diff options
| author | tb <> | 2022-01-25 14:51:54 +0000 |
|---|---|---|
| committer | tb <> | 2022-01-25 14:51:54 +0000 |
| commit | 56f1827674a9cecf117e0379d088fef1b23cf017 (patch) | |
| tree | 683f235762f0b56515db57db8fb805b022b9c1a2 /src/lib/libcrypto/ecdsa/ecs_vrf.c | |
| parent | be0df1ec7b55ec791e94f3cfe98ac567d5dba1ee (diff) | |
| download | openbsd-56f1827674a9cecf117e0379d088fef1b23cf017.tar.gz openbsd-56f1827674a9cecf117e0379d088fef1b23cf017.tar.bz2 openbsd-56f1827674a9cecf117e0379d088fef1b23cf017.zip | |
Avoid an infinite loop in SSL_shutdown()
If the peer closed the write side of the connection and we have not
yet received the close_notify, SSL_shutdown() makes an extra read to
try and read the peer's close_notify from the pipe. In that situation,
we receive EOF. The legacy stack will return -1 while the TLSv1.3
stack will end up returning 0.
Since the documentation is not super explicit about what should be
done if SSL_shutdown() returns 0, some applications will enter an
infinite loop. The code and documentation indicate that SSL_shutdown()
should only be called once more if it returned 0. Newer versions
of the OpenSSL documentation explicitly say that one should call
SSL_read() if SSL_shutdown() returns 0 in order to retrieve the
close_notify. Doing this would also have avoided this infinite loop.
Reported by Carsten Arzig and bluhm with a test case extracted from the
syslogd tests using IO::Socket::SSL, which has such an infinite loop.
ok bluhm jsing
Diffstat (limited to 'src/lib/libcrypto/ecdsa/ecs_vrf.c')
0 files changed, 0 insertions, 0 deletions