Fix sbearssl_run even more

Signed-off-by: Laurent Bercot <ska@appnovation.com>

3 files changed, 40 insertions, 14 deletions

diff --git a/src/sbearssl/sbearssl_run.c b/src/sbearssl/sbearssl_run.c
index a0eba96..51263ca 100644
--- a/src/sbearssl/sbearssl_run.c
+++ b/src/sbearssl/sbearssl_run.c
@@ -16,10 +16,10 @@
 #include "sbearssl-internal.h"
 
 
- /* declared in bearssl's inner.h */
+ /* declared in bearssl's src/inner.h */
 extern void br_ssl_engine_fail (br_ssl_engine_context *, int) ;
 
- /* XXX: breaks encapsulation; see make_ready_in() in src/ssl/ssl_engine.c in bearssl */
+ /* XXX: breaks encapsulation; see make_ready_in() in bearssl's src/ssl/ssl_engine.c */
 static int br_ssl_engine_in_isempty (br_ssl_engine_context *ctx)
 {
   return !ctx->iomode || (ctx->iomode == 3 && !ctx->ixa && !ctx->ixb) ;
@@ -50,15 +50,8 @@ void sbearssl_run (br_ssl_engine_context *ctx, int const *fds, tain const *tto,
     strerr_diefu1sys(111, "set fds non-blocking") ;
   tain_add_g(&deadline, tto) ;
 
-  while (x[0].fd >= 0 || x[1].fd >= 0 || x[3].fd >= 0)
+  while ((x[0].fd >= 0 || x[1].fd >= 0 || x[3].fd >= 0) && !(state & BR_SSL_CLOSED))
   {
-    if (state & BR_SSL_CLOSED)
-    {
-      int r = br_ssl_engine_last_error(ctx) ;
-      if (r) strerr_dief4x(98, "the TLS engine closed the connection ", handshake_done ? "after" : "during", " the handshake: ", sbearssl_error_str(r)) ;
-      else break ;
-    }
-
 
    /* Preparation */
 
@@ -202,7 +195,7 @@ void sbearssl_run (br_ssl_engine_context *ctx, int const *fds, tain const *tto,
             fd_close(x[1].fd) ;
             x[1].fd = -1 ;
           }
-          if (!br_ssl_engine_in_isempty(ctx))
+          if (!handshake_done || !br_ssl_engine_in_isempty(ctx))
             br_ssl_engine_fail(ctx, BR_ERR_IO) ;
           break ;
         }
@@ -210,6 +203,39 @@ void sbearssl_run (br_ssl_engine_context *ctx, int const *fds, tain const *tto,
       }
       state = br_ssl_engine_current_state(ctx) ;
     }
+
+
+   /* Detect ill-timed broken pipes */
+
+    if (x[1].fd >= 0 && x[1].revents & IOPAUSE_EXCEPT && !(state & BR_SSL_RECVAPP))
+    {
+      fd_close(x[1].fd) ;
+      x[1].fd = -1 ;
+      if (x[2].fd >= 0)
+      {
+        fd_close(x[2].fd) ;
+        x[2].fd = -1 ;
+        if (!br_ssl_engine_in_isempty(ctx)) br_ssl_engine_fail(ctx, BR_ERR_IO) ;
+      }
+    }
+
+    if (x[3].fd >= 0 && x[3].revents & IOPAUSE_EXCEPT && !(state & BR_SSL_SENDREC))
+    {
+      fd_close(x[3].fd) ;
+      x[3].fd = -1 ;
+      if (x[0].fd >= 0)
+      {
+        fd_close(x[0].fd) ;
+        x[0].fd = -1 ;
+      }
+    }
+
+  }  /* end of main loop */
+
+  if (state & BR_SSL_CLOSED)
+  {
+    int r = br_ssl_engine_last_error(ctx) ;
+    if (r) strerr_dief4x(98, "the TLS engine closed the connection ", handshake_done ? "after" : "during", " the handshake: ", sbearssl_error_str(r)) ;
   }
 
   _exit(0) ;
diff --git a/src/tls/s6-tlsc-io.c b/src/tls/s6-tlsc-io.c
index 57b1442..e64c014 100644
--- a/src/tls/s6-tlsc-io.c
+++ b/src/tls/s6-tlsc-io.c
@@ -69,11 +69,11 @@ int main (int argc, char const *const *argv, char const *const *envp)
 {
   char const *servername = 0 ;
   tain tto ;
-  int fds[4] = { 0, 1, 6, 7 } ;
+  int fds[4] = { 0, 1 } ;
   unsigned int verbosity = 1 ;
   unsigned int notif = 0 ;
   uint32_t preoptions = 0 ;
-  uint32_t options = 2 ;
+  uint32_t options = 0 ;
 
   PROG = "s6-tlsc-io" ;
   {
diff --git a/src/tls/s6-tlsd-io.c b/src/tls/s6-tlsd-io.c
index 0aa19c9..fac2164 100644
--- a/src/tls/s6-tlsd-io.c
+++ b/src/tls/s6-tlsd-io.c
@@ -66,7 +66,7 @@ static inline void doit (int *fds, tain const *tto, uint32_t preoptions, uint32_
 int main (int argc, char const *const *argv)
 {
   tain tto ;
-  int fds[4] = { 0, 1, 0, 1 } ;
+  int fds[4] = { [2] = 0, [3] = 1 } ;
   unsigned int verbosity = 1 ;
   unsigned int notif = 0 ;
   uint32_t preoptions = 0 ;