Browse Source

Don't exclude quite so much in a no-sock build

We were excluding more code than we needed to in the OCSP/HTTP code in
the event of no-sock. We should also not assume that a BIO passed to our
API is socket based.

This fixes the no-sock build

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11134)
master
Dr. David von Oheimb 2 years ago
parent
commit
e8d0819d52
12 changed files with 175 additions and 157 deletions
  1. +1
    -86
      crypto/bio/b_sock.c
  2. +97
    -0
      crypto/bio/bio_lib.c
  3. +10
    -5
      crypto/http/http_client.c
  4. +1
    -3
      crypto/http/http_local.h
  5. +0
    -3
      crypto/ocsp/ocsp_http.c
  6. +8
    -3
      doc/man3/BIO_socket_wait.pod
  7. +37
    -0
      include/internal/cryptlib.h
  8. +2
    -2
      include/openssl/bio.h
  9. +2
    -2
      include/openssl/http.h
  10. +0
    -4
      include/openssl/ocsp.h
  11. +8
    -40
      test/ssltestlib.c
  12. +9
    -9
      util/libcrypto.num

+ 1
- 86
crypto/bio/b_sock.c View File

@ -397,93 +397,8 @@ int BIO_socket_wait(int fd, int for_read, time_t max_time)
FD_ZERO(&confds);
openssl_fdset(fd, &confds);
tv.tv_usec = 0;
tv.tv_sec = (long)(max_time - now); /* this might overflow */
tv.tv_sec = (long)(max_time - now); /* might overflow */
return select(fd + 1, for_read ? &confds : NULL,
for_read ? NULL : &confds, NULL, &tv);
}
/*
* Wait on BIO at most until max_time; succeed immediately if max_time == 0.
* Returns -1 on error, 0 on timeout, and 1 on success.
*/
static int bio_wait(BIO *bio, time_t max_time)
{
int fd;
if (BIO_get_fd(bio, &fd) <= 0)
return -1;
return BIO_socket_wait(fd, BIO_should_read(bio), max_time);
}
/*
* Wait on BIO at most until max_time; succeed immediately if max_time == 0.
* Call BIOerr(...) unless success.
* Returns -1 on error, 0 on timeout, and 1 on success.
*/
int BIO_wait(BIO *bio, time_t max_time)
{
int rv = bio_wait(bio, max_time);
if (rv <= 0)
BIOerr(0, rv == 0 ? BIO_R_TRANSFER_TIMEOUT : BIO_R_TRANSFER_ERROR);
return rv;
}
/*
* Connect via the given BIO using BIO_do_connect() until success/timeout/error.
* Parameter timeout == 0 means infinite, < 0 leads to immediate timeout error.
* Returns -1 on error, 0 on timeout, and 1 on success.
*/
int BIO_connect_retry(BIO *bio, int timeout)
{
int blocking = timeout == 0;
time_t max_time = timeout > 0 ? time(NULL) + timeout : 0;
int rv;
if (bio == NULL) {
BIOerr(0, ERR_R_PASSED_NULL_PARAMETER);
return -1;
}
if (timeout < 0) {
BIOerr(0, BIO_R_CONNECT_TIMEOUT);
return 0;
}
if (!blocking)
BIO_set_nbio(bio, 1);
retry: /* it does not help here to set SSL_MODE_AUTO_RETRY */
rv = BIO_do_connect(bio); /* This indirectly calls ERR_clear_error(); */
if (rv <= 0) {
if (get_last_sys_error() == ETIMEDOUT) {
/*
* if blocking, despite blocking BIO, BIO_do_connect() timed out
* when non-blocking, BIO_do_connect() timed out early
* with rv == -1 and get_last_sys_error() == 0
*/
ERR_clear_error();
(void)BIO_reset(bio);
/*
* unless using BIO_reset(), blocking next connect() may crash and
* non-blocking next BIO_do_connect() will fail
*/
goto retry;
} else if (BIO_should_retry(bio)) {
/* will not actually wait if timeout == 0 (i.e., blocking BIO) */
rv = bio_wait(bio, max_time);
if (rv > 0)
goto retry;
BIOerr(0, rv == 0 ? BIO_R_CONNECT_TIMEOUT : BIO_R_CONNECT_ERROR);
} else {
rv = -1;
if (ERR_peek_error() == 0) /* missing error queue entry */
BIOerr(0, BIO_R_CONNECT_ERROR); /* workaround: general error */
}
}
return rv;
}
#endif /* !defined(OPENSSL_NO_SOCK) */

+ 97
- 0
crypto/bio/bio_lib.c View File

@ -784,3 +784,100 @@ void bio_cleanup(void)
CRYPTO_THREAD_lock_free(bio_type_lock);
bio_type_lock = NULL;
}
/* Internal variant of the below BIO_wait() not calling BIOerr() */
static int bio_wait(BIO *bio, time_t max_time, unsigned int milliseconds)
{
int fd;
if (max_time == 0)
return 1;
#ifndef OPENSSL_NO_SOCK
if (BIO_get_fd(bio, &fd) > 0)
return BIO_socket_wait(fd, BIO_should_read(bio), max_time);
#endif
if (milliseconds > 1000) {
long sec_diff = (long)(max_time - time(NULL)); /* might overflow */
if (sec_diff <= 0)
return 0; /* timeout */
if ((unsigned long)sec_diff < milliseconds / 1000)
milliseconds = (unsigned long)sec_diff * 1000;
}
ossl_sleep(milliseconds);
return 1;
}
/*
* Wait on (typically socket-based) BIO at most until max_time.
* Succeed immediately if max_time == 0. If sockets are not available succeed
* after waiting at most given milliseconds in order to avoid a tight busy loop.
* Call BIOerr(...) unless success.
* Returns -1 on error, 0 on timeout, and 1 on success.
*/
int BIO_wait(BIO *bio, time_t max_time, unsigned int milliseconds)
{
int rv = bio_wait(bio, max_time, milliseconds);
if (rv <= 0)
BIOerr(0, rv == 0 ? BIO_R_TRANSFER_TIMEOUT : BIO_R_TRANSFER_ERROR);
return rv;
}
/*
* Connect via given BIO using BIO_do_handshake() until success/timeout/error.
* Parameter timeout == 0 means infinite, < 0 leads to immediate timeout error.
* Returns -1 on error, 0 on timeout, and 1 on success.
*/
int BIO_connect_retry(BIO *bio, int timeout)
{
int blocking = timeout == 0;
time_t max_time = timeout > 0 ? time(NULL) + timeout : 0;
int rv;
if (bio == NULL) {
BIOerr(0, ERR_R_PASSED_NULL_PARAMETER);
return -1;
}
if (timeout < 0) {
BIOerr(0, BIO_R_CONNECT_TIMEOUT);
return 0;
}
if (!blocking)
BIO_set_nbio(bio, 1);
retry: /* it does not help here to set SSL_MODE_AUTO_RETRY */
rv = BIO_do_handshake(bio); /* This indirectly calls ERR_clear_error(); */
if (rv <= 0) {
if (get_last_sys_error() == ETIMEDOUT) {
/*
* if blocking, despite blocking BIO, BIO_do_handshake() timed out
* when non-blocking, BIO_do_handshake() timed out early
* with rv == -1 and get_last_sys_error() == 0
*/
ERR_clear_error();
(void)BIO_reset(bio);
/*
* unless using BIO_reset(), blocking next connect() may crash and
* non-blocking next BIO_do_handshake() will fail
*/
goto retry;
} else if (BIO_should_retry(bio)) {
/* will not actually wait if timeout == 0 (i.e., blocking BIO) */
rv = bio_wait(bio, max_time, 100 /* milliseconds */);
if (rv > 0)
goto retry;
BIOerr(0, rv == 0 ? BIO_R_CONNECT_TIMEOUT : BIO_R_CONNECT_ERROR);
} else {
rv = -1;
if (ERR_peek_error() == 0) /* missing error queue entry */
BIOerr(0, BIO_R_CONNECT_ERROR); /* workaround: general error */
}
}
return rv;
}

+ 10
- 5
crypto/http/http_client.c View File

@ -715,6 +715,7 @@ static BIO *HTTP_new_bio(const char *server, const char *server_port,
end:
return cbio;
}
#endif /* OPENSSL_NO_SOCK */
static ASN1_VALUE *BIO_mem_d2i(BIO *mem, const ASN1_ITEM *it)
{
@ -744,7 +745,7 @@ static BIO *OSSL_HTTP_REQ_CTX_transfer(OSSL_HTTP_REQ_CTX *rctx)
/* BIO_should_retry was true */
sending = 0;
/* will not actually wait if rctx->max_time == 0 */
if (BIO_wait(rctx->rbio, rctx->max_time) <= 0)
if (BIO_wait(rctx->rbio, rctx->max_time, 100 /* milliseconds */) <= 0)
return NULL;
}
@ -840,8 +841,13 @@ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
if (bio != NULL)
cbio = bio;
else if ((cbio = HTTP_new_bio(server, port, proxy, proxy_port)) == NULL)
else
#ifndef OPENSSL_NO_SOCK
if ((cbio = HTTP_new_bio(server, port, proxy, proxy_port)) == NULL)
return NULL;
#else
return NULL;
#endif
(void)ERR_set_mark(); /* prepare removing any spurious libssl errors */
if (rbio == NULL && BIO_connect_retry(cbio, timeout) <= 0)
@ -1106,9 +1112,9 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
char *mbuf = OPENSSL_malloc(BUF_SIZE);
char *mbufp;
int read_len = 0;
int rv;
int ret = 0;
BIO *fbio = BIO_new(BIO_f_buffer());
int rv;
time_t max_time = timeout > 0 ? time(NULL) + timeout : 0;
if (bio == NULL || server == NULL || port == NULL
@ -1168,7 +1174,7 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
for (;;) {
/* will not actually wait if timeout == 0 */
rv = BIO_wait(fbio, max_time);
rv = BIO_wait(fbio, max_time, 100 /* milliseconds */);
if (rv <= 0) {
BIO_printf(bio_err, "%s: HTTP CONNECT %s\n", prog,
rv == 0 ? "timed out" : "failed waiting for data");
@ -1238,4 +1244,3 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
# undef BUF_SIZE
}
#endif /* !defined(OPENSSL_NO_SOCK) */

+ 1
- 3
crypto/http/http_local.h View File

@ -22,9 +22,7 @@ typedef OCSP_REQ_CTX OSSL_HTTP_REQ_CTX;
# define OSSL_HTTP_REQ_CTX_add1_header OCSP_REQ_CTX_add1_header
# define OSSL_HTTP_REQ_CTX_i2d OCSP_REQ_CTX_i2d
# define OSSL_HTTP_REQ_CTX_nbio OCSP_REQ_CTX_nbio
# ifndef OPENSSL_NO_SOCK
# define OSSL_HTTP_REQ_CTX_sendreq_d2i OCSP_REQ_CTX_nbio_d2i
# endif
# define OSSL_HTTP_REQ_CTX_sendreq_d2i OCSP_REQ_CTX_nbio_d2i
/* functions that are meanwhile unused */
# define OSSL_HTTP_REQ_CTX_get0_mem_bio OCSP_REQ_CTX_get0_mem_bio /* undoc'd */
# define OSSL_HTTP_REQ_CTX_set_max_response_length OCSP_set_max_response_length


+ 0
- 3
crypto/ocsp/ocsp_http.c View File

@ -35,7 +35,6 @@ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
return res;
}
# ifndef OPENSSL_NO_SOCK
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
{
*presp = (OCSP_RESPONSE *)
@ -60,6 +59,4 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
return rv == 1 ? resp : NULL;
}
# endif /* !defined(OPENSSL_NO_SOCK) */
#endif /* !defined(OPENSSL_NO_OCSP) */

+ 8
- 3
doc/man3/BIO_socket_wait.pod View File

@ -11,8 +11,10 @@ BIO_connect_retry
#include <openssl/bio.h>
#ifndef OPENSSL_NO_SOCK
int BIO_socket_wait(int fd, int for_read, time_t max_time);
int BIO_wait(BIO *bio, time_t max_time);
#endif
int BIO_wait(BIO *bio, time_t max_time, unsigned int milliseconds);
int BIO_connect_retry(BIO *bio, long timeout);
=head1 DESCRIPTION
@ -21,9 +23,12 @@ BIO_socket_wait() waits on the socket B<fd> for reading if B<for_read> is not 0,
else for writing, at most until B<max_time>.
It succeeds immediately if B<max_time> == 0 (which means no timeout given).
BIO_wait() waits on the socket underlying the given B<bio>, for reading if
B<bio> is supposed to read, else for writing, at most until B<max_time>.
BIO_wait() waits at most until B<max_time> on the given B<bio>,
which is typically socket-based,
for reading if B<bio> is supposed to read, else for writing.
It succeeds immediately if B<max_time> == 0 (which means no timeout given).
If sockets are not available it succeeds after waiting at most given
B<milliseconds> in order to help avoiding a tight busy loop at the caller.
BIO_connect_retry() connects via the given B<bio>, retrying BIO_do_connect()
until success or a timeout or error condition is reached.


+ 37
- 0
include/internal/cryptlib.h View File

@ -198,4 +198,41 @@ const void *ossl_bsearch(const void *key, const void *base, int num,
int size, int (*cmp) (const void *, const void *),
int flags);
/* system-specific variants defining ossl_sleep() */
#ifdef OPENSSL_SYS_UNIX
# include <unistd.h>
static ossl_inline void ossl_sleep(unsigned long millis)
{
# ifdef OPENSSL_SYS_VXWORKS
struct timespec ts;
ts.tv_sec = (long int) (millis / 1000);
ts.tv_nsec = (long int) (millis % 1000) * 1000000ul;
nanosleep(&ts, NULL);
# else
usleep(millis * 1000);
# endif
}
#elif defined(_WIN32)
# include <windows.h>
static ossl_inline void ossl_sleep(unsigned long millis)
{
Sleep(millis);
}
#else
/* Fallback to a busy wait */
static ossl_inline void ossl_sleep(unsigned long millis)
{
struct timeval start, now;
unsigned long elapsedms;
gettimeofday(&start, NULL);
do {
gettimeofday(&now, NULL);
elapsedms = (((now.tv_sec - start.tv_sec) * 1000000)
+ now.tv_usec - start.tv_usec) / 1000;
} while (elapsedms < millis);
}
#endif /* defined OPENSSL_SYS_UNIX */
#endif

+ 2
- 2
include/openssl/bio.h View File

@ -662,9 +662,9 @@ int BIO_dgram_sctp_msg_waiting(BIO *b);
int BIO_sock_should_retry(int i);
int BIO_sock_non_fatal_error(int error);
int BIO_socket_wait(int fd, int for_read, time_t max_time);
int BIO_wait(BIO *bio, time_t max_time);
int BIO_connect_retry(BIO *bio, int timeout);
# endif
int BIO_wait(BIO *bio, time_t max_time, unsigned int milliseconds);
int BIO_connect_retry(BIO *bio, int timeout);
int BIO_fd_should_retry(int i);
int BIO_fd_non_fatal_error(int error);


+ 2
- 2
include/openssl/http.h View File

@ -24,7 +24,7 @@ extern "C" {
# endif
typedef BIO *(*OSSL_HTTP_bio_cb_t)(BIO *bio, void *arg, int connect, int detail);
# ifndef OPENSSL_NO_SOCK
BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *proxy_port,
BIO *bio, BIO *rbio,
OSSL_HTTP_bio_cb_t bio_update_fn, void *arg,
@ -62,7 +62,7 @@ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
const char *proxyuser, const char *proxypass,
int timeout, BIO *bio_err, const char *prog);
# endif
int OSSL_HTTP_parse_url(const char *url, char **phost, char **pport,
char **ppath, int *pssl);


+ 0
- 4
include/openssl/ocsp.h View File

@ -68,9 +68,7 @@ int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type,
const ASN1_ITEM *it, ASN1_VALUE *req);
int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx);
# ifndef OPENSSL_NO_SOCK
ASN1_VALUE *OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it);
# endif
BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx);
void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
/* End of functions used only internally */
@ -187,9 +185,7 @@ DECLARE_ASN1_DUP_FUNCTION(OCSP_CERTID)
OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
int maxline);
# ifndef OPENSSL_NO_SOCK
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
# endif
/* TODO: remove this (documented but) meanwhile obsolete function? */
int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);


+ 8
- 40
test/ssltestlib.c View File

@ -10,53 +10,21 @@
#include <string.h>
#include "internal/nelem.h"
#include "internal/cryptlib.h" /* for ossl_sleep() */
#include "ssltestlib.h"
#include "testutil.h"
#include "e_os.h"
#ifdef OPENSSL_SYS_UNIX
# include <unistd.h>
#ifndef OPENSSL_NO_KTLS
# include <netinet/in.h>
# include <netinet/in.h>
# include <arpa/inet.h>
# include <sys/socket.h>
# include <unistd.h>
# include <fcntl.h>
#endif
static ossl_inline void ossl_sleep(unsigned int millis)
{
# ifdef OPENSSL_SYS_VXWORKS
struct timespec ts;
ts.tv_sec = (long int) (millis / 1000);
ts.tv_nsec = (long int) (millis % 1000) * 1000000ul;
nanosleep(&ts, NULL);
# else
usleep(millis * 1000);
# ifndef OPENSSL_NO_KTLS
# include <netinet/in.h>
# include <netinet/in.h>
# include <arpa/inet.h>
# include <sys/socket.h>
# include <unistd.h>
# include <fcntl.h>
# endif
}
#elif defined(_WIN32)
# include <windows.h>
static ossl_inline void ossl_sleep(unsigned int millis)
{
Sleep(millis);
}
#else
/* Fallback to a busy wait */
static ossl_inline void ossl_sleep(unsigned int millis)
{
struct timeval start, now;
unsigned int elapsedms;
gettimeofday(&start, NULL);
do {
gettimeofday(&now, NULL);
elapsedms = (((now.tv_sec - start.tv_sec) * 1000000)
+ now.tv_usec - start.tv_usec) / 1000;
} while (elapsedms < millis);
}
#endif
static int tls_dump_new(BIO *bi);


+ 9
- 9
util/libcrypto.num View File

@ -615,7 +615,7 @@ UI_get0_result_string 629 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_add_policy 630 3_0_0 EXIST::FUNCTION:TS
X509_REQ_dup 631 3_0_0 EXIST::FUNCTION:
d2i_DSA_PUBKEY_fp 633 3_0_0 EXIST::FUNCTION:DSA,STDIO
OCSP_REQ_CTX_nbio_d2i 634 3_0_0 EXIST::FUNCTION:SOCK
OCSP_REQ_CTX_nbio_d2i 634 3_0_0 EXIST::FUNCTION:
d2i_X509_REQ_fp 635 3_0_0 EXIST::FUNCTION:STDIO
DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
BN_get_rfc3526_prime_8192 637 3_0_0 EXIST::FUNCTION:DH
@ -3615,7 +3615,7 @@ EVP_CIPHER_CTX_encrypting 3694 3_0_0 EXIST::FUNCTION:
EC_KEY_can_sign 3695 3_0_0 EXIST::FUNCTION:EC
PEM_write_bio_RSAPublicKey 3696 3_0_0 EXIST::FUNCTION:RSA
X509_CRL_set1_lastUpdate 3697 3_0_0 EXIST::FUNCTION:
OCSP_sendreq_nbio 3698 3_0_0 EXIST::FUNCTION:OCSP,SOCK
OCSP_sendreq_nbio 3698 3_0_0 EXIST::FUNCTION:OCSP
PKCS8_encrypt 3699 3_0_0 EXIST::FUNCTION:
i2d_PKCS7_fp 3700 3_0_0 EXIST::FUNCTION:STDIO
i2d_X509_REQ 3701 3_0_0 EXIST::FUNCTION:
@ -4919,15 +4919,15 @@ EVP_PKEY_pairwise_check ? 3_0_0 EXIST::FUNCTION:
ASN1_item_verify_ctx ? 3_0_0 EXIST::FUNCTION:
RAND_DRBG_set_callback_data ? 3_0_0 EXIST::FUNCTION:
RAND_DRBG_get_callback_data ? 3_0_0 EXIST::FUNCTION:
BIO_wait ? 3_0_0 EXIST::FUNCTION:SOCK
BIO_socket_wait ? 3_0_0 EXIST::FUNCTION:SOCK
BIO_connect_retry ? 3_0_0 EXIST::FUNCTION:SOCK
BIO_wait ? 3_0_0 EXIST::FUNCTION:
BIO_connect_retry ? 3_0_0 EXIST::FUNCTION:
ERR_load_HTTP_strings ? 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_get ? 3_0_0 EXIST::FUNCTION:SOCK
OSSL_HTTP_get_asn1 ? 3_0_0 EXIST::FUNCTION:SOCK
OSSL_HTTP_post_asn1 ? 3_0_0 EXIST::FUNCTION:SOCK
OSSL_HTTP_transfer ? 3_0_0 EXIST::FUNCTION:SOCK
OSSL_HTTP_proxy_connect ? 3_0_0 EXIST::FUNCTION:SOCK
OSSL_HTTP_get ? 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_get_asn1 ? 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_post_asn1 ? 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_transfer ? 3_0_0 EXIST::FUNCTION:
OSSL_HTTP_proxy_connect ? 3_0_0 EXIST::FUNCTION:
ERR_add_error_txt ? 3_0_0 EXIST::FUNCTION:
ERR_add_error_mem_bio ? 3_0_0 EXIST::FUNCTION:
X509_STORE_CTX_print_verify_cb ? 3_0_0 EXIST::FUNCTION:


Loading…
Cancel
Save