diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2022-02-06 16:11:59 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2022-02-06 16:11:59 +0000 |
commit | 476a2cdf850029d7f1c29ec0af00f97c8c587adb (patch) | |
tree | 9aa9f54ac1e58e79f4b8e65ffaee56eef59fe5ea | |
parent | efe22530f386a06be44bd6483493c9b8aba89dfa (diff) |
Remove i <= 0 checks from SSL_get_error()
In order for SSL_get_error() to work with SSL_read_ex() and SSL_write_ex()
the error handling needs to be performed without checking i <= 0. This is
effectively part of OpenSSL 8051ab2b6f8 and should bring the behaviour of
SSL_get_error() largely inline with OpenSSL 1.1.
Issue reported by Johannes Nixdorf.
ok inoguchi@ tb@
-rw-r--r-- | lib/libssl/ssl_lib.c | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index ad7fe4d5752..86142fa46fb 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.288 2022/02/05 14:54:10 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.289 2022/02/06 16:11:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2487,15 +2487,17 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *method) int SSL_get_error(const SSL *s, int i) { - int reason; - unsigned long l; - BIO *bio; + unsigned long l; + int reason; + BIO *bio; if (i > 0) return (SSL_ERROR_NONE); - /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake - * etc, where we do encode the error */ + /* + * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake + * etc, where we do encode the error. + */ if ((l = ERR_peek_error()) != 0) { if (ERR_GET_LIB(l) == ERR_LIB_SYS) return (SSL_ERROR_SYSCALL); @@ -2503,7 +2505,7 @@ SSL_get_error(const SSL *s, int i) return (SSL_ERROR_SSL); } - if ((i < 0) && SSL_want_read(s)) { + if (SSL_want_read(s)) { bio = SSL_get_rbio(s); if (BIO_should_read(bio)) { return (SSL_ERROR_WANT_READ); @@ -2530,7 +2532,7 @@ SSL_get_error(const SSL *s, int i) } } - if ((i < 0) && SSL_want_write(s)) { + if (SSL_want_write(s)) { bio = SSL_get_wbio(s); if (BIO_should_write(bio)) { return (SSL_ERROR_WANT_WRITE); @@ -2550,15 +2552,14 @@ SSL_get_error(const SSL *s, int i) return (SSL_ERROR_SYSCALL); } } - if ((i < 0) && SSL_want_x509_lookup(s)) { + + if (SSL_want_x509_lookup(s)) return (SSL_ERROR_WANT_X509_LOOKUP); - } - if (i == 0) { - if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) - return (SSL_ERROR_ZERO_RETURN); - } + if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && + (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) + return (SSL_ERROR_ZERO_RETURN); + return (SSL_ERROR_SYSCALL); } |