summaryrefslogtreecommitdiffstats
path: root/crypto/cmp/cmp_vfy.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/cmp/cmp_vfy.c')
-rw-r--r--crypto/cmp/cmp_vfy.c44
1 files changed, 22 insertions, 22 deletions
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index f9981c2330..8b6e856d1a 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -37,13 +37,13 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
/* verify that keyUsage, if present, contains digitalSignature */
if (!cmp_ctx->ignore_keyusage
&& (X509_get_key_usage(cert) & X509v3_KU_DIGITAL_SIGNATURE) == 0) {
- CMPerr(0, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE);
+ ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE);
goto sig_err;
}
pubkey = X509_get_pubkey(cert);
if (pubkey == NULL) {
- CMPerr(0, CMP_R_FAILED_EXTRACTING_PUBKEY);
+ ERR_raise(ERR_LIB_CMP, CMP_R_FAILED_EXTRACTING_PUBKEY);
goto sig_err;
}
@@ -60,7 +60,7 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
sig_err:
res = x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS);
- CMPerr(0, CMP_R_ERROR_VALIDATING_SIGNATURE);
+ ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_VALIDATING_SIGNATURE);
if (res)
ERR_add_error_mem_bio("\n", bio);
res = 0;
@@ -89,7 +89,7 @@ static int verify_PBMAC(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
protection->length) == 0;
ASN1_BIT_STRING_free(protection);
if (!valid)
- CMPerr(0, CMP_R_WRONG_PBM_VALUE);
+ ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_PBM_VALUE);
return valid;
}
@@ -109,12 +109,12 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
int err;
if (ctx == NULL || cert == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
if (trusted_store == NULL) {
- CMPerr(0, CMP_R_MISSING_TRUST_STORE);
+ ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_STORE);
return 0;
}
@@ -128,7 +128,7 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
/* make sure suitable error is queued even if callback did not do */
err = ERR_peek_last_error();
if (!valid && ERR_GET_REASON(err) != CMP_R_POTENTIALLY_INVALID_CERTIFICATE)
- CMPerr(0, CMP_R_POTENTIALLY_INVALID_CERTIFICATE);
+ ERR_raise(ERR_LIB_CMP, CMP_R_POTENTIALLY_INVALID_CERTIFICATE);
err:
/* directly output any fresh errors, needed for check_msg_find_cert() */
@@ -458,7 +458,7 @@ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
if (sender == NULL || msg->body == NULL)
return 0; /* other NULL cases already have been checked */
if (sender->type != GEN_DIRNAME) {
- CMPerr(0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
+ ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
return 0;
}
@@ -514,7 +514,7 @@ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
(void)check_msg_all_certs(ctx, msg, 1 /* 3gpp */);
}
- CMPerr(0, CMP_R_NO_SUITABLE_SENDER_CERT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NO_SUITABLE_SENDER_CERT);
if (sname != NULL) {
ERR_add_error_txt(NULL, "for msg sender name = ");
ERR_add_error_txt(NULL, sname);
@@ -553,13 +553,13 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
ossl_cmp_debug(ctx, "validating CMP message");
if (ctx == NULL || msg == NULL
|| msg->header == NULL || msg->body == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
if (msg->header->protectionAlg == NULL /* unprotected message */
|| msg->protection == NULL || msg->protection->data == NULL) {
- CMPerr(0, CMP_R_MISSING_PROTECTION);
+ ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PROTECTION);
return 0;
}
@@ -608,7 +608,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
* Not yet supported
*/
case NID_id_DHBasedMac:
- CMPerr(0, CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC);
+ ERR_raise(ERR_LIB_CMP, CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC);
break;
/*
@@ -632,7 +632,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
return 1;
}
ossl_cmp_warn(ctx, "CMP message signature verification failed");
- CMPerr(0, CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG);
+ ERR_raise(ERR_LIB_CMP, CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG);
}
break;
}
@@ -672,7 +672,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
/* validate sender name of received msg */
if (hdr->sender->type != GEN_DIRNAME) {
- CMPerr(0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
+ ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
return 0; /* TODO FR#42: support for more than X509_NAME */
}
/*
@@ -711,7 +711,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
if (!OSSL_CMP_validate_msg(ctx, msg)
&& (cb == NULL || (*cb)(ctx, msg, 1, cb_arg) <= 0)) {
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
- CMPerr(0, CMP_R_ERROR_VALIDATING_PROTECTION);
+ ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_VALIDATING_PROTECTION);
return 0;
#endif
}
@@ -719,7 +719,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
/* detect explicitly permitted exceptions for missing protection */
if (cb == NULL || (*cb)(ctx, msg, 0, cb_arg) <= 0) {
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
- CMPerr(0, CMP_R_MISSING_PROTECTION);
+ ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PROTECTION);
return 0;
#endif
}
@@ -728,14 +728,14 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
/* check CMP version number in header */
if (ossl_cmp_hdr_get_pvno(hdr) != OSSL_CMP_PVNO) {
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
- CMPerr(0, CMP_R_UNEXPECTED_PVNO);
+ ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PVNO);
return 0;
#endif
}
if (ossl_cmp_msg_get_bodytype(msg) < 0) {
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
- CMPerr(0, CMP_R_PKIBODY_ERROR);
+ ERR_raise(ERR_LIB_CMP, CMP_R_PKIBODY_ERROR);
return 0;
#endif
}
@@ -746,7 +746,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
|| ASN1_OCTET_STRING_cmp(ctx->transactionID,
hdr->transactionID) != 0)) {
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
- CMPerr(0, CMP_R_TRANSACTIONID_UNMATCHED);
+ ERR_raise(ERR_LIB_CMP, CMP_R_TRANSACTIONID_UNMATCHED);
return 0;
#endif
}
@@ -757,7 +757,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
|| ASN1_OCTET_STRING_cmp(ctx->senderNonce,
hdr->recipNonce) != 0)) {
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
- CMPerr(0, CMP_R_RECIPNONCE_UNMATCHED);
+ ERR_raise(ERR_LIB_CMP, CMP_R_RECIPNONCE_UNMATCHED);
return 0;
#endif
}
@@ -828,7 +828,7 @@ int ossl_cmp_verify_popo(const OSSL_CMP_CTX *ctx,
if (X509_REQ_verify_ex(req, X509_REQ_get0_pubkey(req), ctx->libctx,
ctx->propq) <= 0) {
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
- CMPerr(0, CMP_R_REQUEST_NOT_ACCEPTED);
+ ERR_raise(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED);
return 0;
#endif
}
@@ -846,7 +846,7 @@ int ossl_cmp_verify_popo(const OSSL_CMP_CTX *ctx,
}
break;
default:
- CMPerr(0, CMP_R_PKIBODY_ERROR);
+ ERR_raise(ERR_LIB_CMP, CMP_R_PKIBODY_ERROR);
return 0;
}
return 1;
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 08:04:27 +0100