openssl: report errors in OpenSSL error queue when clear it

* ext/openssl/ossl.c (ossl_clear_error): Extracted from
  ossl_make_error(). This prints errors in the OpenSSL error queue if
  OpenSSL.debug is true, and clears the queue.
  (ossl_make_error): use ossl_clear_error().

* ext/openssl/ossl.h: add prototype declaration of ossl_make_error().
  (OSSL_BIO_reset) use ossl_clear_error() to clear the queue. Clearing
  silently makes debugging difficult.

* ext/openssl/ossl_engine.c (ossl_engine_s_by_id): ditto.

* ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): ditto.

* ext/openssl/ossl_pkcs7.c (ossl_pkcs7_verify): ditto.

* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize): ditto.

* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto.
  (ossl_ec_group_initialize): ditto.

* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55050 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,27 @@
+Wed May 18 12:07:42 2016  Kazuki Yamaguchi  <k@rhe.jp>
+
+	* ext/openssl/ossl.c (ossl_clear_error): Extracted from
+	  ossl_make_error(). This prints errors in the OpenSSL error queue if
+	  OpenSSL.debug is true, and clears the queue.
+	  (ossl_make_error): use ossl_clear_error().
+
+	* ext/openssl/ossl.h: add prototype declaration of ossl_make_error().
+	  (OSSL_BIO_reset) use ossl_clear_error() to clear the queue. Clearing
+	  silently makes debugging difficult.
+
+	* ext/openssl/ossl_engine.c (ossl_engine_s_by_id): ditto.
+
+	* ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): ditto.
+
+	* ext/openssl/ossl_pkcs7.c (ossl_pkcs7_verify): ditto.
+
+	* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize): ditto.
+
+	* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto.
+	  (ossl_ec_group_initialize): ditto.
+
+	* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): ditto.
+
 Wed May 18 11:53:49 2016  Kazuki Yamaguchi  <k@rhe.jp>
 
 	* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): Validate the

ext/openssl/ossl.c

@@ -318,12 +318,7 @@ ossl_make_error(VALUE exc, const char *fmt, va_list args)
 	    rb_str_cat2(str, msg ? msg : "(null)");
 	}
     }
-    if (dOSSL == Qtrue){ /* show all errors on the stack */
+    ossl_clear_error();
-	while ((e = ERR_get_error()) != 0){
-	    rb_warn("error on stack: %s", ERR_error_string(e, NULL));
-	}
-    }
-    ERR_clear_error();
 
     if (NIL_P(str)) str = rb_str_new(0, 0);
     return rb_exc_new3(exc, str);
@@ -351,6 +346,18 @@ ossl_exc_new(VALUE exc, const char *fmt, ...)
     return err;
 }
 
+void
+ossl_clear_error(void)
+{
+    if (dOSSL == Qtrue) {
+	long e;
+	while ((e = ERR_get_error())) {
+	    rb_warn("error on stack: %s", ERR_error_string(e, NULL));
+	}
+    }
+    ERR_clear_error();
+}
+
 /*
  * call-seq:
  *   OpenSSL.errors -> [String...]

ext/openssl/ossl.h

@@ -154,8 +154,10 @@ int ossl_pem_passwd_cb(char *, int, int, void *);
  * Clear BIO* with this in PEM/DER fallback scenarios to avoid decoding
  * errors piling up in OpenSSL::Errors
  */
-#define OSSL_BIO_reset(bio)	(void)BIO_reset((bio)); \
+#define OSSL_BIO_reset(bio) do { \
-				ERR_clear_error();
+    (void)BIO_reset((bio)); \
+    ossl_clear_error(); \
+} while (0)
 
 /*
  * ERRor messages
@@ -163,6 +165,8 @@ int ossl_pem_passwd_cb(char *, int, int, void *);
 #define OSSL_ErrMsg() ERR_reason_error_string(ERR_get_error())
 NORETURN(void ossl_raise(VALUE, const char *, ...));
 VALUE ossl_exc_new(VALUE, const char *, ...);
+/* Clear OpenSSL error queue. If dOSSL is set, rb_warn() them. */
+void ossl_clear_error(void);
 
 /*
  * Verify callback

ext/openssl/ossl_engine.c

@@ -224,7 +224,7 @@ ossl_engine_s_by_id(VALUE klass, VALUE id)
 	ossl_raise(eEngineError, NULL);
     ENGINE_ctrl(e, ENGINE_CTRL_SET_PASSWORD_CALLBACK,
 		0, NULL, (void(*)(void))ossl_pem_passwd_cb);
-    ERR_clear_error();
+    ossl_clear_error();
 
     return obj;
 }

ext/openssl/ossl_ns_spki.c

@@ -94,7 +94,7 @@ ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
     }
     NETSCAPE_SPKI_free(DATA_PTR(self));
     DATA_PTR(self) = spki;
-    ERR_clear_error();
+    ossl_clear_error();
 
     return self;
 }

ext/openssl/ossl_pkcs7.c

@@ -779,7 +779,7 @@ ossl_pkcs7_verify(int argc, VALUE *argv, VALUE self)
     if (ok < 0) ossl_raise(ePKCS7Error, NULL);
     msg = ERR_reason_error_string(ERR_get_error());
     ossl_pkcs7_set_err_string(self, msg ? rb_str_new2(msg) : Qnil);
-    ERR_clear_error();
+    ossl_clear_error();
     data = ossl_membio2str(out);
     ossl_pkcs7_set_data(self, data);
     sk_X509_pop_free(x509s, X509_free);

ext/openssl/ossl_pkey_dsa.c

@@ -244,7 +244,7 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
 	}
 	BIO_free(in);
 	if (!dsa) {
-	    ERR_clear_error();
+	    ossl_clear_error();
 	    ossl_raise(eDSAError, "Neither PUB key nor PRIV key");
 	}
     }

ext/openssl/ossl_pkey_ec.c

@@ -213,7 +213,7 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
                 const char *name = StringValueCStr(arg);
                 int nid = OBJ_sn2nid(name);
 
-                (void)ERR_get_error();
+		ossl_clear_error(); /* ignore errors in the previous d2i_EC_PUBKEY_bio() */
                 if (nid == NID_undef)
                     ossl_raise(eECError, "unknown curve name (%s)\n", name);
 
@@ -808,7 +808,7 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
                 const char *name = StringValueCStr(arg1);
                 int nid = OBJ_sn2nid(name);
 
-		(void)ERR_get_error();
+		ossl_clear_error(); /* ignore errors in d2i_ECPKParameters_bio() */
                 if (nid == NID_undef)
                     ossl_raise(eEC_GROUP, "unknown curve name (%s)", name);
 

ext/openssl/ossl_ssl.c

@@ -1161,7 +1161,7 @@ ossl_ssl_shutdown(SSL *ssl)
 		break;
 	}
 	SSL_clear(ssl);
-	ERR_clear_error();
+	ossl_clear_error();
     }
 }