diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-11-04 12:23:19 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-11-13 09:35:02 +0100 |
| commit | 9311d0c471ca2eaa259e8c1bbbeb7c46394c7ba2 (patch) | |
| tree | e82c26569e5a952980e65a746af920beed602aab /crypto/crmf | |
| parent | EVP: Adapt EVP_PKEY2PKCS8() to better handle provider-native keys (diff) | |
| download | openssl-9311d0c471ca2eaa259e8c1bbbeb7c46394c7ba2.tar.xz openssl-9311d0c471ca2eaa259e8c1bbbeb7c46394c7ba2.zip | |
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call
This includes error reporting for libcrypto sub-libraries in surprising
places.
This was done using util/err-to-raise
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)
Diffstat (limited to 'crypto/crmf')
| -rw-r--r-- | crypto/crmf/crmf_lib.c | 82 | ||||
| -rw-r--r-- | crypto/crmf/crmf_pbm.c | 20 |
2 files changed, 45 insertions, 57 deletions
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index 9b80c526b5..cb443ff850 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -75,7 +75,7 @@ static int OSSL_CRMF_MSG_push0_regCtrl(OSSL_CRMF_MSG *crm, int new = 0; if (crm == NULL || crm->certReq == NULL || ctrl == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_MSG_PUSH0_REGCTRL, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return 0; } @@ -110,8 +110,7 @@ int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, if (spi == NULL || method < OSSL_CRMF_PUB_METHOD_DONTCARE || method > OSSL_CRMF_PUB_METHOD_LDAP) { - CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET0_SINGLEPUBINFO, - ERR_R_PASSED_INVALID_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -127,8 +126,7 @@ OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINF OSSL_CRMF_SINGLEPUBINFO *spi) { if (pi == NULL || spi == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_MSG_PKIPUBLICATIONINFO_PUSH0_SINGLEPUBINFO, - CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return 0; } if (pi->pubInfos == NULL) @@ -145,8 +143,7 @@ int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi if (pi == NULL || action < OSSL_CRMF_PUB_ACTION_DONTPUBLISH || action > OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH) { - CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET_PKIPUBLICATIONINFO_ACTION, - ERR_R_PASSED_INVALID_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -166,7 +163,7 @@ OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, OSSL_CRMF_CERTID *cid = NULL; if (issuer == NULL || serial == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_CERTID_GEN, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return NULL; } @@ -204,7 +201,7 @@ static int OSSL_CRMF_MSG_push0_regInfo(OSSL_CRMF_MSG *crm, STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *info = NULL; if (crm == NULL || ri == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_MSG_PUSH0_REGINFO, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return 0; } @@ -234,7 +231,7 @@ IMPLEMENT_CRMF_CTRL_FUNC(certReq, OSSL_CRMF_CERTREQUEST, regInfo) OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm) { if (crm == NULL || crm->certReq == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_MSG_GET0_TMPL, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return NULL; } return crm->certReq->certTemplate; @@ -248,7 +245,7 @@ int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm); if (tmpl == NULL) { /* also crm == NULL implies this */ - CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET0_VALIDITY, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return 0; } @@ -264,7 +261,7 @@ int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid) { if (crm == NULL || crm->certReq == NULL || crm->certReq->certReqId == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET_CERTREQID, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return 0; } @@ -277,15 +274,15 @@ static int crmf_asn1_get_int(const ASN1_INTEGER *a) int64_t res; if (!ASN1_INTEGER_get_int64(&res, a)) { - CRMFerr(0, ASN1_R_INVALID_NUMBER); + ERR_raise(ERR_LIB_CRMF, ASN1_R_INVALID_NUMBER); return -1; } if (res < INT_MIN) { - CRMFerr(0, ASN1_R_TOO_SMALL); + ERR_raise(ERR_LIB_CRMF, ASN1_R_TOO_SMALL); return -1; } if (res > INT_MAX) { - CRMFerr(0, ASN1_R_TOO_LARGE); + ERR_raise(ERR_LIB_CRMF, ASN1_R_TOO_LARGE); return -1; } return (int)res; @@ -294,7 +291,7 @@ static int crmf_asn1_get_int(const ASN1_INTEGER *a) int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm) { if (crm == NULL || /* not really needed: */ crm->certReq == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_MSG_GET_CERTREQID, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return -1; } return crmf_asn1_get_int(crm->certReq->certReqId); @@ -307,7 +304,7 @@ int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm); if (tmpl == NULL) { /* also crm == NULL implies this */ - CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET0_EXTENSIONS, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return 0; } @@ -329,7 +326,7 @@ int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm); if (tmpl == NULL || ext == NULL) { /* also crm == NULL implies this */ - CRMFerr(CRMF_F_OSSL_CRMF_MSG_PUSH0_EXTENSION, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return 0; } @@ -356,12 +353,12 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps, OSSL_LIB_CTX *libctx, const char *propq) { if (ps == NULL || cr == NULL || pkey == NULL) { - CRMFerr(0, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return 0; } if (ps->poposkInput != NULL) { /* TODO: support cases 1+2 defined in RFC 4211, section 4.1 */ - CRMFerr(0, CRMF_R_POPOSKINPUT_NOT_SUPPORTED); + ERR_raise(ERR_LIB_CRMF, CRMF_R_POPOSKINPUT_NOT_SUPPORTED); return 0; } @@ -379,7 +376,7 @@ int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm, ASN1_INTEGER *tag = NULL; if (crm == NULL || (meth == OSSL_CRMF_POPO_SIGNATURE && pkey == NULL)) { - CRMFerr(CRMF_F_OSSL_CRMF_MSG_CREATE_POPO, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return 0; } @@ -423,8 +420,7 @@ int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm, break; default: - CRMFerr(CRMF_F_OSSL_CRMF_MSG_CREATE_POPO, - CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO); + ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO); goto err; } @@ -450,26 +446,26 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, void *asn; if (reqs == NULL || (req = sk_OSSL_CRMF_MSG_value(reqs, rid)) == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return 0; } if (req->popo == NULL) { - CRMFerr(0, CRMF_R_POPO_MISSING); + ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING); return 0; } switch (req->popo->type) { case OSSL_CRMF_POPO_RAVERIFIED: if (!acceptRAVerified) { - CRMFerr(0, CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED); + ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED); return 0; } break; case OSSL_CRMF_POPO_SIGNATURE: pubkey = req->certReq->certTemplate->publicKey; if (pubkey == NULL) { - CRMFerr(0, CRMF_R_POPO_MISSING_PUBLIC_KEY); + ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_PUBLIC_KEY); return 0; } sig = req->popo->value.signature; @@ -480,11 +476,11 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, * exactly the same value as contained in the certificate template. */ if (sig->poposkInput->publicKey == NULL) { - CRMFerr(0, CRMF_R_POPO_MISSING_PUBLIC_KEY); + ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_PUBLIC_KEY); return 0; } if (X509_PUBKEY_eq(pubkey, sig->poposkInput->publicKey) != 1) { - CRMFerr(0, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY); + ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY); return 0; } /* @@ -495,7 +491,7 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, asn = sig->poposkInput; } else { if (req->certReq->certTemplate->subject == NULL) { - CRMFerr(0, CRMF_R_POPO_MISSING_SUBJECT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_SUBJECT); return 0; } it = ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST); @@ -515,8 +511,7 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, */ case OSSL_CRMF_POPO_KEYAGREE: default: - CRMFerr(CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO, - CRMF_R_UNSUPPORTED_POPO_METHOD); + ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_POPO_METHOD); return 0; } return 1; @@ -560,7 +555,7 @@ int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, const ASN1_INTEGER *serial) { if (tmpl == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_CERTTEMPLATE_FILL, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return 0; } if (subject != NULL && !X509_NAME_set((X509_NAME **)&tmpl->subject, subject)) @@ -605,19 +600,16 @@ X509 if (ecert == NULL || ecert->symmAlg == NULL || ecert->encSymmKey == NULL || ecert->encValue == NULL || pkey == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT, - CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return NULL; } if ((symmAlg = OBJ_obj2nid(ecert->symmAlg->algorithm)) == 0) { - CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT, - CRMF_R_UNSUPPORTED_CIPHER); + ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER); return NULL; } /* select symmetric cipher based on algorithm given in message */ if ((cipher = EVP_get_cipherbynid(symmAlg)) == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT, - CRMF_R_UNSUPPORTED_CIPHER); + ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER); goto end; } cikeysize = EVP_CIPHER_key_length(cipher); @@ -639,8 +631,7 @@ X509 | constant_time_is_zero(retval)); failure |= ~constant_time_eq_s(eksize, (size_t)cikeysize); if (failure) { - CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT, - CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY); + ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY); goto end; } } else { @@ -651,8 +642,7 @@ X509 if (ASN1_TYPE_get_octetstring(ecert->symmAlg->parameter, iv, EVP_CIPHER_iv_length(cipher)) != EVP_CIPHER_iv_length(cipher)) { - CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT, - CRMF_R_MALFORMED_IV); + ERR_raise(ERR_LIB_CRMF, CRMF_R_MALFORMED_IV); goto end; } @@ -671,8 +661,7 @@ X509 ecert->encValue->data, ecert->encValue->length) || !EVP_DecryptFinal(evp_ctx, outbuf + outlen, &n)) { - CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT, - CRMF_R_ERROR_DECRYPTING_CERTIFICATE); + ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_CERTIFICATE); goto end; } outlen += n; @@ -681,8 +670,7 @@ X509 if ((cert = X509_new_ex(libctx, propq)) == NULL) goto end; if (d2i_X509(&cert, &p, outlen) == NULL) - CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT, - CRMF_R_ERROR_DECODING_CERTIFICATE); + ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECODING_CERTIFICATE); end: EVP_PKEY_CTX_free(pkctx); OPENSSL_free(outbuf); diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index 9ad6ec149c..ffa94667ee 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -53,7 +53,7 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, if ((salt = OPENSSL_malloc(slen)) == NULL) goto err; if (RAND_bytes_ex(libctx, salt, (int)slen) <= 0) { - CRMFerr(CRMF_F_OSSL_CRMF_PBMP_NEW, CRMF_R_FAILURE_OBTAINING_RANDOM); + ERR_raise(ERR_LIB_CRMF, CRMF_R_FAILURE_OBTAINING_RANDOM); goto err; } if (!ASN1_OCTET_STRING_set(pbm->salt, salt, (int)slen)) @@ -65,7 +65,7 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, * support SHA-1. */ if (!X509_ALGOR_set0(pbm->owf, OBJ_nid2obj(owfnid), V_ASN1_UNDEF, NULL)) { - CRMFerr(CRMF_F_OSSL_CRMF_PBMP_NEW, CRMF_R_SETTING_OWF_ALGOR_FAILURE); + ERR_raise(ERR_LIB_CRMF, CRMF_R_SETTING_OWF_ALGOR_FAILURE); goto err; } @@ -80,16 +80,16 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, * this may not be true with all hash functions in the future. */ if (itercnt < 100) { - CRMFerr(CRMF_F_OSSL_CRMF_PBMP_NEW, CRMF_R_ITERATIONCOUNT_BELOW_100); + ERR_raise(ERR_LIB_CRMF, CRMF_R_ITERATIONCOUNT_BELOW_100); goto err; } if (itercnt > OSSL_CRMF_PBM_MAX_ITERATION_COUNT) { - CRMFerr(CRMF_F_OSSL_CRMF_PBMP_NEW, CRMF_R_BAD_PBM_ITERATIONCOUNT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_BAD_PBM_ITERATIONCOUNT); goto err; } if (!ASN1_INTEGER_set(pbm->iterationCount, itercnt)) { - CRMFerr(CRMF_F_OSSL_CRMF_PBMP_NEW, CRMF_R_CRMFERROR); + ERR_raise(ERR_LIB_CRMF, CRMF_R_CRMFERROR); goto err; } @@ -99,7 +99,7 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, * All implementations SHOULD support DES-MAC and Triple-DES-MAC [PKCS11]. */ if (!X509_ALGOR_set0(pbm->mac, OBJ_nid2obj(macnid), V_ASN1_UNDEF, NULL)) { - CRMFerr(CRMF_F_OSSL_CRMF_PBMP_NEW, CRMF_R_SETTING_MAC_ALGOR_FAILURE); + ERR_raise(ERR_LIB_CRMF, CRMF_R_SETTING_MAC_ALGOR_FAILURE); goto err; } @@ -144,7 +144,7 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, if (out == NULL || pbmp == NULL || pbmp->mac == NULL || pbmp->mac->algorithm == NULL || msg == NULL || sec == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_PBM_NEW, CRMF_R_NULL_ARGUMENT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); goto err; } if ((mac_res = OPENSSL_malloc(EVP_MAX_MD_SIZE)) == NULL) @@ -157,7 +157,7 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, */ mdname = OBJ_nid2sn(OBJ_obj2nid(pbmp->owf->algorithm)); if ((owf = EVP_MD_fetch(libctx, mdname, propq)) == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_PBM_NEW, CRMF_R_UNSUPPORTED_ALGORITHM); + ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM); goto err; } @@ -178,7 +178,7 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, if (!ASN1_INTEGER_get_int64(&iterations, pbmp->iterationCount) || iterations < 100 /* min from RFC */ || iterations > OSSL_CRMF_PBM_MAX_ITERATION_COUNT) { - CRMFerr(CRMF_F_OSSL_CRMF_PBM_NEW, CRMF_R_BAD_PBM_ITERATIONCOUNT); + ERR_raise(ERR_LIB_CRMF, CRMF_R_BAD_PBM_ITERATIONCOUNT); goto err; } @@ -201,7 +201,7 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, mac_nid, NULL, &hmac_md_nid, NULL) || (mdname = OBJ_nid2sn(hmac_md_nid)) == NULL) { - CRMFerr(CRMF_F_OSSL_CRMF_PBM_NEW, CRMF_R_UNSUPPORTED_ALGORITHM); + ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM); goto err; } |