Overview
Comment: | Add OpenSSL support for OFTLSStream |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
c9b6dcad9e3c587956d2320cf6784d63 |
User & Date: | js on 2022-01-29 12:38:28 |
Other Links: | manifest | tags |
Context
2022-01-29
| ||
13:03 | GitHub Actions: Fix OpenSSL dependency check-in: 6c175e757a user: js tags: trunk | |
12:38 | Add OpenSSL support for OFTLSStream check-in: c9b6dcad9e user: js tags: trunk | |
2022-01-28
| ||
19:34 | Don't assume EWOULDBLOCK and EAGAIN are the same check-in: d9586ed175 user: js tags: trunk | |
Changes
Modified .github/workflows/ubuntu-18.04-gcc.yml from [5c367daef6] to [56da109a22].
︙ | ︙ | |||
15 16 17 18 19 20 21 22 23 | - --disable-threads --disable-sockets --disable-files - --disable-sockets - --disable-sockets --disable-files - --disable-files - --disable-shared - --disable-shared --enable-seluid24 - --disable-compiler-tls --disable-threads steps: - name: Install dependencies | > > | | 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | - --disable-threads --disable-sockets --disable-files - --disable-sockets - --disable-sockets --disable-files - --disable-files - --disable-shared - --disable-shared --enable-seluid24 - --disable-compiler-tls --disable-threads - --with-tls=gnutls - --with-tls=gnutls --disable-shared steps: - name: Install dependencies run: sudo apt install gobjc openssl-dev gnutls-dev - uses: actions/checkout@v2 - name: autogen.sh run: ./autogen.sh - name: configure run: ./configure OBJC="gcc" ${{ matrix.configure_flags }} - name: make run: make -j$(nproc) |
︙ | ︙ |
Modified .github/workflows/ubuntu-18.04.yml from [7e1a878af7] to [9b4c4178d8].
︙ | ︙ | |||
15 16 17 18 19 20 21 22 23 | - --disable-threads --disable-sockets --disable-files - --disable-sockets - --disable-sockets --disable-files - --disable-files - --disable-shared - --disable-shared --enable-seluid24 - --disable-compiler-tls --disable-threads steps: - name: Install dependencies | > > | | 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | - --disable-threads --disable-sockets --disable-files - --disable-sockets - --disable-sockets --disable-files - --disable-files - --disable-shared - --disable-shared --enable-seluid24 - --disable-compiler-tls --disable-threads - --with-tls=gnutls - --with-tls=gnutls --disable-shared steps: - name: Install dependencies run: sudo apt install openssl-dev gnutls-dev - uses: actions/checkout@v2 - name: autogen.sh run: ./autogen.sh - name: configure run: ./configure ${{ matrix.configure_flags }} - name: make run: make -j$(nproc) |
︙ | ︙ |
Modified .github/workflows/ubuntu-20.04-gcc.yml from [85f0f9bfd8] to [e5c6c9d359].
︙ | ︙ | |||
15 16 17 18 19 20 21 22 23 | - --disable-threads --disable-sockets --disable-files - --disable-sockets - --disable-sockets --disable-files - --disable-files - --disable-shared - --disable-shared --enable-seluid24 - --disable-compiler-tls --disable-threads steps: - name: Install dependencies | > > | | 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | - --disable-threads --disable-sockets --disable-files - --disable-sockets - --disable-sockets --disable-files - --disable-files - --disable-shared - --disable-shared --enable-seluid24 - --disable-compiler-tls --disable-threads - --with-tls=gnutls - --with-tls=gnutls --disable-shared steps: - name: Install dependencies run: sudo apt install gobjc openssl-dev gnutls-dev - uses: actions/checkout@v2 - name: autogen.sh run: ./autogen.sh - name: configure run: ./configure OBJC="gcc" ${{ matrix.configure_flags }} - name: make run: make -j$(nproc) |
︙ | ︙ |
Modified .github/workflows/ubuntu-20.04.yml from [7679270e9c] to [4fb571b8e0].
︙ | ︙ | |||
15 16 17 18 19 20 21 22 23 | - --disable-threads --disable-sockets --disable-files - --disable-sockets - --disable-sockets --disable-files - --disable-files - --disable-shared - --disable-shared --enable-seluid24 - --disable-compiler-tls --disable-threads steps: - name: Install dependencies | > > | | 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | - --disable-threads --disable-sockets --disable-files - --disable-sockets - --disable-sockets --disable-files - --disable-files - --disable-shared - --disable-shared --enable-seluid24 - --disable-compiler-tls --disable-threads - --with-tls=gnutls - --with-tls=gnutls --disable-shared steps: - name: Install dependencies run: sudo apt install openssl-dev gnutls-dev - uses: actions/checkout@v2 - name: autogen.sh run: ./autogen.sh - name: configure run: ./configure ${{ matrix.configure_flags }} - name: make run: make -j$(nproc) |
︙ | ︙ |
Modified configure.ac from [6aceb50f03] to [216e5c2184].
︙ | ︙ | |||
1540 1541 1542 1543 1544 1545 1546 | ]) ;; esac AC_ARG_WITH(tls, AS_HELP_STRING([--with-tls], [ enable TLS support using the specified library | | | 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 | ]) ;; esac AC_ARG_WITH(tls, AS_HELP_STRING([--with-tls], [ enable TLS support using the specified library (yes, openssl, gnutls, securetransport or no)])) AS_IF([test x"$with_tls" = x""], [with_tls="yes"]) tls_support="no" AS_IF([test x"$with_tls" = x"securetransport" \ -o x"$with_tls" = x"yes"], [ AC_CHECK_HEADERS(Security/SecureTransport.h, [ old_LIBS="$LIBS" |
︙ | ︙ | |||
1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 | AC_CHECK_FUNCS(SSLCreateContext) ], []) LIBS="$old_LIBS" ]) ]) AS_IF([test x"$with_tls" = x"gnutls" \ -o \( x"$with_tls" = x"yes" -a x"$tls_support" = x"no" \)], [ PKG_CHECK_MODULES(gnutls, [gnutls >= 3.5.0], [ AC_DEFINE(HAVE_GNUTLS, 1, [Whether we have GnuTLS]) tls_support="GnuTLS" | > > > > > > > > > > > > > > > > | 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 | AC_CHECK_FUNCS(SSLCreateContext) ], []) LIBS="$old_LIBS" ]) ]) AS_IF([test x"$with_tls" = x"openssl" \ -o \( x"$with_tls" = x"yes" -a x"$tls_support" = x"no" \)], [ AC_CHECK_LIB(ssl, SSL_set1_host, [ AC_CHECK_HEADER(openssl/ssl.h, [ AC_DEFINE(HAVE_OPENSSL, 1, [Whether we have OpenSSL]) tls_support="OpenSSL" TLS_LIBS="-lssl -lcrypto $TLS_LIBS" AC_SUBST(OF_OPENSSL_TLS_STREAM_M, "OFOpenSSLTLSStream.m") ]) ], [], [-lcrypto]) ]) AS_IF([test x"$with_tls" = x"gnutls" \ -o \( x"$with_tls" = x"yes" -a x"$tls_support" = x"no" \)], [ PKG_CHECK_MODULES(gnutls, [gnutls >= 3.5.0], [ AC_DEFINE(HAVE_GNUTLS, 1, [Whether we have GnuTLS]) tls_support="GnuTLS" |
︙ | ︙ | |||
1610 1611 1612 1613 1614 1615 1616 | AS_IF([test x"$build_framework" = x"yes"], [ AC_SUBST(OBJFWTLS_FRAMEWORK, "ObjFWTLS.framework") ]) ]) AS_IF([test x"$with_tls" != x"no" -a x"$tls_support" = x"no"], [ AC_MSG_ERROR(m4_normalize([ | | | | 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 | AS_IF([test x"$build_framework" = x"yes"], [ AC_SUBST(OBJFWTLS_FRAMEWORK, "ObjFWTLS.framework") ]) ]) AS_IF([test x"$with_tls" != x"no" -a x"$tls_support" = x"no"], [ AC_MSG_ERROR(m4_normalize([ No TLS implementation was found. Please install OpenSSL, GnuTLS or use --without-tls. ])) ]) AS_IF([test x"$enable_threads" != x"no"], [ AC_SUBST(OF_HTTP_CLIENT_TESTS_M, "OFHTTPClientTests.m") ]) |
︙ | ︙ |
Modified extra.mk.in from [6c0d42a079] to [8ae8820dcd].
︙ | ︙ | |||
49 50 51 52 53 54 55 56 57 58 59 60 61 62 | OFHTTP = @OFHTTP@ OFHTTP_LIBS = @OFHTTP_LIBS@ OF_BLOCK_TESTS_M = @OF_BLOCK_TESTS_M@ OF_EPOLL_KERNEL_EVENT_OBSERVER_M = @OF_EPOLL_KERNEL_EVENT_OBSERVER_M@ OF_GNUTLS_TLS_STREAM_M = @OF_GNUTLS_TLS_STREAM_M@ OF_HTTP_CLIENT_TESTS_M = @OF_HTTP_CLIENT_TESTS_M@ OF_KQUEUE_KERNEL_EVENT_OBSERVER_M = @OF_KQUEUE_KERNEL_EVENT_OBSERVER_M@ OF_POLL_KERNEL_EVENT_OBSERVER_M = @OF_POLL_KERNEL_EVENT_OBSERVER_M@ OF_SECURE_TRANSPORT_TLS_STREAM_M = @OF_SECURE_TRANSPORT_TLS_STREAM_M@ OF_SELECT_KERNEL_EVENT_OBSERVER_M = @OF_SELECT_KERNEL_EVENT_OBSERVER_M@ OF_SUBPROCESS_M = @OF_SUBPROCESS_M@ REEXPORT_RUNTIME = @REEXPORT_RUNTIME@ REEXPORT_RUNTIME_FRAMEWORK = @REEXPORT_RUNTIME_FRAMEWORK@ RUNTIME = @RUNTIME@ | > | 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 | OFHTTP = @OFHTTP@ OFHTTP_LIBS = @OFHTTP_LIBS@ OF_BLOCK_TESTS_M = @OF_BLOCK_TESTS_M@ OF_EPOLL_KERNEL_EVENT_OBSERVER_M = @OF_EPOLL_KERNEL_EVENT_OBSERVER_M@ OF_GNUTLS_TLS_STREAM_M = @OF_GNUTLS_TLS_STREAM_M@ OF_HTTP_CLIENT_TESTS_M = @OF_HTTP_CLIENT_TESTS_M@ OF_KQUEUE_KERNEL_EVENT_OBSERVER_M = @OF_KQUEUE_KERNEL_EVENT_OBSERVER_M@ OF_OPENSSL_TLS_STREAM_M = @OF_OPENSSL_TLS_STREAM_M@ OF_POLL_KERNEL_EVENT_OBSERVER_M = @OF_POLL_KERNEL_EVENT_OBSERVER_M@ OF_SECURE_TRANSPORT_TLS_STREAM_M = @OF_SECURE_TRANSPORT_TLS_STREAM_M@ OF_SELECT_KERNEL_EVENT_OBSERVER_M = @OF_SELECT_KERNEL_EVENT_OBSERVER_M@ OF_SUBPROCESS_M = @OF_SUBPROCESS_M@ REEXPORT_RUNTIME = @REEXPORT_RUNTIME@ REEXPORT_RUNTIME_FRAMEWORK = @REEXPORT_RUNTIME_FRAMEWORK@ RUNTIME = @RUNTIME@ |
︙ | ︙ |
Modified src/tls/Makefile from [10f7a323a1] to [a6c2c67827].
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | include ../../extra.mk DISTCLEAN = Info.plist SHARED_LIB = ${OBJFWTLS_SHARED_LIB} STATIC_LIB = ${OBJFWTLS_STATIC_LIB} FRAMEWORK = ${OBJFWTLS_FRAMEWORK} LIB_MAJOR = ${OBJFW_LIB_MAJOR} LIB_MINOR = ${OBJFW_LIB_MINOR} INCLUDES := ObjFWTLS.h SRCS = ${OF_GNUTLS_TLS_STREAM_M} \ ${OF_SECURE_TRANSPORT_TLS_STREAM_M} includesubdir = ObjFWTLS include ../../buildsys.mk CPPFLAGS += -I. -I.. -I../.. -I../exceptions -I../runtime ${TLS_CPPFLAGS} | > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | include ../../extra.mk DISTCLEAN = Info.plist SHARED_LIB = ${OBJFWTLS_SHARED_LIB} STATIC_LIB = ${OBJFWTLS_STATIC_LIB} FRAMEWORK = ${OBJFWTLS_FRAMEWORK} LIB_MAJOR = ${OBJFW_LIB_MAJOR} LIB_MINOR = ${OBJFW_LIB_MINOR} INCLUDES := ObjFWTLS.h SRCS = ${OF_GNUTLS_TLS_STREAM_M} \ ${OF_OPENSSL_TLS_STREAM_M} \ ${OF_SECURE_TRANSPORT_TLS_STREAM_M} includesubdir = ObjFWTLS include ../../buildsys.mk CPPFLAGS += -I. -I.. -I../.. -I../exceptions -I../runtime ${TLS_CPPFLAGS} |
︙ | ︙ |
Modified src/tls/OFGnuTLSTLSStream.m from [c3efe28992] to [02a55ce27d].
︙ | ︙ | |||
241 242 243 244 245 246 247 | if (status == GNUTLS_E_INTERRUPTED || status == GNUTLS_E_AGAIN) { if (gnutls_record_get_direction(_session) == 1) [_underlyingStream asyncWriteData: [OFData dataWithItems: "" count: 0] runLoopMode: runLoopMode]; else | | | > > < < | 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 | if (status == GNUTLS_E_INTERRUPTED || status == GNUTLS_E_AGAIN) { if (gnutls_record_get_direction(_session) == 1) [_underlyingStream asyncWriteData: [OFData dataWithItems: "" count: 0] runLoopMode: runLoopMode]; else [_underlyingStream asyncReadIntoBuffer: (void *)"" length: 0 runLoopMode: runLoopMode]; [_delegate retain]; return; } if (status == GNUTLS_E_SUCCESS) _handshakeDone = true; else /* FIXME: Map to better errors */ exception = [OFTLSHandshakeFailedException exceptionWithStream: self host: host errorCode: OFTLSStreamErrorCodeUnknown]; if ([_delegate respondsToSelector: @selector(stream:didPerformClientHandshakeWithHost:exception:)]) [_delegate stream: self didPerformClientHandshakeWithHost: host exception: exception]; } |
︙ | ︙ | |||
287 288 289 290 291 292 293 | [_underlyingStream asyncWriteData: data runLoopMode: runLoopMode]; return false; } else return true; } | | > > < < | 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 | [_underlyingStream asyncWriteData: data runLoopMode: runLoopMode]; return false; } else return true; } if (status == GNUTLS_E_SUCCESS) _handshakeDone = true; else exception = [OFTLSHandshakeFailedException exceptionWithStream: self host: _host errorCode: OFTLSStreamErrorCodeUnknown]; } if ([_delegate respondsToSelector: @selector(stream:didPerformClientHandshakeWithHost:exception:)]) [_delegate stream: self didPerformClientHandshakeWithHost: _host exception: exception]; |
︙ | ︙ | |||
323 324 325 326 327 328 329 | status == GNUTLS_E_AGAIN) { if (gnutls_record_get_direction(_session) == 1) return data; else { OFRunLoopMode runLoopMode = [OFRunLoop currentRunLoop].currentMode; [_underlyingStream | | | > > < < | 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 | status == GNUTLS_E_AGAIN) { if (gnutls_record_get_direction(_session) == 1) return data; else { OFRunLoopMode runLoopMode = [OFRunLoop currentRunLoop].currentMode; [_underlyingStream asyncReadIntoBuffer: (void *)"" length: 0 runLoopMode: runLoopMode]; return nil; } } if (status == GNUTLS_E_SUCCESS) _handshakeDone = true; else exception = [OFTLSHandshakeFailedException exceptionWithStream: self host: _host errorCode: OFTLSStreamErrorCodeUnknown]; } if ([_delegate respondsToSelector: @selector(stream:didPerformClientHandshakeWithHost:exception:)]) [_delegate stream: self didPerformClientHandshakeWithHost: _host exception: exception]; [_delegate release]; return nil; } @end |
Added src/tls/OFOpenSSLTLSStream.h version [0eefaf6836].
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | /* * Copyright (c) 2008-2021 Jonathan Schleifer <js@nil.im> * * All rights reserved. * * This file is part of ObjFW. It may be distributed under the terms of the * Q Public License 1.0, which can be found in the file LICENSE.QPL included in * the packaging of this file. * * Alternatively, it may be distributed under the terms of the GNU General * Public License, either version 2 or 3, which can be found in the file * LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this * file. */ #import "OFTLSStream.h" #include <openssl/bio.h> #include <openssl/ssl.h> OF_ASSUME_NONNULL_BEGIN #define OFOpenSSLTLSStreamBufferSize 512 @interface OFOpenSSLTLSStream: OFTLSStream <OFStreamDelegate> { bool _handshakeDone; SSL *_SSL; BIO *_readBIO, *_writeBIO; OFString *_host; char _buffer[OFOpenSSLTLSStreamBufferSize]; } @end OF_ASSUME_NONNULL_END |
Added src/tls/OFOpenSSLTLSStream.m version [57c472352b].
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 | /* * Copyright (c) 2008-2021 Jonathan Schleifer <js@nil.im> * * All rights reserved. * * This file is part of ObjFW. It may be distributed under the terms of the * Q Public License 1.0, which can be found in the file LICENSE.QPL included in * the packaging of this file. * * Alternatively, it may be distributed under the terms of the GNU General * Public License, either version 2 or 3, which can be found in the file * LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this * file. */ #include "config.h" #include <errno.h> #import "OFOpenSSLTLSStream.h" #import "OFData.h" #import "OFAlreadyConnectedException.h" #import "OFInitializationFailedException.h" #import "OFNotOpenException.h" #import "OFReadFailedException.h" #import "OFTLSHandshakeFailedException.h" #import "OFWriteFailedException.h" #define bufferSize OFOpenSSLTLSStreamBufferSize int _ObjFWTLS_reference; static SSL_CTX *clientContext; @implementation OFOpenSSLTLSStream + (void)load { if (OFTLSStreamImplementation == Nil) OFTLSStreamImplementation = self; } + (void)initialize { if (self != [OFOpenSSLTLSStream class]) return; SSL_load_error_strings(); SSL_library_init(); if ((clientContext = SSL_CTX_new(TLS_client_method())) == NULL || SSL_CTX_set_default_verify_paths(clientContext) != 1) @throw [OFInitializationFailedException exceptionWithClass: self]; } - (instancetype)initWithStream: (OFStream <OFReadyForReadingObserving, OFReadyForWritingObserving> *)stream { self = [super initWithStream: stream]; @try { _underlyingStream.delegate = self; /* * Buffer writes so that nothing gets lost if we write more * than the underlying stream can write. */ _underlyingStream.buffersWrites = true; } @catch (id e) { [self release]; @throw e; } return self; } - (void)dealloc { if (_SSL != NULL) [self close]; [_host release]; [super dealloc]; } - (void)close { if (_SSL == NULL) @throw [OFNotOpenException exceptionWithObject: self]; if (_handshakeDone) SSL_shutdown(_SSL); SSL_free(_SSL); _SSL = NULL; [_host release]; _host = nil; [super close]; } - (size_t)lowlevelReadIntoBuffer: (void *)buffer length: (size_t)length { int ret; size_t bytesRead; if (!_handshakeDone) @throw [OFNotOpenException exceptionWithObject: self]; if (BIO_ctrl_pending(_readBIO) < 1) { @try { size_t tmp = [_underlyingStream readIntoBuffer: _buffer length: bufferSize]; OFEnsure(tmp <= INT_MAX); /* Writing to a memory BIO must never fail. */ OFEnsure(BIO_write(_readBIO, _buffer, (int)tmp) == (int)tmp); } @catch (OFReadFailedException *e) { if (e.errNo != EWOULDBLOCK && e.errNo != EAGAIN) @throw e; } } if ((ret = SSL_read_ex(_SSL, buffer, length, &bytesRead)) != 1) { /* * The underlying stream might have had data ready, but not * enough for OpenSSL to return decrypted data. This means the * caller might have observed the TLS stream for reading, got a * ready signal and read - and expects the read to succeed, not * to fail with EWOULDBLOCK, as it was signaled ready. * Therefore, return 0, as we could read 0 decrypted bytes, but * cleared the ready signal of the underlying stream. */ if (SSL_get_error(_SSL, ret) == SSL_ERROR_WANT_READ) return 0; /* FIXME: Translate error to errNo */ @throw [OFReadFailedException exceptionWithObject: self requestedLength: length errNo: 0]; } return bytesRead; } - (size_t)lowlevelWriteBuffer: (const void *)buffer length: (size_t)length { int ret; size_t bytesWritten; if (!_handshakeDone) @throw [OFNotOpenException exceptionWithObject: self]; if ((ret = SSL_write_ex(_SSL, buffer, length, &bytesWritten)) != 1) { /* FIXME: Translate error to errNo */ int errNo = 0; if (SSL_get_error(_SSL, ret) == SSL_ERROR_WANT_WRITE) return bytesWritten; @throw [OFWriteFailedException exceptionWithObject: self requestedLength: length bytesWritten: bytesWritten errNo: errNo]; } if (BIO_ctrl_pending(_writeBIO) > 0) { int tmp = BIO_read(_writeBIO, _buffer, bufferSize); OFEnsure(tmp >= 0); [_underlyingStream writeBuffer: _buffer length: tmp]; [_underlyingStream flushWriteBuffer]; } return bytesWritten; } - (bool)hasDataInReadBuffer { if (SSL_has_pending(_SSL) || BIO_ctrl_pending(_readBIO) > 0) return true; return super.hasDataInReadBuffer; } - (void)asyncPerformClientHandshakeWithHost: (OFString *)host runLoopMode: (OFRunLoopMode)runLoopMode { static const OFTLSStreamErrorCode initFailedErrorCode = OFTLSStreamErrorCodeInitializationFailed; id exception = nil; int status; if (_SSL != NULL) @throw [OFAlreadyConnectedException exceptionWithSocket: self]; if ((_readBIO = BIO_new(BIO_s_mem())) == NULL) @throw [OFTLSHandshakeFailedException exceptionWithStream: self host: host errorCode: initFailedErrorCode]; if ((_writeBIO = BIO_new(BIO_s_mem())) == NULL) { BIO_free(_readBIO); @throw [OFTLSHandshakeFailedException exceptionWithStream: self host: host errorCode: initFailedErrorCode]; } BIO_set_mem_eof_return(_readBIO, -1); BIO_set_mem_eof_return(_writeBIO, -1); if ((_SSL = SSL_new(clientContext)) == NULL) { BIO_free(_readBIO); BIO_free(_writeBIO); @throw [OFTLSHandshakeFailedException exceptionWithStream: self host: host errorCode: initFailedErrorCode]; } SSL_set_bio(_SSL, _readBIO, _writeBIO); SSL_set_connect_state(_SSL); _host = [host copy]; if (SSL_set_tlsext_host_name(_SSL, _host.UTF8String) != 1) @throw [OFTLSHandshakeFailedException exceptionWithStream: self host: host errorCode: initFailedErrorCode]; if (_verifiesCertificates) { SSL_set_verify(_SSL, SSL_VERIFY_PEER, NULL); if (SSL_set1_host(_SSL, _host.UTF8String) != 1) @throw [OFTLSHandshakeFailedException exceptionWithStream: self host: host errorCode: initFailedErrorCode]; } status = SSL_do_handshake(_SSL); if (BIO_ctrl_pending(_writeBIO) > 0) { int tmp = BIO_read(_writeBIO, _buffer, bufferSize); OFEnsure(tmp >= 0); [_underlyingStream writeBuffer: _buffer length: tmp]; [_underlyingStream flushWriteBuffer]; } if (status == 1) _handshakeDone = true; else { switch (SSL_get_error(_SSL, status)) { case SSL_ERROR_WANT_READ: [_underlyingStream asyncReadIntoBuffer: _buffer length: bufferSize runLoopMode: runLoopMode]; [_delegate retain]; return; case SSL_ERROR_WANT_WRITE: [_underlyingStream asyncWriteData: [OFData dataWithItems: "" count: 0] runLoopMode: runLoopMode]; [_delegate retain]; return; default: /* FIXME: Map to better errors */ exception = [OFTLSHandshakeFailedException exceptionWithStream: self host: host errorCode: OFTLSStreamErrorCodeUnknown]; break; } } if ([_delegate respondsToSelector: @selector(stream:didPerformClientHandshakeWithHost:exception:)]) [_delegate stream: self didPerformClientHandshakeWithHost: host exception: exception]; } - (bool)stream: (OFStream *)stream didReadIntoBuffer: (void *)buffer length: (size_t)length exception: (nullable id)exception { if (exception == nil) { static const OFTLSStreamErrorCode unknownErrorCode = OFTLSStreamErrorCodeUnknown; int status; OFData *data; OFEnsure(length <= INT_MAX); OFEnsure(BIO_write(_readBIO, buffer, (int)length) == (int)length); status = SSL_do_handshake(_SSL); if (BIO_ctrl_pending(_writeBIO) > 0) { int tmp = BIO_read(_writeBIO, buffer, bufferSize); OFEnsure(tmp >= 0); [_underlyingStream writeBuffer: _buffer length: tmp]; [_underlyingStream flushWriteBuffer]; } if (status == 1) _handshakeDone = true; else { switch (SSL_get_error(_SSL, status)) { case SSL_ERROR_WANT_READ: return true; case SSL_ERROR_WANT_WRITE: data = [OFData dataWithItems: "" count: 0]; OFRunLoopMode runLoopMode = [OFRunLoop currentRunLoop].currentMode; [_underlyingStream asyncWriteData: data runLoopMode: runLoopMode]; return false; default: exception = [OFTLSHandshakeFailedException exceptionWithStream: self host: _host errorCode: unknownErrorCode]; break; } } } if ([_delegate respondsToSelector: @selector(stream:didPerformClientHandshakeWithHost:exception:)]) [_delegate stream: self didPerformClientHandshakeWithHost: _host exception: exception]; [_delegate release]; return false; } - (OFData *)stream: (OFStream *)stream didWriteData: (OFData *)data bytesWritten: (size_t)bytesWritten exception: (id)exception { if (exception == nil) { static const OFTLSStreamErrorCode unknownErrorCode = OFTLSStreamErrorCodeUnknown; int status; OFRunLoopMode runLoopMode; if (BIO_ctrl_pending(_writeBIO) > 0) { int tmp = BIO_read(_writeBIO, _buffer, bufferSize); OFEnsure(tmp >= 0); [_underlyingStream writeBuffer: _buffer length: tmp]; [_underlyingStream flushWriteBuffer]; } status = SSL_do_handshake(_SSL); if (BIO_ctrl_pending(_writeBIO) > 0) { int tmp = BIO_read(_writeBIO, _buffer, bufferSize); OFEnsure(tmp >= 0); [_underlyingStream writeBuffer: _buffer length: tmp]; [_underlyingStream flushWriteBuffer]; } if (status == 1) _handshakeDone = true; else { switch (SSL_get_error(_SSL, status)) { case SSL_ERROR_WANT_READ: runLoopMode = [OFRunLoop currentRunLoop].currentMode; [_underlyingStream asyncReadIntoBuffer: _buffer length: bufferSize runLoopMode: runLoopMode]; return nil; case SSL_ERROR_WANT_WRITE: return data; default: exception = [OFTLSHandshakeFailedException exceptionWithStream: self host: _host errorCode: unknownErrorCode]; break; } } } if ([_delegate respondsToSelector: @selector(stream:didPerformClientHandshakeWithHost:exception:)]) [_delegate stream: self didPerformClientHandshakeWithHost: _host exception: exception]; [_delegate release]; return nil; } @end |