diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-12-14 18:33:57 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-12-19 12:07:01 +0100 |
commit | f21f02e0c595bc66fa85bc2c9aa9ba70d95ebbae (patch) | |
tree | 8797c513af317db3b30e4770c6fbd7ce226cda9e | |
parent | 3f67f86598d2031061866674d7454f14aee5858f (diff) |
Consolidate raising errors in SSL_CONF_cmd()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23048)
(cherry picked from commit 430dcbd0463573fece704263648cc15e891c3d49)
-rw-r--r-- | ssl/ssl_conf.c | 24 | ||||
-rw-r--r-- | ssl/ssl_mcnf.c | 7 |
2 files changed, 17 insertions, 14 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 5146cedb96..698280288e 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -870,9 +870,12 @@ static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd) /* Find index of command in table */ size_t idx = cmd - ssl_conf_cmds; const ssl_switch_tbl *scmd; + /* Sanity check index */ - if (idx >= OSSL_NELEM(ssl_cmd_switches)) + if (idx >= OSSL_NELEM(ssl_cmd_switches)) { + ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); return 0; + } /* Obtain switches entry with same index */ scmd = ssl_cmd_switches + idx; ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1); @@ -888,28 +891,33 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value) } if (!ssl_conf_cmd_skip_prefix(cctx, &cmd)) - return -2; + goto unknown_cmd; runcmd = ssl_conf_cmd_lookup(cctx, cmd); if (runcmd) { - int rv; + int rv = -3; + if (runcmd->value_type == SSL_CONF_TYPE_NONE) { return ctrl_switch_option(cctx, runcmd); } if (value == NULL) - return -3; + goto bad_value; rv = runcmd->cmd(cctx, value); if (rv > 0) return 2; - if (rv == -2) - return -2; + if (rv != -2) + rv = 0; + + bad_value: if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) ERR_raise_data(ERR_LIB_SSL, SSL_R_BAD_VALUE, - "cmd=%s, value=%s", cmd, value); - return 0; + "cmd=%s, value=%s", cmd, + value != NULL ? value : "<EMPTY>"); + return rv; } + unknown_cmd: if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) ERR_raise_data(ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME, "cmd=%s", cmd); diff --git a/ssl/ssl_mcnf.c b/ssl/ssl_mcnf.c index d7ec22c0e8..8bccce84d4 100644 --- a/ssl/ssl_mcnf.c +++ b/ssl/ssl_mcnf.c @@ -73,13 +73,8 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) conf_ssl_get_cmd(cmds, i, &cmdstr, &arg); rv = SSL_CONF_cmd(cctx, cmdstr, arg); - if (rv <= 0) { - int errcode = rv == -2 ? SSL_R_UNKNOWN_COMMAND : SSL_R_BAD_VALUE; - - ERR_raise_data(ERR_LIB_SSL, errcode, - "section=%s, cmd=%s, arg=%s", name, cmdstr, arg); + if (rv <= 0) ++err; - } } if (!SSL_CONF_CTX_finish(cctx)) ++err; |