mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-12-09 06:30:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

wolfssl: use larger error buffer when formatting errors

Browse Source 
Currently we're using WOLFSSL_MAX_ERROR_SZ to define the error buffer
size, this value is user defined which means it can be overwritten with
-DWOLFSSL_MAX_ERROR_SZ=512 when building wolfssl and this overwrite is
not exported to the users of wolfssl.

Instead of relying on WOLFSSL_MAX_ERROR_SZ we'll just use a 256 bytes
error buffer and use wolfSSL_ERR_error_string_n to fill it thus dropping
the dependency on WOLFSSL_MAX_ERROR_SZ altogether.

Closes #14114
This commit is contained in:
Alex Snast 2024-07-07 12:18:28 +03:00 committed by Daniel Stenberg
parent 65f7fe5668
commit 5ab2eda803
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 38 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
lib/vtls/wolfssl.c
View File

@ -1009,6 +1009,23 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
} }
static char *wolfssl_strerror(unsigned long error, char *buf, size_t size)
{
DEBUGASSERT(size);
*buf = '\0';
wolfSSL_ERR_error_string_n(error, buf, size);
if(!*buf) {
const char *msg = error ? "Unknown error" : "No error";
strncpy(buf, msg, size - 1);
buf[size - 1] = '\0';
}
return buf;
}
static CURLcode static CURLcode
wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
{ {
@ -1080,8 +1097,7 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
if(ret != 1) { if(ret != 1) {
char error_buffer[WOLFSSL_MAX_ERROR_SZ]; int detail = wolfSSL_get_error(backend->handle, ret);
int detail = wolfSSL_get_error(backend->handle, ret);
if(SSL_ERROR_WANT_READ == detail) { if(SSL_ERROR_WANT_READ == detail) {
connssl->io_need = CURL_SSL_IO_NEED_RECV; connssl->io_need = CURL_SSL_IO_NEED_RECV;
@ -1163,8 +1179,10 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
return CURLE_OK; return CURLE_OK;
} }
else { else {
char error_buffer[256];
failf(data, "SSL_connect failed with error %d: %s", detail, failf(data, "SSL_connect failed with error %d: %s", detail,
wolfSSL_ERR_error_string((unsigned long)detail, error_buffer)); wolfssl_strerror((unsigned long)detail, error_buffer,
sizeof(error_buffer)));
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
} }
} }
@ -1301,7 +1319,6 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf,
struct ssl_connect_data *connssl = cf->ctx; struct ssl_connect_data *connssl = cf->ctx;
struct wolfssl_ctx *backend = struct wolfssl_ctx *backend =
(struct wolfssl_ctx *)connssl->backend; (struct wolfssl_ctx *)connssl->backend;
char error_buffer[WOLFSSL_MAX_ERROR_SZ];
int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
int rc; int rc;
@ -1327,9 +1344,13 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf,
return -1; return -1;
} }
CURL_TRC_CF(data, cf, "wolfssl_send(len=%zu) -> %d, %d", len, rc, err); CURL_TRC_CF(data, cf, "wolfssl_send(len=%zu) -> %d, %d", len, rc, err);
failf(data, "SSL write: %s, errno %d", {
wolfSSL_ERR_error_string((unsigned long)err, error_buffer), char error_buffer[256];
SOCKERRNO); failf(data, "SSL write: %s, errno %d",
wolfssl_strerror((unsigned long)err, error_buffer,
sizeof(error_buffer)),
SOCKERRNO);
}
*curlcode = CURLE_SEND_ERROR; *curlcode = CURLE_SEND_ERROR;
return -1; return -1;
} }
@ -1415,10 +1436,11 @@ static CURLcode wolfssl_shutdown(struct Curl_cfilter *cf,
connssl->io_need = CURL_SSL_IO_NEED_SEND; connssl->io_need = CURL_SSL_IO_NEED_SEND;
break; break;
default: { default: {
char error_buffer[WOLFSSL_MAX_ERROR_SZ]; char error_buffer[256];
int detail = wolfSSL_get_error(wctx->handle, err); int detail = wolfSSL_get_error(wctx->handle, err);
CURL_TRC_CF(data, cf, "SSL shutdown, error: '%s'(%d)", CURL_TRC_CF(data, cf, "SSL shutdown, error: '%s'(%d)",
wolfSSL_ERR_error_string((unsigned long)err, error_buffer), wolfssl_strerror((unsigned long)err, error_buffer,
sizeof(error_buffer)),
detail); detail);
result = CURLE_RECV_ERROR; result = CURLE_RECV_ERROR;
break; break;
@ -1459,7 +1481,6 @@ static ssize_t wolfssl_recv(struct Curl_cfilter *cf,
struct ssl_connect_data *connssl = cf->ctx; struct ssl_connect_data *connssl = cf->ctx;
struct wolfssl_ctx *backend = struct wolfssl_ctx *backend =
(struct wolfssl_ctx *)connssl->backend; (struct wolfssl_ctx *)connssl->backend;
char error_buffer[WOLFSSL_MAX_ERROR_SZ];
int buffsize = (blen > (size_t)INT_MAX) ? INT_MAX : (int)blen; int buffsize = (blen > (size_t)INT_MAX) ? INT_MAX : (int)blen;
int nread; int nread;
@ -1491,9 +1512,13 @@ static ssize_t wolfssl_recv(struct Curl_cfilter *cf,
*curlcode = CURLE_AGAIN; *curlcode = CURLE_AGAIN;
return -1; return -1;
} }
failf(data, "SSL read: %s, errno %d", {
wolfSSL_ERR_error_string((unsigned long)err, error_buffer), char error_buffer[256];
SOCKERRNO); failf(data, "SSL read: %s, errno %d",
wolfssl_strerror((unsigned long)err, error_buffer,
sizeof(error_buffer)),
SOCKERRNO);
}
*curlcode = CURLE_RECV_ERROR; *curlcode = CURLE_RECV_ERROR;
return -1; return -1;
} }