From c033d8dd5f1b51daaea294f6d345521ac6566588 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Thu, 28 Feb 2019 17:56:43 +0000 Subject: Automatically complete the handshake from tls13_legacy_{read,write}_bytes() If the TLS handshake has not been completed, automatically complete the handshake as part of the read/write call, implementing the current SSL_read()/SSL_write() behaviour. Once the TLS handshake is completed we push a WANT_POLLIN or WANT_POLLOUT back up to the caller, since some applications appear to incorrectly call SSL_read() or SSL_write(), rather than repeating the previous call. This can lead to attempts to read data that does not exist, since the WANT_POLLIN was actually triggered as part of the handshake. ok inoguchi@ tb@ --- src/lib/libssl/tls13_handshake.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/lib/libssl/tls13_handshake.c') diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c index d4fc7cb6f7..536630ac33 100644 --- a/src/lib/libssl/tls13_handshake.c +++ b/src/lib/libssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.30 2019/02/28 17:39:36 jsing Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.31 2019/02/28 17:56:43 jsing Exp $ */ /* * Copyright (c) 2018-2019 Theo Buehler * Copyright (c) 2019 Joel Sing @@ -282,6 +282,7 @@ tls13_handshake_perform(struct tls13_ctx *ctx) return TLS13_IO_FAILURE; if (action->handshake_complete) { + ctx->handshake_completed = 1; tls13_record_layer_handshake_completed(ctx->rl); return TLS13_IO_SUCCESS; } -- cgit v1.2.3-55-g6feb