diff options
| author |   jsing <jsing@openbsd.org> | 2020-01-22 01:02:28 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-01-22 01:02:28 +0000 |
| commit | 828ae560041be09ecf13fc549fac0f018344e48a (patch) | |
| tree | 89728aef450221ebf4b34dac0e3960726dee5219 /lib/libssl/tls13_lib.c | |
| parent | scsi_delay(): sleep without lbolt (diff) | |
| download | wireguard-openbsd-828ae560041be09ecf13fc549fac0f018344e48a.tar.xz wireguard-openbsd-828ae560041be09ecf13fc549fac0f018344e48a.zip | |
Implement close-notify and SSL_shutdown() handling for the TLSv1.3 client.
ok beck@ inoguchi@ tb@
Diffstat (limited to 'lib/libssl/tls13_lib.c')
| -rw-r--r-- | lib/libssl/tls13_lib.c | 52 |
1 files changed, 51 insertions, 1 deletions
diff --git a/lib/libssl/tls13_lib.c b/lib/libssl/tls13_lib.c index 451e798cb8e..bb749a9b68c 100644 --- a/lib/libssl/tls13_lib.c +++ b/lib/libssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.16 2020/01/21 05:19:02 jsing Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.17 2020/01/22 01:02:28 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2019 Bob Beck <beck@openbsd.org> @@ -69,6 +69,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg) SSL *s = ctx->ssl; if (alert_desc == SSL_AD_CLOSE_NOTIFY) { + ctx->close_notify_recv = 1; ctx->ssl->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; S3I(ctx->ssl)->warn_alert = alert_desc; return; @@ -482,3 +483,52 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len) n -= ret; } } + +int +tls13_legacy_shutdown(SSL *ssl) +{ + struct tls13_ctx *ctx = ssl->internal->tls13; + uint8_t buf[512]; /* XXX */ + ssize_t ret; + + /* + * We need to return 0 when we have sent a close-notify but have not + * yet received one. We return 1 only once we have sent and received + * close-notify alerts. All other cases return -1 and set internal + * state appropriately. + */ + if (ctx == NULL || ssl->internal->quiet_shutdown) { + ssl->internal->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN; + return 1; + } + + /* Send close notify. */ + if (!ctx->close_notify_sent) { + ctx->close_notify_sent = 1; + if ((ret = tls13_send_alert(ctx->rl, SSL_AD_CLOSE_NOTIFY)) < 0) + return tls13_legacy_return_code(ssl, ret); + } + + /* Ensure close notify has been sent. */ + if ((ret = tls13_record_layer_send_pending(ctx->rl)) != TLS13_IO_SUCCESS) + return tls13_legacy_return_code(ssl, ret); + + /* Receive close notify. */ + if (!ctx->close_notify_recv) { + /* + * If there is still application data pending then we have no + * option but to discard it here. The application should have + * continued to call SSL_read() instead of SSL_shutdown(). + */ + /* XXX - tls13_drain_application_data()? */ + if ((ret = tls13_read_application_data(ctx->rl, buf, sizeof(buf))) > 0) + ret = TLS13_IO_WANT_POLLIN; + if (ret != TLS13_IO_EOF) + return tls13_legacy_return_code(ssl, ret); + } + + if (ctx->close_notify_recv) + return 1; + + return 0; +} |