Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call

This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)

5 files changed, 33 insertions, 39 deletions

diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
index 33d77af426..2d4bd036ad 100644
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -102,8 +102,8 @@ int OCSP_request_sign(OCSP_REQUEST *req,
         goto err;
     if (key) {
         if (!X509_check_private_key(signer, key)) {
-            OCSPerr(OCSP_F_OCSP_REQUEST_SIGN,
-                    OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+            ERR_raise(ERR_LIB_OCSP,
+                      OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
             goto err;
         }
         if (!OCSP_REQUEST_sign(req, key, dgst))
@@ -144,11 +144,11 @@ OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
     OCSP_RESPBYTES *rb;
     rb = resp->responseBytes;
     if (!rb) {
-        OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_RESPONSE_DATA);
         return NULL;
     }
     if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
-        OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_NOT_BASIC_RESPONSE);
         return NULL;
     }
 
@@ -336,12 +336,12 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
     time(&t_now);
     /* Check thisUpdate is valid and not more than nsec in the future */
     if (!ASN1_GENERALIZEDTIME_check(thisupd)) {
-        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
         ret = 0;
     } else {
         t_tmp = t_now + nsec;
         if (X509_cmp_time(thisupd, &t_tmp) > 0) {
-            OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);
+            ERR_raise(ERR_LIB_OCSP, OCSP_R_STATUS_NOT_YET_VALID);
             ret = 0;
         }
 
@@ -352,7 +352,7 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
         if (maxsec >= 0) {
             t_tmp = t_now - maxsec;
             if (X509_cmp_time(thisupd, &t_tmp) < 0) {
-                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);
+                ERR_raise(ERR_LIB_OCSP, OCSP_R_STATUS_TOO_OLD);
                 ret = 0;
             }
         }
@@ -363,20 +363,19 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
 
     /* Check nextUpdate is valid and not more than nsec in the past */
     if (!ASN1_GENERALIZEDTIME_check(nextupd)) {
-        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
         ret = 0;
     } else {
         t_tmp = t_now - nsec;
         if (X509_cmp_time(nextupd, &t_tmp) < 0) {
-            OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);
+            ERR_raise(ERR_LIB_OCSP, OCSP_R_STATUS_EXPIRED);
             ret = 0;
         }
     }
 
     /* Also don't allow nextUpdate to precede thisUpdate */
     if (ASN1_STRING_cmp(nextupd, thisupd) < 0) {
-        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
-                OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
         ret = 0;
     }
 
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 2701789c8a..c7b7a0a620 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -55,7 +55,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
     alg = &cid->hashAlgorithm;
     ASN1_OBJECT_free(alg->algorithm);
     if ((nid = EVP_MD_type(dgst)) == NID_undef) {
-        OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_NID);
         goto err;
     }
     if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL)
@@ -82,7 +82,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
     }
     return cid;
  digerr:
-    OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
+    ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_ERR);
  err:
     OCSP_CERTID_free(cid);
     return NULL;
diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c
index 22f637548d..2c8b38f723 100644
--- a/crypto/ocsp/ocsp_srv.c
+++ b/crypto/ocsp/ocsp_srv.c
@@ -117,7 +117,7 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
     switch (cs->type = status) {
     case V_OCSP_CERTSTATUS_REVOKED:
         if (!revtime) {
-            OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME);
+            ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_REVOKED_TIME);
             goto err;
         }
         if ((cs->value.revoked = ri = OCSP_REVOKEDINFO_new()) == NULL)
@@ -176,14 +176,13 @@ int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
     EVP_PKEY *pkey;
 
     if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL) {
-        OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX, OCSP_R_NO_SIGNER_KEY);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_SIGNER_KEY);
         goto err;
     }
 
     pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
     if (pkey == NULL || !X509_check_private_key(signer, pkey)) {
-        OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX,
-                OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
         goto err;
     }
 
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 0cd59f9221..1b8b3e3060 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -35,11 +35,11 @@ static int ocsp_verify_signer(X509 *signer, int response,
     int ret = -1;
 
     if (ctx == NULL) {
-        OCSPerr(0, ERR_R_MALLOC_FAILURE);
+        ERR_raise(ERR_LIB_OCSP, ERR_R_MALLOC_FAILURE);
         goto end;
     }
     if (!X509_STORE_CTX_init(ctx, st, signer, untrusted)) {
-        OCSPerr(0, ERR_R_X509_LIB);
+        ERR_raise(ERR_LIB_OCSP, ERR_R_X509_LIB);
         goto end;
     }
     if ((vp = X509_STORE_CTX_get0_param(ctx)) == NULL)
@@ -60,7 +60,7 @@ static int ocsp_verify_signer(X509 *signer, int response,
     ret = X509_verify_cert(ctx);
     if (ret <= 0) {
         ret = X509_STORE_CTX_get_error(ctx);
-        OCSPerr(0, OCSP_R_CERTIFICATE_VERIFY_ERROR);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR);
         ERR_add_error_data(2, "Verify error:",
                            X509_verify_cert_error_string(ret));
         goto end;
@@ -81,7 +81,7 @@ static int ocsp_verify(OCSP_REQUEST *req, OCSP_BASICRESP *bs,
 
     if ((flags & OCSP_NOSIGS) == 0) {
         if ((skey = X509_get0_pubkey(signer)) == NULL) {
-            OCSPerr(0, OCSP_R_NO_SIGNER_KEY);
+            ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_SIGNER_KEY);
             return -1;
         }
         if (req != NULL)
@@ -89,7 +89,7 @@ static int ocsp_verify(OCSP_REQUEST *req, OCSP_BASICRESP *bs,
         else
             ret = OCSP_BASICRESP_verify(bs, skey);
         if (ret <= 0)
-            OCSPerr(0, OCSP_R_SIGNATURE_FAILURE);
+            ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNATURE_FAILURE);
     }
     return ret;
 }
@@ -104,8 +104,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
     int ret = ocsp_find_signer(&signer, bs, certs, flags);
 
     if (ret == 0) {
-        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
-                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
         goto end;
     }
     if ((ret == 2) && (flags & OCSP_TRUSTOTHER) != 0)
@@ -152,7 +151,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
 
         x = sk_X509_value(chain, sk_X509_num(chain) - 1);
         if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
-            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
+            ERR_raise(ERR_LIB_OCSP, OCSP_R_ROOT_CA_NOT_TRUSTED);
             ret = 0;
             goto end;
         }
@@ -228,7 +227,7 @@ static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain)
     int ret;
 
     if (sk_X509_num(chain) <= 0) {
-        OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
         return -1;
     }
 
@@ -272,8 +271,7 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
 
     idcount = sk_OCSP_SINGLERESP_num(sresp);
     if (idcount <= 0) {
-        OCSPerr(OCSP_F_OCSP_CHECK_IDS,
-                OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
         return -1;
     }
 
@@ -313,13 +311,13 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
         unsigned char md[EVP_MAX_MD_SIZE];
 
         if (dgst == NULL) {
-            OCSPerr(0, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
+            ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
             return -1;
         }
 
         mdlen = EVP_MD_size(dgst);
         if (mdlen < 0) {
-            OCSPerr(0, OCSP_R_DIGEST_SIZE_ERR);
+            ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_SIZE_ERR);
             return -1;
         }
         if (cid->issuerNameHash.length != mdlen ||
@@ -327,13 +325,13 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
             return 0;
         iname = X509_get_subject_name(cert);
         if (!X509_NAME_digest(iname, dgst, md, NULL)) {
-            OCSPerr(0, OCSP_R_DIGEST_NAME_ERR);
+            ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_NAME_ERR);
             return -1;
         }
         if (memcmp(md, cid->issuerNameHash.data, mdlen) != 0)
             return 0;
         if (!X509_pubkey_digest(cert, dgst, md, NULL)) {
-            OCSPerr(0, OCSP_R_DIGEST_ERR);
+            ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_ERR);
             return -1;
         }
         if (memcmp(md, cid->issuerKeyHash.data, mdlen) != 0)
@@ -358,7 +356,7 @@ static int ocsp_check_delegated(X509 *x)
     if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
         && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
         return 1;
-    OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
+    ERR_raise(ERR_LIB_OCSP, OCSP_R_MISSING_OCSPSIGNING_USAGE);
     return 0;
 }
 
@@ -376,20 +374,18 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
     int ret;
 
     if (!req->optionalSignature) {
-        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_REQUEST_NOT_SIGNED);
         return 0;
     }
     gen = req->tbsRequest.requestorName;
     if (!gen || gen->type != GEN_DIRNAME) {
-        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
-                OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
         return 0; /* not returning -1 here for backward compatibility*/
     }
     nm = gen->d.directoryName;
     ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
     if (ret <= 0) {
-        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
-                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+        ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
         return 0; /* not returning -1 here for backward compatibility*/
     }
     if ((ret == 2) && (flags & OCSP_TRUSTOTHER) != 0)
diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c
index 2f2684b9a4..7d3d730457 100644
--- a/crypto/ocsp/v3_ocsp.c
+++ b/crypto/ocsp/v3_ocsp.c
@@ -203,7 +203,7 @@ static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
  err:
     if ((pos == NULL) || (*pos != os))
         ASN1_OCTET_STRING_free(os);
-    OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
+    ERR_raise(ERR_LIB_OCSP, ERR_R_MALLOC_FAILURE);
     return NULL;
 }