Fix error-handling for non-SSL_get_error functions.

Some functions (the ones that do I/O) use this crazy three-level error system (rv, SSL_get_error, and the error queue). Others are more straightforward and simply use the error queue. Using SSL_get_error here could result in state from other operations getting in the way of things. Since these don't actually do I/O and really can only fail on internal error, just map to ERR_FAILED rather than try to have so many MapOpenSSLError variants. Also treat SSL_export_key_material's return value as a boolean. In BoringSSL, the calling convention is simpler and documented as such. BUG=none Review-Url: https://codereview.chromium.org/2342123002 Cr-Commit-Position: refs/heads/master@{#419006}

Fix error-handling for non-SSL_get_error functions.
Some functions (the ones that do I/O) use this crazy three-level error system (rv, SSL_get_error, and the error queue). Others are more straightforward and simply use the error queue. Using SSL_get_error here could result in state from other operations getting in the way of things. Since these don't actually do I/O and really can only fail on internal error, just map to ERR_FAILED rather than try to have so many MapOpenSSLError variants. Also treat SSL_export_key_material's return value as a boolean. In BoringSSL, the calling convention is simpler and documented as such. BUG=none Review-Url: https://codereview.chromium.org/2342123002 Cr-Commit-Position: refs/heads/master@{#419006}
f225b263 · davidben · Commit bot · 0873818c · f225b263
Commit f225b263 authored Sep 15, 2016 by davidben Committed by Commit bot Sep 15, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 14 deletions

net/socket/ssl_client_socket_impl.cc net/socket/ssl_client_socket_impl.cc +9 -14

No files found.
--- a/net/socket/ssl_client_socket_impl.cc
+++ b/net/socket/ssl_client_socket_impl.cc
@@ -581,17 +581,14 @@ int SSLClientSocketImpl::ExportKeyingMaterial(const base::StringPiece& label,

  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

-  int rv = SSL_export_keying_material(
-      ssl_, out, outlen, label.data(), label.size(),
-      reinterpret_cast<const unsigned char*>(context.data()), context.length(),
-      has_context ? 1 : 0);
-
-  if (rv != 1) {
-    int ssl_error = SSL_get_error(ssl_, rv);
-    LOG(ERROR) << "Failed to export keying material;"
-               << " returned " << rv << ", SSL error code " << ssl_error;
-    return MapOpenSSLError(ssl_error, err_tracer);
+  if (!SSL_export_keying_material(
+          ssl_, out, outlen, label.data(), label.size(),
+          reinterpret_cast<const unsigned char*>(context.data()),
+          context.length(), has_context ? 1 : 0)) {
+    LOG(ERROR) << "Failed to export keying material.";
+    return ERR_FAILED;
  }
+
  return OK;
 }

@@ -1247,11 +1244,9 @@ int SSLClientSocketImpl::DoChannelIDLookupComplete(int result) {
  // type.
  DCHECK(channel_id_key_);
  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
-  int rv = SSL_set1_tls_channel_id(ssl_, channel_id_key_->key());
-  if (!rv) {
+  if (!SSL_set1_tls_channel_id(ssl_, channel_id_key_->key())) {
    LOG(ERROR) << "Failed to set Channel ID.";
-    int err = SSL_get_error(ssl_, rv);
-    return MapOpenSSLError(err, err_tracer);
+    return ERR_FAILED;
  }

  // Return to the handshake.