Provide and use QUIC specific error reasons.

ok tb@

diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 7ce873d..359b554 100644 (file)
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.224 2022/08/21 17:54:38 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.225 2022/08/21 19:18:57 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2164,6 +2164,8 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_X509_LIB                                  268
 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS          269
 #define SSL_R_PEER_BEHAVING_BADLY                       666
+#define SSL_R_QUIC_INTERNAL_ERROR                       667
+#define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED           668
 #define SSL_R_UNKNOWN                                   999
 
 /*

diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c
index 6078378..3192502 100644 (file)
--- a/lib/libssl/ssl_err.c
+++ b/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.43 2022/07/12 14:42:48 kn Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.44 2022/08/21 19:18:57 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -341,6 +341,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
        {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"},
        {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) , "public key is not rsa"},
        {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA)    , "public key not rsa"},
+       {ERR_REASON(SSL_R_QUIC_INTERNAL_ERROR)   , "QUIC: internal error"},
        {ERR_REASON(SSL_R_READ_BIO_NOT_SET)      , "read bio not set"},
        {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED)  , "read timeout expired"},
        {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"},
@@ -456,6 +457,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
        {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET)     , "write bio not set"},
        {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"},
        {ERR_REASON(SSL_R_WRONG_CURVE)           , "wrong curve"},
+       {ERR_REASON(SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED), "QUIC: wrong encryption level received"},
        {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE)    , "wrong message type"},
        {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},
        {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},

diff --git a/lib/libssl/tls13_quic.c b/lib/libssl/tls13_quic.c
index 52e09f0..f58a0b8 100644 (file)
--- a/lib/libssl/tls13_quic.c
+++ b/lib/libssl/tls13_quic.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: tls13_quic.c,v 1.2 2022/07/24 14:31:37 jsing Exp $ */
+/*     $OpenBSD: tls13_quic.c,v 1.3 2022/08/21 19:18:57 jsing Exp $ */
 /*
  * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
  *
@@ -25,7 +25,7 @@ tls13_quic_wire_read_cb(void *buf, size_t n, void *arg)
        struct tls13_ctx *ctx = arg;
        SSL *ssl = ctx->ssl;
 
-       SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+       SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
        return TLS13_IO_FAILURE;
 }
 
@@ -35,7 +35,7 @@ tls13_quic_wire_write_cb(const void *buf, size_t n, void *arg)
        struct tls13_ctx *ctx = arg;
        SSL *ssl = ctx->ssl;
 
-       SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+       SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
        return TLS13_IO_FAILURE;
 }