summaryrefslogtreecommitdiff
path: root/lib/libtls/tls.c
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2015-09-14 12:29:17 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2015-09-14 12:29:17 +0000
commitfddb2664a7cfd52519d99e70d9ece29dbe30ecf5 (patch)
tree973a6633046210689bcb00754764a5c18a7c23d2 /lib/libtls/tls.c
parente7064847bafe6bbfabcccc0cb5aef9170f6452eb (diff)
Expose EOF without close-notify via tls_close().
Make tls_read(3)/tls_write(3) follow read(2)/write(2) like semantics and return 0 on EOF with and without close-notify. However, if we saw an EOF from the underlying file descriptors without getting a close-notify, save this and make it visible when tls_close(3) is called. This keeps the semantics we want, but makes it possible to detect truncation at higher layers, if necessary. ok beck@ guenther@
Diffstat (limited to 'lib/libtls/tls.c')
-rw-r--r--lib/libtls/tls.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c
index cb2833cb54c..236ed9185b8 100644
--- a/lib/libtls/tls.c
+++ b/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.30 2015/09/14 12:20:40 jsing Exp $ */
+/* $OpenBSD: tls.c,v 1.31 2015/09/14 12:29:16 jsing Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
@@ -352,7 +352,8 @@ tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix)
if ((err = ERR_peek_error()) != 0) {
errstr = ERR_error_string(err, NULL);
} else if (ssl_ret == 0) {
- errstr = "EOF";
+ ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY;
+ return (0);
} else if (ssl_ret == -1) {
errstr = strerror(errno);
}
@@ -421,7 +422,7 @@ tls_read(struct tls *ctx, void *buf, size_t buflen)
}
ERR_clear_error();
- if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) >= 0) {
+ if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) > 0) {
rv = (ssize_t)ssl_ret;
goto out;
}
@@ -450,7 +451,7 @@ tls_write(struct tls *ctx, const void *buf, size_t buflen)
}
ERR_clear_error();
- if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) >= 0) {
+ if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) {
rv = (ssize_t)ssl_ret;
goto out;
}
@@ -501,6 +502,12 @@ tls_close(struct tls *ctx)
}
ctx->socket = -1;
}
+
+ if ((ctx->state & TLS_EOF_NO_CLOSE_NOTIFY) != 0) {
+ tls_set_errorx(ctx, "EOF without close notify");
+ rv = -1;
+ }
+
out:
/* Prevent callers from performing incorrect error handling */
errno = 0;