diff --git a/src/ssl.c b/src/ssl.c index 46a978dfd..ca31c7d14 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6920,8 +6920,10 @@ WOLFSSL_ABI int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, const char* path) { - return wolfSSL_CTX_load_verify_locations_ex(ctx, file, path, + int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path, WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS); + + return WS_RETURN_CODE(ret,WOLFSSL_FAILURE); } @@ -24669,15 +24671,15 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, const char* footer = NULL; if (type != X509_FILETYPE_PEM) - return BAD_FUNC_ARG; + return WS_RETURN_CODE(BAD_FUNC_ARG,WOLFSSL_FAILURE); fp = XFOPEN(file, "rb"); if (fp == XBADFILE) - return BAD_FUNC_ARG; + return WS_RETURN_CODE(BAD_FUNC_ARG,WOLFSSL_FAILURE); if(XFSEEK(fp, 0, XSEEK_END) != 0) { XFCLOSE(fp); - return WOLFSSL_BAD_FILE; + return WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE); } sz = XFTELL(fp); XREWIND(fp); @@ -24747,12 +24749,12 @@ end: if (pem != NULL) XFREE(pem, 0, DYNAMIC_TYPE_PEM); XFCLOSE(fp); - return ret; + return WS_RETURN_CODE(ret,WOLFSSL_FAILURE); #else (void)lookup; (void)file; (void)type; - return WOLFSSL_FAILURE; + return WS_RETURN_CODE(WOLFSSL_FAILURE,WOLFSSL_FAILURE); #endif } diff --git a/tests/api.c b/tests/api.c index 1f26d1c77..eff6fe7e3 100644 --- a/tests/api.c +++ b/tests/api.c @@ -953,17 +953,20 @@ static void test_wolfSSL_CTX_load_verify_locations(void) AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), WOLFSSL_FAILURE); /* invalid ca file */ - AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL), WOLFSSL_BAD_FILE); + AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL), + WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE)); #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) /* invalid path */ - AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile), BAD_PATH_ERROR); + AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile), + WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE)); #endif /* load ca cert */ #ifdef NO_RSA - AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), ASN_UNKNOWN_OID_E); + AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), + WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE)); #else /* Skip the following test without RSA certs. */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 90906fbee..cee1db7f5 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -682,6 +682,28 @@ enum AlertLevel { alert_fatal = 2 }; +/* WS_RETURN_CODE macro + * Some OpenSSL APIs specify "0" as the return value when an error occurs. + * However, some corresponding wolfSSL APIs return negative values. Such + * functions should use this macro to fill this gap. Users who want them + * to return the same return value as OpenSSL can define + * WOLFSSL_ERR_CODE_OPENSSL. + * Give item1 a variable that contains the potentially negative + * wolfSSL-defined return value or the return value itself, and + * give item2 the openSSL-defined return value. + * Note that this macro replaces only negative return values with the + * specified value. + * Since wolfSSL 4.7.0, the following functions use this macro: + * - wolfSSL_CTX_load_verify_locations + * - wolfSSL_X509_LOOKUP_load_file + */ +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + #define WS_RETURN_CODE(item1,item2) \ + ((item1 < 0) ? item2 : item1) +#else + #define WS_RETURN_CODE(item1,item2) (item1) +#endif + /* Maximum master key length (SECRET_LEN) */ #define WOLFSSL_MAX_MASTER_KEY_LENGTH 48 /* Maximum number of groups that can be set */