->trecs != NULL) {
SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_ALREADY_ENABLED);
return 0;
}
@ -1046,14 +1044,14 @@ int SSL_dane_enable(SSL *s, const char *basedomain)
*/
if (s->ext.hostname == NULL) {
if (!SSL_set_tlsext_host_name(s, basedomain)) {
SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
return -1;
}
}
/* Primary RFC6125 reference identifier */
if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
return -1;
}
@ -1063,7 +1061,7 @@ int SSL_dane_enable(SSL *s, const char *basedomain)
dane->trecs = sk_danetls_record_new_null();
if (dane->trecs == NULL) {
SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return -1;
}
return 1;
@ -1379,7 +1377,7 @@ int SSL_set_fd(SSL *s, int fd)
bio = BIO_new(BIO_s_socket());
if (bio == NULL) {
SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
goto err;
}
BIO_set_fd(bio, fd, BIO_NOCLOSE);
@ -1407,7 +1405,7 @@ int SSL_set_wfd(SSL *s, int fd)
BIO *bio = BIO_new(BIO_s_socket());
if (bio == NULL) {
SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
return 0;
}
BIO_set_fd(bio, fd, BIO_NOCLOSE);
@ -1437,7 +1435,7 @@ int SSL_set_rfd(SSL *s, int fd)
BIO *bio = BIO_new(BIO_s_socket());
if (bio == NULL) {
SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
return 0;
}
BIO_set_fd(bio, fd, BIO_NOCLOSE);
@ -1630,11 +1628,11 @@ int SSL_copy_session_id(SSL *t, const SSL *f)
int SSL_CTX_check_private_key(const SSL_CTX *ctx)
{
if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
return 0;
}
if (ctx->cert->key->privatekey == NULL) {
SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
return 0;
}
return X509_check_private_key
@ -1645,15 +1643,15 @@ int SSL_CTX_check_private_key(const SSL_CTX *ctx)
int SSL_check_private_key(const SSL *ssl)
{
if (ssl == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (ssl->cert->key->x509 == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
return 0;
}
if (ssl->cert->key->privatekey == NULL) {
SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
return 0;
}
return X509_check_private_key(ssl->cert->key->x509,
@ -1771,7 +1769,7 @@ static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
sizeof(struct ssl_async_args))) {
case ASYNC_ERR:
s->rwstate = SSL_NOTHING;
SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_INIT_ASYNC);
return -1;
case ASYNC_PAUSE:
s->rwstate = SSL_ASYNC_PAUSED;
@ -1784,7 +1782,7 @@ static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
return ret;
default:
s->rwstate = SSL_NOTHING;
SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
/* Shouldn't happen */
return -1;
}
@ -1815,7 +1813,7 @@ static int ssl_io_intern(void *vargs)
int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
{
if (s->handshake_func == NULL) {
SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED);
ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
return -1;
}
@ -1826,7 +1824,7 @@ int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
|| s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
/*
@ -1859,7 +1857,7 @@ int SSL_read(SSL *s, void *buf, int num)
size_t readbytes;
if (num < 0) {
SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
return -1;
}
@ -1889,15 +1887,14 @@ int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
int ret;
if (!s->server) {
SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return SSL_READ_EARLY_DATA_ERROR;
}
switch (s->early_data_state) {
case SSL_EARLY_DATA_NONE:
if (!SSL_in_before(s)) {
SSLerr(SSL_F_SSL_READ_EARLY_DATA,
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return SSL_READ_EARLY_DATA_ERROR;
}
/* fall through */
@ -1934,7 +1931,7 @@ int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
return SSL_READ_EARLY_DATA_FINISH;
default:
SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return SSL_READ_EARLY_DATA_ERROR;
}
}
@ -1947,7 +1944,7 @@ int SSL_get_early_data_status(const SSL *s)
static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
{
if (s->handshake_func == NULL) {
SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED);
ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
return -1;
}
@ -1978,7 +1975,7 @@ int SSL_peek(SSL *s, void *buf, int num)
size_t readbytes;
if (num < 0) {
SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
return -1;
}
@ -2007,20 +2004,20 @@ int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
{
if (s->handshake_func == NULL) {
SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED);
ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
return -1;
}
if (s->shutdown & SSL_SENT_SHUTDOWN) {
s->rwstate = SSL_NOTHING;
SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN);
ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
return -1;
}
if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
|| s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
|| s->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
/* If we are a client and haven't sent the Finished we better do that */
@ -2049,18 +2046,18 @@ ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags)
ossl_ssize_t ret;
if (s->handshake_func == NULL) {
SSLerr(SSL_F_SSL_SENDFILE, SSL_R_UNINITIALIZED);
ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
return -1;
}
if (s->shutdown & SSL_SENT_SHUTDOWN) {
s->rwstate = SSL_NOTHING;
SSLerr(SSL_F_SSL_SENDFILE, SSL_R_PROTOCOL_IS_SHUTDOWN);
ERR_raise(ERR_LIB_SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
return -1;
}
if (!BIO_get_ktls_send(s->wbio)) {
SSLerr(SSL_F_SSL_SENDFILE, SSL_R_UNINITIALIZED);
ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
return -1;
}
@ -2100,7 +2097,7 @@ ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags)
BIO_set_retry_write(s->wbio);
else
#endif
SSLerr(SSL_F_SSL_SENDFILE, SSL_R_UNINITIALIZED);
ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
return ret;
}
s->rwstate = SSL_NOTHING;
@ -2114,7 +2111,7 @@ int SSL_write(SSL *s, const void *buf, int num)
size_t written;
if (num < 0) {
SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
return -1;
}
@ -2151,8 +2148,7 @@ int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
|| !SSL_in_before(s)
|| ((s->session == NULL || s->session->ext.max_early_data == 0)
&& (s->psk_use_session_cb == NULL))) {
SSLerr(SSL_F_SSL_WRITE_EARLY_DATA,
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
/* fall through */
@ -2206,7 +2202,7 @@ int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
return ret;
default:
SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
}
@ -2221,7 +2217,7 @@ int SSL_shutdown(SSL *s)
*/
if (s->handshake_func == NULL) {
SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED);
return -1;
}
@ -2238,7 +2234,7 @@ int SSL_shutdown(SSL *s)
return s->method->ssl_shutdown(s);
}
} else {
SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
ERR_raise(ERR_LIB_SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT);
return -1;
}
}
@ -2251,18 +2247,18 @@ int SSL_key_update(SSL *s, int updatetype)
* of SSL_renegotiate().
*/
if (!SSL_IS_TLS13(s)) {
SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION);
ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
return 0;
}
if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
&& updatetype != SSL_KEY_UPDATE_REQUESTED) {
SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_KEY_UPDATE_TYPE);
return 0;
}
if (!SSL_is_init_finished(s)) {
SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT);
ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT);
return 0;
}
@ -2279,12 +2275,12 @@ int SSL_get_key_update_type(const SSL *s)
int SSL_renegotiate(SSL *s)
{
if (SSL_IS_TLS13(s)) {
SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION);
ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
return 0;
}
if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION);
return 0;
}
@ -2297,12 +2293,12 @@ int SSL_renegotiate(SSL *s)
int SSL_renegotiate_abbreviated(SSL *s)
{
if (SSL_IS_TLS13(s)) {
SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION);
ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
return 0;
}
if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION);
return 0;
}
@ -2718,7 +2714,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
if (sk == NULL)
return 0;
else if (cipher_list_tls12_num(sk) == 0) {
SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
return 0;
}
return 1;
@ -2736,7 +2732,7 @@ int SSL_set_cipher_list(SSL *s, const char *str)
if (sk == NULL)
return 0;
else if (cipher_list_tls12_num(sk) == 0) {
SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
return 0;
}
return 1;
@ -2995,7 +2991,7 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
OPENSSL_free(ctx->ext.alpn);
ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
if (ctx->ext.alpn == NULL) {
SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 1;
}
ctx->ext.alpn_len = protos_len;
@ -3014,7 +3010,7 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
OPENSSL_free(ssl->ext.alpn);
ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
if (ssl->ext.alpn == NULL) {
SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 1;
}
ssl->ext.alpn_len = protos_len;
@ -3126,7 +3122,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
SSL_CTX *ret = NULL;
if (meth == NULL) {
SSLerr(0, SSL_R_NULL_SSL_METHOD_PASSED);
ERR_raise(ERR_LIB_SSL, SSL_R_NULL_SSL_METHOD_PASSED);
return NULL;
}
@ -3134,7 +3130,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
return NULL;
if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
SSLerr(0, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
ERR_raise(ERR_LIB_SSL, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
goto err;
}
ret = OPENSSL_zalloc(sizeof(*ret));
@ -3159,7 +3155,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
ret->references = 1;
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
OPENSSL_free(ret);
return NULL;
}
@ -3199,7 +3195,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
&ret->cipher_list, &ret->cipher_list_by_id,
OSSL_default_cipher_list(), ret->cert)
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
SSLerr(0, SSL_R_LIBRARY_HAS_NO_CIPHERS);
ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
}
@ -3320,7 +3316,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
return ret;
err:
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
err2:
SSL_CTX_free(ret);
return NULL;
@ -3616,8 +3612,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
/* key usage, if present, must allow signing */
if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_NOT_FOR_SIGNING);
ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
return 0;
}
}
@ -3843,7 +3838,7 @@ int SSL_do_handshake(SSL *s)
int ret = 1;
if (s->handshake_func == NULL) {
SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
ERR_raise(ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
return -1;
}
@ -3885,14 +3880,13 @@ void SSL_set_connect_state(SSL *s)
int ssl_undefined_function(SSL *s)
{
SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
int ssl_undefined_void_function(void)
{
SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
@ -3903,7 +3897,7 @@ int ssl_undefined_const_function(const SSL *s)
const SSL_METHOD *ssl_bad_method(int ver)
{
SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return NULL;
}
@ -4171,7 +4165,7 @@ int ssl_init_wbio_buffer(SSL *s)
bbio = BIO_new(BIO_f_buffer());
if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
BIO_free(bbio);
SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
return 0;
}
s->bbio = bbio;
@ -4512,7 +4506,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
{
if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG);
return 0;
}
OPENSSL_free(ctx->cert->psk_identity_hint);
@ -4531,7 +4525,7 @@ int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
return 0;
if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
ERR_raise(ERR_LIB_SSL, SSL_R_DATA_LENGTH_TOO_LONG);
return 0;
}
OPENSSL_free(s->cert->psk_identity_hint);
@ -4934,7 +4928,7 @@ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
if (*dst == NULL) {
*dst = sk_SCT_new_null();
if (*dst == NULL) {
SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
}
@ -5091,7 +5085,7 @@ static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
if (status == SCT_VALIDATION_STATUS_VALID)
return 1;
}
SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_VALID_SCTS);
return 0;
}
@ -5105,8 +5099,7 @@ int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
TLSEXT_TYPE_signed_certificate_timestamp))
{
SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
return 0;
}
@ -5134,8 +5127,7 @@ int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
TLSEXT_TYPE_signed_certificate_timestamp))
{
SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
ERR_raise(ERR_LIB_SSL, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
return 0;
}
@ -5260,7 +5252,7 @@ int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
{
switch (validation_mode) {
default:
SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE);
return 0;
case SSL_CT_VALIDATION_PERMISSIVE:
return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
@ -5273,7 +5265,7 @@ int SSL_enable_ct(SSL *s, int validation_mode)
{
switch (validation_mode) {
default:
SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CT_VALIDATION_TYPE);
return 0;
case SSL_CT_VALIDATION_PERMISSIVE:
return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
@ -5381,8 +5373,7 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
return 1;
}
if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) {
SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT,
ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
@ -5638,7 +5629,7 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST,
SSL_R_NO_CIPHERS_SPECIFIED);
else
SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHERS_SPECIFIED);
return 0;
}
@ -5647,8 +5638,7 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
else
SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,
SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
ERR_raise(ERR_LIB_SSL, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
return 0;
}
@ -5659,7 +5649,7 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
ERR_R_MALLOC_FAILURE);
else
SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
@ -5681,7 +5671,7 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
else
SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
}
@ -5691,7 +5681,7 @@ int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
SSL_R_BAD_LENGTH);
else
SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
goto err;
}
@ -5819,34 +5809,34 @@ void SSL_set_post_handshake_auth(SSL *ssl, int val)
int SSL_verify_client_post_handshake(SSL *ssl)
{
if (!SSL_IS_TLS13(ssl)) {
SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION);
ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION);
return 0;
}
if (!ssl->server) {
SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER);
ERR_raise(ERR_LIB_SSL, SSL_R_NOT_SERVER);
return 0;
}
if (!SSL_is_init_finished(ssl)) {
SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT);
ERR_raise(ERR_LIB_SSL, SSL_R_STILL_IN_INIT);
return 0;
}
switch (ssl->post_handshake_auth) {
case SSL_PHA_NONE:
SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED);
ERR_raise(ERR_LIB_SSL, SSL_R_EXTENSION_NOT_RECEIVED);
return 0;
default:
case SSL_PHA_EXT_SENT:
SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
case SSL_PHA_EXT_RECEIVED:
break;
case SSL_PHA_REQUEST_PENDING:
SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING);
ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_PENDING);
return 0;
case SSL_PHA_REQUESTED:
SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT);
ERR_raise(ERR_LIB_SSL, SSL_R_REQUEST_SENT);
return 0;
}
@ -5855,7 +5845,7 @@ int SSL_verify_client_post_handshake(SSL *ssl)
/* checks verify_mode and algorithm_auth */
if (!send_certificate_request(ssl)) {
ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CONFIG);
return 0;
}

8
ssl/ssl_mcnf.c
View File

@ -32,7 +32,7 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
OSSL_LIB_CTX *libctx = NULL;
if (s == NULL && ctx == NULL) {
SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
goto err;
}
@ -40,7 +40,7 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
name = "system_default";
if (!conf_ssl_name_find(name, &idx)) {
if (!system) {
SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME);
ERR_add_error_data(2, "name=", name);
}
goto err;
@ -74,9 +74,9 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
rv = SSL_CONF_cmd(cctx, cmdstr, arg);
if (rv <= 0) {
if (rv == -2)
SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_UNKNOWN_COMMAND);
ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_COMMAND);
else
SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_VALUE);
ERR_add_error_data(6, "section=", name, ", cmd=", cmdstr,
", arg=", arg);
goto err;

157
ssl/ssl_rsa.c
View File

@ -29,13 +29,13 @@ int SSL_use_certificate(SSL *ssl, X509 *x)
{
int rv;
if (x == NULL) {
SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
rv = ssl_security_cert(ssl, NULL, x, 0, 1);
if (rv != 1) {
SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv);
ERR_raise(ERR_LIB_SSL, rv);
return 0;
}
@ -51,22 +51,22 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
in = BIO_new(BIO_s_file());
if (in == NULL) {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in, file) <= 0) {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
goto end;
}
if (type != SSL_FILETYPE_ASN1 && type != SSL_FILETYPE_PEM) {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
goto end;
}
x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
if (x == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto end;
}
if (type == SSL_FILETYPE_ASN1) {
@ -77,12 +77,12 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
cert = PEM_read_bio_X509(in, &x, ssl->default_passwd_callback,
ssl->default_passwd_callback_userdata);
} else {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
goto end;
}
if (cert == NULL) {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
ERR_raise(ERR_LIB_SSL, j);
goto end;
}
@ -100,13 +100,13 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
if (x == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
if (d2i_X509(&x, &d, (long)len)== NULL) {
X509_free(x);
SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
return 0;
}
@ -122,11 +122,11 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
int ret;
if (rsa == NULL) {
SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if ((pkey = EVP_PKEY_new()) == NULL) {
SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB);
return 0;
}
@ -148,7 +148,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
size_t i;
if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return 0;
}
@ -156,7 +156,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
EVP_PKEY *pktmp;
pktmp = X509_get0_pubkey(c->pkeys[i].x509);
if (pktmp == NULL) {
SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
/*
@ -189,12 +189,12 @@ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
in = BIO_new(BIO_s_file());
if (in == NULL) {
SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in, file) <= 0) {
SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
goto end;
}
if (type == SSL_FILETYPE_ASN1) {
@ -206,11 +206,11 @@ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
ssl->default_passwd_callback,
ssl->default_passwd_callback_userdata);
} else {
SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
goto end;
}
if (rsa == NULL) {
SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
ERR_raise(ERR_LIB_SSL, j);
goto end;
}
ret = SSL_use_RSAPrivateKey(ssl, rsa);
@ -228,7 +228,7 @@ int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
p = d;
if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
return 0;
}
@ -243,7 +243,7 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
int ret;
if (pkey == NULL) {
SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
ret = ssl_set_pkey(ssl->cert, pkey);
@ -258,12 +258,12 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
in = BIO_new(BIO_s_file());
if (in == NULL) {
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in, file) <= 0) {
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
goto end;
}
if (type == SSL_FILETYPE_PEM) {
@ -278,11 +278,11 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
pkey = d2i_PrivateKey_ex_bio(in, NULL, ssl->ctx->libctx,
ssl->ctx->propq);
} else {
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
goto end;
}
if (pkey == NULL) {
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
ERR_raise(ERR_LIB_SSL, j);
goto end;
}
ret = SSL_use_PrivateKey(ssl, pkey);
@ -302,7 +302,7 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
p = d;
if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ssl->ctx->libctx,
ssl->ctx->propq)) == NULL) {
SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
return 0;
}
@ -315,13 +315,13 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
{
int rv;
if (x == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
rv = ssl_security_cert(NULL, ctx, x, 0, 1);
if (rv != 1) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv);
ERR_raise(ERR_LIB_SSL, rv);
return 0;
}
return ssl_set_cert(ctx->cert, x);
@ -334,17 +334,17 @@ static int ssl_set_cert(CERT *c, X509 *x)
pkey = X509_get0_pubkey(x);
if (pkey == NULL) {
SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
ERR_raise(ERR_LIB_SSL, SSL_R_X509_LIB);
return 0;
}
if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return 0;
}
#ifndef OPENSSL_NO_EC
if (i == SSL_PKEY_ECC && !EVP_PKEY_can_sign(pkey)) {
SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
return 0;
}
#endif
@ -386,21 +386,21 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
in = BIO_new(BIO_s_file());
if (in == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in, file) <= 0) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
goto end;
}
if (type != SSL_FILETYPE_ASN1 && type != SSL_FILETYPE_PEM) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
goto end;
}
x = X509_new_ex(ctx->libctx, ctx->propq);
if (x == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto end;
}
if (type == SSL_FILETYPE_ASN1) {
@ -412,7 +412,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
ctx->default_passwd_callback_userdata);
}
if (cert == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
ERR_raise(ERR_LIB_SSL, j);
goto end;
}
@ -430,13 +430,13 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
x = X509_new_ex(ctx->libctx, ctx->propq);
if (x == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
if (d2i_X509(&x, &d, (long)len) == NULL) {
X509_free(x);
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
return 0;
}
@ -452,11 +452,11 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
EVP_PKEY *pkey;
if (rsa == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if ((pkey = EVP_PKEY_new()) == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB);
return 0;
}
@ -480,12 +480,12 @@ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
in = BIO_new(BIO_s_file());
if (in == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in, file) <= 0) {
SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
goto end;
}
if (type == SSL_FILETYPE_ASN1) {
@ -497,11 +497,11 @@ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
ctx->default_passwd_callback,
ctx->default_passwd_callback_userdata);
} else {
SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
goto end;
}
if (rsa == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
ERR_raise(ERR_LIB_SSL, j);
goto end;
}
ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
@ -520,7 +520,7 @@ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
p = d;
if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
return 0;
}
@ -533,7 +533,7 @@ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
if (pkey == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return ssl_set_pkey(ctx->cert, pkey);
@ -547,12 +547,12 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
in = BIO_new(BIO_s_file());
if (in == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in, file) <= 0) {
SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
goto end;
}
if (type == SSL_FILETYPE_PEM) {
@ -565,11 +565,11 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
j = ERR_R_ASN1_LIB;
pkey = d2i_PrivateKey_ex_bio(in, NULL, ctx->libctx, ctx->propq);
} else {
SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_SSL_FILETYPE);
goto end;
}
if (pkey == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
ERR_raise(ERR_LIB_SSL, j);
goto end;
}
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
@ -589,7 +589,7 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
p = d;
if ((pkey = d2i_PrivateKey_ex(type, NULL, &p, (long)len, ctx->libctx,
ctx->propq)) == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_ASN1_LIB);
return 0;
}
@ -625,23 +625,23 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
in = BIO_new(BIO_s_file());
if (in == NULL) {
SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in, file) <= 0) {
SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
goto end;
}
x = X509_new_ex(real_ctx->libctx, real_ctx->propq);
if (x == NULL) {
SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto end;
}
if (PEM_read_bio_X509_AUX(in, &x, passwd_callback,
passwd_callback_userdata) == NULL) {
SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_PEM_LIB);
goto end;
}
@ -675,7 +675,7 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
while (1) {
ca = X509_new_ex(real_ctx->libctx, real_ctx->propq);
if (ca == NULL) {
SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto end;
}
if (PEM_read_bio_X509(in, &ca, passwd_callback,
@ -895,22 +895,22 @@ int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
unsigned char *new_serverinfo;
if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
NULL)) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA);
return 0;
}
if (ctx->cert->key == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
serverinfo_length);
if (new_serverinfo == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
ctx->cert->key->serverinfo = new_serverinfo;
@ -923,7 +923,7 @@ int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
*/
if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
ctx)) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA);
return 0;
}
return 1;
@ -953,17 +953,17 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
size_t num_extensions = 0, contextoff = 0;
if (ctx == NULL || file == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
goto end;
}
bin = BIO_new(BIO_s_file());
if (bin == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_BUF_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(bin, file) <= 0) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_SYS_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_SYS_LIB);
goto end;
}
@ -976,8 +976,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
* There must be at least one extension in this file
*/
if (num_extensions == 0) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
SSL_R_NO_PEM_EXTENSIONS);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_PEM_EXTENSIONS);
goto end;
} else /* End of file, we're done */
break;
@ -985,20 +984,18 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
name_len = strlen(name);
if (name_len < sizeof(namePrefix1) - 1) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
goto end;
}
if (strncmp(name, namePrefix1, sizeof(namePrefix1) - 1) == 0) {
version = SSL_SERVERINFOV1;
} else {
if (name_len < sizeof(namePrefix2) - 1) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
SSL_R_PEM_NAME_TOO_SHORT);
ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
goto end;
}
if (strncmp(name, namePrefix2, sizeof(namePrefix2) - 1) != 0) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
SSL_R_PEM_NAME_BAD_PREFIX);
ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_BAD_PREFIX);
goto end;
}
version = SSL_SERVERINFOV2;
@ -1011,7 +1008,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
if (extension_length < 4
|| (extension[2] << 8) + extension[3]
!= extension_length - 4) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA);
goto end;
}
/*
@ -1024,7 +1021,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
if (extension_length < 8
|| (extension[6] << 8) + extension[7]
!= extension_length - 8) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA);
goto end;
}
}
@ -1032,7 +1029,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length
+ contextoff);
if (tmp == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto end;
}
serverinfo = tmp;
@ -1083,13 +1080,13 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
/* Do all security checks before anything else */
rv = ssl_security_cert(ssl, ctx, x509, 0, 1);
if (rv != 1) {
SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv);
ERR_raise(ERR_LIB_SSL, rv);
goto out;
}
for (j = 0; j < sk_X509_num(chain); j++) {
rv = ssl_security_cert(ssl, ctx, sk_X509_value(chain, j), 0, 0);
if (rv != 1) {
SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv);
ERR_raise(ERR_LIB_SSL, rv);
goto out;
}
}
@ -1104,7 +1101,7 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
if (EVP_PKEY_missing_parameters(privatekey)) {
if (EVP_PKEY_missing_parameters(pubkey)) {
/* nobody has parameters? - error */
SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_MISSING_PARAMETERS);
ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
goto out;
} else {
/* copy to privatekey from pubkey */
@ -1117,12 +1114,12 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
/* check that key <-> cert match */
if (EVP_PKEY_eq(pubkey, privatekey) != 1) {
SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH);
ERR_raise(ERR_LIB_SSL, SSL_R_PRIVATE_KEY_MISMATCH);
goto out;
}
}
if (ssl_cert_lookup_by_pkey(pubkey, &i) == NULL) {
SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
goto out;
}
@ -1130,14 +1127,14 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
|| c->pkeys[i].privatekey != NULL
|| c->pkeys[i].chain != NULL)) {
/* No override, and something already there */
SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_NOT_REPLACING_CERTIFICATE);
ERR_raise(ERR_LIB_SSL, SSL_R_NOT_REPLACING_CERTIFICATE);
goto out;
}
if (chain != NULL) {
dup_chain = X509_chain_up_ref(chain);
if (dup_chain == NULL) {
SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto out;
}
}

14
ssl/ssl_sess.c
View File

@ -71,7 +71,7 @@ SSL_SESSION *SSL_SESSION_new(void)
ss = OPENSSL_zalloc(sizeof(*ss));
if (ss == NULL) {
SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return NULL;
}
@ -81,7 +81,7 @@ SSL_SESSION *SSL_SESSION_new(void)
ss->time = (unsigned long)time(NULL);
ss->lock = CRYPTO_THREAD_lock_new();
if (ss->lock == NULL) {
SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
OPENSSL_free(ss);
return NULL;
}
@ -218,7 +218,7 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
return dest;
err:
SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
SSL_SESSION_free(dest);
return NULL;
}
@ -811,8 +811,7 @@ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
unsigned int sid_len)
{
if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
SSLerr(SSL_F_SSL_SESSION_SET1_ID,
SSL_R_SSL_SESSION_ID_TOO_LONG);
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_TOO_LONG);
return 0;
}
s->session_id_length = sid_len;
@ -956,8 +955,7 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
unsigned int sid_ctx_len)
{
if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,
SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
return 0;
}
s->sid_ctx_length = sid_ctx_len;
@ -1023,7 +1021,7 @@ int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
s->ext.session_ticket =
OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
if (s->ext.session_ticket == NULL) {
SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}

2
ssl/ssl_txt.c
View File

@ -19,7 +19,7 @@ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
int ret;
if ((b = BIO_new(BIO_s_file())) == NULL) {
SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB);
return 0;
}
BIO_set_fp(b, fp, BIO_NOCLOSE);

2
ssl/statem/statem.c
View File

@ -454,7 +454,7 @@ static int state_machine(SSL *s, int server)
} else {
/* Error */
check_fatal(s, SSL_F_STATE_MACHINE);
SSLerr(SSL_F_STATE_MACHINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
goto end;
}
}

5
ssl/statem/statem_clnt.c
View File

@ -1855,7 +1855,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
if (x == NULL) {
SSLfatal(s, SSL_AD_DECODE_ERROR,
SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
if (d2i_X509(&x, (const unsigned char **)&certbytes,
@ -3654,8 +3654,7 @@ WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst)
i = 0;
} else if (i == 1) {
i = 0;
SSLerr(SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,
SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
}
X509_free(x509);

6
ssl/statem/statem_dtls.c
View File

@ -60,13 +60,13 @@ static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly)
unsigned char *bitmask = NULL;
if ((frag = OPENSSL_malloc(sizeof(*frag))) == NULL) {
SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (frag_len) {
if ((buf = OPENSSL_malloc(frag_len)) == NULL) {
SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
OPENSSL_free(frag);
return NULL;
}
@ -79,7 +79,7 @@ static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly)
if (reassembly) {
bitmask = OPENSSL_zalloc(RSMBLY_BITMASK_SIZE(frag_len));
if (bitmask == NULL) {
SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
OPENSSL_free(buf);
OPENSSL_free(frag);
return NULL;

6
ssl/statem/statem_lib.c
View File

@ -1028,9 +1028,9 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
if (i != 1) {
#if 0
/* Dummy error calls so mkerr generates them */
SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_EE_KEY_TOO_SMALL);
SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_KEY_TOO_SMALL);
SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_MD_TOO_WEAK);
ERR_raise(ERR_LIB_SSL, SSL_R_EE_KEY_TOO_SMALL);
ERR_raise(ERR_LIB_SSL, SSL_R_CA_KEY_TOO_SMALL);
ERR_raise(ERR_LIB_SSL, SSL_R_CA_MD_TOO_WEAK);
#endif
X509_STORE_CTX_free(xs_ctx);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, i);

8
ssl/t1_enc.c
View File

@ -43,7 +43,7 @@ static int tls1_PRF(SSL *s,
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF,
ERR_R_INTERNAL_ERROR);
else
SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_PRF, s->ctx->propq);
@ -81,7 +81,7 @@ static int tls1_PRF(SSL *s,
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF,
ERR_R_INTERNAL_ERROR);
else
SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
EVP_KDF_CTX_free(kctx);
return 0;
}
@ -795,11 +795,11 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
goto ret;
err1:
SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
ERR_raise(ERR_LIB_SSL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
rv = 0;
goto ret;
err2:
SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
rv = 0;
ret:
OPENSSL_clear_free(val, vallen);

48
ssl/t1_lib.c
View File

@ -261,7 +261,7 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data)
+ TLS_GROUP_LIST_MALLOC_BLOCK_SIZE)
* sizeof(TLS_GROUP_INFO));
if (tmp == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
ctx->group_list = tmp;
@ -275,78 +275,78 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data)
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_NAME);
if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
ginf->tlsname = OPENSSL_strdup(p->data);
if (ginf->tlsname == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL);
if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
ginf->realname = OPENSSL_strdup(p->data);
if (ginf->realname == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_ID);
if (p == NULL || !OSSL_PARAM_get_uint(p, &gid) || gid > UINT16_MAX) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
ginf->group_id = (uint16_t)gid;
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_ALG);
if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
ginf->algorithm = OPENSSL_strdup(p->data);
if (ginf->algorithm == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS);
if (p == NULL || !OSSL_PARAM_get_uint(p, &ginf->secbits)) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_IS_KEM);
if (p != NULL && (!OSSL_PARAM_get_uint(p, &is_kem) || is_kem > 1)) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
ginf->is_kem = 1 & is_kem;
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MIN_TLS);
if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->mintls)) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MAX_TLS);
if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->maxtls)) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS);
if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->mindtls)) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS);
if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->maxdtls)) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
/*
@ -655,11 +655,11 @@ int tls1_set_groups(uint16_t **pext, size_t *pextlen,
unsigned long dup_list_dhgrp = 0;
if (ngroups == 0) {
SSLerr(SSL_F_TLS1_SET_GROUPS, SSL_R_BAD_LENGTH);
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
return 0;
}
if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) {
SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
for (i = 0; i < ngroups; i++) {
@ -2169,7 +2169,7 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
rv = 1;
}
if (rv == 0)
SSLerr(SSL_F_TLS12_COPY_SIGALGS, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
return rv;
}
@ -2234,7 +2234,7 @@ static int tls1_set_shared_sigalgs(SSL *s)
nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen);
if (nmatch) {
if ((salgs = OPENSSL_malloc(nmatch * sizeof(*salgs))) == NULL) {
SSLerr(SSL_F_TLS1_SET_SHARED_SIGALGS, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen);
@ -2261,7 +2261,7 @@ int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen)
size >>= 1;
if ((buf = OPENSSL_malloc(size * sizeof(*buf))) == NULL) {
SSLerr(SSL_F_TLS1_SAVE_U16, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
for (i = 0; i < size && PACKET_get_net_2(pkt, &stmp); i++)
@ -2491,7 +2491,7 @@ int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen,
uint16_t *sigalgs;
if ((sigalgs = OPENSSL_malloc(salglen * sizeof(*sigalgs))) == NULL) {
SSLerr(SSL_F_TLS1_SET_RAW_SIGALGS, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
memcpy(sigalgs, psigs, salglen * sizeof(*sigalgs));
@ -2517,7 +2517,7 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
if (salglen & 1)
return 0;
if ((sigalgs = OPENSSL_malloc((salglen / 2) * sizeof(*sigalgs))) == NULL) {
SSLerr(SSL_F_TLS1_SET_SIGALGS, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
for (i = 0, sptr = sigalgs; i < salglen; i += 2) {
@ -3344,8 +3344,7 @@ int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode)
{
if (mode != TLSEXT_max_fragment_length_DISABLED
&& !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
SSLerr(SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH,
SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0;
}
@ -3357,8 +3356,7 @@ int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode)
{
if (mode != TLSEXT_max_fragment_length_DISABLED
&& !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
SSLerr(SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH,
SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0;
}

6
ssl/tls13_enc.c
View File

@ -71,7 +71,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
* Probably we have been called from SSL_export_keying_material(),
* or SSL_export_keying_material_early().
*/
SSLerr(SSL_F_TLS13_HKDF_EXPAND, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
ERR_raise(ERR_LIB_SSL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
}
EVP_KDF_CTX_free(kctx);
return 0;
@ -94,7 +94,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
ERR_R_INTERNAL_ERROR);
else
SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
@ -117,7 +117,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
ERR_R_INTERNAL_ERROR);
else
SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
}
return ret == 0;

5
ssl/tls_depr.c
View File

@ -74,12 +74,11 @@ int tls_engine_load_ssl_client_cert(SSL *s, X509 **px509, EVP_PKEY **ppkey)
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
{
if (!ENGINE_init(e)) {
SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_ENGINE_LIB);
return 0;
}
if (!ENGINE_get_ssl_client_cert_function(e)) {
SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
SSL_R_NO_CLIENT_CERT_METHOD);
ERR_raise(ERR_LIB_SSL, SSL_R_NO_CLIENT_CERT_METHOD);
ENGINE_finish(e);
return 0;
}

6
ssl/tls_srp.c
View File

@ -95,17 +95,17 @@ int SSL_SRP_CTX_init(struct ssl_st *s)
((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) ||
((ctx->srp_ctx.b != NULL) &&
((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) {
SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_BN_LIB);
ERR_raise(ERR_LIB_SSL, ERR_R_BN_LIB);
goto err;
}
if ((ctx->srp_ctx.login != NULL) &&
((s->srp_ctx.login = OPENSSL_strdup(ctx->srp_ctx.login)) == NULL)) {
SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
goto err;
}
if ((ctx->srp_ctx.info != NULL) &&
((s->srp_ctx.info = OPENSSL_strdup(ctx->srp_ctx.info)) == NULL)) {
SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
goto err;
}
s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask;