Dev news

Commit 6c90156f3e for openssl.org

commit 6c90156f3e506f443e92b4a20ece685b7680e211
Author: Jon Spillett <jon.spillett@oracle.com>
Date:   Fri Jun 5 06:23:07 2026 +1000

    Fix up mismatched error reason codes

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Norbert Pocs <norbertp@openssl.org>
    Reviewed-by: Milan Broz <mbroz@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Thu Jun 11 16:06:41 2026
    (Merged from https://github.com/openssl/openssl/pull/31390)

diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c
index a292a95627..ed84073503 100644
--- a/crypto/ct/ct_b64.c
+++ b/crypto/ct/ct_b64.c
@@ -84,7 +84,7 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,

     declen = ct_base64_decode(logid_base64, &dec);
     if (declen < 0) {
-        ERR_raise(ERR_LIB_CT, X509_R_BASE64_DECODE_ERROR);
+        ERR_raise(ERR_LIB_CT, CT_R_BASE64_DECODE_ERROR);
         goto err;
     }
     if (!SCT_set0_log_id(sct, dec, declen))
@@ -93,7 +93,7 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,

     declen = ct_base64_decode(extensions_base64, &dec);
     if (declen < 0) {
-        ERR_raise(ERR_LIB_CT, X509_R_BASE64_DECODE_ERROR);
+        ERR_raise(ERR_LIB_CT, CT_R_BASE64_DECODE_ERROR);
         goto err;
     }
     SCT_set0_extensions(sct, dec, declen);
@@ -101,7 +101,7 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,

     declen = ct_base64_decode(signature_base64, &dec);
     if (declen < 0) {
-        ERR_raise(ERR_LIB_CT, X509_R_BASE64_DECODE_ERROR);
+        ERR_raise(ERR_LIB_CT, CT_R_BASE64_DECODE_ERROR);
         goto err;
     }

diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
index 82e194d198..bb3824a4a0 100644
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -235,7 +235,7 @@ DH *ossl_dh_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
     goto done;

 decerr:
-    ERR_raise(ERR_LIB_DH, EVP_R_DECODE_ERROR);
+    ERR_raise(ERR_LIB_DH, DH_R_DECODE_ERROR);
 dherr:
     DH_free(dh);
     dh = NULL;
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 78eba3707a..888bcfd7b1 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -233,7 +233,7 @@ static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval,
                      * bytes.
                      */
                     ERR_clear_last_mark();
-                    ERR_raise(ERR_LIB_ASN1, EVP_R_DECODE_ERROR);
+                    ERR_raise(ERR_LIB_ASN1, ASN1_R_DECODE_ERROR);
                     goto end;
                 }
             }
diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c
index 2122756b28..c1dc05e3a9 100644
--- a/providers/implementations/ciphers/cipher_aes_wrp.c
+++ b/providers/implementations/ciphers/cipher_aes_wrp.c
@@ -215,7 +215,7 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out,
      * relies on all fields being present.
      */
     if (wctx->updated) {
-        ERR_raise(ERR_LIB_PROV, EVP_R_UPDATE_ERROR);
+        ERR_raise(ERR_LIB_PROV, PROV_R_UPDATE_CALL_OUT_OF_ORDER);
         return -1;
     }
     if (!ctx->key_set) {
diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c
index 6396e0eac9..7e9a3a9c21 100644
--- a/providers/implementations/macs/cmac_prov.c
+++ b/providers/implementations/macs/cmac_prov.c
@@ -266,7 +266,7 @@ static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
                 && !EVP_CIPHER_is_a(cipher, "AES-192-CBC")
                 && !EVP_CIPHER_is_a(cipher, "AES-128-CBC")
                 && !EVP_CIPHER_is_a(cipher, "DES-EDE3-CBC")) {
-                ERR_raise(ERR_LIB_PROV, EVP_R_UNSUPPORTED_CIPHER);
+                ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CIPHER);
                 return 0;
             }
         }
diff --git a/providers/implementations/rands/test_rng.c b/providers/implementations/rands/test_rng.c
index 9a5f459881..78fef9549e 100644
--- a/providers/implementations/rands/test_rng.c
+++ b/providers/implementations/rands/test_rng.c
@@ -286,7 +286,7 @@ static int test_rng_enable_locking(void *vtest)
     if (t != NULL && t->lock == NULL) {
         t->lock = CRYPTO_THREAD_lock_new();
         if (t->lock == NULL) {
-            ERR_raise(ERR_LIB_PROV, RAND_R_FAILED_TO_CREATE_LOCK);
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_CREATE_LOCK);
             return 0;
         }
     }
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index f2be3fd94c..3d56bd0185 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -602,7 +602,7 @@ rsa_signverify_init(PROV_RSA_CTX *prsactx, void *vrsa,

         break;
     default:
-        ERR_raise(ERR_LIB_RSA, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        ERR_raise(ERR_LIB_PROV, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
         return 0;
     }

@@ -1903,7 +1903,7 @@ static int rsa_sigalg_signverify_init(void *vprsactx, void *vrsa,

     /* PSS is currently not supported as a sigalg */
     if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) {
-        ERR_raise(ERR_LIB_RSA, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        ERR_raise(ERR_LIB_PROV, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
         return 0;
     }