summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2023-11-12 10:58:36 +0000
committerLaurent Bercot <ska@appnovation.com>2023-11-12 10:58:36 +0000
commitd8ca717da164c3e76ebb56c954d0a08544955601 (patch)
tree9bfa71e42e48a7f3be845676779301f32a05833e
parente58d005e2a579cf51d191e8f53eea98fb5bda7aa (diff)
downloads6-networking-d8ca717da164c3e76ebb56c954d0a08544955601.tar.xz
Fix sbearssl_run even more
Signed-off-by: Laurent Bercot <ska@appnovation.com>
-rw-r--r--src/sbearssl/sbearssl_run.c48
-rw-r--r--src/tls/s6-tlsc-io.c4
-rw-r--r--src/tls/s6-tlsd-io.c2
3 files changed, 40 insertions, 14 deletions
diff --git a/src/sbearssl/sbearssl_run.c b/src/sbearssl/sbearssl_run.c
index a0eba96..51263ca 100644
--- a/src/sbearssl/sbearssl_run.c
+++ b/src/sbearssl/sbearssl_run.c
@@ -16,10 +16,10 @@
#include "sbearssl-internal.h"
- /* declared in bearssl's inner.h */
+ /* declared in bearssl's src/inner.h */
extern void br_ssl_engine_fail (br_ssl_engine_context *, int) ;
- /* XXX: breaks encapsulation; see make_ready_in() in src/ssl/ssl_engine.c in bearssl */
+ /* XXX: breaks encapsulation; see make_ready_in() in bearssl's src/ssl/ssl_engine.c */
static int br_ssl_engine_in_isempty (br_ssl_engine_context *ctx)
{
return !ctx->iomode || (ctx->iomode == 3 && !ctx->ixa && !ctx->ixb) ;
@@ -50,15 +50,8 @@ void sbearssl_run (br_ssl_engine_context *ctx, int const *fds, tain const *tto,
strerr_diefu1sys(111, "set fds non-blocking") ;
tain_add_g(&deadline, tto) ;
- while (x[0].fd >= 0 || x[1].fd >= 0 || x[3].fd >= 0)
+ while ((x[0].fd >= 0 || x[1].fd >= 0 || x[3].fd >= 0) && !(state & BR_SSL_CLOSED))
{
- if (state & BR_SSL_CLOSED)
- {
- int r = br_ssl_engine_last_error(ctx) ;
- if (r) strerr_dief4x(98, "the TLS engine closed the connection ", handshake_done ? "after" : "during", " the handshake: ", sbearssl_error_str(r)) ;
- else break ;
- }
-
/* Preparation */
@@ -202,7 +195,7 @@ void sbearssl_run (br_ssl_engine_context *ctx, int const *fds, tain const *tto,
fd_close(x[1].fd) ;
x[1].fd = -1 ;
}
- if (!br_ssl_engine_in_isempty(ctx))
+ if (!handshake_done || !br_ssl_engine_in_isempty(ctx))
br_ssl_engine_fail(ctx, BR_ERR_IO) ;
break ;
}
@@ -210,6 +203,39 @@ void sbearssl_run (br_ssl_engine_context *ctx, int const *fds, tain const *tto,
}
state = br_ssl_engine_current_state(ctx) ;
}
+
+
+ /* Detect ill-timed broken pipes */
+
+ if (x[1].fd >= 0 && x[1].revents & IOPAUSE_EXCEPT && !(state & BR_SSL_RECVAPP))
+ {
+ fd_close(x[1].fd) ;
+ x[1].fd = -1 ;
+ if (x[2].fd >= 0)
+ {
+ fd_close(x[2].fd) ;
+ x[2].fd = -1 ;
+ if (!br_ssl_engine_in_isempty(ctx)) br_ssl_engine_fail(ctx, BR_ERR_IO) ;
+ }
+ }
+
+ if (x[3].fd >= 0 && x[3].revents & IOPAUSE_EXCEPT && !(state & BR_SSL_SENDREC))
+ {
+ fd_close(x[3].fd) ;
+ x[3].fd = -1 ;
+ if (x[0].fd >= 0)
+ {
+ fd_close(x[0].fd) ;
+ x[0].fd = -1 ;
+ }
+ }
+
+ } /* end of main loop */
+
+ if (state & BR_SSL_CLOSED)
+ {
+ int r = br_ssl_engine_last_error(ctx) ;
+ if (r) strerr_dief4x(98, "the TLS engine closed the connection ", handshake_done ? "after" : "during", " the handshake: ", sbearssl_error_str(r)) ;
}
_exit(0) ;
diff --git a/src/tls/s6-tlsc-io.c b/src/tls/s6-tlsc-io.c
index 57b1442..e64c014 100644
--- a/src/tls/s6-tlsc-io.c
+++ b/src/tls/s6-tlsc-io.c
@@ -69,11 +69,11 @@ int main (int argc, char const *const *argv, char const *const *envp)
{
char const *servername = 0 ;
tain tto ;
- int fds[4] = { 0, 1, 6, 7 } ;
+ int fds[4] = { 0, 1 } ;
unsigned int verbosity = 1 ;
unsigned int notif = 0 ;
uint32_t preoptions = 0 ;
- uint32_t options = 2 ;
+ uint32_t options = 0 ;
PROG = "s6-tlsc-io" ;
{
diff --git a/src/tls/s6-tlsd-io.c b/src/tls/s6-tlsd-io.c
index 0aa19c9..fac2164 100644
--- a/src/tls/s6-tlsd-io.c
+++ b/src/tls/s6-tlsd-io.c
@@ -66,7 +66,7 @@ static inline void doit (int *fds, tain const *tto, uint32_t preoptions, uint32_
int main (int argc, char const *const *argv)
{
tain tto ;
- int fds[4] = { 0, 1, 0, 1 } ;
+ int fds[4] = { [2] = 0, [3] = 1 } ;
unsigned int verbosity = 1 ;
unsigned int notif = 0 ;
uint32_t preoptions = 0 ;