SERVER-95708 Fix infinite loop during TLS operation (#28017) (#28081)

GitOrigin-RevId: 60cb06318d01ecbe42f6b849ee1979ae881a6cb8

Author: samanca

src/third_party/asio-master/asio/include/asio/ssl/detail/impl/engine.ipp

@@ -240,14 +240,23 @@ engine::want engine::perform(int (engine::* op)(void*, std::size_t),
   {
     ec = asio::error_code(sys_error,
         asio::error::get_ssl_category());
-    return want_nothing;
+    return pending_output_after > pending_output_before
+      ? want_output : want_nothing;
   }
 
   if (ssl_error == SSL_ERROR_SYSCALL)
   {
-    ec = asio::error_code(sys_error,
-        asio::error::get_system_category());
-    return want_nothing;
+    if (sys_error == 0)
+    {
+      ec = asio::ssl::error::unspecified_system_error;
+    }
+    else
+    {
+      ec = asio::error_code(sys_error,
+          asio::error::get_ssl_category());
+    }
+    return pending_output_after > pending_output_before
+      ? want_output : want_nothing;
   }
 
   if (result > 0 && bytes_transferred)
@@ -268,16 +277,21 @@ engine::want engine::perform(int (engine::* op)(void*, std::size_t),
     ec = asio::error_code();
     return want_input_and_retry;
   }
-  else if (::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN)
+  else if (ssl_error == SSL_ERROR_ZERO_RETURN)
   {
     ec = asio::error::eof;
     return want_nothing;
   }
-  else
+  else if (ssl_error == SSL_ERROR_NONE)
   {
     ec = asio::error_code();
     return want_nothing;
   }
+  else
+  {
+    ec = asio::ssl::error::unexpected_result;
+    return want_nothing;
+  }
 }
 
 int engine::do_accept(void*, std::size_t)

src/third_party/asio-master/asio/include/asio/ssl/error.hpp

@@ -44,12 +44,24 @@ enum stream_errors
 {
 #if defined(GENERATING_DOCUMENTATION)
   /// The underlying stream closed before the ssl stream gracefully shut down.
-  stream_truncated
-#elif (OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_IS_BORINGSSL)
-  stream_truncated = ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ)
-#else
-  stream_truncated = 1
-#endif
+  stream_truncated,
+
+  /// The underlying SSL library returned a system error without providing
+  /// further information.
+  unspecified_system_error,
+
+  /// The underlying SSL library generated an unexpected result from a function
+  /// call.
+  unexpected_result
+#else // defined(GENERATING_DOCUMENTATION)
+# if (OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_IS_BORINGSSL)
+  stream_truncated = ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ),
+# else
+  stream_truncated = 1,
+# endif
+  unspecified_system_error = 2,
+  unexpected_result = 3
+#endif // defined(GENERATING_DOCUMENTATION)
 };
 
 extern ASIO_DECL

src/third_party/asio-master/asio/include/asio/ssl/impl/error.ipp

@@ -76,6 +76,8 @@ public:
     switch (value)
     {
     case stream_truncated: return "stream truncated";
+    case unspecified_system_error: return "unspecified system error";
+    case unexpected_result: return "unexpected result";
     default: return "asio.ssl.stream error";
     }
   }

src/third_party/asio-master/patches/0007-MONGO-Fix-infinite-loop-during-TLS-operation.patch

@@ -0,0 +1,118 @@
+From e7765e5647ee29d21ec0ea0ccc0c8320190e0695 Mon Sep 17 00:00:00 2001
+From: Amirsaman Memaripour <amirsaman.memaripour@mongodb.com>
+Date: Fri, 11 Oct 2024 17:37:49 +0000
+Subject: [PATCH] MONGO: Fix infinite loop during TLS operation
+
+---
+ .../include/asio/ssl/detail/impl/engine.ipp   | 26 ++++++++++++++-----
+ .../asio/include/asio/ssl/error.hpp           | 24 ++++++++++++-----
+ .../asio/include/asio/ssl/impl/error.ipp      |  2 ++
+ 3 files changed, 40 insertions(+), 12 deletions(-)
+
+diff --git a/src/third_party/asio-master/asio/include/asio/ssl/detail/impl/engine.ipp b/src/third_party/asio-master/asio/include/asio/ssl/detail/impl/engine.ipp
+index e60e8d6f88e..315bb287043 100644
+--- a/src/third_party/asio-master/asio/include/asio/ssl/detail/impl/engine.ipp
++++ b/src/third_party/asio-master/asio/include/asio/ssl/detail/impl/engine.ipp
+@@ -240,14 +240,23 @@ engine::want engine::perform(int (engine::* op)(void*, std::size_t),
+   {
+     ec = asio::error_code(sys_error,
+         asio::error::get_ssl_category());
+-    return want_nothing;
++    return pending_output_after > pending_output_before
++      ? want_output : want_nothing;
+   }
+ 
+   if (ssl_error == SSL_ERROR_SYSCALL)
+   {
+-    ec = asio::error_code(sys_error,
+-        asio::error::get_system_category());
+-    return want_nothing;
++    if (sys_error == 0)
++    {
++      ec = asio::ssl::error::unspecified_system_error;
++    }
++    else
++    {
++      ec = asio::error_code(sys_error,
++          asio::error::get_ssl_category());
++    }
++    return pending_output_after > pending_output_before
++      ? want_output : want_nothing;
+   }
+ 
+   if (result > 0 && bytes_transferred)
+@@ -268,16 +277,21 @@ engine::want engine::perform(int (engine::* op)(void*, std::size_t),
+     ec = asio::error_code();
+     return want_input_and_retry;
+   }
+-  else if (::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN)
++  else if (ssl_error == SSL_ERROR_ZERO_RETURN)
+   {
+     ec = asio::error::eof;
+     return want_nothing;
+   }
+-  else
++  else if (ssl_error == SSL_ERROR_NONE)
+   {
+     ec = asio::error_code();
+     return want_nothing;
+   }
++  else
++  {
++    ec = asio::ssl::error::unexpected_result;
++    return want_nothing;
++  }
+ }
+ 
+ int engine::do_accept(void*, std::size_t)
+diff --git a/src/third_party/asio-master/asio/include/asio/ssl/error.hpp b/src/third_party/asio-master/asio/include/asio/ssl/error.hpp
+index 6165c5cf764..9cbf7d7fae8 100644
+--- a/src/third_party/asio-master/asio/include/asio/ssl/error.hpp
++++ b/src/third_party/asio-master/asio/include/asio/ssl/error.hpp
+@@ -44,12 +44,24 @@ enum stream_errors
+ {
+ #if defined(GENERATING_DOCUMENTATION)
+   /// The underlying stream closed before the ssl stream gracefully shut down.
+-  stream_truncated
+-#elif (OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_IS_BORINGSSL)
+-  stream_truncated = ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ)
+-#else
+-  stream_truncated = 1
+-#endif
++  stream_truncated,
++
++  /// The underlying SSL library returned a system error without providing
++  /// further information.
++  unspecified_system_error,
++
++  /// The underlying SSL library generated an unexpected result from a function
++  /// call.
++  unexpected_result
++#else // defined(GENERATING_DOCUMENTATION)
++# if (OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_IS_BORINGSSL)
++  stream_truncated = ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ),
++# else
++  stream_truncated = 1,
++# endif
++  unspecified_system_error = 2,
++  unexpected_result = 3
++#endif // defined(GENERATING_DOCUMENTATION)
+ };
+ 
+ extern ASIO_DECL
+diff --git a/src/third_party/asio-master/asio/include/asio/ssl/impl/error.ipp b/src/third_party/asio-master/asio/include/asio/ssl/impl/error.ipp
+index 98e8c91b43b..01ab34e0655 100644
+--- a/src/third_party/asio-master/asio/include/asio/ssl/impl/error.ipp
++++ b/src/third_party/asio-master/asio/include/asio/ssl/impl/error.ipp
+@@ -76,6 +76,8 @@ public:
+     switch (value)
+     {
+     case stream_truncated: return "stream truncated";
++    case unspecified_system_error: return "unspecified system error";
++    case unexpected_result: return "unexpected result";
+     default: return "asio.ssl.stream error";
+     }
+   }
+-- 
+2.34.1
+