Use TLS_ERROR_INVALID_ARGUMENT for "too large" and "too small" errors

ok beck tb
author: joshua <> 2024-03-28 06:55:02 +0000
committer: joshua <> 2024-03-28 06:55:02 +0000
commit: e27c8bbf715dff2f2e9f026a1084fa8597e4061c (patch)
tree: 25976626a856952211e9b3036677a6db54eb83d8
parent: 0e0ddc48259d4ab0736d20e72cc1404040b049a4 (diff)
download: openbsd-e27c8bbf715dff2f2e9f026a1084fa8597e4061c.tar.gz
openbsd-e27c8bbf715dff2f2e9f026a1084fa8597e4061c.tar.bz2
openbsd-e27c8bbf715dff2f2e9f026a1084fa8597e4061c.zip
2 files changed, 9 insertions, 8 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 645562e838..10dc5003cb 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.69 2024/03/27 07:35:30 joshua Exp $ */
+/* $OpenBSD: tls_config.c,v 1.70 2024/03/28 06:55:02 joshua Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -301,7 +301,8 @@ tls_config_parse_alpn(struct tls_config *config, const char *alpn,
        *alpn_len = 0;
        if ((buf_len = strlen(alpn) + 1) > 65535) {
-                tls_config_set_errorx(config, TLS_ERROR_UNKNOWN, "alpn too large");
+                tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
+                    "alpn too large");
                goto err;
        }
@@ -865,7 +866,7 @@ tls_config_set_session_id(struct tls_config *config,
    const unsigned char *session_id, size_t len)
 {
        if (len > TLS_MAX_SESSION_ID_LENGTH) {
-                tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
+                tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
                    "session ID too large");
                return (-1);
        }
@@ -878,12 +879,12 @@ int
 tls_config_set_session_lifetime(struct tls_config *config, int lifetime)
 {
        if (lifetime > TLS_MAX_SESSION_TIMEOUT) {
-                tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
+                tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
                    "session lifetime too large");
                return (-1);
        }
        if (lifetime != 0 && lifetime < TLS_MIN_SESSION_TIMEOUT) {
-                tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
+                tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
                    "session lifetime too small");
                return (-1);
        }
diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c
index 95a3640d7a..d423b3b1c8 100644
--- a/src/lib/libtls/tls_signer.c
+++ b/src/lib/libtls/tls_signer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_signer.c,v 1.11 2024/03/28 02:08:24 joshua Exp $ */
+/* $OpenBSD: tls_signer.c,v 1.12 2024/03/28 06:55:02 joshua Exp $ */
 /*
 * Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
 *
@@ -204,7 +204,7 @@ tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey,
        }
        if (input_len > INT_MAX) {
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
+                tls_error_setx(&signer->error, TLS_ERROR_INVALID_ARGUMENT,
                    "input too large");
                return (-1);
        }
@@ -252,7 +252,7 @@ tls_sign_ecdsa(struct tls_signer *signer, struct tls_signer_key *skey,
        }
        if (input_len > INT_MAX) {
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
+                tls_error_setx(&signer->error, TLS_ERROR_INVALID_ARGUMENT,
                    "digest too large");
                return (-1);
        }
author	joshua <>	2024-03-28 06:55:02 +0000
committer	joshua <>	2024-03-28 06:55:02 +0000
commit	e27c8bbf715dff2f2e9f026a1084fa8597e4061c (patch)
tree	25976626a856952211e9b3036677a6db54eb83d8
parent	0e0ddc48259d4ab0736d20e72cc1404040b049a4 (diff)
download	openbsd-e27c8bbf715dff2f2e9f026a1084fa8597e4061c.tar.gz openbsd-e27c8bbf715dff2f2e9f026a1084fa8597e4061c.tar.bz2 openbsd-e27c8bbf715dff2f2e9f026a1084fa8597e4061c.zip