diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-11-04 12:23:19 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-11-13 09:35:02 +0100 |
| commit | 9311d0c471ca2eaa259e8c1bbbeb7c46394c7ba2 (patch) | |
| tree | e82c26569e5a952980e65a746af920beed602aab /crypto/ocsp/ocsp_vfy.c | |
| parent | 31a6b52f6db009c639c67387a707dd235f29a430 (diff) | |
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call
This includes error reporting for libcrypto sub-libraries in surprising
places.
This was done using util/err-to-raise
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
Diffstat (limited to 'crypto/ocsp/ocsp_vfy.c')
| -rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 38 |
1 files changed, 17 insertions, 21 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 0cd59f9221..1b8b3e3060 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -35,11 +35,11 @@ static int ocsp_verify_signer(X509 *signer, int response, int ret = -1; if (ctx == NULL) { - OCSPerr(0, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_OCSP, ERR_R_MALLOC_FAILURE); goto end; } if (!X509_STORE_CTX_init(ctx, st, signer, untrusted)) { - OCSPerr(0, ERR_R_X509_LIB); + ERR_raise(ERR_LIB_OCSP, ERR_R_X509_LIB); goto end; } if ((vp = X509_STORE_CTX_get0_param(ctx)) == NULL) @@ -60,7 +60,7 @@ static int ocsp_verify_signer(X509 *signer, int response, ret = X509_verify_cert(ctx); if (ret <= 0) { ret = X509_STORE_CTX_get_error(ctx); - OCSPerr(0, OCSP_R_CERTIFICATE_VERIFY_ERROR); + ERR_raise(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR); ERR_add_error_data(2, "Verify error:", X509_verify_cert_error_string(ret)); goto end; @@ -81,7 +81,7 @@ static int ocsp_verify(OCSP_REQUEST *req, OCSP_BASICRESP *bs, if ((flags & OCSP_NOSIGS) == 0) { if ((skey = X509_get0_pubkey(signer)) == NULL) { - OCSPerr(0, OCSP_R_NO_SIGNER_KEY); + ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_SIGNER_KEY); return -1; } if (req != NULL) @@ -89,7 +89,7 @@ static int ocsp_verify(OCSP_REQUEST *req, OCSP_BASICRESP *bs, else ret = OCSP_BASICRESP_verify(bs, skey); if (ret <= 0) - OCSPerr(0, OCSP_R_SIGNATURE_FAILURE); + ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNATURE_FAILURE); } return ret; } @@ -104,8 +104,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, int ret = ocsp_find_signer(&signer, bs, certs, flags); if (ret == 0) { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, - OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); + ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); goto end; } if ((ret == 2) && (flags & OCSP_TRUSTOTHER) != 0) @@ -152,7 +151,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, x = sk_X509_value(chain, sk_X509_num(chain) - 1); if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED); + ERR_raise(ERR_LIB_OCSP, OCSP_R_ROOT_CA_NOT_TRUSTED); ret = 0; goto end; } @@ -228,7 +227,7 @@ static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain) int ret; if (sk_X509_num(chain) <= 0) { - OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN); + ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_CERTIFICATES_IN_CHAIN); return -1; } @@ -272,8 +271,7 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) idcount = sk_OCSP_SINGLERESP_num(sresp); if (idcount <= 0) { - OCSPerr(OCSP_F_OCSP_CHECK_IDS, - OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); + ERR_raise(ERR_LIB_OCSP, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); return -1; } @@ -313,13 +311,13 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, unsigned char md[EVP_MAX_MD_SIZE]; if (dgst == NULL) { - OCSPerr(0, OCSP_R_UNKNOWN_MESSAGE_DIGEST); + ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_MESSAGE_DIGEST); return -1; } mdlen = EVP_MD_size(dgst); if (mdlen < 0) { - OCSPerr(0, OCSP_R_DIGEST_SIZE_ERR); + ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_SIZE_ERR); return -1; } if (cid->issuerNameHash.length != mdlen || @@ -327,13 +325,13 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, return 0; iname = X509_get_subject_name(cert); if (!X509_NAME_digest(iname, dgst, md, NULL)) { - OCSPerr(0, OCSP_R_DIGEST_NAME_ERR); + ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_NAME_ERR); return -1; } if (memcmp(md, cid->issuerNameHash.data, mdlen) != 0) return 0; if (!X509_pubkey_digest(cert, dgst, md, NULL)) { - OCSPerr(0, OCSP_R_DIGEST_ERR); + ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_ERR); return -1; } if (memcmp(md, cid->issuerKeyHash.data, mdlen) != 0) @@ -358,7 +356,7 @@ static int ocsp_check_delegated(X509 *x) if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE) && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN)) return 1; - OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE); + ERR_raise(ERR_LIB_OCSP, OCSP_R_MISSING_OCSPSIGNING_USAGE); return 0; } @@ -376,20 +374,18 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, int ret; if (!req->optionalSignature) { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED); + ERR_raise(ERR_LIB_OCSP, OCSP_R_REQUEST_NOT_SIGNED); return 0; } gen = req->tbsRequest.requestorName; if (!gen || gen->type != GEN_DIRNAME) { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, - OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); + ERR_raise(ERR_LIB_OCSP, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); return 0; /* not returning -1 here for backward compatibility*/ } nm = gen->d.directoryName; ret = ocsp_req_find_signer(&signer, req, nm, certs, flags); if (ret <= 0) { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, - OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); + ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); return 0; /* not returning -1 here for backward compatibility*/ } if ((ret == 2) && (flags & OCSP_TRUSTOTHER) != 0) |