From patchwork Tue Nov 11 10:34:00 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yousong Zhou X-Patchwork-Id: 418547 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from arrakis.dune.hu (arrakis.dune.hu [78.24.191.176]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 5FB7D1400A0 for ; Mon, 8 Dec 2014 13:34:04 +1100 (AEDT) Received: from arrakis.dune.hu (localhost [127.0.0.1]) by arrakis.dune.hu (Postfix) with ESMTP id BC69E28C036; Mon, 8 Dec 2014 03:31:55 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on arrakis.dune.hu X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, DATE_IN_PAST_96_XX, FREEMAIL_FROM,T_DKIM_INVALID autolearn=no version=3.3.2 Received: from arrakis.dune.hu (localhost [127.0.0.1]) by arrakis.dune.hu (Postfix) with ESMTP id 6011E28BFFD for ; Mon, 8 Dec 2014 03:31:52 +0100 (CET) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .gmail. - helo: .mail-pd0-f172.google. - helo-domain: .google.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -8.5 Received: from mail-pd0-f172.google.com (mail-pd0-f172.google.com [209.85.192.172]) by arrakis.dune.hu (Postfix) with ESMTPS for ; Mon, 8 Dec 2014 03:31:49 +0100 (CET) Received: by mail-pd0-f172.google.com with SMTP id y13so4215790pdi.31 for ; Sun, 07 Dec 2014 18:33:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=CATMUAWY6F6Jq9rrADbIlhFgGLjmM+gTt82qX+W4kN0=; b=QaMfhL7Anla0MuZCyDb5XaxRYAACuZDdHYPLO9mibeEkqOTQQ8iFB8kLJH+Q4tBoc5 vUA9k25p3V8hD8Q7Do++etwC5q7gGjHxBpyzG8x1m5LNf+CcvDYsKZYNGbAZ9Z5bdglS u2ij7/WZp3VidL6qoh2svvaqNY2GxpmrVeMuMmWlWGb8MklNkxZsDnt8MbSarPdAtyvn NDugUorjFu6Cf92kMAbwI9ZmR+TzBVj9Zn5ul8Y/kosniTcAmXZfE2/9uNgDB0PTTFDI EGcKPcrXYGi1uoOUm8sNB9gmAVTjVpJAm7EfqRO9TB/8mrQnXoCq/Ta0xpdVjOdOVCnR 1fDw== X-Received: by 10.68.217.231 with SMTP id pb7mr56827522pbc.124.1418006010736; Sun, 07 Dec 2014 18:33:30 -0800 (PST) Received: from debian.lan ([103.29.140.56]) by mx.google.com with ESMTPSA id fr1sm20456632pbb.32.2014.12.07.18.33.27 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 07 Dec 2014 18:33:29 -0800 (PST) From: Yousong Zhou To: openwrt-devel@lists.openwrt.org Date: Tue, 11 Nov 2014 18:34:00 +0800 Message-Id: <1415702041-44573-2-git-send-email-yszhou4tech@gmail.com> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1415702041-44573-1-git-send-email-yszhou4tech@gmail.com> References: <1415702041-44573-1-git-send-email-yszhou4tech@gmail.com> Subject: [OpenWrt-Devel] [PATCH 2/3] Fix SSL negotiation being interrupted by .notify_write from BIO method. X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openwrt-devel-bounces@lists.openwrt.org Sender: "openwrt-devel" ustream_ssl_check_conn() may be called by .notify_write while a previous SSL_connect() is still in process. This can happen because the .notify_write callback will may be triggered by writes in the BIO methods. Signed-off-by: Yousong Zhou --- ustream-ssl.c | 19 +++++++++++++++---- ustream-ssl.h | 1 + 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/ustream-ssl.c b/ustream-ssl.c index dd0faf9..84104b0 100644 --- a/ustream-ssl.c +++ b/ustream-ssl.c @@ -34,12 +34,22 @@ static void ustream_ssl_error_cb(struct uloop_timeout *t) us->notify_error(us, error, __ustream_ssl_strerror(us->error, buffer, sizeof(buffer))); } +static enum ssl_conn_status ustream_ssl_do_connect(struct ustream_ssl *us) +{ + enum ssl_conn_status status; + + us->connecting = true; + status = __ustream_ssl_connect(us); + us->connecting = false; + return status; +} + static void ustream_ssl_check_conn(struct ustream_ssl *us) { - if (us->connected || us->error) + if (us->connected || us->error || us->connecting) return; - if (__ustream_ssl_connect(us) == U_SSL_OK) { + if (ustream_ssl_do_connect(us) == U_SSL_OK) { us->connected = true; if (us->notify_connected) us->notify_connected(us); @@ -55,7 +65,7 @@ static bool __ustream_ssl_poll(struct ustream *s) bool more = false; ustream_ssl_check_conn(us); - if (!us->connected || us->error) + if (!us->connected || us->error || us->connecting) return false; do { @@ -106,7 +116,7 @@ static int ustream_ssl_write(struct ustream *s, const char *buf, int len, bool m { struct ustream_ssl *us = container_of(s, struct ustream_ssl, stream); - if (!us->connected || us->error) + if (!us->connected || us->error || us->connecting) return 0; if (us->conn->w.data_bytes) @@ -141,6 +151,7 @@ static void ustream_ssl_free(struct ustream *s) us->ssl = NULL; us->conn = NULL; us->peer_cn = NULL; + us->connecting = false; us->connected = false; us->error = false; us->valid_cert = false; diff --git a/ustream-ssl.h b/ustream-ssl.h index 0c55344..1d2a8f9 100644 --- a/ustream-ssl.h +++ b/ustream-ssl.h @@ -37,6 +37,7 @@ struct ustream_ssl { char *server_name; int error; + bool connecting; bool connected; bool server;