提交 4880672a 编写于 作者: M Matt Caswell

A zero return from BIO_read()/BIO_write() could be retryable

A zero return from BIO_read()/BIO_write() could mean that an IO operation
is retryable. A zero return from SSL_read()/SSL_write() means that the
connection has been closed down (either cleanly or not). Therefore we
should not propagate a zero return value from BIO_read()/BIO_write() back
up the stack to SSL_read()/SSL_write(). This could result in a retryable
failure being treated as fatal.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
上级 875e3f93
...@@ -177,6 +177,12 @@ const char *SSL_rstate_string(const SSL *s) ...@@ -177,6 +177,12 @@ const char *SSL_rstate_string(const SSL *s)
} }
} }
/*
* Return values are as per SSL_read(), i.e.
* >0 The number of read bytes
* 0 Failure (not retryable)
* <0 Failure (may be retryable)
*/
int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
{ {
/* /*
...@@ -306,7 +312,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) ...@@ -306,7 +312,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
if (len + left == 0) if (len + left == 0)
ssl3_release_read_buffer(s); ssl3_release_read_buffer(s);
return (i); return -1;
} }
left += i; left += i;
/* /*
...@@ -874,7 +880,13 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, ...@@ -874,7 +880,13 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
return -1; return -1;
} }
/* if s->s3->wbuf.left != 0, we need to call this */ /* if s->s3->wbuf.left != 0, we need to call this
*
* Return values are as per SSL_read(), i.e.
* >0 The number of read bytes
* 0 Failure (not retryable)
* <0 Failure (may be retryable)
*/
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
unsigned int len) unsigned int len)
{ {
...@@ -924,7 +936,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, ...@@ -924,7 +936,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
*/ */
SSL3_BUFFER_set_left(&wb[currbuf], 0); SSL3_BUFFER_set_left(&wb[currbuf], 0);
} }
return (i); return -1;
} }
SSL3_BUFFER_add_offset(&wb[currbuf], i); SSL3_BUFFER_add_offset(&wb[currbuf], i);
SSL3_BUFFER_add_left(&wb[currbuf], -i); SSL3_BUFFER_add_left(&wb[currbuf], -i);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册