From: Matt Caswell Date: Fri, 10 Mar 2023 15:02:26 +0000 (+0000) Subject: Provide better errors for some QUIC failures X-Git-Tag: openssl-3.2.0-alpha1~1136 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=44a1ac5de0cb422bc65089e1e3bf1b46bb8ab141;p=thirdparty%2Fopenssl.git Provide better errors for some QUIC failures For example if would be helpful if we got more useful information if the caller forgot to set the peer address. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/20514) --- diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index d0336d97298..3f7f4bf1092 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1493,6 +1493,7 @@ SSL_R_RECORDS_NOT_RELEASED:321:records not released SSL_R_RECORD_LAYER_FAILURE:313:record layer failure SSL_R_RECORD_LENGTH_MISMATCH:213:record length mismatch SSL_R_RECORD_TOO_SMALL:298:record too small +SSL_R_REMOTE_PEER_ADDRESS_NOT_SET:346:remote peer address not set SSL_R_RENEGOTIATE_EXT_TOO_LONG:335:renegotiate ext too long SSL_R_RENEGOTIATION_ENCODING_ERR:336:renegotiation encoding err SSL_R_RENEGOTIATION_MISMATCH:337:renegotiation mismatch diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index b8809ad28ab..43aa1c37426 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -231,6 +231,7 @@ # define SSL_R_RECORD_LAYER_FAILURE 313 # define SSL_R_RECORD_LENGTH_MISMATCH 213 # define SSL_R_RECORD_TOO_SMALL 298 +# define SSL_R_REMOTE_PEER_ADDRESS_NOT_SET 346 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 # define SSL_R_RENEGOTIATION_ENCODING_ERR 336 # define SSL_R_RENEGOTIATION_MISMATCH 337 diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index 4c34ab8e404..48e1cf7c0ef 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -652,7 +652,7 @@ int ossl_quic_do_handshake(QUIC_CONNECTION *qc) if (BIO_ADDR_family(&qc->init_peer_addr) == AF_UNSPEC) { /* Peer address must have been set. */ - QUIC_RAISE_NON_NORMAL_ERROR(qc, ERR_R_PASSED_INVALID_ARGUMENT, NULL); + QUIC_RAISE_NON_NORMAL_ERROR(qc, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET, NULL); return -1; /* Non-protocol error */ } @@ -664,7 +664,7 @@ int ossl_quic_do_handshake(QUIC_CONNECTION *qc) if (qc->net_rbio == NULL || qc->net_wbio == NULL) { /* Need read and write BIOs. */ - QUIC_RAISE_NON_NORMAL_ERROR(qc, ERR_R_PASSED_INVALID_ARGUMENT, NULL); + QUIC_RAISE_NON_NORMAL_ERROR(qc, SSL_R_BIO_NOT_SET, NULL); return -1; /* Non-protocol error */ } diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 73dedbc5b3f..bec6733a00b 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -358,6 +358,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_TOO_SMALL), "record too small"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REMOTE_PEER_ADDRESS_NOT_SET), + "remote peer address not set"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_ENCODING_ERR), diff --git a/ssl/sslerr.h b/ssl/sslerr.h index 6715ac6a325..f28230f0875 100644 --- a/ssl/sslerr.h +++ b/ssl/sslerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy