[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri May 27 14:20:42 UTC 2016
The branch master has been updated
via 46ac07f5455dd39840b63bebd2942c2058e7a9cb (commit)
via cb2e10f257a464c6b475b321dd9e4769df84dbf6 (commit)
via 75dd6c1a39c4e73de7d8d782adb7008645248f50 (commit)
via 384f08dc76e4df2c004042bd9b1bad60f98c281f (commit)
from ec91f92ddf74bea473148674aff25410311edaab (commit)
- Log -----------------------------------------------------------------
commit 46ac07f5455dd39840b63bebd2942c2058e7a9cb
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 20 17:49:33 2016 +0100
Avoid msys name mangling
If using the msys console then msys attempts to "fix" command line
arguments to convert them from Unix style to Windows style. One of the
things it does is to look for arguments seperated by colons. This it
assumes is a list of file paths, so it replaces the colon with a semi-colon.
This was causing one of our tests to fail when calling the "req" command
line app. We were attempting to create a new DSA key and passing the
argument "dsa:../apps/dsa1024.pem". This is exactly what we intended but
Msys mangles it to "dsa;../apps/dsa1024.pem" and the command fails.
There doesn't seem to be a way to suppress Msys name mangling. Fortunately
we can work around this issue by generating the DSA key in a separate step
by calling "gendsa".
RT#4255
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit cb2e10f257a464c6b475b321dd9e4769df84dbf6
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 20 16:34:24 2016 +0100
Fix intermittent windows failures in TLSProxy tests
When closing down the socket in s_client Windows will close it immediately
even if there is data in the write buffer still waiting to be sent. This
was causing tests to fail in Msys/Mingw builds because TLSProxy doesn't see
the final CloseNotify.
I have experimented with various ways of doing this "properly" (e.g.
shutting down the socket before closing, setting SO_LINGER etc). I can't
seem to find the "magic" formula that will make Windows do this. Inserting
a short 50ms sleep seems to do the trick...but its not very "nice" so I've
inserted a TODO on this item. Perhaps someone else will have better luck
in figuring this out.
RT#4255
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 75dd6c1a39c4e73de7d8d782adb7008645248f50
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 20 11:53:26 2016 +0100
Fix s_client/s_server waiting for stdin on Windows
On Windows we were using the function _kbhit() to determine whether there
was input waiting in stdin for us to read. Actually all this does is work
out whether there is a keyboard press event waiting to be processed in the
input buffer. This only seems to work in a standard Windows console (not
Msys console) and also doesn't work if you redirect the input from some
other source (as we do in TLSProxy tests). This commit changes things to
work differently depending on whether we are on the Windows console or not.
RT#4255
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 384f08dc76e4df2c004042bd9b1bad60f98c281f
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 20 11:20:22 2016 +0100
Fix some s_server issues on Windows
In s_server we call BIO_sock_should_retry() to determine the state of the
socket and work out whether we should retry an operation on it or not.
However if you leave it too long to call this then other operations may
have occurred in the meantime which affect the result. Therefore we should
call it early and remember the result for when we need to use it. This fixes
a test problem on Windows.
Another issue with s_server on Windows is that some of output to stdout does
not get displayed immediately. Apparently more liberal use of BIO_flush is
required.
RT#4255
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 31 ++++++++++++++++++++++++++++++-
apps/apps.h | 3 +++
apps/s_client.c | 33 ++++++++++++++-------------------
apps/s_server.c | 21 +++++++++++++++++----
test/recipes/80-test_ssl_old.t | 14 ++++++++++----
5 files changed, 74 insertions(+), 28 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index 5db4b22..a3e1794 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -14,6 +14,7 @@
*/
# define _POSIX_C_SOURCE 2
#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -41,7 +42,7 @@
#endif
#include <openssl/bn.h>
#include <openssl/ssl.h>
-
+#include "s_apps.h"
#include "apps.h"
#ifdef _WIN32
@@ -2550,3 +2551,31 @@ void wait_for_async(SSL *s)
select(width, (void *)&asyncfds, NULL, NULL, NULL);
#endif
}
+
+/* if OPENSSL_SYS_WINDOWS is defined then so is OPENSSL_SYS_MSDOS */
+#if defined(OPENSSL_SYS_MSDOS)
+int has_stdin_waiting(void)
+{
+# if defined(OPENSSL_SYS_WINDOWS)
+ HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE);
+ DWORD events = 0;
+ INPUT_RECORD inputrec;
+ DWORD insize = 1;
+ BOOL peeked;
+
+ if (inhand == INVALID_HANDLE_VALUE) {
+ return 0;
+ }
+
+ peeked = PeekConsoleInput(inhand, &inputrec, insize, &events);
+ if (!peeked) {
+ /* Probably redirected input? _kbhit() does not work in this case */
+ if (!feof(stdin)) {
+ return 1;
+ }
+ return 0;
+ }
+# endif
+ return _kbhit();
+}
+#endif
diff --git a/apps/apps.h b/apps/apps.h
index 83dc0c1..6a0acab 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -67,6 +67,9 @@ CONF *app_load_config_quiet(const char *filename);
int app_load_modules(const CONF *config);
void unbuffer(FILE *fp);
void wait_for_async(SSL *s);
+# if defined(OPENSSL_SYS_MSDOS)
+int has_stdin_waiting(void);
+# endif
/*
* Common verification options.
diff --git a/apps/s_client.c b/apps/s_client.c
index d8678c3..4b9880a 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2160,18 +2160,8 @@ int s_client_main(int argc, char **argv)
tv.tv_usec = 0;
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, &tv);
-# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
- if (!i && (!_kbhit() || !read_tty))
+ if (!i && (!has_stdin_waiting() || !read_tty))
continue;
-# else
- if (!i && (!((_kbhit())
- || (WAIT_OBJECT_0 ==
- WaitForSingleObject(GetStdHandle
- (STD_INPUT_HANDLE),
- 0)))
- || !read_tty))
- continue;
-# endif
} else
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, timeoutp);
@@ -2348,14 +2338,9 @@ int s_client_main(int argc, char **argv)
/* break; */
}
}
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
- else if (_kbhit())
-# else
- else if ((_kbhit())
- || (WAIT_OBJECT_0 ==
- WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
-# endif
+/* OPENSSL_SYS_MSDOS includes OPENSSL_SYS_WINDOWS */
+#if defined(OPENSSL_SYS_MSDOS)
+ else if (has_stdin_waiting())
#else
else if (FD_ISSET(fileno(stdin), &readfds))
#endif
@@ -2417,6 +2402,16 @@ int s_client_main(int argc, char **argv)
if (in_init)
print_stuff(bio_c_out, con, full_log);
do_ssl_shutdown(con);
+#if defined(OPENSSL_SYS_WINDOWS)
+ /*
+ * Give the socket time to send its last data before we close it.
+ * No amount of setting SO_LINGER etc on the socket seems to persuade
+ * Windows to send the data before closing the socket...but sleeping
+ * for a short time seems to do it (units in ms)
+ * TODO: Find a better way to do this
+ */
+ Sleep(50);
+#endif
BIO_closesocket(SSL_get_fd(con));
end:
if (con != NULL) {
diff --git a/apps/s_server.c b/apps/s_server.c
index 35baac9..08753c3 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2167,10 +2167,10 @@ static int sv_body(int s, int stype, unsigned char *context)
tv.tv_sec = 1;
tv.tv_usec = 0;
i = select(width, (void *)&readfds, NULL, NULL, &tv);
- if ((i < 0) || (!i && !_kbhit()))
- continue;
- if (_kbhit())
+ if (has_stdin_waiting())
read_from_terminal = 1;
+ if ((i < 0) || (!i && !read_from_terminal))
+ continue;
#else
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
@@ -2309,12 +2309,14 @@ static int sv_body(int s, int stype, unsigned char *context)
break;
case SSL_ERROR_WANT_ASYNC:
BIO_printf(bio_s_out, "Write BLOCK (Async)\n");
+ (void)BIO_flush(bio_s_out);
wait_for_async(con);
break;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_X509_LOOKUP:
BIO_printf(bio_s_out, "Write BLOCK\n");
+ (void)BIO_flush(bio_s_out);
break;
case SSL_ERROR_WANT_ASYNC_JOB:
/*
@@ -2383,16 +2385,19 @@ static int sv_body(int s, int stype, unsigned char *context)
ascii2ebcdic(buf, buf, i);
#endif
raw_write_stdout(buf, (unsigned int)i);
+ (void)BIO_flush(bio_s_out);
if (SSL_has_pending(con))
goto again;
break;
case SSL_ERROR_WANT_ASYNC:
BIO_printf(bio_s_out, "Read BLOCK (Async)\n");
+ (void)BIO_flush(bio_s_out);
wait_for_async(con);
break;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
BIO_printf(bio_s_out, "Read BLOCK\n");
+ (void)BIO_flush(bio_s_out);
break;
case SSL_ERROR_WANT_ASYNC_JOB:
/*
@@ -2448,6 +2453,7 @@ static int init_ssl_connection(SSL *con)
unsigned next_proto_neg_len;
#endif
unsigned char *exportedkeymat;
+ int retry = 0;
#ifndef OPENSSL_NO_DTLS
if(dtlslisten) {
@@ -2482,6 +2488,8 @@ static int init_ssl_connection(SSL *con)
do {
i = SSL_accept(con);
+ if (i <= 0)
+ retry = BIO_sock_should_retry(i);
#ifdef CERT_CB_TEST_RETRY
{
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
@@ -2489,6 +2497,8 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_err,
"LOOKUP from certificate callback during accept\n");
i = SSL_accept(con);
+ if (i <= 0)
+ retry = BIO_sock_should_retry(i);
}
}
#endif
@@ -2507,13 +2517,15 @@ static int init_ssl_connection(SSL *con)
else
BIO_printf(bio_s_out, "LOOKUP not successful\n");
i = SSL_accept(con);
+ if (i <= 0)
+ retry = BIO_sock_should_retry(i);
}
#endif
} while (i < 0 && SSL_waiting_for_async(con));
if (i <= 0) {
if ((dtlslisten && i == 0)
- || (!dtlslisten && BIO_sock_should_retry(i))) {
+ || (!dtlslisten && retry)) {
BIO_printf(bio_s_out, "DELAY\n");
return (1);
}
@@ -2599,6 +2611,7 @@ static int init_ssl_connection(SSL *con)
OPENSSL_free(exportedkeymat);
}
+ (void)BIO_flush(bio_s_out);
return (1);
}
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 3763530..b41e67a 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -36,6 +36,7 @@ my $digest = "-sha1";
my @reqcmd = ("openssl", "req");
my @x509cmd = ("openssl", "x509", $digest);
my @verifycmd = ("openssl", "verify");
+my @gendsacmd = ("openssl", "gendsa");
my $dummycnf = srctop_file("apps", "openssl.cnf");
my $CAkey = "keyCA.ss";
@@ -105,6 +106,7 @@ sub testss {
my @req_dsa = ("-newkey",
"dsa:".srctop_file("apps", "dsa1024.pem"));
+ my $dsaparams = srctop_file("apps", "dsa1024.pem");
my @req_new;
if ($no_rsa) {
@req_new = @req_dsa;
@@ -175,14 +177,18 @@ sub testss {
plan skip_all => "skipping DSA certificate creation"
if $no_dsa;
- plan tests => 4;
+ plan tests => 5;
SKIP: {
$ENV{CN2} = "DSA Certificate";
+ skip 'failure', 4 unless
+ ok(run(app([@gendsacmd, "-out", $Dkey,
+ $dsaparams],
+ stdout => "err.ss")),
+ "make a DSA key");
skip 'failure', 3 unless
- ok(run(app([@reqcmd, "-config", $Uconf,
- "-out", $Dreq, "-keyout", $Dkey,
- @req_dsa],
+ ok(run(app([@reqcmd, "-new", "-config", $Uconf,
+ "-out", $Dreq, "-key", $Dkey],
stdout => "err.ss")),
"make a DSA user cert request");
skip 'failure', 2 unless
More information about the openssl-commits
mailing list