diff options
author | Laurent Bercot <ska-skaware@skarnet.org> | 2023-11-12 10:58:36 +0000 |
---|---|---|
committer | Laurent Bercot <ska@appnovation.com> | 2023-11-12 10:58:36 +0000 |
commit | d8ca717da164c3e76ebb56c954d0a08544955601 (patch) | |
tree | 9bfa71e42e48a7f3be845676779301f32a05833e | |
parent | e58d005e2a579cf51d191e8f53eea98fb5bda7aa (diff) | |
download | s6-networking-d8ca717da164c3e76ebb56c954d0a08544955601.tar.xz |
Fix sbearssl_run even more
Signed-off-by: Laurent Bercot <ska@appnovation.com>
-rw-r--r-- | src/sbearssl/sbearssl_run.c | 48 | ||||
-rw-r--r-- | src/tls/s6-tlsc-io.c | 4 | ||||
-rw-r--r-- | src/tls/s6-tlsd-io.c | 2 |
3 files changed, 40 insertions, 14 deletions
diff --git a/src/sbearssl/sbearssl_run.c b/src/sbearssl/sbearssl_run.c index a0eba96..51263ca 100644 --- a/src/sbearssl/sbearssl_run.c +++ b/src/sbearssl/sbearssl_run.c @@ -16,10 +16,10 @@ #include "sbearssl-internal.h" - /* declared in bearssl's inner.h */ + /* declared in bearssl's src/inner.h */ extern void br_ssl_engine_fail (br_ssl_engine_context *, int) ; - /* XXX: breaks encapsulation; see make_ready_in() in src/ssl/ssl_engine.c in bearssl */ + /* XXX: breaks encapsulation; see make_ready_in() in bearssl's src/ssl/ssl_engine.c */ static int br_ssl_engine_in_isempty (br_ssl_engine_context *ctx) { return !ctx->iomode || (ctx->iomode == 3 && !ctx->ixa && !ctx->ixb) ; @@ -50,15 +50,8 @@ void sbearssl_run (br_ssl_engine_context *ctx, int const *fds, tain const *tto, strerr_diefu1sys(111, "set fds non-blocking") ; tain_add_g(&deadline, tto) ; - while (x[0].fd >= 0 || x[1].fd >= 0 || x[3].fd >= 0) + while ((x[0].fd >= 0 || x[1].fd >= 0 || x[3].fd >= 0) && !(state & BR_SSL_CLOSED)) { - if (state & BR_SSL_CLOSED) - { - int r = br_ssl_engine_last_error(ctx) ; - if (r) strerr_dief4x(98, "the TLS engine closed the connection ", handshake_done ? "after" : "during", " the handshake: ", sbearssl_error_str(r)) ; - else break ; - } - /* Preparation */ @@ -202,7 +195,7 @@ void sbearssl_run (br_ssl_engine_context *ctx, int const *fds, tain const *tto, fd_close(x[1].fd) ; x[1].fd = -1 ; } - if (!br_ssl_engine_in_isempty(ctx)) + if (!handshake_done || !br_ssl_engine_in_isempty(ctx)) br_ssl_engine_fail(ctx, BR_ERR_IO) ; break ; } @@ -210,6 +203,39 @@ void sbearssl_run (br_ssl_engine_context *ctx, int const *fds, tain const *tto, } state = br_ssl_engine_current_state(ctx) ; } + + + /* Detect ill-timed broken pipes */ + + if (x[1].fd >= 0 && x[1].revents & IOPAUSE_EXCEPT && !(state & BR_SSL_RECVAPP)) + { + fd_close(x[1].fd) ; + x[1].fd = -1 ; + if (x[2].fd >= 0) + { + fd_close(x[2].fd) ; + x[2].fd = -1 ; + if (!br_ssl_engine_in_isempty(ctx)) br_ssl_engine_fail(ctx, BR_ERR_IO) ; + } + } + + if (x[3].fd >= 0 && x[3].revents & IOPAUSE_EXCEPT && !(state & BR_SSL_SENDREC)) + { + fd_close(x[3].fd) ; + x[3].fd = -1 ; + if (x[0].fd >= 0) + { + fd_close(x[0].fd) ; + x[0].fd = -1 ; + } + } + + } /* end of main loop */ + + if (state & BR_SSL_CLOSED) + { + int r = br_ssl_engine_last_error(ctx) ; + if (r) strerr_dief4x(98, "the TLS engine closed the connection ", handshake_done ? "after" : "during", " the handshake: ", sbearssl_error_str(r)) ; } _exit(0) ; diff --git a/src/tls/s6-tlsc-io.c b/src/tls/s6-tlsc-io.c index 57b1442..e64c014 100644 --- a/src/tls/s6-tlsc-io.c +++ b/src/tls/s6-tlsc-io.c @@ -69,11 +69,11 @@ int main (int argc, char const *const *argv, char const *const *envp) { char const *servername = 0 ; tain tto ; - int fds[4] = { 0, 1, 6, 7 } ; + int fds[4] = { 0, 1 } ; unsigned int verbosity = 1 ; unsigned int notif = 0 ; uint32_t preoptions = 0 ; - uint32_t options = 2 ; + uint32_t options = 0 ; PROG = "s6-tlsc-io" ; { diff --git a/src/tls/s6-tlsd-io.c b/src/tls/s6-tlsd-io.c index 0aa19c9..fac2164 100644 --- a/src/tls/s6-tlsd-io.c +++ b/src/tls/s6-tlsd-io.c @@ -66,7 +66,7 @@ static inline void doit (int *fds, tain const *tto, uint32_t preoptions, uint32_ int main (int argc, char const *const *argv) { tain tto ; - int fds[4] = { 0, 1, 0, 1 } ; + int fds[4] = { [2] = 0, [3] = 1 } ; unsigned int verbosity = 1 ; unsigned int notif = 0 ; uint32_t preoptions = 0 ; |