diff options
author | Richard Levitte <levitte@openssl.org> | 2020-11-04 12:23:19 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-11-13 09:35:02 +0100 |
commit | 9311d0c471ca2eaa259e8c1bbbeb7c46394c7ba2 (patch) | |
tree | e82c26569e5a952980e65a746af920beed602aab /crypto/ocsp | |
parent | 31a6b52f6db009c639c67387a707dd235f29a430 (diff) |
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call
This includes error reporting for libcrypto sub-libraries in surprising
places.
This was done using util/err-to-raise
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
Diffstat (limited to 'crypto/ocsp')
-rw-r--r-- | crypto/ocsp/ocsp_cl.c | 21 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_lib.c | 4 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_srv.c | 7 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 38 | ||||
-rw-r--r-- | crypto/ocsp/v3_ocsp.c | 2 |
5 files changed, 33 insertions, 39 deletions
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 33d77af426..2d4bd036ad 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -102,8 +102,8 @@ int OCSP_request_sign(OCSP_REQUEST *req, goto err; if (key) { if (!X509_check_private_key(signer, key)) { - OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, - OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + ERR_raise(ERR_LIB_OCSP, + OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); goto err; } if (!OCSP_REQUEST_sign(req, key, dgst)) @@ -144,11 +144,11 @@ OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp) OCSP_RESPBYTES *rb; rb = resp->responseBytes; if (!rb) { - OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA); + ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_RESPONSE_DATA); return NULL; } if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { - OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE); + ERR_raise(ERR_LIB_OCSP, OCSP_R_NOT_BASIC_RESPONSE); return NULL; } @@ -336,12 +336,12 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, time(&t_now); /* Check thisUpdate is valid and not more than nsec in the future */ if (!ASN1_GENERALIZEDTIME_check(thisupd)) { - OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD); + ERR_raise(ERR_LIB_OCSP, OCSP_R_ERROR_IN_THISUPDATE_FIELD); ret = 0; } else { t_tmp = t_now + nsec; if (X509_cmp_time(thisupd, &t_tmp) > 0) { - OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID); + ERR_raise(ERR_LIB_OCSP, OCSP_R_STATUS_NOT_YET_VALID); ret = 0; } @@ -352,7 +352,7 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, if (maxsec >= 0) { t_tmp = t_now - maxsec; if (X509_cmp_time(thisupd, &t_tmp) < 0) { - OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD); + ERR_raise(ERR_LIB_OCSP, OCSP_R_STATUS_TOO_OLD); ret = 0; } } @@ -363,20 +363,19 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, /* Check nextUpdate is valid and not more than nsec in the past */ if (!ASN1_GENERALIZEDTIME_check(nextupd)) { - OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD); + ERR_raise(ERR_LIB_OCSP, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD); ret = 0; } else { t_tmp = t_now - nsec; if (X509_cmp_time(nextupd, &t_tmp) < 0) { - OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED); + ERR_raise(ERR_LIB_OCSP, OCSP_R_STATUS_EXPIRED); ret = 0; } } /* Also don't allow nextUpdate to precede thisUpdate */ if (ASN1_STRING_cmp(nextupd, thisupd) < 0) { - OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, - OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE); + ERR_raise(ERR_LIB_OCSP, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE); ret = 0; } diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 2701789c8a..c7b7a0a620 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -55,7 +55,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, alg = &cid->hashAlgorithm; ASN1_OBJECT_free(alg->algorithm); if ((nid = EVP_MD_type(dgst)) == NID_undef) { - OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); + ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_NID); goto err; } if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL) @@ -82,7 +82,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, } return cid; digerr: - OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); + ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_ERR); err: OCSP_CERTID_free(cid); return NULL; diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 22f637548d..2c8b38f723 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -117,7 +117,7 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, switch (cs->type = status) { case V_OCSP_CERTSTATUS_REVOKED: if (!revtime) { - OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME); + ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_REVOKED_TIME); goto err; } if ((cs->value.revoked = ri = OCSP_REVOKEDINFO_new()) == NULL) @@ -176,14 +176,13 @@ int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, EVP_PKEY *pkey; if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL) { - OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX, OCSP_R_NO_SIGNER_KEY); + ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_SIGNER_KEY); goto err; } pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); if (pkey == NULL || !X509_check_private_key(signer, pkey)) { - OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX, - OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + ERR_raise(ERR_LIB_OCSP, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); goto err; } diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 0cd59f9221..1b8b3e3060 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -35,11 +35,11 @@ static int ocsp_verify_signer(X509 *signer, int response, int ret = -1; if (ctx == NULL) { - OCSPerr(0, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_OCSP, ERR_R_MALLOC_FAILURE); goto end; } if (!X509_STORE_CTX_init(ctx, st, signer, untrusted)) { - OCSPerr(0, ERR_R_X509_LIB); + ERR_raise(ERR_LIB_OCSP, ERR_R_X509_LIB); goto end; } if ((vp = X509_STORE_CTX_get0_param(ctx)) == NULL) @@ -60,7 +60,7 @@ static int ocsp_verify_signer(X509 *signer, int response, ret = X509_verify_cert(ctx); if (ret <= 0) { ret = X509_STORE_CTX_get_error(ctx); - OCSPerr(0, OCSP_R_CERTIFICATE_VERIFY_ERROR); + ERR_raise(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR); ERR_add_error_data(2, "Verify error:", X509_verify_cert_error_string(ret)); goto end; @@ -81,7 +81,7 @@ static int ocsp_verify(OCSP_REQUEST *req, OCSP_BASICRESP *bs, if ((flags & OCSP_NOSIGS) == 0) { if ((skey = X509_get0_pubkey(signer)) == NULL) { - OCSPerr(0, OCSP_R_NO_SIGNER_KEY); + ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_SIGNER_KEY); return -1; } if (req != NULL) @@ -89,7 +89,7 @@ static int ocsp_verify(OCSP_REQUEST *req, OCSP_BASICRESP *bs, else ret = OCSP_BASICRESP_verify(bs, skey); if (ret <= 0) - OCSPerr(0, OCSP_R_SIGNATURE_FAILURE); + ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNATURE_FAILURE); } return ret; } @@ -104,8 +104,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, int ret = ocsp_find_signer(&signer, bs, certs, flags); if (ret == 0) { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, - OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); + ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); goto end; } if ((ret == 2) && (flags & OCSP_TRUSTOTHER) != 0) @@ -152,7 +151,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, x = sk_X509_value(chain, sk_X509_num(chain) - 1); if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED); + ERR_raise(ERR_LIB_OCSP, OCSP_R_ROOT_CA_NOT_TRUSTED); ret = 0; goto end; } @@ -228,7 +227,7 @@ static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain) int ret; if (sk_X509_num(chain) <= 0) { - OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN); + ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_CERTIFICATES_IN_CHAIN); return -1; } @@ -272,8 +271,7 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) idcount = sk_OCSP_SINGLERESP_num(sresp); if (idcount <= 0) { - OCSPerr(OCSP_F_OCSP_CHECK_IDS, - OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); + ERR_raise(ERR_LIB_OCSP, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); return -1; } @@ -313,13 +311,13 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, unsigned char md[EVP_MAX_MD_SIZE]; if (dgst == NULL) { - OCSPerr(0, OCSP_R_UNKNOWN_MESSAGE_DIGEST); + ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_MESSAGE_DIGEST); return -1; } mdlen = EVP_MD_size(dgst); if (mdlen < 0) { - OCSPerr(0, OCSP_R_DIGEST_SIZE_ERR); + ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_SIZE_ERR); return -1; } if (cid->issuerNameHash.length != mdlen || @@ -327,13 +325,13 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, return 0; iname = X509_get_subject_name(cert); if (!X509_NAME_digest(iname, dgst, md, NULL)) { - OCSPerr(0, OCSP_R_DIGEST_NAME_ERR); + ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_NAME_ERR); return -1; } if (memcmp(md, cid->issuerNameHash.data, mdlen) != 0) return 0; if (!X509_pubkey_digest(cert, dgst, md, NULL)) { - OCSPerr(0, OCSP_R_DIGEST_ERR); + ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_ERR); return -1; } if (memcmp(md, cid->issuerKeyHash.data, mdlen) != 0) @@ -358,7 +356,7 @@ static int ocsp_check_delegated(X509 *x) if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE) && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN)) return 1; - OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE); + ERR_raise(ERR_LIB_OCSP, OCSP_R_MISSING_OCSPSIGNING_USAGE); return 0; } @@ -376,20 +374,18 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, int ret; if (!req->optionalSignature) { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED); + ERR_raise(ERR_LIB_OCSP, OCSP_R_REQUEST_NOT_SIGNED); return 0; } gen = req->tbsRequest.requestorName; if (!gen || gen->type != GEN_DIRNAME) { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, - OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); + ERR_raise(ERR_LIB_OCSP, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); return 0; /* not returning -1 here for backward compatibility*/ } nm = gen->d.directoryName; ret = ocsp_req_find_signer(&signer, req, nm, certs, flags); if (ret <= 0) { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, - OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); + ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); return 0; /* not returning -1 here for backward compatibility*/ } if ((ret == 2) && (flags & OCSP_TRUSTOTHER) != 0) diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c index 2f2684b9a4..7d3d730457 100644 --- a/crypto/ocsp/v3_ocsp.c +++ b/crypto/ocsp/v3_ocsp.c @@ -203,7 +203,7 @@ static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) err: if ((pos == NULL) || (*pos != os)) ASN1_OCTET_STRING_free(os); - OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_OCSP, ERR_R_MALLOC_FAILURE); return NULL; } |