Implement flushing for TLSv1.3 handshakes.

When we finish sending a flight of records, flush the record layer output. This effectively means calling BIO_flush() on the wbio. Some things (such as apache2) have custom BIOs that perform buffering and do not actually send on BIO_write(). Without BIO_flush() the server thinks it has sent data and starts receiving records, however the client never sends records since it never received those that the server should have sent. Joint work with tb@ ok tb@
author: jsing <> 2021-09-16 19:25:30 +0000
committer: jsing <> 2021-09-16 19:25:30 +0000
commit: 2d955253865a6015861bd8fe88e65001b0fcf007 (patch)
tree: 721c70e4e05fb8482881613ba81112e77e594f1e /src/lib/libssl/tls13_legacy.c
parent: a490f30feab724ed170f288710f349bf893262b4 (diff)
download: openbsd-2d955253865a6015861bd8fe88e65001b0fcf007.tar.gz
openbsd-2d955253865a6015861bd8fe88e65001b0fcf007.tar.bz2
openbsd-2d955253865a6015861bd8fe88e65001b0fcf007.zip
1 files changed, 25 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 3368600c60..f668dd4ea3 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_legacy.c,v 1.30 2021/09/14 14:31:21 tb Exp $ */
+/*      $OpenBSD: tls13_legacy.c,v 1.31 2021/09/16 19:25:30 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -96,6 +96,30 @@ tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg)
        return tls13_legacy_wire_write(ctx->ssl, buf, n);
 }
+static ssize_t
+tls13_legacy_wire_flush(SSL *ssl)
+{
+        if (BIO_flush(ssl->wbio) <= 0) {
+                if (BIO_should_write(ssl->wbio))
+                        return TLS13_IO_WANT_POLLOUT;
+                if (ERR_peek_error() == 0 && errno != 0)
+                        SYSerror(errno);
+                return TLS13_IO_FAILURE;
+        }
+        return TLS13_IO_SUCCESS;
+}
+ssize_t
+tls13_legacy_wire_flush_cb(void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        return tls13_legacy_wire_flush(ctx->ssl);
+}
 static void
 tls13_legacy_error(SSL *ssl)
 {
author	jsing <>	2021-09-16 19:25:30 +0000
committer	jsing <>	2021-09-16 19:25:30 +0000
commit	2d955253865a6015861bd8fe88e65001b0fcf007 (patch)
tree	721c70e4e05fb8482881613ba81112e77e594f1e /src/lib/libssl/tls13_legacy.c
parent	a490f30feab724ed170f288710f349bf893262b4 (diff)
download	openbsd-2d955253865a6015861bd8fe88e65001b0fcf007.tar.gz openbsd-2d955253865a6015861bd8fe88e65001b0fcf007.tar.bz2 openbsd-2d955253865a6015861bd8fe88e65001b0fcf007.zip

diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c index 3368600c60..f668dd4ea3 100644 --- a/src/lib/libssl/tls13_legacy.c +++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_legacy.c,v 1.30 2021/09/14 14:31:21 tb Exp $ */	1	/* $OpenBSD: tls13_legacy.c,v 1.31 2021/09/16 19:25:30 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -96,6 +96,30 @@ tls13_legacy_wire_write_cb(const void buf, size_t n, void arg)
96	return tls13_legacy_wire_write(ctx->ssl, buf, n);	96	return tls13_legacy_wire_write(ctx->ssl, buf, n);
97	}	97	}
98		98
		99	static ssize_t
		100	tls13_legacy_wire_flush(SSL *ssl)
		101	{
		102	if (BIO_flush(ssl->wbio) <= 0) {
		103	if (BIO_should_write(ssl->wbio))
		104	return TLS13_IO_WANT_POLLOUT;
		105
		106	if (ERR_peek_error() == 0 && errno != 0)
		107	SYSerror(errno);
		108
		109	return TLS13_IO_FAILURE;
		110	}
		111
		112	return TLS13_IO_SUCCESS;
		113	}
		114
		115	ssize_t
		116	tls13_legacy_wire_flush_cb(void *arg)
		117	{
		118	struct tls13_ctx *ctx = arg;
		119
		120	return tls13_legacy_wire_flush(ctx->ssl);
		121	}
		122
99	static void	123	static void
100	tls13_legacy_error(SSL *ssl)	124	tls13_legacy_error(SSL *ssl)
101	{	125	{