From: Graham Leggett <minfrin@apache.org>
Date: Sat, 22 Jan 2022 20:05:21 +0000 (+0000)
Subject: mod_ssl: Add the missing SSL_ERROR_WANT_WRITE case in the SSL_read. Make
X-Git-Tag: 2.5.0-alpha2-ci-test-only~553
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=82cba5c0ebbea53f7ae74a9c6cb5402c38e7f8bf;p=thirdparty%2Fapache%2Fhttpd.git

mod_ssl: Add the missing SSL_ERROR_WANT_WRITE case in the SSL_read. Make
sure the sense is correctly specified in response to SSL_ERROR_WANT_READ
and SSL_ERROR_WANT_WRITE so we don't poll for the wrong case.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897353 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index 8658ed44e70..c693ad2a3a2 100644
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -323,6 +323,7 @@ typedef struct {
 } char_buffer_t;
 
 typedef struct {
+    conn_rec *c;
     SSL *ssl;
     BIO *bio_out;
     ap_filter_t *f;
@@ -795,6 +796,28 @@ static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx,
                  * (This is usually the case when the client forces an SSL
                  * renegotiation which is handled implicitly by OpenSSL.)
                  */
+                inctx->c->cs->sense = CONN_SENSE_WANT_READ;
+                inctx->rc = APR_EAGAIN;
+
+                if (*len > 0) {
+                    inctx->rc = APR_SUCCESS;
+                    break;
+                }
+                if (inctx->block == APR_NONBLOCK_READ) {
+                    break;
+                }
+                continue;  /* Blocking and nothing yet?  Try again. */
+            }
+            if (ssl_err == SSL_ERROR_WANT_WRITE) {
+                /*
+                 * If OpenSSL wants to write during read, and we were
+                 * nonblocking, report as an EAGAIN.  Otherwise loop,
+                 * pulling more data from network filter.
+                 *
+                 * (This is usually the case when the client forces an SSL
+                 * renegotiation which is handled implicitly by OpenSSL.)
+                 */
+                inctx->c->cs->sense = CONN_SENSE_WANT_WRITE;
                 inctx->rc = APR_EAGAIN;
 
                 if (*len > 0) {
@@ -2303,6 +2326,7 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
 #endif
     BIO_set_data(filter_ctx->pbioRead, (void *)inctx);
 
+    inctx->c = c;
     inctx->ssl = ssl;
     inctx->bio_out = filter_ctx->pbioWrite;
     inctx->f = filter_ctx->pInputFilter;