Skip to content

Commit dd9667a

Browse files
author
jsing
committed
Remove i <= 0 checks from SSL_get_error()
In order for SSL_get_error() to work with SSL_read_ex() and SSL_write_ex() the error handling needs to be performed without checking i <= 0. This is effectively part of OpenSSL 8051ab2b6f8 and should bring the behaviour of SSL_get_error() largely inline with OpenSSL 1.1. Issue reported by Johannes Nixdorf. ok inoguchi@ tb@
1 parent 05cc63d commit dd9667a

File tree

1 file changed

+16
-15
lines changed

1 file changed

+16
-15
lines changed

src/lib/libssl/ssl_lib.c

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $OpenBSD: ssl_lib.c,v 1.288 2022/02/05 14:54:10 jsing Exp $ */
1+
/* $OpenBSD: ssl_lib.c,v 1.289 2022/02/06 16:11:58 jsing Exp $ */
22
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
33
* All rights reserved.
44
*
@@ -2487,23 +2487,25 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *method)
24872487
int
24882488
SSL_get_error(const SSL *s, int i)
24892489
{
2490-
int reason;
2491-
unsigned long l;
2492-
BIO *bio;
2490+
unsigned long l;
2491+
int reason;
2492+
BIO *bio;
24932493

24942494
if (i > 0)
24952495
return (SSL_ERROR_NONE);
24962496

2497-
/* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2498-
* etc, where we do encode the error */
2497+
/*
2498+
* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2499+
* etc, where we do encode the error.
2500+
*/
24992501
if ((l = ERR_peek_error()) != 0) {
25002502
if (ERR_GET_LIB(l) == ERR_LIB_SYS)
25012503
return (SSL_ERROR_SYSCALL);
25022504
else
25032505
return (SSL_ERROR_SSL);
25042506
}
25052507

2506-
if ((i < 0) && SSL_want_read(s)) {
2508+
if (SSL_want_read(s)) {
25072509
bio = SSL_get_rbio(s);
25082510
if (BIO_should_read(bio)) {
25092511
return (SSL_ERROR_WANT_READ);
@@ -2530,7 +2532,7 @@ SSL_get_error(const SSL *s, int i)
25302532
}
25312533
}
25322534

2533-
if ((i < 0) && SSL_want_write(s)) {
2535+
if (SSL_want_write(s)) {
25342536
bio = SSL_get_wbio(s);
25352537
if (BIO_should_write(bio)) {
25362538
return (SSL_ERROR_WANT_WRITE);
@@ -2550,15 +2552,14 @@ SSL_get_error(const SSL *s, int i)
25502552
return (SSL_ERROR_SYSCALL);
25512553
}
25522554
}
2553-
if ((i < 0) && SSL_want_x509_lookup(s)) {
2555+
2556+
if (SSL_want_x509_lookup(s))
25542557
return (SSL_ERROR_WANT_X509_LOOKUP);
2555-
}
25562558

2557-
if (i == 0) {
2558-
if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2559-
(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2560-
return (SSL_ERROR_ZERO_RETURN);
2561-
}
2559+
if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2560+
(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2561+
return (SSL_ERROR_ZERO_RETURN);
2562+
25622563
return (SSL_ERROR_SYSCALL);
25632564
}
25642565

0 commit comments

Comments
 (0)