summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2022-02-06 16:11:59 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2022-02-06 16:11:59 +0000
commit476a2cdf850029d7f1c29ec0af00f97c8c587adb (patch)
tree9aa9f54ac1e58e79f4b8e65ffaee56eef59fe5ea
parentefe22530f386a06be44bd6483493c9b8aba89dfa (diff)
Remove i <= 0 checks from SSL_get_error()
In order for SSL_get_error() to work with SSL_read_ex() and SSL_write_ex() the error handling needs to be performed without checking i <= 0. This is effectively part of OpenSSL 8051ab2b6f8 and should bring the behaviour of SSL_get_error() largely inline with OpenSSL 1.1. Issue reported by Johannes Nixdorf. ok inoguchi@ tb@
-rw-r--r--lib/libssl/ssl_lib.c31
1 files changed, 16 insertions, 15 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index ad7fe4d5752..86142fa46fb 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.288 2022/02/05 14:54:10 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.289 2022/02/06 16:11:58 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -2487,15 +2487,17 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *method)
int
SSL_get_error(const SSL *s, int i)
{
- int reason;
- unsigned long l;
- BIO *bio;
+ unsigned long l;
+ int reason;
+ BIO *bio;
if (i > 0)
return (SSL_ERROR_NONE);
- /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
- * etc, where we do encode the error */
+ /*
+ * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
+ * etc, where we do encode the error.
+ */
if ((l = ERR_peek_error()) != 0) {
if (ERR_GET_LIB(l) == ERR_LIB_SYS)
return (SSL_ERROR_SYSCALL);
@@ -2503,7 +2505,7 @@ SSL_get_error(const SSL *s, int i)
return (SSL_ERROR_SSL);
}
- if ((i < 0) && SSL_want_read(s)) {
+ if (SSL_want_read(s)) {
bio = SSL_get_rbio(s);
if (BIO_should_read(bio)) {
return (SSL_ERROR_WANT_READ);
@@ -2530,7 +2532,7 @@ SSL_get_error(const SSL *s, int i)
}
}
- if ((i < 0) && SSL_want_write(s)) {
+ if (SSL_want_write(s)) {
bio = SSL_get_wbio(s);
if (BIO_should_write(bio)) {
return (SSL_ERROR_WANT_WRITE);
@@ -2550,15 +2552,14 @@ SSL_get_error(const SSL *s, int i)
return (SSL_ERROR_SYSCALL);
}
}
- if ((i < 0) && SSL_want_x509_lookup(s)) {
+
+ if (SSL_want_x509_lookup(s))
return (SSL_ERROR_WANT_X509_LOOKUP);
- }
- if (i == 0) {
- if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) &&
- (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
- return (SSL_ERROR_ZERO_RETURN);
- }
+ if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+ (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+ return (SSL_ERROR_ZERO_RETURN);
+
return (SSL_ERROR_SYSCALL);
}