PR: 1949
Submitted by: steve@openssl.org More robust fix and workaround for PR#1949. Don't try to work out if there is any write pending data as this can be unreliable: always flush.
This commit is contained in:
		
							
								
								
									
										8
									
								
								CHANGES
									
									
									
									
									
								
							
							
						
						
									
										8
									
								
								CHANGES
									
									
									
									
									
								
							| @@ -884,6 +884,14 @@ | |||||||
|  |  | ||||||
|  Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx] |  Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx] | ||||||
|  |  | ||||||
|  |   *) The code that handled flusing of data in SSL/TLS originally used the | ||||||
|  |      BIO_CTRL_INFO ctrl to see if any data was pending first. This caused | ||||||
|  |      the problem outlined in PR#1949. The fix suggested there however can | ||||||
|  |      trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions | ||||||
|  |      of Apache). So instead simplify the code to flush unconditionally. | ||||||
|  |      This should be fine since flushing with no data to flush is a no op. | ||||||
|  |      [Steve Henson] | ||||||
|  |  | ||||||
|   *) Handle TLS versions 2.0 and later properly and correctly use the |   *) Handle TLS versions 2.0 and later properly and correctly use the | ||||||
|      highest version of TLS/SSL supported. Although TLS >= 2.0 is some way |      highest version of TLS/SSL supported. Although TLS >= 2.0 is some way | ||||||
|      off ancient servers have a habit of sticking around for a while... |      off ancient servers have a habit of sticking around for a while... | ||||||
|   | |||||||
| @@ -148,7 +148,6 @@ int dtls1_connect(SSL *s) | |||||||
| 	{ | 	{ | ||||||
| 	BUF_MEM *buf=NULL; | 	BUF_MEM *buf=NULL; | ||||||
| 	unsigned long Time=(unsigned long)time(NULL); | 	unsigned long Time=(unsigned long)time(NULL); | ||||||
| 	long num1; |  | ||||||
| 	void (*cb)(const SSL *ssl,int type,int val)=NULL; | 	void (*cb)(const SSL *ssl,int type,int val)=NULL; | ||||||
| 	int ret= -1; | 	int ret= -1; | ||||||
| 	int new_state,state,skip=0;; | 	int new_state,state,skip=0;; | ||||||
| @@ -511,16 +510,13 @@ int dtls1_connect(SSL *s) | |||||||
| 			break; | 			break; | ||||||
|  |  | ||||||
| 		case SSL3_ST_CW_FLUSH: | 		case SSL3_ST_CW_FLUSH: | ||||||
| 			/* number of bytes to be flushed */ | 			s->rwstate=SSL_WRITING; | ||||||
| 			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); | 			if (BIO_flush(s->wbio) <= 0) | ||||||
| 			if (num1 > 0) |  | ||||||
| 				{ | 				{ | ||||||
| 				s->rwstate=SSL_WRITING; | 				ret= -1; | ||||||
| 				num1=BIO_flush(s->wbio); | 				goto end; | ||||||
| 				if (num1 <= 0) { ret= -1; goto end; } |  | ||||||
| 				s->rwstate=SSL_NOTHING; |  | ||||||
| 				} | 				} | ||||||
|  | 			s->rwstate=SSL_NOTHING; | ||||||
| 			s->state=s->s3->tmp.next_state; | 			s->state=s->s3->tmp.next_state; | ||||||
| 			break; | 			break; | ||||||
|  |  | ||||||
|   | |||||||
| @@ -147,7 +147,6 @@ int dtls1_accept(SSL *s) | |||||||
| 	BUF_MEM *buf; | 	BUF_MEM *buf; | ||||||
| 	unsigned long Time=(unsigned long)time(NULL); | 	unsigned long Time=(unsigned long)time(NULL); | ||||||
| 	void (*cb)(const SSL *ssl,int type,int val)=NULL; | 	void (*cb)(const SSL *ssl,int type,int val)=NULL; | ||||||
| 	long num1; |  | ||||||
| 	unsigned long alg_k; | 	unsigned long alg_k; | ||||||
| 	int ret= -1; | 	int ret= -1; | ||||||
| 	int new_state,state,skip=0; | 	int new_state,state,skip=0; | ||||||
| @@ -453,17 +452,14 @@ int dtls1_accept(SSL *s) | |||||||
| 			s->init_num=0; | 			s->init_num=0; | ||||||
| 			break; | 			break; | ||||||
| 		 | 		 | ||||||
| 		case SSL3_ST_SW_FLUSH: | 		case SSL3_ST_CW_FLUSH: | ||||||
| 			/* number of bytes to be flushed */ | 			s->rwstate=SSL_WRITING; | ||||||
| 			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); | 			if (BIO_flush(s->wbio) <= 0) | ||||||
| 			if (num1 > 0) |  | ||||||
| 				{ | 				{ | ||||||
| 				s->rwstate=SSL_WRITING; | 				ret= -1; | ||||||
| 				num1=BIO_flush(s->wbio); | 				goto end; | ||||||
| 				if (num1 <= 0) { ret= -1; goto end; } |  | ||||||
| 				s->rwstate=SSL_NOTHING; |  | ||||||
| 				} | 				} | ||||||
|  | 			s->rwstate=SSL_NOTHING; | ||||||
| 			s->state=s->s3->tmp.next_state; | 			s->state=s->s3->tmp.next_state; | ||||||
| 			break; | 			break; | ||||||
|  |  | ||||||
|   | |||||||
| @@ -184,7 +184,6 @@ int ssl3_connect(SSL *s) | |||||||
| 	{ | 	{ | ||||||
| 	BUF_MEM *buf=NULL; | 	BUF_MEM *buf=NULL; | ||||||
| 	unsigned long Time=(unsigned long)time(NULL); | 	unsigned long Time=(unsigned long)time(NULL); | ||||||
| 	long num1; |  | ||||||
| 	void (*cb)(const SSL *ssl,int type,int val)=NULL; | 	void (*cb)(const SSL *ssl,int type,int val)=NULL; | ||||||
| 	int ret= -1; | 	int ret= -1; | ||||||
| 	int new_state,state,skip=0; | 	int new_state,state,skip=0; | ||||||
| @@ -520,16 +519,13 @@ int ssl3_connect(SSL *s) | |||||||
| 			break; | 			break; | ||||||
|  |  | ||||||
| 		case SSL3_ST_CW_FLUSH: | 		case SSL3_ST_CW_FLUSH: | ||||||
| 			/* number of bytes to be flushed */ | 			s->rwstate=SSL_WRITING; | ||||||
| 			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); | 			if (BIO_flush(s->wbio) <= 0) | ||||||
| 			if (num1 > 0) |  | ||||||
| 				{ | 				{ | ||||||
| 				s->rwstate=SSL_WRITING; | 				ret= -1; | ||||||
| 				num1=BIO_flush(s->wbio); | 				goto end; | ||||||
| 				if (num1 <= 0) { ret= -1; goto end; } |  | ||||||
| 				s->rwstate=SSL_NOTHING; |  | ||||||
| 				} | 				} | ||||||
|  | 			s->rwstate=SSL_NOTHING; | ||||||
| 			s->state=s->s3->tmp.next_state; | 			s->state=s->s3->tmp.next_state; | ||||||
| 			break; | 			break; | ||||||
|  |  | ||||||
|   | |||||||
| @@ -330,7 +330,7 @@ again: | |||||||
| #if 0 | #if 0 | ||||||
| fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); | fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); | ||||||
| #endif | #endif | ||||||
|  | fprintf(stderr, "RX version %x, Expecting %x\n", version, s->version); | ||||||
| 		/* Lets check version */ | 		/* Lets check version */ | ||||||
| 		if (!s->first_packet) | 		if (!s->first_packet) | ||||||
| 			{ | 			{ | ||||||
| @@ -736,7 +736,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||||||
|  |  | ||||||
| 	*(p++)=(s->version>>8); | 	*(p++)=(s->version>>8); | ||||||
| 	*(p++)=s->version&0xff; | 	*(p++)=s->version&0xff; | ||||||
|  | fprintf(stderr, "Wrote version %x\n", s->version); | ||||||
| 	/* field where we are to write out packet length */ | 	/* field where we are to write out packet length */ | ||||||
| 	plen=p;  | 	plen=p;  | ||||||
| 	p+=2; | 	p+=2; | ||||||
|   | |||||||
| @@ -189,7 +189,6 @@ int ssl3_accept(SSL *s) | |||||||
| 	BUF_MEM *buf; | 	BUF_MEM *buf; | ||||||
| 	unsigned long alg_k,Time=(unsigned long)time(NULL); | 	unsigned long alg_k,Time=(unsigned long)time(NULL); | ||||||
| 	void (*cb)(const SSL *ssl,int type,int val)=NULL; | 	void (*cb)(const SSL *ssl,int type,int val)=NULL; | ||||||
| 	long num1; |  | ||||||
| 	int ret= -1; | 	int ret= -1; | ||||||
| 	int new_state,state,skip=0; | 	int new_state,state,skip=0; | ||||||
|  |  | ||||||
| @@ -483,29 +482,24 @@ int ssl3_accept(SSL *s) | |||||||
| 			break; | 			break; | ||||||
| 		 | 		 | ||||||
| 		case SSL3_ST_SW_FLUSH: | 		case SSL3_ST_SW_FLUSH: | ||||||
| 			/* number of bytes to be flushed */ |  | ||||||
| 			/* This originally and incorrectly called BIO_CTRL_INFO | 			/* This code originally checked to see if | ||||||
| 			 * The reason why this is wrong is mentioned in PR#1949. | 			 * any data was pending using BIO_CTRL_INFO | ||||||
| 			 * Unfortunately, as suggested in that bug some | 			 * and then flushed. This caused problems | ||||||
| 			 * versions of Apache unconditionally return 0 | 			 * as documented in PR#1939. The proposed | ||||||
| 			 * for BIO_CTRL_WPENDING meaning we don't correctly | 			 * fix doesn't completely resolve this issue | ||||||
| 			 * flush data and some operations, like renegotiation, | 			 * as buggy implementations of BIO_CTRL_PENDING | ||||||
| 			 * don't work. Other software may also be affected so | 			 * still exist. So instead we just flush | ||||||
| 			 * call BIO_CTRL_INFO to retain compatibility with | 			 * unconditionally. | ||||||
| 			 * previous behaviour and BIO_CTRL_WPENDING if we |  | ||||||
| 			 * get zero to address the PR#1949 case. |  | ||||||
| 			 */ | 			 */ | ||||||
|  |  | ||||||
| 			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); | 			s->rwstate=SSL_WRITING; | ||||||
| 			if (num1 == 0) | 			if (BIO_flush(s->wbio) <= 0) | ||||||
| 				num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL); |  | ||||||
| 			if (num1 > 0) |  | ||||||
| 				{ | 				{ | ||||||
| 				s->rwstate=SSL_WRITING; | 				ret= -1; | ||||||
| 				num1=BIO_flush(s->wbio); | 				goto end; | ||||||
| 				if (num1 <= 0) { ret= -1; goto end; } |  | ||||||
| 				s->rwstate=SSL_NOTHING; |  | ||||||
| 				} | 				} | ||||||
|  | 			s->rwstate=SSL_NOTHING; | ||||||
|  |  | ||||||
| 			s->state=s->s3->tmp.next_state; | 			s->state=s->s3->tmp.next_state; | ||||||
| 			break; | 			break; | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Dr. Stephen Henson
					Dr. Stephen Henson