From 2d60058e7def14c6cedc39217c138ab907abd004 Mon Sep 17 00:00:00 2001
From: joshua <joshua@openbsd.org>
Date: Thu, 28 Mar 2024 06:55:02 +0000
Subject: [PATCH] Use TLS_ERROR_INVALID_ARGUMENT for "too large" and "too
 small" errors

ok beck tb
---
 lib/libtls/tls_config.c | 11 ++++++-----
 lib/libtls/tls_signer.c |  6 +++---
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/lib/libtls/tls_config.c b/lib/libtls/tls_config.c
index 645562e838b..10dc5003cbc 100644
--- a/lib/libtls/tls_config.c
+++ b/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.69 2024/03/27 07:35:30 joshua Exp $ */
+/* $OpenBSD: tls_config.c,v 1.70 2024/03/28 06:55:02 joshua Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -301,7 +301,8 @@ tls_config_parse_alpn(struct tls_config *config, const char *alpn,
 	*alpn_len = 0;
 
 	if ((buf_len = strlen(alpn) + 1) > 65535) {
-		tls_config_set_errorx(config, TLS_ERROR_UNKNOWN, "alpn too large");
+		tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
+		    "alpn too large");
 		goto err;
 	}
 
@@ -865,7 +866,7 @@ tls_config_set_session_id(struct tls_config *config,
     const unsigned char *session_id, size_t len)
 {
 	if (len > TLS_MAX_SESSION_ID_LENGTH) {
-		tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
+		tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
 		    "session ID too large");
 		return (-1);
 	}
@@ -878,12 +879,12 @@ int
 tls_config_set_session_lifetime(struct tls_config *config, int lifetime)
 {
 	if (lifetime > TLS_MAX_SESSION_TIMEOUT) {
-		tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
+		tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
 		    "session lifetime too large");
 		return (-1);
 	}
 	if (lifetime != 0 && lifetime < TLS_MIN_SESSION_TIMEOUT) {
-		tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,
+		tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,
 		    "session lifetime too small");
 		return (-1);
 	}
diff --git a/lib/libtls/tls_signer.c b/lib/libtls/tls_signer.c
index 95a3640d7af..d423b3b1c82 100644
--- a/lib/libtls/tls_signer.c
+++ b/lib/libtls/tls_signer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_signer.c,v 1.11 2024/03/28 02:08:24 joshua Exp $ */
+/* $OpenBSD: tls_signer.c,v 1.12 2024/03/28 06:55:02 joshua Exp $ */
 /*
  * Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
  *
@@ -204,7 +204,7 @@ tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey,
 	}
 
 	if (input_len > INT_MAX) {
-		tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
+		tls_error_setx(&signer->error, TLS_ERROR_INVALID_ARGUMENT,
 		    "input too large");
 		return (-1);
 	}
@@ -252,7 +252,7 @@ tls_sign_ecdsa(struct tls_signer *signer, struct tls_signer_key *skey,
 	}
 
 	if (input_len > INT_MAX) {
-		tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
+		tls_error_setx(&signer->error, TLS_ERROR_INVALID_ARGUMENT,
 		    "digest too large");
 		return (-1);
 	}
-- 
2.20.1