Implement flushing for TLSv1.3 handshakes.

When we finish sending a flight of records, flush the record layer output. This effectively means calling BIO_flush() on the wbio. Some things (such as apache2) have custom BIOs that perform buffering and do not actually send on BIO_write(). Without BIO_flush() the server thinks it has sent data and starts receiving records, however the client never sends records since it never received those that the server should have sent. Joint work with tb@ ok tb@
author: jsing <> 2021-09-16 19:25:30 +0000
committer: jsing <> 2021-09-16 19:25:30 +0000
commit: 2d955253865a6015861bd8fe88e65001b0fcf007 (patch)
tree: 721c70e4e05fb8482881613ba81112e77e594f1e /src/lib/libssl/tls13_internal.h
parent: a490f30feab724ed170f288710f349bf893262b4 (diff)
download: openbsd-2d955253865a6015861bd8fe88e65001b0fcf007.tar.gz
openbsd-2d955253865a6015861bd8fe88e65001b0fcf007.tar.bz2
openbsd-2d955253865a6015861bd8fe88e65001b0fcf007.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index cb59634edc..20cb52ebdd 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.93 2021/09/14 14:35:09 tb Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.94 2021/09/16 19:25:30 jsing Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -92,6 +92,7 @@ typedef void (*tls13_phh_sent_cb)(void *_cb_arg);
 typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg);
 typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen,
    void *_cb_arg);
+typedef ssize_t (*tls13_flush_cb)(void *_cb_arg);
 typedef void (*tls13_handshake_message_cb)(void *_cb_arg);
 typedef void (*tls13_info_cb)(void *_cb_arg, int _state, int _ret);
 typedef int (*tls13_ocsp_status_cb)(void *_cb_arg);
@@ -200,6 +201,7 @@ struct tls13_record_layer;
 struct tls13_record_layer_callbacks {
        tls13_read_cb wire_read;
        tls13_write_cb wire_write;
+        tls13_flush_cb wire_flush;
        tls13_alert_cb alert_recv;
        tls13_alert_cb alert_sent;
        tls13_phh_recv_cb phh_recv;
@@ -226,6 +228,7 @@ int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
    struct tls13_secret *write_key);
 ssize_t tls13_record_layer_send_pending(struct tls13_record_layer *rl);
 ssize_t tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs);
+ssize_t tls13_record_layer_flush(struct tls13_record_layer *rl);
 ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
 ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
@@ -283,6 +286,7 @@ struct tls13_ctx {
        struct tls13_handshake_stage handshake_stage;
        int handshake_started;
        int handshake_completed;
+        int need_flush;
        int middlebox_compat;
        int send_dummy_ccs;
        int send_dummy_ccs_after;
@@ -328,6 +332,7 @@ int tls13_legacy_connect(SSL *ssl);
 int tls13_legacy_return_code(SSL *ssl, ssize_t ret);
 ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg);
 ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg);
+ssize_t tls13_legacy_wire_flush_cb(void *arg);
 int tls13_legacy_pending(const SSL *ssl);
 int tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len,
    int peek);
author	jsing <>	2021-09-16 19:25:30 +0000
committer	jsing <>	2021-09-16 19:25:30 +0000
commit	2d955253865a6015861bd8fe88e65001b0fcf007 (patch)
tree	721c70e4e05fb8482881613ba81112e77e594f1e /src/lib/libssl/tls13_internal.h
parent	a490f30feab724ed170f288710f349bf893262b4 (diff)
download	openbsd-2d955253865a6015861bd8fe88e65001b0fcf007.tar.gz openbsd-2d955253865a6015861bd8fe88e65001b0fcf007.tar.bz2 openbsd-2d955253865a6015861bd8fe88e65001b0fcf007.zip