diff options
Diffstat (limited to 'src/lib/libssl/tls13_legacy.c')
| -rw-r--r-- | src/lib/libssl/tls13_legacy.c | 41 |
1 files changed, 21 insertions, 20 deletions
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c index d25674d93b..95e9032634 100644 --- a/src/lib/libssl/tls13_legacy.c +++ b/src/lib/libssl/tls13_legacy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_legacy.c,v 1.3.4.1 2020/05/19 20:22:33 tb Exp $ */ | 1 | /* $OpenBSD: tls13_legacy.c,v 1.3.4.2 2020/08/10 18:59:47 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -486,29 +486,30 @@ tls13_legacy_shutdown(SSL *ssl) | |||
| 486 | return 1; | 486 | return 1; |
| 487 | } | 487 | } |
| 488 | 488 | ||
| 489 | /* Send close notify. */ | ||
| 490 | if (!ctx->close_notify_sent) { | 489 | if (!ctx->close_notify_sent) { |
| 491 | ctx->close_notify_sent = 1; | 490 | /* Enqueue and send close notify. */ |
| 492 | if ((ret = tls13_send_alert(ctx->rl, SSL_AD_CLOSE_NOTIFY)) < 0) | 491 | if (!(ssl->internal->shutdown & SSL_SENT_SHUTDOWN)) { |
| 492 | ssl->internal->shutdown |= SSL_SENT_SHUTDOWN; | ||
| 493 | if ((ret = tls13_send_alert(ctx->rl, | ||
| 494 | SSL_AD_CLOSE_NOTIFY)) < 0) | ||
| 495 | return tls13_legacy_return_code(ssl, ret); | ||
| 496 | } | ||
| 497 | if ((ret = tls13_record_layer_send_pending(ctx->rl)) != | ||
| 498 | TLS13_IO_SUCCESS) | ||
| 493 | return tls13_legacy_return_code(ssl, ret); | 499 | return tls13_legacy_return_code(ssl, ret); |
| 494 | } | 500 | } else if (!ctx->close_notify_recv) { |
| 495 | |||
| 496 | /* Ensure close notify has been sent. */ | ||
| 497 | if ((ret = tls13_record_layer_send_pending(ctx->rl)) != TLS13_IO_SUCCESS) | ||
| 498 | return tls13_legacy_return_code(ssl, ret); | ||
| 499 | |||
| 500 | /* Receive close notify. */ | ||
| 501 | if (!ctx->close_notify_recv) { | ||
| 502 | /* | 501 | /* |
| 503 | * If there is still application data pending then we have no | 502 | * If there is no application data pending, attempt to read more |
| 504 | * option but to discard it here. The application should have | 503 | * data in order to receive a close notify. This should trigger |
| 505 | * continued to call SSL_read() instead of SSL_shutdown(). | 504 | * a record to be read from the wire, which may be application |
| 505 | * handshake or alert data. Only one attempt is made to match | ||
| 506 | * previous semantics. | ||
| 506 | */ | 507 | */ |
| 507 | /* XXX - tls13_drain_application_data()? */ | 508 | if (tls13_pending_application_data(ctx->rl) == 0) { |
| 508 | if ((ret = tls13_read_application_data(ctx->rl, buf, sizeof(buf))) > 0) | 509 | if ((ret = tls13_read_application_data(ctx->rl, buf, |
| 509 | ret = TLS13_IO_WANT_POLLIN; | 510 | sizeof(buf))) < 0) |
| 510 | if (ret != TLS13_IO_EOF) | 511 | return tls13_legacy_return_code(ssl, ret); |
| 511 | return tls13_legacy_return_code(ssl, ret); | 512 | } |
| 512 | } | 513 | } |
| 513 | 514 | ||
| 514 | if (ctx->close_notify_recv) | 515 | if (ctx->close_notify_recv) |