From 476a2cdf850029d7f1c29ec0af00f97c8c587adb Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Sun, 6 Feb 2022 16:11:59 +0000 Subject: Remove i <= 0 checks from SSL_get_error() In order for SSL_get_error() to work with SSL_read_ex() and SSL_write_ex() the error handling needs to be performed without checking i <= 0. This is effectively part of OpenSSL 8051ab2b6f8 and should bring the behaviour of SSL_get_error() largely inline with OpenSSL 1.1. Issue reported by Johannes Nixdorf. ok inoguchi@ tb@ --- lib/libssl/ssl_lib.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) (limited to 'lib/libssl') diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index ad7fe4d5752..86142fa46fb 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.288 2022/02/05 14:54:10 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.289 2022/02/06 16:11:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2487,15 +2487,17 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *method) int SSL_get_error(const SSL *s, int i) { - int reason; - unsigned long l; - BIO *bio; + unsigned long l; + int reason; + BIO *bio; if (i > 0) return (SSL_ERROR_NONE); - /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake - * etc, where we do encode the error */ + /* + * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake + * etc, where we do encode the error. + */ if ((l = ERR_peek_error()) != 0) { if (ERR_GET_LIB(l) == ERR_LIB_SYS) return (SSL_ERROR_SYSCALL); @@ -2503,7 +2505,7 @@ SSL_get_error(const SSL *s, int i) return (SSL_ERROR_SSL); } - if ((i < 0) && SSL_want_read(s)) { + if (SSL_want_read(s)) { bio = SSL_get_rbio(s); if (BIO_should_read(bio)) { return (SSL_ERROR_WANT_READ); @@ -2530,7 +2532,7 @@ SSL_get_error(const SSL *s, int i) } } - if ((i < 0) && SSL_want_write(s)) { + if (SSL_want_write(s)) { bio = SSL_get_wbio(s); if (BIO_should_write(bio)) { return (SSL_ERROR_WANT_WRITE); @@ -2550,15 +2552,14 @@ SSL_get_error(const SSL *s, int i) return (SSL_ERROR_SYSCALL); } } - if ((i < 0) && SSL_want_x509_lookup(s)) { + + if (SSL_want_x509_lookup(s)) return (SSL_ERROR_WANT_X509_LOOKUP); - } - if (i == 0) { - if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) - return (SSL_ERROR_ZERO_RETURN); - } + if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && + (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) + return (SSL_ERROR_ZERO_RETURN); + return (SSL_ERROR_SYSCALL); } -- cgit v1.2.3