generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

PR: 1949

Browse Source 
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
This commit is contained in:
Dr. Stephen Henson 2010-01-26 19:40:36 +00:00
parent 9413788571
commit cc62974182
5 changed files with 38 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGES
View File

@ -4,6 +4,14 @@
Changes between 0.9.8l and 0.9.8m [xx XXX xxxx] Changes between 0.9.8l and 0.9.8m [xx XXX xxxx]
*) The code that handled flusing of data in SSL/TLS originally used the
BIO_CTRL_INFO ctrl to see if any data was pending first. This caused
the problem outlined in PR#1949. The fix suggested there however can
trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions
of Apache). So instead simplify the code to flush unconditionally.
This should be fine since flushing with no data to flush is a no op.
[Steve Henson]
*) Handle TLS versions 2.0 and later properly and correctly use the *) Handle TLS versions 2.0 and later properly and correctly use the
highest version of TLS/SSL supported. Although TLS >= 2.0 is some way highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
off ancient servers have a habit of sticking around for a while... off ancient servers have a habit of sticking around for a while...

14
ssl/d1_clnt.c
View File

@ -145,7 +145,6 @@ int dtls1_connect(SSL *s)
{ {
BUF_MEM *buf=NULL; BUF_MEM *buf=NULL;
unsigned long Time=(unsigned long)time(NULL),l; unsigned long Time=(unsigned long)time(NULL),l;
long num1;
void (*cb)(const SSL *ssl,int type,int val)=NULL; void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1; int ret= -1;
int new_state,state,skip=0;; int new_state,state,skip=0;;
@ -509,16 +508,13 @@ int dtls1_connect(SSL *s)
break; break;
case SSL3_ST_CW_FLUSH: case SSL3_ST_CW_FLUSH:
/* number of bytes to be flushed */ s->rwstate=SSL_WRITING;
num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); if (BIO_flush(s->wbio) <= 0)
if (num1 > 0)
{ {
s->rwstate=SSL_WRITING; ret= -1;
num1=BIO_flush(s->wbio); goto end;
if (num1 <= 0) { ret= -1; goto end; }
s->rwstate=SSL_NOTHING;
} }
s->rwstate=SSL_NOTHING;
s->state=s->s3->tmp.next_state; s->state=s->s3->tmp.next_state;
break; break;

16
ssl/d1_srvr.c
View File

@ -146,7 +146,6 @@ int dtls1_accept(SSL *s)
BUF_MEM *buf; BUF_MEM *buf;
unsigned long l,Time=(unsigned long)time(NULL); unsigned long l,Time=(unsigned long)time(NULL);
void (*cb)(const SSL *ssl,int type,int val)=NULL; void (*cb)(const SSL *ssl,int type,int val)=NULL;
long num1;
int ret= -1; int ret= -1;
int new_state,state,skip=0; int new_state,state,skip=0;
@ -441,17 +440,14 @@ int dtls1_accept(SSL *s)
s->init_num=0; s->init_num=0;
break; break;
case SSL3_ST_SW_FLUSH: case SSL3_ST_CW_FLUSH:
/* number of bytes to be flushed */ s->rwstate=SSL_WRITING;
num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); if (BIO_flush(s->wbio) <= 0)
if (num1 > 0)
{ {
s->rwstate=SSL_WRITING; ret= -1;
num1=BIO_flush(s->wbio); goto end;
if (num1 <= 0) { ret= -1; goto end; }
s->rwstate=SSL_NOTHING;
} }
s->rwstate=SSL_NOTHING;
s->state=s->s3->tmp.next_state; s->state=s->s3->tmp.next_state;
break; break;

14
ssl/s3_clnt.c
View File

@ -167,7 +167,6 @@ int ssl3_connect(SSL *s)
{ {
BUF_MEM *buf=NULL; BUF_MEM *buf=NULL;
unsigned long Time=(unsigned long)time(NULL),l; unsigned long Time=(unsigned long)time(NULL),l;
long num1;
void (*cb)(const SSL *ssl,int type,int val)=NULL; void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1; int ret= -1;
int new_state,state,skip=0; int new_state,state,skip=0;
@ -496,16 +495,13 @@ int ssl3_connect(SSL *s)
break; break;
case SSL3_ST_CW_FLUSH: case SSL3_ST_CW_FLUSH:
/* number of bytes to be flushed */ s->rwstate=SSL_WRITING;
num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); if (BIO_flush(s->wbio) <= 0)
if (num1 > 0)
{ {
s->rwstate=SSL_WRITING; ret= -1;
num1=BIO_flush(s->wbio); goto end;
if (num1 <= 0) { ret= -1; goto end; }
s->rwstate=SSL_NOTHING;
} }
s->rwstate=SSL_NOTHING;
s->state=s->s3->tmp.next_state; s->state=s->s3->tmp.next_state;
break; break;

34
ssl/s3_srvr.c
View File

@ -166,7 +166,6 @@ int ssl3_accept(SSL *s)
BUF_MEM *buf; BUF_MEM *buf;
unsigned long l,Time=(unsigned long)time(NULL); unsigned long l,Time=(unsigned long)time(NULL);
void (*cb)(const SSL *ssl,int type,int val)=NULL; void (*cb)(const SSL *ssl,int type,int val)=NULL;
long num1;
int ret= -1; int ret= -1;
int new_state,state,skip=0; int new_state,state,skip=0;
@ -447,29 +446,24 @@ int ssl3_accept(SSL *s)
break; break;
case SSL3_ST_SW_FLUSH: case SSL3_ST_SW_FLUSH:
/* number of bytes to be flushed */
/* This originally and incorrectly called BIO_CTRL_INFO /* This code originally checked to see if
* The reason why this is wrong is mentioned in PR#1949. * any data was pending using BIO_CTRL_INFO
* Unfortunately, as suggested in that bug some * and then flushed. This caused problems
* versions of Apache unconditionally return 0 * as documented in PR#1939. The proposed
* for BIO_CTRL_WPENDING meaning we don't correctly * fix doesn't completely resolve this issue
* flush data and some operations, like renegotiation, * as buggy implementations of BIO_CTRL_PENDING
* don't work. Other software may also be affected so * still exist. So instead we just flush
* call BIO_CTRL_INFO to retain compatibility with * unconditionally.
* previous behaviour and BIO_CTRL_WPENDING if we
* get zero to address the PR#1949 case.
*/ */
num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); s->rwstate=SSL_WRITING;
if (num1 == 0) if (BIO_flush(s->wbio) <= 0)
num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL);
if (num1 > 0)
{ {
s->rwstate=SSL_WRITING; ret= -1;
num1=BIO_flush(s->wbio); goto end;
if (num1 <= 0) { ret= -1; goto end; }
s->rwstate=SSL_NOTHING;
} }
s->rwstate=SSL_NOTHING;
s->state=s->s3->tmp.next_state; s->state=s->s3->tmp.next_state;
break; break;