From: Richard Levitte <levitte@openssl.org>
Date: Wed, 4 Nov 2020 13:36:38 +0000 (+0100)
Subject: SSL: refactor ossl_statem_fatal() and SSLfatal()
X-Git-Tag: openssl-3.0.0-alpha9~132
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e92519b5a6ad5fa1ca36316dd9256e65dcb2c6db;p=thirdparty%2Fopenssl.git

SSL: refactor ossl_statem_fatal() and SSLfatal()

ossl_statem_fatal() is refactored to be an extended ERR_set_error(),
and SSLfatal() is refactored to work like ERR_raise().  We also add
SSLfatal_data() to work like ERR_raise_data().

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)
---

diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index ac09e5f2ebe..23f73b7c4b0 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -112,14 +112,19 @@ void ossl_statem_set_renegotiate(SSL *s)
 }
 
 /*
- * Put the state machine into an error state and send an alert if appropriate.
+ * Error reporting building block that's used instead of ERR_set_error().
+ * In addition to what ERR_set_error() does, this puts the state machine
+ * into an error state and sends an alert if appropriate.
  * This is a permanent error for the current connection.
  */
-void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
-                       int line)
+void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...)
 {
-    ERR_raise(ERR_LIB_SSL, reason);
-    ERR_set_debug(file, line, NULL); /* Override what ERR_raise set */
+    va_list args;
+
+    va_start(args, fmt);
+    ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
+    va_end(args);
+
     /* We shouldn't call SSLfatal() twice. Once is enough */
     if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
       return;
diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
index a9309c967d9..41f50d23b22 100644
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@@ -132,15 +132,13 @@ __owur int ossl_statem_accept(SSL *s);
 __owur int ossl_statem_connect(SSL *s);
 void ossl_statem_clear(SSL *s);
 void ossl_statem_set_renegotiate(SSL *s);
-void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
-                       int line);
+void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...);
 # define SSL_AD_NO_ALERT    -1
-# ifndef OPENSSL_NO_ERR
-#  define SSLfatal(s, al, f, r)  ossl_statem_fatal((s), (al), (0), (r), \
-                                                   OPENSSL_FILE, OPENSSL_LINE)
-# else
-#  define SSLfatal(s, al, f, r)  ossl_statem_fatal((s), (al), (0), (r), NULL, 0)
-# endif
+# define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL)
+# define SSLfatal_data                                          \
+    (ERR_new(),                                                 \
+     ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC),   \
+     ossl_statem_fatal)
 
 int ossl_statem_in_error(const SSL *s);
 void ossl_statem_set_in_init(SSL *s, int init);