From: Theo Buehler Date: Sat, 10 Jun 2023 09:01:32 +0000 (+0200) Subject: Fix incorrect ERR_raise() calls X-Git-Tag: openssl-3.1.2~70 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a0ad7e7f6f02cc6bd13d4139ff827eba17f71e18;p=thirdparty%2Fopenssl.git Fix incorrect ERR_raise() calls A few ERR_raise() calls in v3_purp.c use the wrong library. For example, in OpenSSL 3.1.1 we get 00000000:error:0580009E:x509 certificate routines:ossl_x509v3_cache_extensions:reason(158):crypto/x509/v3_purp.c:635: instead of 00000000:error:1100009E:X509 V3 routines:ossl_x509v3_cache_extensions:invalid certificate:crypto/x509/v3_purp.c:635: Reviewed-by: Todd Short Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/21168) (cherry picked from commit 959c150a1dcc4535c2d94ac6f3310566723911f1) --- diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index fc5ed284a59..9bbb03d7afc 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -438,7 +438,7 @@ int ossl_x509v3_cache_extensions(X509 *x) * in case ctx->param->flags & X509_V_FLAG_X509_STRICT */ if (bs->pathlen->type == V_ASN1_NEG_INTEGER) { - ERR_raise(ERR_LIB_X509, X509V3_R_NEGATIVE_PATHLEN); + ERR_raise(ERR_LIB_X509V3, X509V3_R_NEGATIVE_PATHLEN); x->ex_flags |= EXFLAG_INVALID; } else { x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); @@ -479,7 +479,7 @@ int ossl_x509v3_cache_extensions(X509 *x) ASN1_BIT_STRING_free(usage); /* Check for empty key usage according to RFC 5280 section 4.2.1.3 */ if (x->ex_kusage == 0) { - ERR_raise(ERR_LIB_X509, X509V3_R_EMPTY_KEY_USAGE); + ERR_raise(ERR_LIB_X509V3, X509V3_R_EMPTY_KEY_USAGE); x->ex_flags |= EXFLAG_INVALID; } } else if (i != -1) { @@ -632,7 +632,7 @@ int ossl_x509v3_cache_extensions(X509 *x) return 1; } if ((x->ex_flags & EXFLAG_INVALID) != 0) - ERR_raise(ERR_LIB_X509, X509V3_R_INVALID_CERTIFICATE); + ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_CERTIFICATE); /* If computing sha1_hash failed the error queue already reflects this. */ err: