1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
-
+
-
+
|
/*
* Copyright (c) 2008-2022 Jonathan Schleifer <js@nil.im>
* Copyright (c) 2008-2024 Jonathan Schleifer <js@nil.im>
*
* All rights reserved.
*
* This file is part of ObjFW. It may be distributed under the terms of the
* Q Public License 1.0, which can be found in the file LICENSE.QPL included in
* the packaging of this file.
*
* Alternatively, it may be distributed under the terms of the GNU General
* Public License, either version 2 or 3, which can be found in the file
* LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this
* file.
*/
#include "config.h"
#include <errno.h>
#import "OFOpenSSLTLSStream.h"
#import "OFData.h"
#import "OFAlreadyConnectedException.h"
#import "OFAlreadyOpenException.h"
#import "OFInitializationFailedException.h"
#import "OFNotOpenException.h"
#import "OFReadFailedException.h"
#import "OFTLSHandshakeFailedException.h"
#import "OFWriteFailedException.h"
#define bufferSize OFOpenSSLTLSStreamBufferSize
|
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
+
+
+
+
+
+
-
-
-
|
if (_handshakeDone)
SSL_shutdown(_SSL);
SSL_free(_SSL);
_SSL = NULL;
_handshakeDone = false;
[_host release];
_host = nil;
[super close];
}
- (size_t)lowlevelReadIntoBuffer: (void *)buffer length: (size_t)length
{
int ret;
size_t bytesRead;
if (!_handshakeDone)
@throw [OFNotOpenException exceptionWithObject: self];
if (BIO_ctrl_pending(_readBIO) < 1) {
@try {
size_t tmp = [_underlyingStream
readIntoBuffer: _buffer
length: bufferSize];
OFEnsure(tmp <= INT_MAX);
/* Writing to a memory BIO must never fail. */
OFEnsure(BIO_write(_readBIO, _buffer, (int)tmp) ==
(int)tmp);
} @catch (OFReadFailedException *e) {
if (e.errNo != EWOULDBLOCK && e.errNo != EAGAIN)
@throw e;
}
}
ret = SSL_read_ex(_SSL, buffer, length, &bytesRead);
while (BIO_ctrl_pending(_writeBIO) > 0) {
int tmp = BIO_read(_writeBIO, _buffer, bufferSize);
OFEnsure(tmp >= 0);
[_underlyingStream writeBuffer: _buffer length: tmp];
[_underlyingStream flushWriteBuffer];
}
if (ret != 1) {
/*
* The underlying stream might have had data ready, but not
* enough for OpenSSL to return decrypted data. This means the
* caller might have observed the TLS stream for reading, got a
* ready signal and read - and expects the read to succeed, not
* to fail with EWOULDBLOCK, as it was signaled ready.
* Therefore, return 0, as we could read 0 decrypted bytes, but
* cleared the ready signal of the underlying stream.
*/
if (ret == 1)
return bytesRead;
if (SSL_get_error(_SSL, ret) == SSL_ERROR_WANT_READ) {
if (BIO_ctrl_pending(_readBIO) < 1) {
@try {
size_t tmp = [_underlyingStream
readIntoBuffer: _buffer
length: bufferSize];
OFEnsure(tmp <= INT_MAX);
/* Writing to a memory BIO must never fail. */
OFEnsure(BIO_write(_readBIO, _buffer,
(int)tmp) == (int)tmp);
} @catch (OFReadFailedException *e) {
if (e.errNo == EWOULDBLOCK || e.errNo != EAGAIN)
return 0;
}
}
ret = SSL_read_ex(_SSL, buffer, length, &bytesRead);
while (BIO_ctrl_pending(_writeBIO) > 0) {
int tmp = BIO_read(_writeBIO, _buffer, bufferSize);
OFEnsure(tmp >= 0);
[_underlyingStream writeBuffer: _buffer length: tmp];
[_underlyingStream flushWriteBuffer];
}
if (ret == 1)
return bytesRead;
if (SSL_get_error(_SSL, ret) == SSL_ERROR_WANT_READ)
return 0;
/* FIXME: Translate error to errNo */
@throw [OFReadFailedException exceptionWithObject: self
requestedLength: length
errNo: 0];
}
/* FIXME: Translate error to errNo */
@throw [OFReadFailedException exceptionWithObject: self
requestedLength: length
errNo: 0];
}
return bytesRead;
}
- (size_t)lowlevelWriteBuffer: (const void *)buffer length: (size_t)length
{
int ret;
size_t bytesWritten;
|
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
|
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
|
-
+
+
+
-
+
-
-
-
+
+
+
+
-
+
|
[_underlyingStream writeBuffer: _buffer length: tmp];
[_underlyingStream flushWriteBuffer];
}
return bytesWritten;
}
- (bool)hasDataInReadBuffer
- (bool)lowlevelHasDataInReadBuffer
{
#ifdef HAVE_SSL_HAS_PENDING
return (_underlyingStream.hasDataInReadBuffer ||
if (SSL_pending(_SSL) > 0 || BIO_ctrl_pending(_readBIO) > 0)
SSL_has_pending(_SSL) || BIO_ctrl_pending(_readBIO) > 0);
return true;
return super.hasDataInReadBuffer;
#else
return (_underlyingStream.hasDataInReadBuffer ||
SSL_pending(_SSL) > 0 || BIO_ctrl_pending(_readBIO) > 0);
#endif
}
- (void)asyncPerformClientHandshakeWithHost: (OFString *)host
runLoopMode: (OFRunLoopMode)runLoopMode
{
static const OFTLSStreamErrorCode initFailedErrorCode =
OFTLSStreamErrorCodeInitializationFailed;
id exception = nil;
int status;
if (_SSL != NULL)
@throw [OFAlreadyConnectedException exceptionWithSocket: self];
@throw [OFAlreadyOpenException exceptionWithObject: self];
if ((_readBIO = BIO_new(BIO_s_mem())) == NULL)
@throw [OFTLSHandshakeFailedException
exceptionWithStream: self
host: host
errorCode: initFailedErrorCode];
|
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
|
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
|
-
+
-
-
+
|
case SSL_ERROR_WANT_READ:
[_underlyingStream asyncReadIntoBuffer: _buffer
length: bufferSize
runLoopMode: runLoopMode];
[_delegate retain];
return;
case SSL_ERROR_WANT_WRITE:
[_underlyingStream
[_underlyingStream asyncWriteData: [OFData data]
asyncWriteData: [OFData dataWithItems: "" count: 0]
runLoopMode: runLoopMode];
runLoopMode: runLoopMode];
[_delegate retain];
return;
default:
/* FIXME: Map to better errors */
exception = [OFTLSHandshakeFailedException
exceptionWithStream: self
host: host
|
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
|
315
316
317
318
319
320
321
322
323
324
325
326
327
328
|
-
|
length: (size_t)length
exception: (nullable id)exception
{
if (exception == nil) {
static const OFTLSStreamErrorCode unknownErrorCode =
OFTLSStreamErrorCodeUnknown;
int status;
OFData *data;
OFEnsure(length <= INT_MAX);
OFEnsure(BIO_write(_readBIO, buffer, (int)length) ==
(int)length);
status = SSL_do_handshake(_SSL);
|
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
|
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
|
-
+
-
-
+
|
if (status == 1)
_handshakeDone = true;
else {
switch (SSL_get_error(_SSL, status)) {
case SSL_ERROR_WANT_READ:
return true;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_WRITE:;
data = [OFData dataWithItems: "" count: 0];
OFRunLoopMode runLoopMode =
[OFRunLoop currentRunLoop].currentMode;
[_underlyingStream asyncWriteData: data
[_underlyingStream asyncWriteData: [OFData data]
runLoopMode: runLoopMode];
return false;
default:
exception = [OFTLSHandshakeFailedException
exceptionWithStream: self
host: _host
errorCode: unknownErrorCode];
|