diff options
| author | tb <> | 2022-01-25 15:00:09 +0000 |
|---|---|---|
| committer | tb <> | 2022-01-25 15:00:09 +0000 |
| commit | 37c93f51bfa4f1ae451e4c615e2600cb3099a877 (patch) | |
| tree | e540bd8be070a9daf402f10962d6f101209b86d3 /src | |
| parent | 56f1827674a9cecf117e0379d088fef1b23cf017 (diff) | |
| download | openbsd-37c93f51bfa4f1ae451e4c615e2600cb3099a877.tar.gz openbsd-37c93f51bfa4f1ae451e4c615e2600cb3099a877.tar.bz2 openbsd-37c93f51bfa4f1ae451e4c615e2600cb3099a877.zip | |
Fix another return 0 bug in SSL_shutdown()
If tls13_recod_layer_send_pending() returns TLS13_IO_EOF, we will
bubble this up to the caller via tls13_legacy_return_code(), which
translates TLS13_IO_EOF to 0. This can happen if we have pending
post handshake-handshake data and the peer closes the pipe.
Presumably tls13_legacy_shutdown() should be rewritten yet again.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/tls13_legacy.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c index 7327311c7b..a62e936ccb 100644 --- a/src/lib/libssl/tls13_legacy.c +++ b/src/lib/libssl/tls13_legacy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_legacy.c,v 1.34 2022/01/25 14:51:54 tb Exp $ */ | 1 | /* $OpenBSD: tls13_legacy.c,v 1.35 2022/01/25 15:00:09 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -483,9 +483,9 @@ tls13_legacy_shutdown(SSL *ssl) | |||
| 483 | ssize_t ret; | 483 | ssize_t ret; |
| 484 | 484 | ||
| 485 | /* | 485 | /* |
| 486 | * We need to return 0 when we have sent a close-notify but have not | 486 | * We need to return 0 at the point that we have completed sending a |
| 487 | * yet received one. We return 1 only once we have sent and received | 487 | * close-notify. We return 1 when we have sent and received close-notify |
| 488 | * close-notify alerts. All other cases return -1 and set internal | 488 | * alerts. All other cases, including EOF, return -1 and set internal |
| 489 | * state appropriately. | 489 | * state appropriately. |
| 490 | */ | 490 | */ |
| 491 | if (ctx == NULL || ssl->internal->quiet_shutdown) { | 491 | if (ctx == NULL || ssl->internal->quiet_shutdown) { |
| @@ -501,8 +501,10 @@ tls13_legacy_shutdown(SSL *ssl) | |||
| 501 | TLS13_ALERT_CLOSE_NOTIFY)) < 0) | 501 | TLS13_ALERT_CLOSE_NOTIFY)) < 0) |
| 502 | return tls13_legacy_return_code(ssl, ret); | 502 | return tls13_legacy_return_code(ssl, ret); |
| 503 | } | 503 | } |
| 504 | if ((ret = tls13_record_layer_send_pending(ctx->rl)) != | 504 | ret = tls13_record_layer_send_pending(ctx->rl); |
| 505 | TLS13_IO_SUCCESS) | 505 | if (ret == TLS13_IO_EOF) |
| 506 | return -1; | ||
| 507 | if (ret != TLS13_IO_SUCCESS) | ||
| 506 | return tls13_legacy_return_code(ssl, ret); | 508 | return tls13_legacy_return_code(ssl, ret); |
| 507 | } else if (!ctx->close_notify_recv) { | 509 | } else if (!ctx->close_notify_recv) { |
| 508 | /* | 510 | /* |