SSL: refactor ossl_statem_fatal() and SSLfatal()

ossl_statem_fatal() is refactored to be an extended ERR_set_error(), and SSLfatal() is refactored to work like ERR_raise(). We also add SSLfatal_data() to work like ERR_raise_data(). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13316)
2025-01-18 13:44:20 +08:00 · 2020-11-04 14:36:38 +01:00 · 2020-11-04 14:36:38 +01:00 · e92519b5a6
commit e92519b5a6
parent 6849b73ccc
2 changed files with 16 additions and 13 deletions
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@ -112,14 +112,19 @@ void ossl_statem_set_renegotiate(SSL *s)
 }

 /*
- * Put the state machine into an error state and send an alert if appropriate.
+ * Error reporting building block that's used instead of ERR_set_error().
+ * In addition to what ERR_set_error() does, this puts the state machine
+ * into an error state and sends an alert if appropriate.
 * This is a permanent error for the current connection.
 */
-void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
-                       int line)
+void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...)
 {
-    ERR_raise(ERR_LIB_SSL, reason);
-    ERR_set_debug(file, line, NULL); /* Override what ERR_raise set */
+    va_list args;
+
+    va_start(args, fmt);
+    ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
+    va_end(args);
+
    /* We shouldn't call SSLfatal() twice. Once is enough */
    if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
      return;
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@ -132,15 +132,13 @@ __owur int ossl_statem_accept(SSL *s);
 __owur int ossl_statem_connect(SSL *s);
 void ossl_statem_clear(SSL *s);
 void ossl_statem_set_renegotiate(SSL *s);
-void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
-                       int line);
+void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...);
 # define SSL_AD_NO_ALERT    -1
-# ifndef OPENSSL_NO_ERR
-#  define SSLfatal(s, al, f, r)  ossl_statem_fatal((s), (al), (0), (r), \
-                                                   OPENSSL_FILE, OPENSSL_LINE)
-# else
-#  define SSLfatal(s, al, f, r)  ossl_statem_fatal((s), (al), (0), (r), NULL, 0)
-# endif
+# define SSLfatal(s, al, r) SSLfatal_data((s), (al), (r), NULL)
+# define SSLfatal_data                                          \
+    (ERR_new(),                                                 \
+     ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC),   \
+     ossl_statem_fatal)

 int ossl_statem_in_error(const SSL *s);
 void ossl_statem_set_in_init(SSL *s, int init);