diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-01-26 19:40:36 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-01-26 19:40:36 +0000 |
commit | cc62974182c4ca65eeba26b07705e3a242ae4580 (patch) | |
tree | 156121b0bb85b50ce7bb9b670b9e2c8232e0c4a8 /ssl | |
parent | 94137885710fe276454f933f9cbfefbe02ead347 (diff) |
PR: 1949
Submitted by: steve@openssl.org
More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_clnt.c | 14 | ||||
-rw-r--r-- | ssl/d1_srvr.c | 16 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 14 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 34 |
4 files changed, 30 insertions, 48 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 59cb3daedc..223d116279 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -145,7 +145,6 @@ int dtls1_connect(SSL *s) { BUF_MEM *buf=NULL; unsigned long Time=(unsigned long)time(NULL),l; - long num1; void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state,skip=0;; @@ -509,16 +508,13 @@ int dtls1_connect(SSL *s) break; case SSL3_ST_CW_FLUSH: - /* number of bytes to be flushed */ - num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); - if (num1 > 0) + s->rwstate=SSL_WRITING; + if (BIO_flush(s->wbio) <= 0) { - s->rwstate=SSL_WRITING; - num1=BIO_flush(s->wbio); - if (num1 <= 0) { ret= -1; goto end; } - s->rwstate=SSL_NOTHING; + ret= -1; + goto end; } - + s->rwstate=SSL_NOTHING; s->state=s->s3->tmp.next_state; break; diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 499e2bba51..e18d878c42 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -146,7 +146,6 @@ int dtls1_accept(SSL *s) BUF_MEM *buf; unsigned long l,Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; - long num1; int ret= -1; int new_state,state,skip=0; @@ -441,17 +440,14 @@ int dtls1_accept(SSL *s) s->init_num=0; break; - case SSL3_ST_SW_FLUSH: - /* number of bytes to be flushed */ - num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); - if (num1 > 0) + case SSL3_ST_CW_FLUSH: + s->rwstate=SSL_WRITING; + if (BIO_flush(s->wbio) <= 0) { - s->rwstate=SSL_WRITING; - num1=BIO_flush(s->wbio); - if (num1 <= 0) { ret= -1; goto end; } - s->rwstate=SSL_NOTHING; + ret= -1; + goto end; } - + s->rwstate=SSL_NOTHING; s->state=s->s3->tmp.next_state; break; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 9232daf6ba..e5138b6e5e 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -167,7 +167,6 @@ int ssl3_connect(SSL *s) { BUF_MEM *buf=NULL; unsigned long Time=(unsigned long)time(NULL),l; - long num1; void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state,skip=0; @@ -496,16 +495,13 @@ int ssl3_connect(SSL *s) break; case SSL3_ST_CW_FLUSH: - /* number of bytes to be flushed */ - num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); - if (num1 > 0) + s->rwstate=SSL_WRITING; + if (BIO_flush(s->wbio) <= 0) { - s->rwstate=SSL_WRITING; - num1=BIO_flush(s->wbio); - if (num1 <= 0) { ret= -1; goto end; } - s->rwstate=SSL_NOTHING; + ret= -1; + goto end; } - + s->rwstate=SSL_NOTHING; s->state=s->s3->tmp.next_state; break; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 700d972239..e696450d65 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -166,7 +166,6 @@ int ssl3_accept(SSL *s) BUF_MEM *buf; unsigned long l,Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; - long num1; int ret= -1; int new_state,state,skip=0; @@ -447,29 +446,24 @@ int ssl3_accept(SSL *s) break; case SSL3_ST_SW_FLUSH: - /* number of bytes to be flushed */ - /* This originally and incorrectly called BIO_CTRL_INFO - * The reason why this is wrong is mentioned in PR#1949. - * Unfortunately, as suggested in that bug some - * versions of Apache unconditionally return 0 - * for BIO_CTRL_WPENDING meaning we don't correctly - * flush data and some operations, like renegotiation, - * don't work. Other software may also be affected so - * call BIO_CTRL_INFO to retain compatibility with - * previous behaviour and BIO_CTRL_WPENDING if we - * get zero to address the PR#1949 case. + + /* This code originally checked to see if + * any data was pending using BIO_CTRL_INFO + * and then flushed. This caused problems + * as documented in PR#1939. The proposed + * fix doesn't completely resolve this issue + * as buggy implementations of BIO_CTRL_PENDING + * still exist. So instead we just flush + * unconditionally. */ - num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); - if (num1 == 0) - num1=BIO_ctrl(s->wbio,BIO_CTRL_WPENDING,0,NULL); - if (num1 > 0) + s->rwstate=SSL_WRITING; + if (BIO_flush(s->wbio) <= 0) { - s->rwstate=SSL_WRITING; - num1=BIO_flush(s->wbio); - if (num1 <= 0) { ret= -1; goto end; } - s->rwstate=SSL_NOTHING; + ret= -1; + goto end; } + s->rwstate=SSL_NOTHING; s->state=s->s3->tmp.next_state; break; |