]> granicus.if.org Git - openssl/commitdiff
PR: 1949
authorDr. Stephen Henson <steve@openssl.org>
Tue, 26 Jan 2010 19:47:37 +0000 (19:47 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 26 Jan 2010 19:47:37 +0000 (19:47 +0000)
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.

CHANGES
ssl/d1_clnt.c
ssl/d1_srvr.c
ssl/s3_clnt.c
ssl/s3_pkt.c
ssl/s3_srvr.c

diff --git a/CHANGES b/CHANGES
index c9329f9f5496bab09541d0c0bedd6ab2ec8ce360..d6d863a447c5e16c210a582e0003d06d64ec62ef 100644 (file)
--- a/CHANGES
+++ b/CHANGES
 
  Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx]
 
+  *) The code that handled flusing of data in SSL/TLS originally used the
+     BIO_CTRL_INFO ctrl to see if any data was pending first. This caused
+     the problem outlined in PR#1949. The fix suggested there however can
+     trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions
+     of Apache). So instead simplify the code to flush unconditionally.
+     This should be fine since flushing with no data to flush is a no op.
+     [Steve Henson]
+
   *) Handle TLS versions 2.0 and later properly and correctly use the
      highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
      off ancient servers have a habit of sticking around for a while...
index 5317a51180b61c69694d8ee006b5a0d835f35ad5..5bc9eb6603f2f800e61c0e210385a900383f2163 100644 (file)
@@ -148,7 +148,6 @@ int dtls1_connect(SSL *s)
        {
        BUF_MEM *buf=NULL;
        unsigned long Time=(unsigned long)time(NULL);
-       long num1;
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
        int ret= -1;
        int new_state,state,skip=0;;
@@ -511,16 +510,13 @@ int dtls1_connect(SSL *s)
                        break;
 
                case SSL3_ST_CW_FLUSH:
-                       /* number of bytes to be flushed */
-                       num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
-                       if (num1 > 0)
+                       s->rwstate=SSL_WRITING;
+                       if (BIO_flush(s->wbio) <= 0)
                                {
-                               s->rwstate=SSL_WRITING;
-                               num1=BIO_flush(s->wbio);
-                               if (num1 <= 0) { ret= -1; goto end; }
-                               s->rwstate=SSL_NOTHING;
+                               ret= -1;
+                               goto end;
                                }
-
+                       s->rwstate=SSL_NOTHING;
                        s->state=s->s3->tmp.next_state;
                        break;
 
index c11e75abf9eeb7afbb6b75f131c6b88693962a13..eead971d257eaa35be6dc896d7762caeb8bcff17 100644 (file)
@@ -147,7 +147,6 @@ int dtls1_accept(SSL *s)
        BUF_MEM *buf;
        unsigned long Time=(unsigned long)time(NULL);
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
-       long num1;
        unsigned long alg_k;
        int ret= -1;
        int new_state,state,skip=0;
@@ -453,17 +452,14 @@ int dtls1_accept(SSL *s)
                        s->init_num=0;
                        break;
                
-               case SSL3_ST_SW_FLUSH:
-                       /* number of bytes to be flushed */
-                       num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
-                       if (num1 > 0)
+               case SSL3_ST_CW_FLUSH:
+                       s->rwstate=SSL_WRITING;
+                       if (BIO_flush(s->wbio) <= 0)
                                {
-                               s->rwstate=SSL_WRITING;
-                               num1=BIO_flush(s->wbio);
-                               if (num1 <= 0) { ret= -1; goto end; }
-                               s->rwstate=SSL_NOTHING;
+                               ret= -1;
+                               goto end;
                                }
-
+                       s->rwstate=SSL_NOTHING;
                        s->state=s->s3->tmp.next_state;
                        break;
 
index af8fe2ad950000cd0d4db2339f90b9516f171610..44b698cc5f021af147156a85386d309d7f144847 100644 (file)
@@ -184,7 +184,6 @@ int ssl3_connect(SSL *s)
        {
        BUF_MEM *buf=NULL;
        unsigned long Time=(unsigned long)time(NULL);
-       long num1;
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
        int ret= -1;
        int new_state,state,skip=0;
@@ -520,16 +519,13 @@ int ssl3_connect(SSL *s)
                        break;
 
                case SSL3_ST_CW_FLUSH:
-                       /* number of bytes to be flushed */
-                       num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
-                       if (num1 > 0)
+                       s->rwstate=SSL_WRITING;
+                       if (BIO_flush(s->wbio) <= 0)
                                {
-                               s->rwstate=SSL_WRITING;
-                               num1=BIO_flush(s->wbio);
-                               if (num1 <= 0) { ret= -1; goto end; }
-                               s->rwstate=SSL_NOTHING;
+                               ret= -1;
+                               goto end;
                                }
-
+                       s->rwstate=SSL_NOTHING;
                        s->state=s->s3->tmp.next_state;
                        break;
 
index 9f2e16de878430c614e3711042b91d8b71e6216a..da63e50aed237fc5a51621fcce3a6da6fca99b28 100644 (file)
@@ -330,7 +330,7 @@ again:
 #if 0
 fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
 #endif
-
+fprintf(stderr, "RX version %x, Expecting %x\n", version, s->version);
                /* Lets check version */
                if (!s->first_packet)
                        {
@@ -736,7 +736,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 
        *(p++)=(s->version>>8);
        *(p++)=s->version&0xff;
-
+fprintf(stderr, "Wrote version %x\n", s->version);
        /* field where we are to write out packet length */
        plen=p; 
        p+=2;
index c8bed170b5e409d183be6cf062c4724109e59d03..297f79fc1e7fa3ed62493520bcddf339969de0ac 100644 (file)
@@ -189,7 +189,6 @@ int ssl3_accept(SSL *s)
        BUF_MEM *buf;
        unsigned long alg_k,Time=(unsigned long)time(NULL);
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
-       long num1;
        int ret= -1;
        int new_state,state,skip=0;
 
@@ -483,29 +482,24 @@ int ssl3_accept(SSL *s)
                        break;
                
                case SSL3_ST_SW_FLUSH:
-                       /* number of bytes to be flushed */
-                       /* This originally and incorrectly called BIO_CTRL_INFO
-                        * The reason why this is wrong is mentioned in PR#1949.
-                        * Unfortunately, as suggested in that bug some
-                        * versions of Apache unconditionally return 0
-                        * for BIO_CTRL_WPENDING meaning we don't correctly
-                        * flush data and some operations, like renegotiation,
-                        * don't work. Other software may also be affected so
-                        * call BIO_CTRL_INFO to retain compatibility with
-                        * previous behaviour and BIO_CTRL_WPENDING if we
-                        * get zero to address the PR#1949 case.
+
+                       /* This code originally checked to see if
+                        * any data was pending using BIO_CTRL_INFO
+                        * and then flushed. This caused problems
+                        * as documented in PR#1939. The proposed
+                        * fix doesn't completely resolve this issue
+                        * as buggy implementations of BIO_CTRL_PENDING
+                        * still exist. So instead we just flush
+                        * unconditionally.
                         */
 
-                       num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
-                       if (num1 == 0)
-                               num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL);
-                       if (num1 > 0)
+                       s->rwstate=SSL_WRITING;
+                       if (BIO_flush(s->wbio) <= 0)
                                {
-                               s->rwstate=SSL_WRITING;
-                               num1=BIO_flush(s->wbio);
-                               if (num1 <= 0) { ret= -1; goto end; }
-                               s->rwstate=SSL_NOTHING;
+                               ret= -1;
+                               goto end;
                                }
+                       s->rwstate=SSL_NOTHING;
 
                        s->state=s->s3->tmp.next_state;
                        break;