diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2023-04-26 19:00:58 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2023-04-26 19:00:58 +0000 |
| commit | 86fda1b0b7e072e75bc303fe9f1902a299085d14 (patch) | |
| tree | 4bc745e2b863eaccdff1054141e4fa04ff6b0d7f | |
| parent | df52f2739ad491414c6c3b39bbd2eb4b9864d6fe (diff) | |
Fix error code goop
ok tb@ jsing@
| -rw-r--r-- | lib/libcrypto/x509/x509_policy.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/lib/libcrypto/x509/x509_policy.c b/lib/libcrypto/x509/x509_policy.c index ec98829b98c..e4b6ed6011d 100644 --- a/lib/libcrypto/x509/x509_policy.c +++ b/lib/libcrypto/x509/x509_policy.c @@ -17,6 +17,7 @@ #include <assert.h> #include <string.h> +#include <openssl/err.h> #include <openssl/objects.h> #include <openssl/stack.h> #include <openssl/x509v3.h> @@ -24,6 +25,8 @@ #include "x509_internal.h" #include "x509_local.h" +/* XXX move to proper place */ +#define X509_R_INVALID_POLICY_EXTENSION 201 // This file computes the X.509 policy tree, as described in RFC 5280, section // 6.1. It differs in that: @@ -245,7 +248,7 @@ static int process_certificate_policies(const X509 *x509, // certificatePolicies may not be empty. See RFC 5280, section 4.2.1.4. // TODO(https://crbug.com/boringssl/443): Move this check into the parser. if (sk_POLICYINFO_num(policies) == 0) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); + X509error(X509_R_INVALID_POLICY_EXTENSION); goto err; } @@ -260,7 +263,7 @@ static int process_certificate_policies(const X509 *x509, if (i > 0 && OBJ_cmp(sk_POLICYINFO_value(policies, i - 1)->policyid, policy->policyid) == 0) { // Per RFC 5280, section 4.2.1.4, |policies| may not have duplicates. - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); + X509error(X509_R_INVALID_POLICY_EXTENSION); goto err; } } @@ -369,7 +372,7 @@ static X509_POLICY_LEVEL *process_policy_mappings(const X509 *cert, // PolicyMappings may not be empty. See RFC 5280, section 4.2.1.5. // TODO(https://crbug.com/boringssl/443): Move this check into the parser. if (sk_POLICY_MAPPING_num(mappings) == 0) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); + X509error(X509_R_INVALID_POLICY_EXTENSION); goto err; } @@ -517,7 +520,7 @@ static int apply_skip_certs(const ASN1_INTEGER *skip_certs, size_t *value) { // TODO(https://crbug.com/boringssl/443): Move this check into the parser. if (skip_certs->type & V_ASN1_NEG) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); + X509error(X509_R_INVALID_POLICY_EXTENSION); return 0; } @@ -548,7 +551,7 @@ static int process_policy_constraints(const X509 *x509, size_t *explicit_policy, constraints->inhibitPolicyMapping == NULL) { // Per RFC 5280, section 4.2.1.11, at least one of the fields must be // present. - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); + X509error(X509_R_INVALID_POLICY_EXTENSION); POLICY_CONSTRAINTS_free(constraints); return 0; } |