summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libtls/tls.c')
-rw-r--r--src/lib/libtls/tls.c18
1 files changed, 10 insertions, 8 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index a8b03f0d4a..c2f7f3722c 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls.c,v 1.102 2024/03/26 08:54:48 joshua Exp $ */ 1/* $OpenBSD: tls.c,v 1.103 2024/03/27 07:35:30 joshua Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -359,9 +359,9 @@ tls_keypair_to_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY **pke
359 return (0); 359 return (0);
360 360
361 if (len > INT_MAX) { 361 if (len > INT_MAX) {
362 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 362 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
363 ctx->config->use_fake_private_key ? 363 ctx->config->use_fake_private_key ?
364 "cert too long" : "key too long"); 364 "certificate too long" : "key too long");
365 goto err; 365 goto err;
366 } 366 }
367 367
@@ -491,7 +491,7 @@ tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
491 491
492 if (keypair->cert_mem != NULL) { 492 if (keypair->cert_mem != NULL) {
493 if (keypair->cert_len > INT_MAX) { 493 if (keypair->cert_len > INT_MAX) {
494 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 494 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
495 "certificate too long"); 495 "certificate too long");
496 goto err; 496 goto err;
497 } 497 }
@@ -647,7 +647,8 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
647 647
648 if (ca_mem != NULL) { 648 if (ca_mem != NULL) {
649 if (ca_len > INT_MAX) { 649 if (ca_len > INT_MAX) {
650 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "ca too long"); 650 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
651 "ca too long");
651 goto err; 652 goto err;
652 } 653 }
653 if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) { 654 if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) {
@@ -664,7 +665,8 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
664 665
665 if (crl_mem != NULL) { 666 if (crl_mem != NULL) {
666 if (crl_len > INT_MAX) { 667 if (crl_len > INT_MAX) {
667 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, "crl too long"); 668 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
669 "crl too long");
668 goto err; 670 goto err;
669 } 671 }
670 if ((bio = BIO_new_mem_buf(crl_mem, crl_len)) == NULL) { 672 if ((bio = BIO_new_mem_buf(crl_mem, crl_len)) == NULL) {
@@ -865,7 +867,7 @@ tls_read(struct tls *ctx, void *buf, size_t buflen)
865 } 867 }
866 868
867 if (buflen > INT_MAX) { 869 if (buflen > INT_MAX) {
868 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 870 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
869 "buflen too long"); 871 "buflen too long");
870 goto out; 872 goto out;
871 } 873 }
@@ -897,7 +899,7 @@ tls_write(struct tls *ctx, const void *buf, size_t buflen)
897 } 899 }
898 900
899 if (buflen > INT_MAX) { 901 if (buflen > INT_MAX) {
900 tls_set_errorx(ctx, TLS_ERROR_UNKNOWN, 902 tls_set_errorx(ctx, TLS_ERROR_INVALID_ARGUMENT,
901 "buflen too long"); 903 "buflen too long");
902 goto out; 904 goto out;
903 } 905 }