diff options
| author |   tb <tb@openbsd.org> | 2020-09-01 05:38:48 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2020-09-01 05:38:48 +0000 |
| commit | ea44ea7ec9fb3a96db19ba5f72d50f71f6cceb7a (patch) | |
| tree | 02198a634b7a557975a7d0524dfe4b2ec4cc443b /lib/libssl/t1_lib.c | |
| parent | simplify tls1_process_ticket() exit path (diff) | |
| download | wireguard-openbsd-ea44ea7ec9fb3a96db19ba5f72d50f71f6cceb7a.tar.xz wireguard-openbsd-ea44ea7ec9fb3a96db19ba5f72d50f71f6cceb7a.zip | |
Hoist ERR_clear_error() call into the derr: label
The only path that sets TLS1_TICKET_NOT_DECRPYTED is through this label
and the ERR_clear_error() is called conditionally on this. We clear the
errors to make decrypt errors non-fatal. The free functions should not
set the errors and if they do, we don't want to hide that.
discussed with jsing
Diffstat (limited to 'lib/libssl/t1_lib.c')
| -rw-r--r-- | lib/libssl/t1_lib.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 64e64bf9023..8162259c66e 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.172 2020/09/01 05:32:11 tb Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.173 2020/09/01 05:38:48 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1012,6 +1012,7 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, int *alert, goto done; derr: + ERR_clear_error(); s->internal->tlsext_ticket_expected = 1; ret = TLS1_TICKET_NOT_DECRYPTED; goto done; @@ -1027,8 +1028,5 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, int *alert, HMAC_CTX_free(hctx); SSL_SESSION_free(sess); - if (ret == TLS1_TICKET_NOT_DECRYPTED) - ERR_clear_error(); - return ret; } |