diff --git a/src/chunk.c b/src/chunk.c index 555aaa1a..4c903fd3 100644 --- a/src/chunk.c +++ b/src/chunk.c @@ -1198,6 +1198,8 @@ chunkqueue_peek_data (chunkqueue * const cq, off_t len = c->file.length - c->offset; if (len > (off_t)space) len = (off_t)space; + if (0 == len) + break; if (-1 == lseek(c->file.fd, offset, SEEK_SET)) { log_perror(errh, __FILE__, __LINE__, "lseek(\"%s\")", diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index 81e63f46..90bb2e05 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c @@ -2413,10 +2413,10 @@ mod_gnutls_close_notify(handler_ctx *hctx); static int -connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) +connection_write_cq_ssl (connection * const con, chunkqueue * const cq, off_t max_bytes) { - handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; - gnutls_session_t ssl = hctx->ssl; + handler_ctx * const hctx = con->plugin_ctx[plugin_data_singleton->id]; + gnutls_session_t const ssl = hctx->ssl; if (!hctx->handshake) return 0; if (hctx->pending_write) { @@ -2428,9 +2428,8 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) chunkqueue_mark_written(cq, wr); } - if (0 != hctx->close_notify) return mod_gnutls_close_notify(hctx); - - chunkqueue_remove_finished_chunks(cq); + if (__builtin_expect( (0 != hctx->close_notify), 0)) + return mod_gnutls_close_notify(hctx); const size_t lim = gnutls_record_get_max_size(ssl); @@ -2453,6 +2452,10 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) int wr; if (0 != chunkqueue_peek_data(cq, &data, &data_len, errh)) return -1; + if (__builtin_expect( (0 == data_len), 0)) { + chunkqueue_remove_finished_chunks(cq); + continue; + } /* gnutls_record_send() copies the data, up to max record size, but if * (temporarily) unable to write the entire record, it is documented @@ -2514,13 +2517,14 @@ mod_gnutls_ssl_handshake (handler_ctx *hctx) static int -connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) +connection_read_cq_ssl (connection * const con, chunkqueue * const cq, off_t max_bytes) { - handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; + handler_ctx * const hctx = con->plugin_ctx[plugin_data_singleton->id]; UNUSED(max_bytes); - if (0 != hctx->close_notify) return mod_gnutls_close_notify(hctx); + if (__builtin_expect( (0 != hctx->close_notify), 0)) + return mod_gnutls_close_notify(hctx); if (!hctx->handshake) { int rc = mod_gnutls_ssl_handshake(hctx); diff --git a/src/mod_mbedtls.c b/src/mod_mbedtls.c index a13c1654..206b6dce 100644 --- a/src/mod_mbedtls.c +++ b/src/mod_mbedtls.c @@ -1952,9 +1952,9 @@ mod_mbedtls_close_notify(handler_ctx *hctx); static int -connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) +connection_write_cq_ssl (connection * const con, chunkqueue * const cq, off_t max_bytes) { - handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; + handler_ctx * const hctx = con->plugin_ctx[plugin_data_singleton->id]; mbedtls_ssl_context * const ssl = &hctx->ssl; if (hctx->pending_write) { @@ -1971,9 +1971,8 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) chunkqueue_mark_written(cq, wr); } - if (0 != hctx->close_notify) return mod_mbedtls_close_notify(hctx); - - chunkqueue_remove_finished_chunks(cq); + if (__builtin_expect( (0 != hctx->close_notify), 0)) + return mod_mbedtls_close_notify(hctx); const int lim = mbedtls_ssl_get_max_out_record_payload(ssl); if (lim < 0) return mod_mbedtls_ssl_write_err(con, hctx, lim, 0); @@ -1987,6 +1986,10 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) int wr; if (0 != chunkqueue_peek_data(cq, &data, &data_len, errh)) return -1; + if (__builtin_expect( (0 == data_len), 0)) { + chunkqueue_remove_finished_chunks(cq); + continue; + } /* mbedtls_ssl_write() copies the data, up to max record size, but if * (temporarily) unable to write the entire record, it is documented @@ -2152,16 +2155,17 @@ mod_mbedtls_ssl_handshake (handler_ctx *hctx) static int -connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) +connection_read_cq_ssl (connection * const con, chunkqueue * const cq, off_t max_bytes) { - handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; + handler_ctx * const hctx = con->plugin_ctx[plugin_data_singleton->id]; int len; char *mem = NULL; size_t mem_len = 0; UNUSED(max_bytes); - if (0 != hctx->close_notify) return mod_mbedtls_close_notify(hctx); + if (__builtin_expect( (0 != hctx->close_notify), 0)) + return mod_mbedtls_close_notify(hctx); if (!hctx->handshake_done) { int rc = mod_mbedtls_ssl_handshake(hctx); diff --git a/src/mod_nss.c b/src/mod_nss.c index 9cd58845..4cf50bbf 100644 --- a/src/mod_nss.c +++ b/src/mod_nss.c @@ -2200,15 +2200,14 @@ mod_nss_close_notify(handler_ctx *hctx); static int -connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) +connection_write_cq_ssl (connection * const con, chunkqueue * const cq, off_t max_bytes) { - handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; - PRFileDesc *ssl = hctx->ssl; + handler_ctx * const hctx = con->plugin_ctx[plugin_data_singleton->id]; + PRFileDesc * const ssl = hctx->ssl; log_error_st * const errh = hctx->errh; - if (0 != hctx->close_notify) return mod_nss_close_notify(hctx); - - chunkqueue_remove_finished_chunks(cq); + if (__builtin_expect( (0 != hctx->close_notify), 0)) + return mod_nss_close_notify(hctx); /* future: for efficiency/performance might consider using NSS * PR_Writev() PR_TransmitFile() PR_SendFile() @@ -2222,6 +2221,10 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) int wr; if (0 != chunkqueue_peek_data(cq, &data, &data_len, errh)) return -1; + if (__builtin_expect( (0 == data_len), 0)) { + chunkqueue_remove_finished_chunks(cq); + continue; + } /*(if partial write occurred, expect that subsequent writes will have * at least that much data available from chunkqueue_peek_data(), which @@ -2263,15 +2266,16 @@ mod_nss_SSLHandshakeCallback (PRFileDesc *fd, void *arg) static int -connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) +connection_read_cq_ssl (connection * const con, chunkqueue * const cq, off_t max_bytes) { - handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; + handler_ctx * const hctx = con->plugin_ctx[plugin_data_singleton->id]; UNUSED(max_bytes); - if (0 != hctx->close_notify) return mod_nss_close_notify(hctx); + if (__builtin_expect( (0 != hctx->close_notify), 0)) + return mod_nss_close_notify(hctx); - PRFileDesc *ssl = hctx->ssl; + PRFileDesc * const ssl = hctx->ssl; ssize_t len; char *mem = NULL; size_t mem_len = 0; diff --git a/src/mod_openssl.c b/src/mod_openssl.c index a234757e..59f737b8 100644 --- a/src/mod_openssl.c +++ b/src/mod_openssl.c @@ -2978,15 +2978,14 @@ mod_openssl_close_notify(handler_ctx *hctx); static int -connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) +connection_write_cq_ssl (connection * const con, chunkqueue * const cq, off_t max_bytes) { - handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; - SSL *ssl = hctx->ssl; + handler_ctx * const hctx = con->plugin_ctx[plugin_data_singleton->id]; + SSL * const ssl = hctx->ssl; log_error_st * const errh = hctx->errh; - if (0 != hctx->close_notify) return mod_openssl_close_notify(hctx); - - chunkqueue_remove_finished_chunks(cq); + if (__builtin_expect( (0 != hctx->close_notify), 0)) + return mod_openssl_close_notify(hctx); while (max_bytes > 0 && !chunkqueue_is_empty(cq)) { char *data = local_send_buffer; @@ -2996,6 +2995,10 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) int wr; if (0 != chunkqueue_peek_data(cq, &data, &data_len, errh)) return -1; + if (__builtin_expect( (0 == data_len), 0)) { + chunkqueue_remove_finished_chunks(cq); + continue; + } /** * SSL_write man-page @@ -3009,7 +3012,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) ERR_clear_error(); wr = SSL_write(ssl, data, data_len); - if (hctx->renegotiations > 1 + if (__builtin_expect( (hctx->renegotiations > 1), 0) && hctx->conf.ssl_disable_client_renegotiation) { log_error(errh, __FILE__, __LINE__, "SSL: renegotiation initiated by client, killing connection"); @@ -3079,16 +3082,17 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) static int -connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) +connection_read_cq_ssl (connection * const con, chunkqueue * const cq, off_t max_bytes) { - handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; + handler_ctx * const hctx = con->plugin_ctx[plugin_data_singleton->id]; int len; char *mem = NULL; size_t mem_len = 0; UNUSED(max_bytes); - if (0 != hctx->close_notify) return mod_openssl_close_notify(hctx); + if (__builtin_expect( (0 != hctx->close_notify), 0)) + return mod_openssl_close_notify(hctx); ERR_clear_error(); do { diff --git a/src/mod_wolfssl.c b/src/mod_wolfssl.c index 815b9330..40785491 100644 --- a/src/mod_wolfssl.c +++ b/src/mod_wolfssl.c @@ -2738,15 +2738,14 @@ mod_openssl_close_notify(handler_ctx *hctx); static int -connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) +connection_write_cq_ssl (connection * const con, chunkqueue * const cq, off_t max_bytes) { - handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; - SSL *ssl = hctx->ssl; + handler_ctx * const hctx = con->plugin_ctx[plugin_data_singleton->id]; + SSL * const ssl = hctx->ssl; log_error_st * const errh = hctx->errh; - if (0 != hctx->close_notify) return mod_openssl_close_notify(hctx); - - chunkqueue_remove_finished_chunks(cq); + if (__builtin_expect( (0 != hctx->close_notify), 0)) + return mod_openssl_close_notify(hctx); while (max_bytes > 0 && !chunkqueue_is_empty(cq)) { char *data = local_send_buffer; @@ -2756,6 +2755,10 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) int wr; if (0 != chunkqueue_peek_data(cq, &data, &data_len, errh)) return -1; + if (__builtin_expect( (0 == data_len), 0)) { + chunkqueue_remove_finished_chunks(cq); + continue; + } /** * SSL_write man-page @@ -2769,7 +2772,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) ERR_clear_error(); wr = SSL_write(ssl, data, data_len); - if (hctx->renegotiations > 1 + if (__builtin_expect( (hctx->renegotiations > 1), 0) && hctx->conf.ssl_disable_client_renegotiation) { log_error(errh, __FILE__, __LINE__, "SSL: renegotiation initiated by client, killing connection"); @@ -2839,16 +2842,17 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) static int -connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes) +connection_read_cq_ssl (connection * const con, chunkqueue * const cq, off_t max_bytes) { - handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; + handler_ctx * const hctx = con->plugin_ctx[plugin_data_singleton->id]; int len; char *mem = NULL; size_t mem_len = 0; UNUSED(max_bytes); - if (0 != hctx->close_notify) return mod_openssl_close_notify(hctx); + if (__builtin_expect( (0 != hctx->close_notify), 0)) + return mod_openssl_close_notify(hctx); ERR_clear_error(); do {