diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2015-09-12 19:54:32 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2015-09-12 19:54:32 +0000 |
| commit | 2a49d7f1c0a6ca724855403d81c2f87fe265e93d (patch) | |
| tree | 21f0e3549bcdb50f85b91b40bb7b045009df2982 /lib/libtls | |
| parent | ca69192298e1bc2553d3ca8a0eae5bb4096e2e04 (diff) | |
Ensure that we clear the libssl error stack before we make a function call
that we will pass the result through tls_ssl_error() on failure. Otherwise
we can end up reporting spurious errors due to their being unrelated errors
already on the error stack.
Spotted by Marko Kreen.
ok beck@
Diffstat (limited to 'lib/libtls')
| -rw-r--r-- | lib/libtls/tls.c | 9 | ||||
| -rw-r--r-- | lib/libtls/tls_client.c | 4 | ||||
| -rw-r--r-- | lib/libtls/tls_server.c | 4 |
3 files changed, 12 insertions, 5 deletions
diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index aa49641ab29..65103f106d4 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.25 2015/09/11 09:24:54 jsing Exp $ */ +/* $OpenBSD: tls.c,v 1.26 2015/09/12 19:54:31 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -405,12 +405,13 @@ tls_read(struct tls *ctx, void *buf, size_t buflen) goto out; } + ERR_clear_error(); if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) > 0) { rv = (ssize_t)ssl_ret; goto out; } - rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read"); + out: /* Prevent callers from performing incorrect error handling */ errno = 0; @@ -433,12 +434,13 @@ tls_write(struct tls *ctx, const void *buf, size_t buflen) goto out; } + ERR_clear_error(); if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) { rv = (ssize_t)ssl_ret; goto out; } - rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write"); + out: /* Prevent callers from performing incorrect error handling */ errno = 0; @@ -452,6 +454,7 @@ tls_close(struct tls *ctx) int rv = 0; if (ctx->ssl_conn != NULL) { + ERR_clear_error(); ssl_ret = SSL_shutdown(ctx->ssl_conn); if (ssl_ret < 0) { rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, diff --git a/lib/libtls/tls_client.c b/lib/libtls/tls_client.c index 2aca519f8b0..047831e59f8 100644 --- a/lib/libtls/tls_client.c +++ b/lib/libtls/tls_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_client.c,v 1.27 2015/09/11 12:56:55 beck Exp $ */ +/* $OpenBSD: tls_client.c,v 1.28 2015/09/12 19:54:31 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -25,6 +25,7 @@ #include <stdlib.h> #include <unistd.h> +#include <openssl/err.h> #include <openssl/x509.h> #include <tls.h> @@ -251,6 +252,7 @@ tls_handshake_client(struct tls *ctx) goto err; } + ERR_clear_error(); if ((ssl_ret = SSL_connect(ctx->ssl_conn)) != 1) { rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake"); goto err; diff --git a/lib/libtls/tls_server.c b/lib/libtls/tls_server.c index 69baf5c1c21..1baf717c900 100644 --- a/lib/libtls/tls_server.c +++ b/lib/libtls/tls_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_server.c,v 1.16 2015/09/11 08:31:26 beck Exp $ */ +/* $OpenBSD: tls_server.c,v 1.17 2015/09/12 19:54:31 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -16,6 +16,7 @@ */ #include <openssl/ec.h> +#include <openssl/err.h> #include <openssl/ssl.h> #include <tls.h> @@ -167,6 +168,7 @@ tls_handshake_server(struct tls *ctx) goto err; } + ERR_clear_error(); if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) { rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake"); goto err; |