Consolidate raising errors in SSL_CONF_cmd()

Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23048) (cherry picked from commit 430dcbd0463573fece704263648cc15e891c3d49)
author: Tomas Mraz <tomas@openssl.org> 2023-12-14 18:33:57 +0100
committer: Tomas Mraz <tomas@openssl.org> 2023-12-19 12:07:01 +0100
commit: f21f02e0c595bc66fa85bc2c9aa9ba70d95ebbae (patch)
tree: 8797c513af317db3b30e4770c6fbd7ce226cda9e
parent: 3f67f86598d2031061866674d7454f14aee5858f (diff)
2 files changed, 17 insertions, 14 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 5146cedb96..698280288e 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -870,9 +870,12 @@ static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd)
     /* Find index of command in table */
     size_t idx = cmd - ssl_conf_cmds;
     const ssl_switch_tbl *scmd;
+
     /* Sanity check index */
-    if (idx >= OSSL_NELEM(ssl_cmd_switches))
+    if (idx >= OSSL_NELEM(ssl_cmd_switches)) {
+        ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
         return 0;
+    }
     /* Obtain switches entry with same index */
     scmd = ssl_cmd_switches + idx;
     ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1);
@@ -888,28 +891,33 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
     }
 
     if (!ssl_conf_cmd_skip_prefix(cctx, &cmd))
-        return -2;
+        goto unknown_cmd;
 
     runcmd = ssl_conf_cmd_lookup(cctx, cmd);
 
     if (runcmd) {
-        int rv;
+        int rv = -3;
+
         if (runcmd->value_type == SSL_CONF_TYPE_NONE) {
             return ctrl_switch_option(cctx, runcmd);
         }
         if (value == NULL)
-            return -3;
+            goto bad_value;
         rv = runcmd->cmd(cctx, value);
         if (rv > 0)
             return 2;
-        if (rv == -2)
-            return -2;
+        if (rv != -2)
+            rv = 0;
+
+ bad_value:
         if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
             ERR_raise_data(ERR_LIB_SSL, SSL_R_BAD_VALUE,
-                           "cmd=%s, value=%s", cmd, value);
-        return 0;
+                           "cmd=%s, value=%s", cmd,
+                           value != NULL ? value : "<EMPTY>");
+        return rv;
     }
 
+ unknown_cmd:
     if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
         ERR_raise_data(ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME, "cmd=%s", cmd);
 
diff --git a/ssl/ssl_mcnf.c b/ssl/ssl_mcnf.c
index d7ec22c0e8..8bccce84d4 100644
--- a/ssl/ssl_mcnf.c
+++ b/ssl/ssl_mcnf.c
@@ -73,13 +73,8 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
 
         conf_ssl_get_cmd(cmds, i, &cmdstr, &arg);
         rv = SSL_CONF_cmd(cctx, cmdstr, arg);
-        if (rv <= 0) {
-            int errcode = rv == -2 ? SSL_R_UNKNOWN_COMMAND : SSL_R_BAD_VALUE;
-
-            ERR_raise_data(ERR_LIB_SSL, errcode,
-                           "section=%s, cmd=%s, arg=%s", name, cmdstr, arg);
+        if (rv <= 0)
             ++err;
-        }
     }
     if (!SSL_CONF_CTX_finish(cctx))
         ++err;
author	Tomas Mraz <tomas@openssl.org>	2023-12-14 18:33:57 +0100
committer	Tomas Mraz <tomas@openssl.org>	2023-12-19 12:07:01 +0100
commit	f21f02e0c595bc66fa85bc2c9aa9ba70d95ebbae (patch)
tree	8797c513af317db3b30e4770c6fbd7ce226cda9e
parent	3f67f86598d2031061866674d7454f14aee5858f (diff)