diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-09-25 06:23:22 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-09-26 07:13:57 +0200 |
commit | af4e4edcc6443b6573e319234ecec1f27fb0179e (patch) | |
tree | ba402503a3b92f239caafba888fef1b4f47bee3a /lib/session.c | |
parent | a17ffe208b7e3db74723836a472ce132c5d45aa3 (diff) | |
download | gnutls-af4e4edcc6443b6573e319234ecec1f27fb0179e.tar.gz |
gnutls_session_get_data2: fix operation without a timeout callback
When TLS1.3 was introduced, gnutls_session_get_data2 was modified
to assume that the callbacks set included the timeout one which was
not previously necessary except for some special cases. This corrects
that issue and makes sure that gnutls_session_get_data2() does not
fail (but not necessarily succeed), if that timeout callback is not
set.
Resolves: #823
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/session.c')
-rw-r--r-- | lib/session.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/lib/session.c b/lib/session.c index 6deda99c07..71bcb40515 100644 --- a/lib/session.c +++ b/lib/session.c @@ -109,6 +109,12 @@ gnutls_session_get_data(gnutls_session_t session, * received, will return session resumption data corresponding to the last * received ticket. * + * Note that this function under TLS1.3 requires a callback to be set with + * gnutls_transport_set_pull_timeout_function() for successful operation. There + * was a bug before 3.6.10 which could make this function fail if that callback + * was not set. On later versions if not set, the function will return a successful + * error code, but will return dummy data that cannot lead to a resumption. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise * an error code is returned. **/ @@ -128,10 +134,17 @@ gnutls_session_get_data2(gnutls_session_t session, gnutls_datum_t *data) * the value(s). */ ertt += 60; - /* wait for a message with timeout */ - ret = _gnutls_recv_in_buffers(session, GNUTLS_APPLICATION_DATA, -1, ertt); - if (ret < 0 && (gnutls_error_is_fatal(ret) && ret != GNUTLS_E_TIMEDOUT)) { - return gnutls_assert_val(ret); + /* we cannot use a read with timeout if the caller has not set + * a callback with gnutls_transport_set_pull_timeout_function() */ + if (NO_TIMEOUT_FUNC_SET(session) || (session->internals.flags & GNUTLS_NONBLOCK)) { + if (!(session->internals.flags & GNUTLS_NONBLOCK)) + _gnutls_debug_log("TLS1.3 works efficiently if a callback with gnutls_transport_set_pull_timeout_function() is set\n"); + } else { + /* wait for a message with timeout */ + ret = _gnutls_recv_in_buffers(session, GNUTLS_APPLICATION_DATA, -1, ertt); + if (ret < 0 && (gnutls_error_is_fatal(ret) && ret != GNUTLS_E_TIMEDOUT)) { + return gnutls_assert_val(ret); + } } if (!(session->internals.hsk_flags & HSK_TICKET_RECEIVED)) { |