From 2f68c8e7a4d61b92b7d534481fc1cc6ca76ae984 Mon Sep 17 00:00:00 2001 From: jsing Date: Sun, 6 Feb 2022 16:08:14 +0000 Subject: [PATCH] Handle zero byte reads/writes that trigger handshakes in the TLSv1.3 stack. With the legaacy stack, it is possible to do a zero byte SSL_read() or SSL_write() that triggers the handshake, but then returns zero without SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE being flagged. This currently works in the TLSv1.3 stack by returning TLS_IO_WANT_POLLIN or TLS_IO_WANT_POLLOUT, which is then hidden by SSL_get_error(). However, due to upcoming changes to SSL_get_error() this will no longer be the case. In order to maintain the existing legacy behaviour, explicitly handle zero byte reads and writes in the TLSv1.3 stack, following completion of a handshake. ok inoguchi@ tb@ --- lib/libssl/tls13_legacy.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c index 0379c978e92..27e030fa772 100644 --- a/lib/libssl/tls13_legacy.c +++ b/lib/libssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.36 2022/02/05 14:54:10 jsing Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.37 2022/02/06 16:08:14 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -229,6 +229,8 @@ tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int pee if (ctx == NULL || !ctx->handshake_completed) { if ((ret = ssl->internal->handshake_func(ssl)) <= 0) return ret; + if (len == 0) + return 0; return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLIN); } @@ -263,6 +265,8 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len) if (ctx == NULL || !ctx->handshake_completed) { if ((ret = ssl->internal->handshake_func(ssl)) <= 0) return ret; + if (len == 0) + return 0; return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLOUT); } -- 2.20.1