Chromium Code Reviews Chromium Code Reviews
Issue 7399025:
Fix instability in SSL client/server sockets (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_server_socket_nss.h" | 5 #include "net/socket/ssl_server_socket_nss.h" |
| 6 | 6 |
| 7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
| 8 #include <winsock2.h> | 8 #include <winsock2.h> |
| 9 #endif | 9 #endif |
| 10 | 10 |
| (...skipping 407 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 418 | 418 |
| 419 if (!completed_handshake_) | 419 if (!completed_handshake_) |
| 420 return; | 420 return; |
| 421 | 421 |
| 422 if (user_write_buf_) { | 422 if (user_write_buf_) { |
| 423 int rv = DoWriteLoop(result); | 423 int rv = DoWriteLoop(result); |
| 424 if (rv != ERR_IO_PENDING) | 424 if (rv != ERR_IO_PENDING) |
| 425 DoWriteCallback(rv); | 425 DoWriteCallback(rv); |
| 426 } else { | 426 } else { |
| 427 // Ensure that any queued ciphertext is flushed. | 427 // Ensure that any queued ciphertext is flushed. |
| 428 DoTransportIO(); | 428 bool network_moved = false; |
| 429 do { | |
| 430 network_moved = DoTransportIO(); | |
| 431 } while (network_moved); | |
|
Wez
2011/07/18 21:53:33
I take it that
while (DoTransportIO()) { }
is ba
Sergey Ulanov
2011/07/19 19:26:56
reverted this change
| |
| 429 } | 432 } |
| 430 } | 433 } |
| 431 | 434 |
| 432 void SSLServerSocketNSS::OnRecvComplete(int result) { | 435 void SSLServerSocketNSS::OnRecvComplete(int result) { |
| 433 if (next_handshake_state_ == STATE_HANDSHAKE) { | 436 if (next_handshake_state_ == STATE_HANDSHAKE) { |
| 434 // In handshake phase. | 437 // In handshake phase. |
| 435 OnHandshakeIOComplete(result); | 438 OnHandshakeIOComplete(result); |
| 436 return; | 439 return; |
| 437 } | 440 } |
| 438 | 441 |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 528 OnRecvComplete(result); | 531 OnRecvComplete(result); |
| 529 } | 532 } |
| 530 | 533 |
| 531 // Do network I/O between the given buffer and the given socket. | 534 // Do network I/O between the given buffer and the given socket. |
| 532 // Return true if some I/O performed, false otherwise (error or ERR_IO_PENDING) | 535 // Return true if some I/O performed, false otherwise (error or ERR_IO_PENDING) |
| 533 bool SSLServerSocketNSS::DoTransportIO() { | 536 bool SSLServerSocketNSS::DoTransportIO() { |
| 534 bool network_moved = false; | 537 bool network_moved = false; |
| 535 if (nss_bufs_ != NULL) { | 538 if (nss_bufs_ != NULL) { |
| 536 int nsent = BufferSend(); | 539 int nsent = BufferSend(); |
| 537 int nreceived = BufferRecv(); | 540 int nreceived = BufferRecv(); |
| 538 network_moved = (nsent > 0 || nreceived >= 0); | 541 network_moved = (nsent > 0 || nreceived > 0); |
| 539 } | 542 } |
| 540 return network_moved; | 543 return network_moved; |
| 541 } | 544 } |
| 542 | 545 |
| 543 int SSLServerSocketNSS::DoPayloadRead() { | 546 int SSLServerSocketNSS::DoPayloadRead() { |
| 544 DCHECK(user_read_buf_); | 547 DCHECK(user_read_buf_); |
| 545 DCHECK_GT(user_read_buf_len_, 0); | 548 DCHECK_GT(user_read_buf_len_, 0); |
| 546 int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_); | 549 int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_); |
| 547 if (rv >= 0) | 550 if (rv >= 0) |
| 548 return rv; | 551 return rv; |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 616 make_scoped_refptr(new SSLErrorParams(rv, 0))); | 619 make_scoped_refptr(new SSLErrorParams(rv, 0))); |
| 617 return rv; | 620 return rv; |
| 618 } | 621 } |
| 619 | 622 |
| 620 bool network_moved; | 623 bool network_moved; |
| 621 int rv; | 624 int rv; |
| 622 do { | 625 do { |
| 623 rv = DoPayloadRead(); | 626 rv = DoPayloadRead(); |
| 624 network_moved = DoTransportIO(); | 627 network_moved = DoTransportIO(); |
| 625 } while (rv == ERR_IO_PENDING && network_moved); | 628 } while (rv == ERR_IO_PENDING && network_moved); |
| 629 | |
| 626 return rv; | 630 return rv; |
| 627 } | 631 } |
| 628 | 632 |
| 629 int SSLServerSocketNSS::DoWriteLoop(int result) { | 633 int SSLServerSocketNSS::DoWriteLoop(int result) { |
| 630 DCHECK(completed_handshake_); | 634 DCHECK(completed_handshake_); |
| 631 DCHECK(next_handshake_state_ == STATE_NONE); | 635 DCHECK(next_handshake_state_ == STATE_NONE); |
| 632 | 636 |
| 633 if (result < 0) | 637 if (result < 0) |
| 634 return result; | 638 return result; |
| 635 | 639 |
| 636 if (!nss_bufs_) { | 640 if (!nss_bufs_) { |
| 637 LOG(DFATAL) << "!nss_bufs_"; | 641 LOG(DFATAL) << "!nss_bufs_"; |
| 638 int rv = ERR_UNEXPECTED; | 642 int rv = ERR_UNEXPECTED; |
| 639 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, | 643 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, |
| 640 make_scoped_refptr(new SSLErrorParams(rv, 0))); | 644 make_scoped_refptr(new SSLErrorParams(rv, 0))); |
| 641 return rv; | 645 return rv; |
| 642 } | 646 } |
| 643 | 647 |
| 644 bool network_moved; | 648 bool network_moved; |
| 645 int rv; | 649 int rv = ERR_IO_PENDING; |
| 646 do { | 650 do { |
| 647 rv = DoPayloadWrite(); | 651 if (rv == ERR_IO_PENDING) |
| 652 rv = DoPayloadWrite(); | |
| 648 network_moved = DoTransportIO(); | 653 network_moved = DoTransportIO(); |
| 649 } while (rv == ERR_IO_PENDING && network_moved); | 654 } while (network_moved); |
|
Wez
2011/07/18 21:53:33
The loop now won't exit on failure (or success!) o
Sergey Ulanov
2011/07/19 19:26:56
Same as in client sockets: why can't we continue p
| |
| 655 | |
| 650 return rv; | 656 return rv; |
| 651 } | 657 } |
| 652 | 658 |
| 653 int SSLServerSocketNSS::DoHandshake() { | 659 int SSLServerSocketNSS::DoHandshake() { |
| 654 int net_error = net::OK; | 660 int net_error = net::OK; |
| 655 SECStatus rv = SSL_ForceHandshake(nss_fd_); | 661 SECStatus rv = SSL_ForceHandshake(nss_fd_); |
| 656 | 662 |
| 657 if (rv == SECSuccess) { | 663 if (rv == SECSuccess) { |
| 658 completed_handshake_ = true; | 664 completed_handshake_ = true; |
| 659 } else { | 665 } else { |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 741 // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop | 747 // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop |
| 742 // by MessageLoopForIO::current(). | 748 // by MessageLoopForIO::current(). |
| 743 // X509Certificate::Verify() runs on a worker thread of CertVerifier. | 749 // X509Certificate::Verify() runs on a worker thread of CertVerifier. |
| 744 EnsureOCSPInit(); | 750 EnsureOCSPInit(); |
| 745 #endif | 751 #endif |
| 746 | 752 |
| 747 return OK; | 753 return OK; |
| 748 } | 754 } |
| 749 | 755 |
| 750 } // namespace net | 756 } // namespace net |
| OLD | NEW |
