1 files changed, 51 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 451e798cb8..bb749a9b68 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.16 2020/01/21 05:19:02 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.17 2020/01/22 01:02:28 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -69,6 +69,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
        SSL *s = ctx->ssl;
        if (alert_desc == SSL_AD_CLOSE_NOTIFY) {
+                ctx->close_notify_recv = 1;
                ctx->ssl->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
                S3I(ctx->ssl)->warn_alert = alert_desc;
                return;
@@ -482,3 +483,52 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len)
                n -= ret;
        }
 }
+int
+tls13_legacy_shutdown(SSL *ssl)
+{
+        struct tls13_ctx *ctx = ssl->internal->tls13;
+        uint8_t buf[512]; /* XXX */
+        ssize_t ret;
+        /*
+         * We need to return 0 when we have sent a close-notify but have not
+         * yet received one. We return 1 only once we have sent and received
+         * close-notify alerts. All other cases return -1 and set internal
+         * state appropriately.
+         */
+        if (ctx == NULL || ssl->internal->quiet_shutdown) {
+                ssl->internal->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;
+                return 1;
+        }
+        /* Send close notify. */
+        if (!ctx->close_notify_sent) {
+                ctx->close_notify_sent = 1;
+                if ((ret = tls13_send_alert(ctx->rl, SSL_AD_CLOSE_NOTIFY)) < 0)
+                        return tls13_legacy_return_code(ssl, ret);
+        }
+        /* Ensure close notify has been sent. */
+        if ((ret = tls13_record_layer_send_pending(ctx->rl)) != TLS13_IO_SUCCESS)
+                return tls13_legacy_return_code(ssl, ret);
+        /* Receive close notify. */
+        if (!ctx->close_notify_recv) {
+                /*
+                 * If there is still application data pending then we have no
+                 * option but to discard it here. The application should have
+                 * continued to call SSL_read() instead of SSL_shutdown().
+                 */
+                /* XXX - tls13_drain_application_data()? */
+                if ((ret = tls13_read_application_data(ctx->rl, buf, sizeof(buf))) > 0)
+                        ret = TLS13_IO_WANT_POLLIN;
+                if (ret != TLS13_IO_EOF)
+                        return tls13_legacy_return_code(ssl, ret);
+        }
+        if (ctx->close_notify_recv)
+                return 1;
+        return 0;
+}

diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 451e798cb8..bb749a9b68 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_lib.c,v 1.16 2020/01/21 05:19:02 jsing Exp $ */	1	/* $OpenBSD: tls13_lib.c,v 1.17 2020/01/22 01:02:28 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -69,6 +69,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
69	SSL *s = ctx->ssl;	69	SSL *s = ctx->ssl;
70		70
71	if (alert_desc == SSL_AD_CLOSE_NOTIFY) {	71	if (alert_desc == SSL_AD_CLOSE_NOTIFY) {
		72	ctx->close_notify_recv = 1;
72	ctx->ssl->internal->shutdown \|= SSL_RECEIVED_SHUTDOWN;	73	ctx->ssl->internal->shutdown \|= SSL_RECEIVED_SHUTDOWN;
73	S3I(ctx->ssl)->warn_alert = alert_desc;	74	S3I(ctx->ssl)->warn_alert = alert_desc;
74	return;	75	return;
@@ -482,3 +483,52 @@ tls13_legacy_write_bytes(SSL ssl, int type, const void vbuf, int len)
482	n -= ret;	483	n -= ret;
483	}	484	}
484	}	485	}
		486
		487	int
		488	tls13_legacy_shutdown(SSL *ssl)
		489	{
		490	struct tls13_ctx *ctx = ssl->internal->tls13;
		491	uint8_t buf[512]; /* XXX */
		492	ssize_t ret;
		493
		494	/*
		495	* We need to return 0 when we have sent a close-notify but have not
		496	* yet received one. We return 1 only once we have sent and received
		497	* close-notify alerts. All other cases return -1 and set internal
		498	* state appropriately.
		499	*/
		500	if (ctx == NULL \|\| ssl->internal->quiet_shutdown) {
		501	ssl->internal->shutdown = SSL_SENT_SHUTDOWN \| SSL_RECEIVED_SHUTDOWN;
		502	return 1;
		503	}
		504
		505	/* Send close notify. */
		506	if (!ctx->close_notify_sent) {
		507	ctx->close_notify_sent = 1;
		508	if ((ret = tls13_send_alert(ctx->rl, SSL_AD_CLOSE_NOTIFY)) < 0)
		509	return tls13_legacy_return_code(ssl, ret);
		510	}
		511
		512	/* Ensure close notify has been sent. */
		513	if ((ret = tls13_record_layer_send_pending(ctx->rl)) != TLS13_IO_SUCCESS)
		514	return tls13_legacy_return_code(ssl, ret);
		515
		516	/* Receive close notify. */
		517	if (!ctx->close_notify_recv) {
		518	/*
		519	* If there is still application data pending then we have no
		520	* option but to discard it here. The application should have
		521	* continued to call SSL_read() instead of SSL_shutdown().
		522	*/
		523	/* XXX - tls13_drain_application_data()? */
		524	if ((ret = tls13_read_application_data(ctx->rl, buf, sizeof(buf))) > 0)
		525	ret = TLS13_IO_WANT_POLLIN;
		526	if (ret != TLS13_IO_EOF)
		527	return tls13_legacy_return_code(ssl, ret);
		528	}
		529
		530	if (ctx->close_notify_recv)
		531	return 1;
		532
		533	return 0;
		534	}