From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 14 Dec 2023 17:33:57 +0000 (+0100)
Subject: Consolidate raising errors in SSL_CONF_cmd()
X-Git-Tag: openssl-3.0.13~68
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f21f02e0c595bc66fa85bc2c9aa9ba70d95ebbae;p=thirdparty%2Fopenssl.git

Consolidate raising errors in SSL_CONF_cmd()

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23048)

(cherry picked from commit 430dcbd0463573fece704263648cc15e891c3d49)
---

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 5146cedb96e..698280288e9 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -870,9 +870,12 @@ static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd)
     /* Find index of command in table */
     size_t idx = cmd - ssl_conf_cmds;
     const ssl_switch_tbl *scmd;
+
     /* Sanity check index */
-    if (idx >= OSSL_NELEM(ssl_cmd_switches))
+    if (idx >= OSSL_NELEM(ssl_cmd_switches)) {
+        ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
         return 0;
+    }
     /* Obtain switches entry with same index */
     scmd = ssl_cmd_switches + idx;
     ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1);
@@ -888,28 +891,33 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
     }
 
     if (!ssl_conf_cmd_skip_prefix(cctx, &cmd))
-        return -2;
+        goto unknown_cmd;
 
     runcmd = ssl_conf_cmd_lookup(cctx, cmd);
 
     if (runcmd) {
-        int rv;
+        int rv = -3;
+
         if (runcmd->value_type == SSL_CONF_TYPE_NONE) {
             return ctrl_switch_option(cctx, runcmd);
         }
         if (value == NULL)
-            return -3;
+            goto bad_value;
         rv = runcmd->cmd(cctx, value);
         if (rv > 0)
             return 2;
-        if (rv == -2)
-            return -2;
+        if (rv != -2)
+            rv = 0;
+
+ bad_value:
         if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
             ERR_raise_data(ERR_LIB_SSL, SSL_R_BAD_VALUE,
-                           "cmd=%s, value=%s", cmd, value);
-        return 0;
+                           "cmd=%s, value=%s", cmd,
+                           value != NULL ? value : "<EMPTY>");
+        return rv;
     }
 
+ unknown_cmd:
     if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
         ERR_raise_data(ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME, "cmd=%s", cmd);
 
diff --git a/ssl/ssl_mcnf.c b/ssl/ssl_mcnf.c
index d7ec22c0e89..8bccce84d46 100644
--- a/ssl/ssl_mcnf.c
+++ b/ssl/ssl_mcnf.c
@@ -73,13 +73,8 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
 
         conf_ssl_get_cmd(cmds, i, &cmdstr, &arg);
         rv = SSL_CONF_cmd(cctx, cmdstr, arg);
-        if (rv <= 0) {
-            int errcode = rv == -2 ? SSL_R_UNKNOWN_COMMAND : SSL_R_BAD_VALUE;
-
-            ERR_raise_data(ERR_LIB_SSL, errcode,
-                           "section=%s, cmd=%s, arg=%s", name, cmdstr, arg);
+        if (rv <= 0)
             ++err;
-        }
     }
     if (!SSL_CONF_CTX_finish(cctx))
         ++err;