From 5957ce94cc6e81e6a264e2347b3f57cdab857f50 Mon Sep 17 00:00:00 2001 From: Kornel Date: Wed, 1 Oct 2025 11:59:59 +0100 Subject: [PATCH] ErrorStack ctor for custom errors --- boring/src/error.rs | 12 ++++++++++++ boring/src/ssl/callbacks.rs | 2 +- boring/src/symm.rs | 4 ++-- boring/src/util.rs | 4 ++-- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/boring/src/error.rs b/boring/src/error.rs index 5c1ad40b..365643d6 100644 --- a/boring/src/error.rs +++ b/boring/src/error.rs @@ -38,6 +38,9 @@ pub struct ErrorStack(Vec); impl ErrorStack { /// Pops the contents of the OpenSSL error stack, and returns it. + /// + /// This should be used only immediately after calling Boring FFI functions, + /// otherwise the stack may be empty or a leftover from unrelated calls. #[corresponds(ERR_get_error_line_data)] #[must_use = "Use ErrorStack::clear() to drop the error stack"] pub fn get() -> ErrorStack { @@ -62,6 +65,12 @@ impl ErrorStack { Self(vec![Error::new_internal(Data::String(err.to_string()))]) } + /// Used to report errors from the Rust crate + #[cold] + pub(crate) fn internal_error_str(message: &'static str) -> Self { + Self(vec![Error::new_internal(Data::Static(message))]) + } + /// Empties the current thread's error queue. #[corresponds(ERR_clear_error)] pub(crate) fn clear() { @@ -131,6 +140,7 @@ enum Data { None, CString(CString), String(String), + Static(&'static str), } unsafe impl Sync for Error {} @@ -293,6 +303,7 @@ impl Error { Data::None => None, Data::CString(cstring) => cstring.to_str().ok(), Data::String(s) => Some(s), + Data::Static(s) => Some(s), } } @@ -302,6 +313,7 @@ impl Error { Data::None => return None, Data::CString(cstr) => return Some(Cow::Borrowed(cstr)), Data::String(s) => s.as_str(), + Data::Static(s) => s, }; CString::new(s).ok().map(Cow::Owned) } diff --git a/boring/src/ssl/callbacks.rs b/boring/src/ssl/callbacks.rs index ed724f79..ea0a73c2 100644 --- a/boring/src/ssl/callbacks.rs +++ b/boring/src/ssl/callbacks.rs @@ -767,7 +767,7 @@ impl<'a> CryptoBufferBuilder<'a> { let buffer_capacity = unsafe { ffi::CRYPTO_BUFFER_len(self.buffer) }; if self.cursor.position() != buffer_capacity as u64 { // Make sure all bytes in buffer initialized as required by Boring SSL. - return Err(ErrorStack::get()); + return Err(ErrorStack::internal_error_str("invalid len")); } unsafe { let mut result = ptr::null_mut(); diff --git a/boring/src/symm.rs b/boring/src/symm.rs index 38fab76d..a1346e6e 100644 --- a/boring/src/symm.rs +++ b/boring/src/symm.rs @@ -89,7 +89,7 @@ impl CipherCtxRef { ffi::init(); if key.len() != cipher.key_len() { - return Err(ErrorStack::get()); + return Err(ErrorStack::internal_error_str("invalid key size")); } unsafe { @@ -117,7 +117,7 @@ impl CipherCtxRef { ffi::init(); if key.len() != cipher.key_len() { - return Err(ErrorStack::get()); + return Err(ErrorStack::internal_error_str("invalid key size")); } unsafe { diff --git a/boring/src/util.rs b/boring/src/util.rs index bb6373c1..d34fd898 100644 --- a/boring/src/util.rs +++ b/boring/src/util.rs @@ -55,8 +55,8 @@ where match result { Ok(Ok(len)) => len as c_int, - Ok(Err(_)) => { - // FIXME restore error stack + Ok(Err(err)) => { + err.put(); 0 } Err(err) => {