Add a TLS13_IO_ALERT return value so that we can explicitly signal when

we sent or received a fatal alert.

Pull the fatal_alert check up into tls13_legacy_error(). Also, if sending
an alert resulted in EOF, do not propagate this back since we do not want
to signal EOF to the caller (rather we want to indicate failure).

ok beck@ tb@

1 files changed, 10 insertions, 3 deletions

diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 51a2a383ed..727f617471 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.21 2020/01/22 13:10:51 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.22 2020/01/23 02:49:38 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -349,6 +349,10 @@ tls13_legacy_error(SSL *ssl)
         struct tls13_ctx *ctx = ssl->internal->tls13;
         int reason = SSL_R_UNKNOWN;
 
+        /* If we received a fatal alert we already put an error on the stack. */
+        if (S3I(ssl)->fatal_alert != 0)
+                return;
+
         switch (ctx->error.code) {
         case TLS13_ERR_VERIFY_FAILED:
                 reason = SSL_R_CERTIFICATE_VERIFY_FAILED;
@@ -384,8 +388,11 @@ tls13_legacy_return_code(SSL *ssl, ssize_t ret)
                 return 0;
 
         case TLS13_IO_FAILURE:
-                if (S3I(ssl)->fatal_alert == 0)
-                        tls13_legacy_error(ssl);
+                tls13_legacy_error(ssl);
+                return -1;
+
+        case TLS13_IO_ALERT:
+                tls13_legacy_error(ssl);
                 return -1;
 
         case TLS13_IO_WANT_POLLIN: