If the TLSv1.3 code has not recorded an error and something already exists

on the error stack, refrain from pushing an 'unknown' error on the stack. This should allow libcrypto errors (including bio) to be visible, where we have nothing better to offer. ok tb@
author: jsing <jsing@openbsd.org> 2020-01-29 17:03:58 +0000
committer: jsing <jsing@openbsd.org> 2020-01-29 17:03:58 +0000
commit: ae613d71d249156d26e03c3677540a177f339483 (patch)
tree: 5355c1636ed704bf0ae2576d3c9821cac80d1360 /lib/libssl/tls13_lib.c
parent: Warn if a message type that is no longer used is received. (diff)
download: wireguard-openbsd-ae613d71d249156d26e03c3677540a177f339483.tar.xz
wireguard-openbsd-ae613d71d249156d26e03c3677540a177f339483.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libssl/tls13_lib.c b/lib/libssl/tls13_lib.c
index 2a13e8f7732..3a90c0d6df9 100644
--- a/lib/libssl/tls13_lib.c
+++ b/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_lib.c,v 1.31 2020/01/26 02:45:27 beck Exp $ */
+/*	$OpenBSD: tls13_lib.c,v 1.32 2020/01/29 17:03:58 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -408,6 +408,10 @@ tls13_legacy_error(SSL *ssl)
 		break;
 	}
 
+	/* Something (probably libcrypto) already pushed an error on the stack. */
+	if (reason == SSL_R_UNKNOWN && ERR_peek_error() != 0)
+		return;
+
 	ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file,
 	    ctx->error.line);
 }
author	jsing <jsing@openbsd.org>	2020-01-29 17:03:58 +0000
committer	jsing <jsing@openbsd.org>	2020-01-29 17:03:58 +0000
commit	ae613d71d249156d26e03c3677540a177f339483 (patch)
tree	5355c1636ed704bf0ae2576d3c9821cac80d1360 /lib/libssl/tls13_lib.c
parent	Warn if a message type that is no longer used is received. (diff)
download	wireguard-openbsd-ae613d71d249156d26e03c3677540a177f339483.tar.xz wireguard-openbsd-ae613d71d249156d26e03c3677540a177f339483.zip