Changes On Branch d63ee30cb2a3c252

Changes In Branch bug-eof-loop-6dd5588df6 Excluding Merge-Ins

This is equivalent to a diff from 6704c33e48 to d63ee30cb2

2017-10-17
03:57
Updated to use a more commonly accepted regexp when replacing the OpenSSL function name (addresses [6c9bf49455]) check-in: 12bf5e37e0 user: rkeene tags: trunk
2017-09-21
16:07
More soft-EOF mappings Leaf check-in: d63ee30cb2 user: rkeene tags: bug-eof-loop-6dd5588df6
14:15
Added support for detecting writes after we have told the channel that we are in EOF and start returning errors in that case check-in: 7e5e4e2114 user: rkeene tags: bug-eof-loop-6dd5588df6
2017-09-01
00:27
TclTLS 1.7.13 check-in: 4c0960be87 user: rkeene tags: tls-1-7, tls-1-7-13
00:16
Try harder to ensure the right SSL libraries are used check-in: 6704c33e48 user: rkeene tags: trunk
2017-08-31
18:57
Updated to support a user specifying a pkgconfig path for OpenSSL check-in: c3e5ea305b user: rkeene tags: trunk

Modified tlsBIO.c from [c3e8b987ad] to [199d9ebcac].

125
126
127
128
129
130
131
132

133
134
135
136
137
138
139
125
126
127
128
129
130
131

132
133
134
135
136
137
138
139







-
+







	tclErrno = Tcl_GetErrno();

	dprintf("[chan=%p] BioWrite(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, Tcl_GetErrno());

	BIO_clear_flags(bio, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);

	if (tclEofChan && ret <= 0) {
		dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF");
		dprintf("Got EOF while writing, returning a Connection Reset error which maps to Soft EOF");
		Tcl_SetErrno(ECONNRESET);
		ret = 0;
	} else if (ret == 0) {
		dprintf("Got 0 from Tcl_WriteRaw, and EOF is not set; ret = 0");
		dprintf("Setting retry read flag");
		BIO_set_retry_read(bio);
	} else if (ret < 0) {

Modified tlsIO.c from [f8a8e7a642] to [064eb6d39e].

385
386
387
388
389
390
391







392
393
394
395
396
397
398
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405







+
+
+
+
+
+
+







	dprintf("BIO_read(%d)", bufSize);

	if (statePtr->flags & TLS_TCL_CALLBACK) {
		/* don't process any bytes while verify callback is running */
		dprintf("Callback is running, reading 0 bytes");
		return(0);
	}

	if (statePtr->flags & TLS_TCL_EOF) {
		dprintf("Asked to read after reaching EOF, we are treating this as fatal.");
		bytesRead = 0;
		*errorCodePtr = ECONNRESET;
		return(bytesRead);
	}

	dprintf("Calling Tls_WaitForConnect");
	tlsConnect = Tls_WaitForConnect(statePtr, errorCodePtr, 0);
	if (tlsConnect < 0) {
		dprintf("Got an error waiting to connect (tlsConnect = %i, *errorCodePtr = %i)", tlsConnect, *errorCodePtr);

		bytesRead = -1;
474
475
476
477
478
479
480






481
482
483
484
485
486
487
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500







+
+
+
+
+
+







			break;
		default:
			dprintf("Unknown error (err = %i), mapping to EOF", err);
			*errorCodePtr = 0;
			bytesRead = 0;
			break;
	}

	if (bufSize != 0 && bytesRead == 0 && *errorCodePtr == 0) {
		dprintf("Detected EOF, setting the EOF flag");
		statePtr->flags |= TLS_TCL_EOF;
		*errorCodePtr = ECONNRESET;
	}

	dprintf("Input(%d) -> %d [%d]", bufSize, bytesRead, *errorCodePtr);
	return(bytesRead);
}

/*
 *-------------------------------------------------------------------
514
515
516
517
518
519
520







521
522
523
524
525
526
527
528
529

530
531

532

533
534
535
536
537
538
539
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548

549
550

551
552
553
554
555
556
557
558
559
560







+
+
+
+
+
+
+








-
+

-
+

+








	if (statePtr->flags & TLS_TCL_CALLBACK) {
		dprintf("Don't process output while callbacks are running")
		written = -1;
		*errorCodePtr = EAGAIN;
		return(-1);
	}

	if (statePtr->flags & TLS_TCL_EOF) {
		dprintf("Asked to write after reaching EOF, we are treating this as fatal.");
		written = 0;
		*errorCodePtr = ECONNRESET;
		return(written);
	}

	dprintf("Calling Tls_WaitForConnect");
	tlsConnect = Tls_WaitForConnect(statePtr, errorCodePtr, 1);
	if (tlsConnect < 0) {
		dprintf("Got an error waiting to connect (tlsConnect = %i, *errorCodePtr = %i)", tlsConnect, *errorCodePtr);

		written = -1;
		if (*errorCodePtr == ECONNRESET) {
			dprintf("Got connection reset");
			dprintf("Got connection reset (setting EOF flag)");
			/* Soft EOF */
			*errorCodePtr = 0;
			*errorCodePtr = ECONNRESET;
			written = 0;
			statePtr->flags |= TLS_TCL_EOF;
		}

		return(written);
	}

	if (toWrite == 0) {
		dprintf("zero-write");
582
583
584
585
586
587
588
589

590
591
592
593
594
595
596
603
604
605
606
607
608
609

610
611
612
613
614
615
616
617







-
+







		case SSL_ERROR_WANT_READ:
			dprintf(" write R BLOCK");
			break;
		case SSL_ERROR_WANT_X509_LOOKUP:
			dprintf(" write X BLOCK");
			break;
		case SSL_ERROR_ZERO_RETURN:
			dprintf(" closed");
			dprintf(" closed (EOF reached)");
			written = 0;
			*errorCodePtr = 0;
			break;
		case SSL_ERROR_SYSCALL:
			backingError = ERR_get_error();

			if (backingError == 0 && written == 0) {
613
614
615
616
617
618
619






620
621
622
623
624
625
626
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653







+
+
+
+
+
+







			*errorCodePtr = ECONNABORTED;
			written = -1;
			break;
		default:
			dprintf(" unknown err: %d", err);
			break;
	}

	if (toWrite != 0 && written == 0 && *errorCodePtr == 0) {
		dprintf("Detected EOF, setting the EOF flag");
		statePtr->flags |= TLS_TCL_EOF;
		*errorCodePtr = ECONNRESET;
	}

	dprintf("Output(%d) -> %d", toWrite, written);
	return(written);
}

/*
 *-------------------------------------------------------------------

Modified tlsInt.h from [b78d815874] to [0876b611aa].

122
123
124
125
126
127
128

129
130
131
132
133
134
135
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136







+







#define TLS_TCL_DEBUG	(1<<3)	/* Show debug tracing */
#define TLS_TCL_CALLBACK	(1<<4)	/* In a callback, prevent update
					 * looping problem. [Bug 1652380] */
#define TLS_TCL_HANDSHAKE_FAILED (1<<5) /* Set on handshake failures and once
                                         * set, all further I/O will result
                                         * in ECONNABORTED errors. */
#define TLS_TCL_FASTPATH (1<<6)         /* The parent channel is being used directly by the SSL library */
#define TLS_TCL_EOF (1<<7)         /* We initiated EOF, any further attempts to write will return an error */
#define TLS_TCL_DELAY (5)

/*
 * This structure describes the per-instance state
 * of an ssl channel.
 *
 * The SSL processing context is maintained here, in the ClientData