diff options
| author | jsing <> | 2020-09-13 15:04:35 +0000 |
|---|---|---|
| committer | jsing <> | 2020-09-13 15:04:35 +0000 |
| commit | 4f04d3f588f91c98b4b1cdfcffe028a036c96283 (patch) | |
| tree | 66217926431671cbe7e0cf55889348dd2d802dcc | |
| parent | b3e8f4a7980701599a2efe619be2eb35273abe96 (diff) | |
| download | openbsd-4f04d3f588f91c98b4b1cdfcffe028a036c96283.tar.gz openbsd-4f04d3f588f91c98b4b1cdfcffe028a036c96283.tar.bz2 openbsd-4f04d3f588f91c98b4b1cdfcffe028a036c96283.zip | |
Improve handling of BIO_read()/BIO_write() failures in the TLSv1.3 stack.
When BIO returns a failure, it does not always add an error to the error
stack. In the case of the legacy stack, this was generally handled by the
guesswork performed by SSL_get_error(). However, in the case of the new
stack we push an 'unknown' error onto the stack.
Improve this situation by specifically checking errno in the case of a
BIO_read() or BIO_write() failure. If the error stack is empty then push
a SYSerror() with the errno which is preferable to the 'unknown' error
later.
Noted by bluhm@ via syslogd regress.
ok beck@ tb@
| -rw-r--r-- | src/lib/libssl/tls13_legacy.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c index 39d7f0b3ed..317a1cb0f5 100644 --- a/src/lib/libssl/tls13_legacy.c +++ b/src/lib/libssl/tls13_legacy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_legacy.c,v 1.12 2020/07/30 16:57:53 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_legacy.c,v 1.13 2020/09/13 15:04:35 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -35,6 +35,7 @@ tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len) | |||
| 35 | } | 35 | } |
| 36 | 36 | ||
| 37 | ssl->internal->rwstate = SSL_READING; | 37 | ssl->internal->rwstate = SSL_READING; |
| 38 | errno = 0; | ||
| 38 | 39 | ||
| 39 | if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) { | 40 | if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) { |
| 40 | if (BIO_should_read(ssl->rbio)) | 41 | if (BIO_should_read(ssl->rbio)) |
| @@ -44,6 +45,9 @@ tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len) | |||
| 44 | if (n == 0) | 45 | if (n == 0) |
| 45 | return TLS13_IO_EOF; | 46 | return TLS13_IO_EOF; |
| 46 | 47 | ||
| 48 | if (ERR_peek_error() == 0 && errno != 0) | ||
| 49 | SYSerror(errno); | ||
| 50 | |||
| 47 | return TLS13_IO_FAILURE; | 51 | return TLS13_IO_FAILURE; |
| 48 | } | 52 | } |
| 49 | 53 | ||
| @@ -72,6 +76,7 @@ tls13_legacy_wire_write(SSL *ssl, const uint8_t *buf, size_t len) | |||
| 72 | } | 76 | } |
| 73 | 77 | ||
| 74 | ssl->internal->rwstate = SSL_WRITING; | 78 | ssl->internal->rwstate = SSL_WRITING; |
| 79 | errno = 0; | ||
| 75 | 80 | ||
| 76 | if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) { | 81 | if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) { |
| 77 | if (BIO_should_read(ssl->wbio)) | 82 | if (BIO_should_read(ssl->wbio)) |
| @@ -79,6 +84,9 @@ tls13_legacy_wire_write(SSL *ssl, const uint8_t *buf, size_t len) | |||
| 79 | if (BIO_should_write(ssl->wbio)) | 84 | if (BIO_should_write(ssl->wbio)) |
| 80 | return TLS13_IO_WANT_POLLOUT; | 85 | return TLS13_IO_WANT_POLLOUT; |
| 81 | 86 | ||
| 87 | if (ERR_peek_error() == 0 && errno != 0) | ||
| 88 | SYSerror(errno); | ||
| 89 | |||
| 82 | return TLS13_IO_FAILURE; | 90 | return TLS13_IO_FAILURE; |
| 83 | } | 91 | } |
| 84 | 92 | ||