Skip to content

Comments

Defer sending a KeyUpdate until after pending writes are complete#8773

Closed
mattcaswell wants to merge 3 commits intoopenssl:masterfrom
mattcaswell:key-update-write-pend
Closed

Defer sending a KeyUpdate until after pending writes are complete#8773
mattcaswell wants to merge 3 commits intoopenssl:masterfrom
mattcaswell:key-update-write-pend

Conversation

@mattcaswell
Copy link
Member

If we receive a KeyUpdate message (update requested) from the peer while
we are in the middle of a write, we should defer sending the responding
KeyUpdate message until after the current write is complete. We do this
by waiting to send the KeyUpdate until the next time we write and there is
no pending write data.

This does imply a subtle change in behaviour. Firstly the responding
KeyUpdate message won't be sent straight away as it is now. Secondly if
the peer sends multiple KeyUpdates without us doing any writing then we
will only send one response, as opposed to previously where we sent a
response for each KeyUpdate received.

Fixes #8677

If we receive a KeyUpdate message (update requested) from the peer while
we are in the middle of a write, we should defer sending the responding
KeyUpdate message until after the current write is complete. We do this
by waiting to send the KeyUpdate until the next time we write and there is
no pending write data.

This does imply a subtle change in behaviour. Firstly the responding
KeyUpdate message won't be sent straight away as it is now. Secondly if
the peer sends multiple KeyUpdates without us doing any writing then we
will only send one response, as opposed to previously where we sent a
response for each KeyUpdate received.

Fixes openssl#8677
@mattcaswell mattcaswell added branch: master Applies to master branch branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) labels Apr 17, 2019
@t8m
Copy link
Member

t8m commented Apr 17, 2019

Does this mean that the key update response won't be sent if the application does not invoke SSL_write() after the key update request is received?

@mattcaswell
Copy link
Member Author

Yes...although really shouldn't be a problem since if you don't do any writing then you're not using the key anyway.

@mattcaswell
Copy link
Member Author

Appveyor failure is not related.

@t8m
Copy link
Member

t8m commented Apr 17, 2019

Yes...although really shouldn't be a problem since if you don't do any writing then you're not using the key anyway.

Makes sense.

@kroeckx
Copy link
Member

kroeckx commented Apr 17, 2019

I think this is no longer needed:

if (updatetype == SSL_KEY_UPDATE_REQUESTED
&& (s->shutdown & SSL_SENT_SHUTDOWN) == 0)
s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED;

@mattcaswell
Copy link
Member Author

I think this is no longer needed:

The "if" is still needed - but not the bit about handling SSL_SENT_SHUTDOWN since we'll only send a KeyUpdate if SSL_write() has been called which should fail if close_notify has already been sent. But perhaps that's what you meant - I wasn't sure. Anyway I removed the SSL_SENT_SHUTDOWN bit.

@mattcaswell
Copy link
Member Author

@kroeckx do you have any further comments on this PR?

@kroeckx
Copy link
Member

kroeckx commented May 7, 2019 via email

@mattcaswell
Copy link
Member Author

I will not review this.

Ok no problem. I'm assuming you have no fundamental objections to it.

Ping @openssl/committers for review.

Copy link
Contributor

@kaduk kaduk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is looks okay; it seems to be putting the logic in the right places and such. But I didn't get a chance to do the full review I'd normally like to do, tracing through the ancillary state machine interactions and such, so if we could get a third reviewer that would be good.

NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

side note(?) My personal preference would be for curly braces, even for one-line bodies, when the list of conditions is this long. I didn't double-check the precise wording in the policy, though.

static int always_retry_gets(BIO *bp, char *buf, int size);
static int always_retry_puts(BIO *bp, const char *str);

const BIO_METHOD *bio_s_always_retry(void)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This method (and hot-swapping) is kind of a neat hack.

@mattcaswell
Copy link
Member Author

Pushed to master and 1.1.1.

@mattcaswell mattcaswell closed this Jun 3, 2019
levitte pushed a commit that referenced this pull request Jun 3, 2019
If we receive a KeyUpdate message (update requested) from the peer while
we are in the middle of a write, we should defer sending the responding
KeyUpdate message until after the current write is complete. We do this
by waiting to send the KeyUpdate until the next time we write and there is
no pending write data.

This does imply a subtle change in behaviour. Firstly the responding
KeyUpdate message won't be sent straight away as it is now. Secondly if
the peer sends multiple KeyUpdates without us doing any writing then we
will only send one response, as opposed to previously where we sent a
response for each KeyUpdate received.

Fixes #8677

Reviewed-by: Ben Kaduk <[email protected]>
(Merged from #8773)

(cherry picked from commit feb9e31)
levitte pushed a commit that referenced this pull request Jun 3, 2019
Reviewed-by: Ben Kaduk <[email protected]>
(Merged from #8773)

(cherry picked from commit a77b4db)
levitte pushed a commit that referenced this pull request Jun 3, 2019
If we receive a KeyUpdate message (update requested) from the peer while
we are in the middle of a write, we should defer sending the responding
KeyUpdate message until after the current write is complete. We do this
by waiting to send the KeyUpdate until the next time we write and there is
no pending write data.

This does imply a subtle change in behaviour. Firstly the responding
KeyUpdate message won't be sent straight away as it is now. Secondly if
the peer sends multiple KeyUpdates without us doing any writing then we
will only send one response, as opposed to previously where we sent a
response for each KeyUpdate received.

Fixes #8677

Reviewed-by: Ben Kaduk <[email protected]>
(Merged from #8773)
levitte pushed a commit that referenced this pull request Jun 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

branch: master Applies to master branch branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

OpenSSL is intolerant to key_update_requested while writes are pending

4 participants