[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Detect renegotiation when it actually happens.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] Detect renegotiation when it actually happens.
From: nickm@xxxxxxxxxxxxxx
Date: Fri, 25 Nov 2011 22:22:51 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 25 Nov 2011 17:23:09 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: code repository commits <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: George Kadianakis <desnacked@xxxxxxxxx>
Sender: tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx

commit 4fd79f9def28996552b5739792f428c2514de1f6
Author: George Kadianakis <desnacked@xxxxxxxxx>
Date:   Wed Oct 26 03:09:22 2011 +0200

    Detect renegotiation when it actually happens.
    
    The renegotiation callback was called only when the first Application
    Data arrived, instead of when the renegotiation took place.
    
    This happened because SSL_read() returns -1 and sets the error to
    SSL_ERROR_WANT_READ when a renegotiation happens instead of reading
    data [0].
    
    I also added a commented out aggressive assert that I won't enable yet
    because I don't feel I understand SSL_ERROR_WANT_READ enough.
    
    [0]: Look at documentation of SSL_read(), SSL_get_error() and
         SSL_CTX_set_mode() (SSL_MODE_AUTO_RETRY section).
---
 src/common/tortls.c |   29 +++++++++++++++++++----------
 1 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 6757cfa..79b6d2c 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1606,19 +1606,28 @@ tor_tls_read(tor_tls_t *tls, char *cp, size_t len)
   tor_assert(tls->state == TOR_TLS_ST_OPEN);
   tor_assert(len<INT_MAX);
   r = SSL_read(tls->ssl, cp, (int)len);
-  if (r > 0) {
+  if (r > 0) /* return the number of characters read */
+    return r;
+
+  /* If we got here, SSL_read() did not go as expected. */
+
+  err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG, LD_NET);
+
 #ifdef V2_HANDSHAKE_SERVER
-    if (tls->got_renegotiate) {
-      /* Renegotiation happened! */
-      log_info(LD_NET, "Got a TLS renegotiation from %s", ADDR(tls));
-      if (tls->negotiated_callback)
-        tls->negotiated_callback(tls, tls->callback_arg);
-      tls->got_renegotiate = 0;
-    }
-#endif
+  if (tls->got_renegotiate) {
+    tor_assert(tls->server_handshake_count == 2);
+    /* XXX tor_assert(err == TOR_TLS_WANTREAD); */
+
+    /* Renegotiation happened! */
+    log_info(LD_NET, "Got a TLS renegotiation from %s", ADDR(tls));
+    if (tls->negotiated_callback)
+      tls->negotiated_callback(tls, tls->callback_arg);
+    tls->got_renegotiate = 0;
+
     return r;
   }
-  err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG, LD_NET);
+#endif
+
   if (err == _TOR_TLS_ZERORETURN || err == TOR_TLS_CLOSE) {
     log_debug(LD_NET,"read returned r=%d; TLS is closed",r);
     tls->state = TOR_TLS_ST_CLOSED;



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/master] Rename tor_process_destroy() to tor_process_handle_destroy().
Next by Author: [tor-commits] [tor/master] Refactor the SSL_set_info_callback() callbacks.
Previous by thread: [tor-commits] [tor/master] Rename tor_process_destroy() to tor_process_handle_destroy().
Next by thread: [tor-commits] [tor/master] Refactor the SSL_set_info_callback() callbacks.
Index(es):
- Author
- Thread