Correct return values for non-fatal alerts.

In the close notify case we need to signal EOF and in the user cancelled case we need to return WANT_POLLIN. Returning success results in tls13_record_layer_read_record() thinking that we have record data when we do not, which then results in the content type check later failing. ok tb@
author: jsing <> 2019-02-26 17:38:39 +0000
committer: jsing <> 2019-02-26 17:38:39 +0000
commit: 778ac3e976e281b000c75112e6850b1dff1a0621 (patch)
tree: 0c30a6a4c60f631c42cdf28c4e74a6d85654fbb5 /src
parent: b527f7bb3cf6af9f04bfd8795c7aea63f6fee393 (diff)
download: openbsd-778ac3e976e281b000c75112e6850b1dff1a0621.tar.gz
openbsd-778ac3e976e281b000c75112e6850b1dff1a0621.tar.bz2
openbsd-778ac3e976e281b000c75112e6850b1dff1a0621.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index d4bc50ab4e..71ce4a81ae 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.7 2019/02/25 16:52:34 jsing Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.8 2019/02/26 17:38:39 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -221,10 +221,10 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl)
         */
        if (alert_desc == SSL_AD_CLOSE_NOTIFY) {
                rl->read_closed = 1;
-                ret = TLS13_IO_SUCCESS;
+                ret = TLS13_IO_EOF;
        } else if (alert_desc == SSL_AD_USER_CANCELLED) {
                /* Ignored at the record layer. */
-                ret = TLS13_IO_SUCCESS;
+                ret = TLS13_IO_WANT_POLLIN;
        } else if (alert_level == SSL3_AL_FATAL) {
                rl->read_closed = 1;
                rl->write_closed = 1;
author	jsing <>	2019-02-26 17:38:39 +0000
committer	jsing <>	2019-02-26 17:38:39 +0000
commit	778ac3e976e281b000c75112e6850b1dff1a0621 (patch)
tree	0c30a6a4c60f631c42cdf28c4e74a6d85654fbb5 /src
parent	b527f7bb3cf6af9f04bfd8795c7aea63f6fee393 (diff)
download	openbsd-778ac3e976e281b000c75112e6850b1dff1a0621.tar.gz openbsd-778ac3e976e281b000c75112e6850b1dff1a0621.tar.bz2 openbsd-778ac3e976e281b000c75112e6850b1dff1a0621.zip

diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index d4bc50ab4e..71ce4a81ae 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_record_layer.c,v 1.7 2019/02/25 16:52:34 jsing Exp $ */	1	/* $OpenBSD: tls13_record_layer.c,v 1.8 2019/02/26 17:38:39 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -221,10 +221,10 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl)
221	*/	221	*/
222	if (alert_desc == SSL_AD_CLOSE_NOTIFY) {	222	if (alert_desc == SSL_AD_CLOSE_NOTIFY) {
223	rl->read_closed = 1;	223	rl->read_closed = 1;
224	ret = TLS13_IO_SUCCESS;	224	ret = TLS13_IO_EOF;
225	} else if (alert_desc == SSL_AD_USER_CANCELLED) {	225	} else if (alert_desc == SSL_AD_USER_CANCELLED) {
226	/* Ignored at the record layer. */	226	/* Ignored at the record layer. */
227	ret = TLS13_IO_SUCCESS;	227	ret = TLS13_IO_WANT_POLLIN;
228	} else if (alert_level == SSL3_AL_FATAL) {	228	} else if (alert_level == SSL3_AL_FATAL) {
229	rl->read_closed = 1;	229	rl->read_closed = 1;
230	rl->write_closed = 1;	230	rl->write_closed = 1;