diff options
| -rw-r--r-- | src/lib/libssl/tls13_legacy.c | 43 |
1 files changed, 22 insertions, 21 deletions
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c index 4d68287141..39e34ab93c 100644 --- a/src/lib/libssl/tls13_legacy.c +++ b/src/lib/libssl/tls13_legacy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_legacy.c,v 1.8 2020/05/29 17:47:30 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_legacy.c,v 1.9 2020/06/24 18:04:33 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -489,29 +489,30 @@ tls13_legacy_shutdown(SSL *ssl) | |||
| 489 | return 1; | 489 | return 1; |
| 490 | } | 490 | } |
| 491 | 491 | ||
| 492 | /* Send close notify. */ | 492 | if (!ctx->close_notify_sent) { |
| 493 | if (!(ssl->internal->shutdown & SSL_SENT_SHUTDOWN)) { | 493 | /* Enqueue and send close notify. */ |
| 494 | ssl->internal->shutdown |= SSL_SENT_SHUTDOWN; | 494 | if (!(ssl->internal->shutdown & SSL_SENT_SHUTDOWN)) { |
| 495 | if ((ret = tls13_send_alert(ctx->rl, TLS13_ALERT_CLOSE_NOTIFY)) < 0) | 495 | ssl->internal->shutdown |= SSL_SENT_SHUTDOWN; |
| 496 | if ((ret = tls13_send_alert(ctx->rl, | ||
| 497 | TLS13_ALERT_CLOSE_NOTIFY)) < 0) | ||
| 498 | return tls13_legacy_return_code(ssl, ret); | ||
| 499 | } | ||
| 500 | if ((ret = tls13_record_layer_send_pending(ctx->rl)) != | ||
| 501 | TLS13_IO_SUCCESS) | ||
| 496 | return tls13_legacy_return_code(ssl, ret); | 502 | return tls13_legacy_return_code(ssl, ret); |
| 497 | } | 503 | } else if (!ctx->close_notify_recv) { |
| 498 | |||
| 499 | /* Ensure close notify has been sent. */ | ||
| 500 | if ((ret = tls13_record_layer_send_pending(ctx->rl)) != TLS13_IO_SUCCESS) | ||
| 501 | return tls13_legacy_return_code(ssl, ret); | ||
| 502 | |||
| 503 | /* Receive close notify. */ | ||
| 504 | if (!ctx->close_notify_recv) { | ||
| 505 | /* | 504 | /* |
| 506 | * If there is still application data pending then we have no | 505 | * If there is no application data pending, attempt to read more |
| 507 | * option but to discard it here. The application should have | 506 | * data in order to receive a close notify. This should trigger |
| 508 | * continued to call SSL_read() instead of SSL_shutdown(). | 507 | * a record to be read from the wire, which may be application |
| 508 | * handshake or alert data. Only one attempt is made to match | ||
| 509 | * previous semantics. | ||
| 509 | */ | 510 | */ |
| 510 | /* XXX - tls13_drain_application_data()? */ | 511 | if (tls13_pending_application_data(ctx->rl) == 0) { |
| 511 | if ((ret = tls13_read_application_data(ctx->rl, buf, sizeof(buf))) > 0) | 512 | if ((ret = tls13_read_application_data(ctx->rl, buf, |
| 512 | ret = TLS13_IO_WANT_POLLIN; | 513 | sizeof(buf))) < 0) |
| 513 | if (ret != TLS13_IO_EOF) | 514 | return tls13_legacy_return_code(ssl, ret); |
| 514 | return tls13_legacy_return_code(ssl, ret); | 515 | } |
| 515 | } | 516 | } |
| 516 | 517 | ||
| 517 | if (ctx->close_notify_recv) | 518 | if (ctx->close_notify_recv) |