From: jsing <jsing@openbsd.org>
Date: Mon, 5 Feb 2018 00:52:24 +0000 (+0000)
Subject: Be consistent with the goto label names used in libtls code.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=7add217b8eb9ea81a3752d76fa1861ba7106469a;p=openbsd

Be consistent with the goto label names used in libtls code.

No change to generated assembly.
---

diff --git a/lib/libtls/tls_config.c b/lib/libtls/tls_config.c
index e2e3f4abaae..d44b8dde49f 100644
--- a/lib/libtls/tls_config.c
+++ b/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.45 2017/12/09 16:46:08 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.46 2018/02/05 00:52:24 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -161,31 +161,31 @@ tls_config_load_file(struct tls_error *error, const char *filetype,
 	if ((fd = open(filename, O_RDONLY)) == -1) {
 		tls_error_set(error, "failed to open %s file '%s'",
 		    filetype, filename);
-		goto fail;
+		goto err;
 	}
 	if (fstat(fd, &st) != 0) {
 		tls_error_set(error, "failed to stat %s file '%s'",
 		    filetype, filename);
-		goto fail;
+		goto err;
 	}
 	if (st.st_size < 0)
-		goto fail;
+		goto err;
 	*len = (size_t)st.st_size;
 	if ((*buf = malloc(*len)) == NULL) {
 		tls_error_set(error, "failed to allocate buffer for "
 		    "%s file", filetype);
-		goto fail;
+		goto err;
 	}
 	n = read(fd, *buf, *len);
 	if (n < 0 || (size_t)n != *len) {
 		tls_error_set(error, "failed to read %s file '%s'",
 		    filetype, filename);
-		goto fail;
+		goto err;
 	}
 	close(fd);
 	return 0;
 
- fail:
+ err:
 	if (fd != -1)
 		close(fd);
 	freezero(*buf, *len);
@@ -571,17 +571,17 @@ tls_config_set_ciphers(struct tls_config *config, const char *ciphers)
 
 	if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) {
 		tls_config_set_errorx(config, "out of memory");
-		goto fail;
+		goto err;
 	}
 	if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) != 1) {
 		tls_config_set_errorx(config, "no ciphers for '%s'", ciphers);
-		goto fail;
+		goto err;
 	}
 
 	SSL_CTX_free(ssl_ctx);
 	return set_string(&config->ciphers, ciphers);
 
- fail:
+ err:
 	SSL_CTX_free(ssl_ctx);
 	return -1;
 }
diff --git a/lib/libtls/tls_ocsp.c b/lib/libtls/tls_ocsp.c
index a8835edc8ff..307ae842b8a 100644
--- a/lib/libtls/tls_ocsp.c
+++ b/lib/libtls/tls_ocsp.c
@@ -101,23 +101,24 @@ tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status,
 	    tls_ocsp_asn1_parse_time(ctx, revtime, &info->revocation_time) != 0) {
 		tls_set_error(ctx,
 		    "unable to parse revocation time in OCSP reply");
-		goto error;
+		goto err;
 	}
 	if (thisupd != NULL &&
 	    tls_ocsp_asn1_parse_time(ctx, thisupd, &info->this_update) != 0) {
 		tls_set_error(ctx,
 		    "unable to parse this update time in OCSP reply");
-		goto error;
+		goto err;
 	}
 	if (nextupd != NULL &&
 	    tls_ocsp_asn1_parse_time(ctx, nextupd, &info->next_update) != 0) {
 		tls_set_error(ctx,
 		    "unable to parse next update time in OCSP reply");
-		goto error;
+		goto err;
 	}
 	ctx->ocsp->ocsp_result = info;
 	return 0;
- error:
+
+ err:
 	free(info);
 	return -1;
 }
@@ -162,32 +163,32 @@ tls_ocsp_setup_from_peer(struct tls *ctx)
 	STACK_OF(OPENSSL_STRING) *ocsp_urls = NULL;
 
 	if ((ocsp = tls_ocsp_new()) == NULL)
-		goto failed;
+		goto err;
 
 	/* steal state from ctx struct */
 	ocsp->main_cert = SSL_get_peer_certificate(ctx->ssl_conn);
 	ocsp->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn);
 	if (ocsp->main_cert == NULL) {
 		tls_set_errorx(ctx, "no peer certificate for OCSP");
-		goto failed;
+		goto err;
 	}
 
 	ocsp_urls = X509_get1_ocsp(ocsp->main_cert);
 	if (ocsp_urls == NULL) {
 		tls_set_errorx(ctx, "no OCSP URLs in peer certificate");
-		goto failed;
+		goto err;
 	}
 
 	ocsp->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0));
 	if (ocsp->ocsp_url == NULL) {
 		tls_set_errorx(ctx, "out of memory");
-		goto failed;
+		goto err;
 	}
 
 	X509_email_free(ocsp_urls);
 	return ocsp;
 
- failed:
+ err:
 	tls_ocsp_free(ocsp);
 	X509_email_free(ocsp_urls);
 	return NULL;
@@ -206,7 +207,7 @@ tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp)
 
 	if ((br = OCSP_response_get1_basic(resp)) == NULL) {
 		tls_set_errorx(ctx, "cannot load ocsp reply");
-		goto error;
+		goto err;
 	}
 
 	/*
@@ -219,7 +220,7 @@ tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp)
 	if (OCSP_basic_verify(br, ctx->ocsp->extra_certs,
 		SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1) {
 		tls_set_error(ctx, "ocsp verify failed");
-		goto error;
+		goto err;
 	}
 
 	/* signature OK, look inside */
@@ -227,43 +228,43 @@ tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp)
 	if (response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
 		tls_set_errorx(ctx, "ocsp verify failed: response - %s",
 		    OCSP_response_status_str(response_status));
-		goto error;
+		goto err;
 	}
 
 	cid = tls_ocsp_get_certid(ctx->ocsp->main_cert,
 	    ctx->ocsp->extra_certs, ctx->ssl_ctx);
 	if (cid == NULL) {
 		tls_set_errorx(ctx, "ocsp verify failed: no issuer cert");
-		goto error;
+		goto err;
 	}
 
 	if (OCSP_resp_find_status(br, cid, &cert_status, &crl_reason,
 	    &revtime, &thisupd, &nextupd) != 1) {
 		tls_set_errorx(ctx, "ocsp verify failed: no result for cert");
-		goto error;
+		goto err;
 	}
 
 	if (OCSP_check_validity(thisupd, nextupd, JITTER_SEC,
 	    MAXAGE_SEC) != 1) {
 		tls_set_errorx(ctx,
 		    "ocsp verify failed: ocsp response not current");
-		goto error;
+		goto err;
 	}
 
 	if (tls_ocsp_fill_info(ctx, response_status, cert_status,
 	    crl_reason, revtime, thisupd, nextupd) != 0)
-		goto error;
+		goto err;
 
 	/* finally can look at status */
 	if (cert_status != V_OCSP_CERTSTATUS_GOOD && cert_status !=
 	    V_OCSP_CERTSTATUS_UNKNOWN) {
 		tls_set_errorx(ctx, "ocsp verify failed: revoked cert - %s",
 			       OCSP_crl_reason_str(crl_reason));
-		goto error;
+		goto err;
 	}
 	ret = 0;
 
- error:
+ err:
 	sk_X509_free(combined);
 	OCSP_CERTID_free(cid);
 	OCSP_BASICRESP_free(br);
diff --git a/lib/libtls/tls_util.c b/lib/libtls/tls_util.c
index aaa3eef49f1..f9df287ca87 100644
--- a/lib/libtls/tls_util.c
+++ b/lib/libtls/tls_util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_util.c,v 1.9 2017/06/22 18:03:57 jsing Exp $ */
+/* $OpenBSD: tls_util.c,v 1.10 2018/02/05 00:52:24 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -43,7 +43,7 @@ tls_host_port(const char *hostport, char **host, char **port)
 	*port = NULL;
 
 	if ((s = strdup(hostport)) == NULL)
-		goto fail;
+		goto err;
 
 	h = p = s;
 
@@ -66,14 +66,14 @@ tls_host_port(const char *hostport, char **host, char **port)
 	*p++ = '\0';
 
 	if (asprintf(host, "%s", h) == -1)
-		goto fail;
+		goto err;
 	if (asprintf(port, "%s", p) == -1)
-		goto fail;
+		goto err;
 
 	rv = 0;
 	goto done;
 
- fail:
+ err:
 	free(*host);
 	*host = NULL;
 	free(*port);
@@ -126,38 +126,38 @@ tls_load_file(const char *name, size_t *len, char *password)
 	/* Just load the file into memory without decryption */
 	if (password == NULL) {
 		if (fstat(fd, &st) != 0)
-			goto fail;
+			goto err;
 		if (st.st_size < 0)
-			goto fail;
+			goto err;
 		size = (size_t)st.st_size;
 		if ((buf = malloc(size)) == NULL)
-			goto fail;
+			goto err;
 		n = read(fd, buf, size);
 		if (n < 0 || (size_t)n != size)
-			goto fail;
+			goto err;
 		close(fd);
 		goto done;
 	}
 
 	/* Or read the (possibly) encrypted key from file */
 	if ((fp = fdopen(fd, "r")) == NULL)
-		goto fail;
+		goto err;
 	fd = -1;
 
 	key = PEM_read_PrivateKey(fp, NULL, tls_password_cb, password);
 	fclose(fp);
 	if (key == NULL)
-		goto fail;
+		goto err;
 
 	/* Write unencrypted key to memory buffer */
 	if ((bio = BIO_new(BIO_s_mem())) == NULL)
-		goto fail;
+		goto err;
 	if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL))
-		goto fail;
+		goto err;
 	if ((size = BIO_get_mem_data(bio, &data)) <= 0)
-		goto fail;
+		goto err;
 	if ((buf = malloc(size)) == NULL)
-		goto fail;
+		goto err;
 	memcpy(buf, data, size);
 
 	BIO_free_all(bio);
@@ -167,7 +167,7 @@ tls_load_file(const char *name, size_t *len, char *password)
 	*len = size;
 	return (buf);
 
- fail:
+ err:
 	if (fd != -1)
 		close(fd);
 	freezero(buf, size);
diff --git a/lib/libtls/tls_verify.c b/lib/libtls/tls_verify.c
index 3bd1057d0c4..acbe163ffdf 100644
--- a/lib/libtls/tls_verify.c
+++ b/lib/libtls/tls_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_verify.c,v 1.19 2017/04/10 17:11:13 jsing Exp $ */
+/* $OpenBSD: tls_verify.c,v 1.20 2018/02/05 00:52:24 jsing Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  *
@@ -215,16 +215,16 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
 
 	subject_name = X509_get_subject_name(cert);
 	if (subject_name == NULL)
-		goto out;
+		goto done;
 
 	common_name_len = X509_NAME_get_text_by_NID(subject_name,
 	    NID_commonName, NULL, 0);
 	if (common_name_len < 0)
-		goto out;
+		goto done;
 
 	common_name = calloc(common_name_len + 1, 1);
 	if (common_name == NULL)
-		goto out;
+		goto done;
 
 	X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name,
 	    common_name_len + 1);
@@ -236,7 +236,7 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
 		    "NUL byte in Common Name field, "
 		    "probably a malicious certificate", name);
 		rv = -1;
-		goto out;
+		goto done;
 	}
 
 	/*
@@ -247,13 +247,13 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
 	    inet_pton(AF_INET6, name, &addrbuf) == 1) {
 		if (strcmp(common_name, name) == 0)
 			*cn_match = 1;
-		goto out;
+		goto done;
 	}
 
 	if (tls_match_name(common_name, name) == 0)
 		*cn_match = 1;
 
- out:
+ done:
 	free(common_name);
 	return rv;
 }