Merge branch 'ssl/fix-partial-read' - #1451

* ssl/fix-partial-read:
  ssl: do not triger EOF if some data had been successfully read
  ssl: rename err_is_ok to handshake_is_ok (internal API)

4 files changed, 27 insertions, 7 deletions

diff --git a/bufferevent_mbedtls.c b/bufferevent_mbedtls.c
index 95859bd3..765d00be 100644
--- a/bufferevent_mbedtls.c
+++ b/bufferevent_mbedtls.c
@@ -121,8 +121,9 @@ mbedtls_set_ssl_noops(void *ssl)
 {
 }
 static int
-mbedtls_is_ok(int err)
+mbedtls_handshake_is_ok(int err)
 {
+	/* What mbedtls_ssl_handshake() return on success */
 	return err == 0;
 }
 static int
@@ -135,6 +136,11 @@ mbedtls_is_want_write(int err)
 {
 	return err == MBEDTLS_ERR_SSL_WANT_WRITE;
 }
+static int mbedtls_err_is_ok(int err)
+{
+	/* What mbedtls_ssl_read() returns when the we can proceed existing data */
+	return err == 0;
+}
 
 static evutil_socket_t
 be_mbedtls_get_fd(void *ssl)
@@ -320,9 +326,10 @@ static struct le_ssl_ops le_mbedtls_ops = {
 	mbedtls_clear,
 	mbedtls_set_ssl_noops,
 	mbedtls_set_ssl_noops,
-	mbedtls_is_ok,
+	mbedtls_handshake_is_ok,
 	mbedtls_is_want_read,
 	mbedtls_is_want_write,
+	mbedtls_err_is_ok,
 	be_mbedtls_get_fd,
 	be_mbedtls_bio_set_fd,
 	(void (*)(struct bufferevent_ssl *))mbedtls_set_ssl_noops,
diff --git a/bufferevent_openssl.c b/bufferevent_openssl.c
index c74a76e4..4ef3925a 100644
--- a/bufferevent_openssl.c
+++ b/bufferevent_openssl.c
@@ -339,12 +339,20 @@ SSL_context_free(void *ssl, int flags)
 }
 
 static int
-SSL_is_ok(int err)
+SSL_handshake_is_ok(int err)
 {
+	/* What SSL_do_handshake() return on success */
 	return err == 1;
 }
 
 static int
+SSL_err_is_ok(int err)
+{
+	/* What SSL_read() returns when the we can proceed existing data */
+	return err == SSL_ERROR_ZERO_RETURN;
+}
+
+static int
 SSL_is_want_read(int err)
 {
 	return err == SSL_ERROR_WANT_READ;
@@ -413,9 +421,10 @@ static struct le_ssl_ops le_openssl_ops = {
 	(int (*)(void *))SSL_clear,
 	(void (*)(void *))SSL_set_connect_state,
 	(void (*)(void *))SSL_set_accept_state,
-	SSL_is_ok,
+	SSL_handshake_is_ok,
 	SSL_is_want_read,
 	SSL_is_want_write,
+	SSL_err_is_ok,
 	(int (*)(void *))be_openssl_get_fd,
 	be_openssl_bio_set_fd,
 	init_bio_counts,
diff --git a/bufferevent_ssl.c b/bufferevent_ssl.c
index 64c36ae6..17046b82 100644
--- a/bufferevent_ssl.c
+++ b/bufferevent_ssl.c
@@ -284,7 +284,10 @@ do_read(struct bufferevent_ssl *bev_ssl, int n_to_read) {
 		} else {
 			int err = bev_ssl->ssl_ops->get_error(bev_ssl->ssl, r);
 			bev_ssl->ssl_ops->print_err(err);
-			if (bev_ssl->ssl_ops->err_is_want_read(err)) {
+			if (bev_ssl->ssl_ops->err_is_ok(err) && result & OP_MADE_PROGRESS) {
+				/* Process existing data */
+				break;
+			} else if (bev_ssl->ssl_ops->err_is_want_read(err)) {
 				/* Can't read until underlying has more data. */
 				if (bev_ssl->read_blocked_on_write)
 					if (clear_rbow(bev_ssl) < 0)
@@ -706,7 +709,7 @@ do_handshake(struct bufferevent_ssl *bev_ssl)
 	}
 	bev_ssl->ssl_ops->decrement_buckets(bev_ssl);
 
-	if (bev_ssl->ssl_ops->err_is_ok(r)) {
+	if (bev_ssl->ssl_ops->handshake_is_ok(r)) {
 		evutil_socket_t fd = event_get_fd(&bev_ssl->bev.bev.ev_read);
 		/* We're done! */
 		bev_ssl->state = BUFFEREVENT_SSL_OPEN;
diff --git a/ssl-compat.h b/ssl-compat.h
index 4dccb52a..146fdaf3 100644
--- a/ssl-compat.h
+++ b/ssl-compat.h
@@ -20,9 +20,10 @@ struct le_ssl_ops {
 	int (*clear)(void *ssl);
 	void (*set_connect_state)(void *ssl);
 	void (*set_accept_state)(void *ssl);
-	int (*err_is_ok)(int err);
+	int (*handshake_is_ok)(int err);
 	int (*err_is_want_read)(int err);
 	int (*err_is_want_write)(int err);
+	int (*err_is_ok)(int err);
 	evutil_socket_t (*get_fd)(void *ssl);
 	int (*bio_set_fd)(struct bufferevent_ssl *ssl, evutil_socket_t fd);
 	void (*init_bio_counts)(struct bufferevent_ssl *bev);