Download raw body.
[PATCH] Use tls_set_errorx when errno isn't set on failure
In these cases, the current errno value may not be relevant.
A few calls with TLS_ERROR_OUT_OF_MEMORY were normalized to setx/errorx
since that was the most common throughout the codebase.
One malloc error path was changed to use TLS_ERROR_OUT_OF_MEMORY
to match the others.
---
I noticed a couple of these, so went looking for others. Some are
pretty clear they should use the x variant (e.g. tls_ocsp_asn1_parse_time
errors), but I wasn't sure about something like BIO_new_mem_buf,
which probably does set errno = ENOMEM on failure. I changed those
to tls_set_errorx to match the other BIO_new_mem_buf error paths.
Please disregard any of these I may have gotten wrong if they are
correct as-is.
src/lib/libtls/tls.c | 2 +-
src/lib/libtls/tls_client.c | 2 +-
src/lib/libtls/tls_config.c | 2 +-
src/lib/libtls/tls_keypair.c | 6 +++---
src/lib/libtls/tls_ocsp.c | 10 +++++-----
src/lib/libtls/tls_server.c | 8 ++++----
src/lib/libtls/tls_signer.c | 6 +++---
7 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 41bb06d85..fd0e9929e 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -686,7 +686,7 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
if (xi->crl == NULL)
continue;
if (!X509_STORE_add_crl(store, xi->crl)) {
- tls_set_error(ctx, TLS_ERROR_UNKNOWN,
+ tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
"failed to add crl");
goto err;
}
diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c
index 97e1d4021..5763eab6f 100644
--- a/src/lib/libtls/tls_client.c
+++ b/src/lib/libtls/tls_client.c
@@ -115,7 +115,7 @@ tls_connect_servername(struct tls *ctx, const char *host, const char *port,
hints.ai_family = AF_UNSPEC;
hints.ai_flags = AI_ADDRCONFIG;
if ((s = getaddrinfo(h, p, &hints, &res0)) != 0) {
- tls_set_error(ctx, TLS_ERROR_UNKNOWN,
+ tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
"%s", gai_strerror(s));
goto err;
}
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 848117a91..16d896685 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -65,7 +65,7 @@ tls_config_load_file(struct tls_error *error, const char *filetype,
goto err;
*len = (size_t)st.st_size;
if ((*buf = malloc(*len)) == NULL) {
- tls_error_set(error, TLS_ERROR_UNKNOWN,
+ tls_error_setx(error, TLS_ERROR_OUT_OF_MEMORY,
"failed to allocate buffer for %s file",
filetype);
goto err;
diff --git a/src/lib/libtls/tls_keypair.c b/src/lib/libtls/tls_keypair.c
index ffda91df8..a6f555063 100644
--- a/src/lib/libtls/tls_keypair.c
+++ b/src/lib/libtls/tls_keypair.c
@@ -144,13 +144,13 @@ tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
*cert = NULL;
if (keypair->cert_mem == NULL) {
- tls_error_set(error, TLS_ERROR_UNKNOWN,
+ tls_error_setx(error, TLS_ERROR_UNKNOWN,
"keypair has no certificate");
goto err;
}
if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
keypair->cert_len)) == NULL) {
- tls_error_set(error, TLS_ERROR_UNKNOWN,
+ tls_error_setx(error, TLS_ERROR_UNKNOWN,
"failed to create certificate bio");
goto err;
}
@@ -158,7 +158,7 @@ tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
NULL)) == NULL) {
if ((ssl_err = ERR_peek_error()) != 0)
errstr = ERR_error_string(ssl_err, NULL);
- tls_error_set(error, TLS_ERROR_UNKNOWN,
+ tls_error_setx(error, TLS_ERROR_UNKNOWN,
"failed to load certificate: %s", errstr);
goto err;
}
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c
index c65911920..1cc167eaa 100644
--- a/src/lib/libtls/tls_ocsp.c
+++ b/src/lib/libtls/tls_ocsp.c
@@ -85,7 +85,7 @@ tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status,
ctx->ocsp->ocsp_result = NULL;
if ((info = calloc(1, sizeof (struct tls_ocsp_result))) == NULL) {
- tls_set_error(ctx, TLS_ERROR_OUT_OF_MEMORY, "out of memory");
+ tls_set_errorx(ctx, TLS_ERROR_OUT_OF_MEMORY, "out of memory");
return -1;
}
info->response_status = response_status;
@@ -102,19 +102,19 @@ tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status,
info->revocation_time = info->this_update = info->next_update = -1;
if (revtime != NULL &&
tls_ocsp_asn1_parse_time(ctx, revtime, &info->revocation_time) != 0) {
- tls_set_error(ctx, TLS_ERROR_UNKNOWN,
+ tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
"unable to parse revocation time in OCSP reply");
goto err;
}
if (thisupd != NULL &&
tls_ocsp_asn1_parse_time(ctx, thisupd, &info->this_update) != 0) {
- tls_set_error(ctx, TLS_ERROR_UNKNOWN,
+ tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
"unable to parse this update time in OCSP reply");
goto err;
}
if (nextupd != NULL &&
tls_ocsp_asn1_parse_time(ctx, nextupd, &info->next_update) != 0) {
- tls_set_error(ctx, TLS_ERROR_UNKNOWN,
+ tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
"unable to parse next update time in OCSP reply");
goto err;
}
@@ -305,7 +305,7 @@ tls_ocsp_process_response_internal(struct tls *ctx, const unsigned char *respons
if (resp == NULL) {
tls_ocsp_free(ctx->ocsp);
ctx->ocsp = NULL;
- tls_set_error(ctx, TLS_ERROR_UNKNOWN,
+ tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
"unable to parse OCSP response");
return -1;
}
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index 42a697327..47c711421 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -242,12 +242,12 @@ tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
if (SSL_CTX_set_tlsext_servername_callback(*ssl_ctx,
tls_servername_cb) != 1) {
- tls_set_error(ctx, TLS_ERROR_UNKNOWN,
+ tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
"failed to set servername callback");
goto err;
}
if (SSL_CTX_set_tlsext_servername_arg(*ssl_ctx, ctx) != 1) {
- tls_set_error(ctx, TLS_ERROR_UNKNOWN,
+ tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
"failed to set servername callback arg");
goto err;
}
@@ -298,7 +298,7 @@ tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
SSL_CTX_clear_options(*ssl_ctx, SSL_OP_NO_TICKET);
if (!SSL_CTX_set_tlsext_ticket_key_cb(*ssl_ctx,
tls_server_ticket_cb)) {
- tls_set_error(ctx, TLS_ERROR_UNKNOWN,
+ tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
"failed to set the TLS ticket callback");
goto err;
}
@@ -306,7 +306,7 @@ tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
if (SSL_CTX_set_session_id_context(*ssl_ctx, ctx->config->session_id,
sizeof(ctx->config->session_id)) != 1) {
- tls_set_error(ctx, TLS_ERROR_UNKNOWN,
+ tls_set_errorx(ctx, TLS_ERROR_UNKNOWN,
"failed to set session id context");
goto err;
}
diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c
index 2573803ec..70160cd98 100644
--- a/src/lib/libtls/tls_signer.c
+++ b/src/lib/libtls/tls_signer.c
@@ -137,7 +137,7 @@ tls_signer_add_keypair_mem(struct tls_signer *signer, const uint8_t *cert,
}
if ((skey = calloc(1, sizeof(*skey))) == NULL) {
- tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
+ tls_error_setx(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
"out of memory");
goto err;
}
@@ -223,7 +223,7 @@ tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey,
return (-1);
}
if ((signature = calloc(1, rsa_size)) == NULL) {
- tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
+ tls_error_setx(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
"out of memory");
return (-1);
}
@@ -271,7 +271,7 @@ tls_sign_ecdsa(struct tls_signer *signer, struct tls_signer_key *skey,
return (-1);
}
if ((signature = calloc(1, signature_len)) == NULL) {
- tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
+ tls_error_setx(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
"out of memory");
return (-1);
}
--
2.49.0
[PATCH] Use tls_set_errorx when errno isn't set on failure