diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2020-12-07 12:53:54 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2020-12-07 12:53:54 +0000 |
| commit | f7e676abdc799fcee5138807447b5e91ab05508f (patch) | |
| tree | 8ae74c9bf26c3ffde8acd9330787ab2b80902bb0 | |
| parent | 0de4e6e0703f47be954f4cfa37648dd58665c819 (diff) | |
| download | s6-networking-f7e676abdc799fcee5138807447b5e91ab05508f.tar.xz | |
Change -K semantics: timeout *during handshake*, not afterwards
- the TLS tunnel itself should be transparent so it has no business
shutting down the connection no matter how long the app takes
- there's still an undetectable situation on some kernels where
EOF doesn't get transmitted from the network, and the engine is in
the handshake, and it can't do anything but wait forever. A timeout
is useful here: dawg, your peer is never going to send any more data,
you should just give up.
- if the situation happens after the handshake, the *app* should
have a timeout and die. The tunnel will follow suit.
- libtls has a blocking tls_handshake() blackbox, we cannot give it
a timeout. Too bad, use bearssl.
| -rw-r--r-- | doc/s6-tlsc-io.html | 10 | ||||
| -rw-r--r-- | doc/s6-tlsc.html | 10 | ||||
| -rw-r--r-- | doc/s6-tlsd-io.html | 10 | ||||
| -rw-r--r-- | doc/s6-tlsd.html | 10 | ||||
| -rw-r--r-- | src/include/s6-networking/stls.h | 3 | ||||
| -rw-r--r-- | src/sbearssl/sbearssl_run.c | 10 | ||||
| -rw-r--r-- | src/stls/stls_run.c | 8 | ||||
| -rw-r--r-- | src/tls/s6-tlsc-io.c | 3 | ||||
| -rw-r--r-- | src/tls/s6-tlsd-io.c | 3 |
9 files changed, 38 insertions, 29 deletions
diff --git a/doc/s6-tlsc-io.html b/doc/s6-tlsc-io.html index 2f02841..d4c1b7e 100644 --- a/doc/s6-tlsc-io.html +++ b/doc/s6-tlsc-io.html @@ -195,10 +195,12 @@ connection without using <tt>close_notify</tt>. This is the default. </li> <li> <tt>-k <em>servername</em></tt> : use Server Name Indication, and send <em>servername</em>. The default is not to use SNI, which may be a security risk. </li> - <li> <tt>-K <em>kimeout</em></tt> : close the connection -if <em>kimeout</em> milliseconds elapse without any data being -received from either side. The default is 0, which means -infinite timeout (never kill the connection). </li> + <li> <tt>-K <em>kimeout</em></tt> : if the peer fails +to send data for <em>kimeout</em> milliseconds during the handshake, +close the connection. The default is 0, which means infinite timeout +(never kill the connection). This option is ignored by the +<tt>libtls</tt> backend, which does not have a way to interrupt +the handshake after a timeout. </li> <li> <tt>-d <em>notif</em></tt> : handshake notification. <em>notif</em> must be a file descriptor open for writing. When the TLS handshake has completed, some data (terminated by two null diff --git a/doc/s6-tlsc.html b/doc/s6-tlsc.html index c2e7521..5ff3431 100644 --- a/doc/s6-tlsc.html +++ b/doc/s6-tlsc.html @@ -121,10 +121,12 @@ connection without using <tt>close_notify</tt>. This is the default. </li> <li> <tt>-k <em>servername</em></tt> : use Server Name Indication, and send <em>servername</em>. The default is not to use SNI, which may be a security risk. </li> - <li> <tt>-K <em>kimeout</em></tt> : close the connection -if <em>kimeout</em> milliseconds elapse without any data being -received from either side. The default is 0, which means -infinite timeout (never kill the connection). </li> + <li> <tt>-K <em>kimeout</em></tt> : if the peer fails +to send data for <em>kimeout</em> milliseconds during the handshake, +close the connection. The default is 0, which means infinite timeout +(never kill the connection). This option is ignored by the +<tt>libtls</tt> backend, which does not have a way to interrupt +the handshake after a timeout. </li> <li> <tt>-6 <em>fdr</em></tt> : expect an open file descriptor numbered <em>fdr</em> to read network (ciphertext) data from. Make sure <em>prog</em> also reads its data diff --git a/doc/s6-tlsd-io.html b/doc/s6-tlsd-io.html index 6aad7dc..00f7cd4 100644 --- a/doc/s6-tlsd-io.html +++ b/doc/s6-tlsd-io.html @@ -190,10 +190,12 @@ and break the connection when receiving a local EOF. </li> connection without using <tt>close_notify</tt>. This is the default. </li> <li> <tt>-Y</tt> : Do not send a client certificate. This is the default. </li> <li> <tt>-y</tt> : Send a client certificate. </li> - <li> <tt>-K <em>kimeout</em></tt> : close the connection -if <em>kimeout</em> milliseconds elapse without any data being -received from either side. The default is 0, which means -infinite timeout (never kill the connection). </li> + <li> <tt>-K <em>kimeout</em></tt> : if the peer fails +to send data for <em>kimeout</em> milliseconds during the handshake, +close the connection. The default is 0, which means infinite timeout +(never kill the connection). This option is ignored by the +<tt>libtls</tt> backend, which does not have a way to interrupt +the handshake after a timeout. </li> <li> <tt>-d <em>notif</em></tt> : handshake notification. <em>notif</em> must be a file descriptor open for writing. When the TLS handshake has completed, some data (terminated by two null diff --git a/doc/s6-tlsd.html b/doc/s6-tlsd.html index beeedda..579c63c 100644 --- a/doc/s6-tlsd.html +++ b/doc/s6-tlsd.html @@ -129,10 +129,12 @@ connection without using <tt>close_notify</tt>. This is the default. </li> <li> <tt>-y</tt> : Require a mandatory client certificate. The default, with neither the <tt>-Y</tt> nor the <tt>-y</tt> option, is not to require a client certificate at all. </li> - <li> <tt>-K <em>kimeout</em></tt> : close the connection -if <em>kimeout</em> milliseconds elapse without any data being -received from either side. The default is 0, which means -infinite timeout (never kill the connection). </li> + <li> <tt>-K <em>kimeout</em></tt> : if the peer fails +to send data for <em>kimeout</em> milliseconds during the handshake, +close the connection. The default is 0, which means infinite timeout +(never kill the connection). This option is ignored by the +<tt>libtls</tt> backend, which does not have a way to interrupt +the handshake after a timeout. </li> </ul> <h2> Notes </h2> diff --git a/src/include/s6-networking/stls.h b/src/include/s6-networking/stls.h index e4ef28a..65bb950 100644 --- a/src/include/s6-networking/stls.h +++ b/src/include/s6-networking/stls.h @@ -8,7 +8,6 @@ #include <tls.h> #include <skalibs/gccattributes.h> -#include <skalibs/tai.h> #define STLS_BUFSIZE (16384 + 325 + 1) @@ -16,7 +15,7 @@ /* Engine */ extern int stls_send_environment (struct tls *, int) ; -extern void stls_run (struct tls *, int *, tain_t const *, uint32_t, unsigned int) gccattr_noreturn ; +extern void stls_run (struct tls *, int *, uint32_t, unsigned int) gccattr_noreturn ; /* s6-tlsc-io and s6-tlsd-io */ diff --git a/src/sbearssl/sbearssl_run.c b/src/sbearssl/sbearssl_run.c index 6a350a9..e097698 100644 --- a/src/sbearssl/sbearssl_run.c +++ b/src/sbearssl/sbearssl_run.c @@ -29,7 +29,7 @@ void sbearssl_run (br_ssl_engine_context *ctx, int *fds, tain_t const *tto, uint for (;;) { - tain_t deadline ; + tain_t deadline = tain_infinite_relative ; unsigned int j = 0 ; unsigned int state = br_ssl_engine_current_state(ctx) ; int r ; @@ -76,9 +76,13 @@ void sbearssl_run (br_ssl_engine_context *ctx, int *fds, tain_t const *tto, uint } else xindex[3] = 4 ; - if ((xindex[0] == 4 && xindex[1] == 4 && xindex[3] == 4 && handshake_done) || !j) break ; + if (xindex[0] == 4 && xindex[1] == 4 && xindex[3] == 4) + { + if (!j || handshake_done) break ; + deadline = *tto ; + } - tain_add_g(&deadline, fds[0] >= 0 && fds[2] >= 0 && state & (BR_SSL_SENDAPP | BR_SSL_RECVREC) ? tto : &tain_infinite_relative) ; + tain_add_g(&deadline, &deadline) ; r = iopause_g(x, j, &deadline) ; if (r < 0) strerr_diefu1sys(111, "iopause") ; else if (!r) break ; diff --git a/src/stls/stls_run.c b/src/stls/stls_run.c index e8305bf..559ebe9 100644 --- a/src/stls/stls_run.c +++ b/src/stls/stls_run.c @@ -9,7 +9,6 @@ #include <skalibs/error.h> #include <skalibs/buffer.h> #include <skalibs/strerr2.h> -#include <skalibs/tai.h> #include <skalibs/iopause.h> #include <skalibs/djbunix.h> @@ -112,7 +111,7 @@ static void closeit (struct tls *ctx, int *fds, int brutal) fd_close(fds[3]) ; fds[3] = -1 ; } -void stls_run (struct tls *ctx, int *fds, tain_t const *tto, uint32_t options, unsigned int verbosity) +void stls_run (struct tls *ctx, int *fds, uint32_t options, unsigned int verbosity) { tlsbuf_t b[2] = { { .blockedonother = 0 }, { .blockedonother = 0 } } ; iopause_fd x[4] ; @@ -129,12 +128,9 @@ void stls_run (struct tls *ctx, int *fds, tain_t const *tto, uint32_t options, u for (;;) { - tain_t deadline ; unsigned int j = 0 ; int r ; - tain_add_g(&deadline, fds[0] >= 0 && fds[2] >= 0 && buffer_isempty(&b[0].b) && buffer_isempty(&b[1].b) ? tto : &tain_infinite_relative) ; - /* poll() preparation */ @@ -175,7 +171,7 @@ void stls_run (struct tls *ctx, int *fds, tain_t const *tto, uint32_t options, u /* poll() */ - r = iopause_g(x, j, &deadline) ; + r = iopause_g(x, j, 0) ; if (r < 0) strerr_diefu1sys(111, "iopause") ; else if (!r) break ; diff --git a/src/tls/s6-tlsc-io.c b/src/tls/s6-tlsc-io.c index f6a0210..8629a8d 100644 --- a/src/tls/s6-tlsc-io.c +++ b/src/tls/s6-tlsc-io.c @@ -31,7 +31,8 @@ static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint3 strerr_diefu1sys(111, "write post-handshake data") ; fd_close(notif) ; } - stls_run(ctx, fds, tto, options, verbosity) ; + (void)tto ; + stls_run(ctx, fds, options, verbosity) ; } #else diff --git a/src/tls/s6-tlsd-io.c b/src/tls/s6-tlsd-io.c index 75bd1e4..b6621dd 100644 --- a/src/tls/s6-tlsd-io.c +++ b/src/tls/s6-tlsd-io.c @@ -31,7 +31,8 @@ static inline void doit (int *fds, tain_t const *tto, uint32_t preoptions, uint3 strerr_diefu1sys(111, "write post-handshake data") ; fd_close(notif) ; } - stls_run(ctx, fds, tto, options, verbosity) ; + (void)tto ; + stls_run(ctx, fds, options, verbosity) ; } #else |