From a165b66fc7e2bb58579ca6221f7161c06631dd31 Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Thu, 14 Jul 2022 23:33:26 +0300 Subject: [PATCH 1/2] TLS: clear 'errno' when handling SSL status Sometimes tls_do_bio() might be called when there is no new data to process (most notably, when resuming reads), in such a case internal TLS session state will remain untouched and old value in 'errno' will alter the result of SSL_get_error() call, possibly making it to return SSL_ERROR_SYSCALL. This value will be treated as an error, and will lead to closing the connection, which is not what expected. --- lib/isc/netmgr/tlsstream.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c index a7cebd4669..fb5ce01219 100644 --- a/lib/isc/netmgr/tlsstream.c +++ b/lib/isc/netmgr/tlsstream.c @@ -497,6 +497,7 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, } } } + errno = 0; tls_status = SSL_get_error(sock->tlsstream.tls, rv); saved_errno = errno; From a9575117340a5f2822633dfcdcd634932aa0b39f Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Fri, 15 Jul 2022 20:38:52 +0300 Subject: [PATCH 2/2] TLS: fix double resumption in isc__nm_tls_resumeread() This commit fixes an obvious error in isc__nm_tls_resumeread() so that read cannot be resumed twice. --- lib/isc/netmgr/tlsstream.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c index fb5ce01219..ef3f70fc42 100644 --- a/lib/isc/netmgr/tlsstream.c +++ b/lib/isc/netmgr/tlsstream.c @@ -860,7 +860,7 @@ isc__nm_tls_resumeread(isc_nmhandle_t *handle) { REQUIRE(VALID_NMSOCK(handle->sock)); if (!atomic_compare_exchange_strong(&handle->sock->readpaused, - &(bool){ false }, false)) + &(bool){ true }, false)) { if (inactive(handle->sock)) { return;