kimcinoo
/
efl
forked from enlightenment/efl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

implement ssl rehandshakes 

convert bool variable to bool
fix bug where ssl read/write could improperly result in disconnect


SVN revision: 52710
This commit is contained in:
Mike Blumenkrantz 2010-09-25 03:02:10 +00:00
parent 8ea3bbdd2e
commit 0d535058a9
2 changed files with 99 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
legacy/ecore/src/lib/ecore_con/ecore_con.c
View File

@ -1796,17 +1796,20 @@ _ecore_con_cl_read(Ecore_Con_Server *svr)
for (tries = 0; tries < 16; tries++)
{
int num;
int lost_server = 1;
Eina_Bool lost_server = EINA_TRUE;
unsigned char buf[READBUFSIZ];
if (svr->handshaking && (!ecore_con_ssl_server_init(svr)))
lost_server = EINA_FALSE;
if (!(svr->type & ECORE_CON_SSL))
{
num = read(svr->fd, buf, READBUFSIZ);
if ((num < 0) && (errno == EAGAIN))
lost_server = 0;
lost_server = EINA_FALSE;
}
else if (!(num = ecore_con_ssl_server_read(svr, buf, READBUFSIZ)))
lost_server = 0;
lost_server = EINA_FALSE;
if (num < 1)
{
@ -2121,6 +2124,9 @@ _ecore_con_svr_cl_read(Ecore_Con_Client *cl)
errno = 0;
if (cl->handshaking && (!ecore_con_ssl_client_init(cl)))
lost_client = EINA_FALSE;
if (!(cl->host_server->type & ECORE_CON_SSL))
{
if ((num = read(cl->fd, buf, READBUFSIZ)) <= 0)
@ -2259,19 +2265,17 @@ _ecore_con_server_flush(Ecore_Con_Server *svr)
num = svr->write_buf_size - svr->write_buf_offset;
if (!(svr->type & ECORE_CON_SSL))
count = write(
svr->fd, svr->write_buf + svr->write_buf_offset, num);
else
count = ecore_con_ssl_server_write(
svr, svr->write_buf + svr->write_buf_offset, num);
if (svr->handshaking && (ecore_con_ssl_server_init(svr)))
return _ecore_con_server_kill(svr);
if (count < 1)
{
if (!(svr->type & ECORE_CON_SSL))
count = write(svr->fd, svr->write_buf + svr->write_buf_offset, num);
else
count = ecore_con_ssl_server_write(svr, svr->write_buf + svr->write_buf_offset, num);
if (count < 0)
/* we lost our server! */
_ecore_con_server_kill(svr);
return;
}
return _ecore_con_server_kill(svr);
svr->write_buf_offset += count;
if (svr->write_buf_offset >= svr->write_buf_size)
@ -2281,27 +2285,31 @@ _ecore_con_server_flush(Ecore_Con_Server *svr)
free(svr->write_buf);
svr->write_buf = NULL;
if (svr->fd_handler)
ecore_main_fd_handler_active_set(svr->fd_handler,
ECORE_FD_READ);
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_READ);
}
}
static void
_ecore_con_client_flush(Ecore_Con_Client *cl)
{
int count, num;
int num, count = 0;
if (!cl->buf)
return;
num = cl->buf_size - cl->buf_offset;
if (!(cl->host_server->type & ECORE_CON_SSL))
count = write(
cl->fd, cl->buf + cl->buf_offset, num);
else
count = ecore_con_ssl_client_write(cl, cl->buf + cl->buf_offset, num);
if (cl->handshaking && (ecore_con_ssl_client_init(cl)))
count = -1;
if (count < 1)
if (!count)
{
num = cl->buf_size - cl->buf_offset;
if (!(cl->host_server->type & ECORE_CON_SSL))
count = write(cl->fd, cl->buf + cl->buf_offset, num);
else
count = ecore_con_ssl_client_write(cl, cl->buf + cl->buf_offset, num);
}
if (count < 0)
{
if ((errno == EIO) || (errno == EBADF) || (errno == EPIPE) ||
(errno == EINVAL) || (errno == ENOSPC) || (errno == ECONNREFUSED))

89
legacy/ecore/src/lib/ecore_con/ecore_con_ssl.c
View File

@ -439,7 +439,7 @@ _ecore_con_ssl_server_init_gnutls(Ecore_Con_Server *svr)
if (!((svr->type & ECORE_CON_SSL) & ECORE_CON_LOAD_CERT))
{
int kx[] = { GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_ANON_DH, 0 };
int cipher[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, 0 };
int cipher[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_DES_CBC, 0 };
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_cipher_set_priority(svr->session, cipher));
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_kx_set_priority(svr->session, kx));
}
@ -579,13 +579,25 @@ _ecore_con_ssl_server_read_gnutls(Ecore_Con_Server *svr, unsigned char *buf,
{
int num;
if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
{
if (!ecore_con_ssl_server_init_gnutls(svr))
return 0;
return -1;
}
num = gnutls_record_recv(svr->session, buf, size);
if (num > 0)
return num;
if ((num == GNUTLS_E_AGAIN) ||
(num == GNUTLS_E_REHANDSHAKE) ||
(num == GNUTLS_E_INTERRUPTED))
if (num == GNUTLS_E_REHANDSHAKE)
{
svr->handshaking = EINA_TRUE;
svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
if (!_ecore_con_ssl_server_init_gnutls(svr))
return 0;
}
else if ((num == GNUTLS_E_AGAIN) || (num == GNUTLS_E_INTERRUPTED))
return 0;
return -1;
@ -597,13 +609,26 @@ _ecore_con_ssl_server_write_gnutls(Ecore_Con_Server *svr, unsigned char *buf,
{
int num;
if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
{
if (!_ecore_con_ssl_server_init_gnutls(svr))
return 0;
return -1;
}
num = gnutls_record_send(svr->session, buf, size);
if (num > 0)
return num;
if ((num == GNUTLS_E_AGAIN) ||
(num == GNUTLS_E_REHANDSHAKE) ||
(num == GNUTLS_E_INTERRUPTED))
if (num == GNUTLS_E_REHANDSHAKE)
{
svr->handshaking = EINA_TRUE;
svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
if (!_ecore_con_ssl_server_init_gnutls(svr))
return 0;
}
else if ((num == GNUTLS_E_AGAIN) || (num == GNUTLS_E_INTERRUPTED))
return 0;
return -1;
@ -795,13 +820,25 @@ _ecore_con_ssl_client_read_gnutls(Ecore_Con_Client *cl, unsigned char *buf,
{
int num;
if (cl->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
{
if (!_ecore_con_ssl_client_init_gnutls(cl))
return 0;
return -1;
}
num = gnutls_record_recv(cl->session, buf, size);
if (num > 0)
return num;
if ((num == GNUTLS_E_AGAIN) ||
(num == GNUTLS_E_REHANDSHAKE) ||
(num == GNUTLS_E_INTERRUPTED))
if (num == GNUTLS_E_REHANDSHAKE)
{
cl->handshaking = EINA_TRUE;
cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
if (!_ecore_con_ssl_client_init_gnutls(cl))
return 0;
}
else if ((num == GNUTLS_E_AGAIN) || (num == GNUTLS_E_INTERRUPTED))
return 0;
return -1;
@ -813,13 +850,26 @@ _ecore_con_ssl_client_write_gnutls(Ecore_Con_Client *cl, unsigned char *buf,
{
int num;
if (cl->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING)
{
if (!_ecore_con_ssl_client_init_gnutls(cl))
return 0;
return -1;
}
num = gnutls_record_send(cl->session, buf, size);
if (num > 0)
return num;
if ((num == GNUTLS_E_AGAIN) ||
(num == GNUTLS_E_REHANDSHAKE) ||
(num == GNUTLS_E_INTERRUPTED))
if (num == GNUTLS_E_REHANDSHAKE)
{
cl->handshaking = EINA_TRUE;
cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING;
if (!_ecore_con_ssl_client_init_gnutls(cl))
return 0;
}
else if ((num == GNUTLS_E_AGAIN) || (num == GNUTLS_E_INTERRUPTED))
return 0;
return -1;
@ -1105,15 +1155,10 @@ _ecore_con_ssl_server_read_openssl(Ecore_Con_Server *svr, unsigned char *buf,
if (svr->fd_handler)
{
if (svr->ssl && svr->ssl_err ==
SSL_ERROR_WANT_READ)
ecore_main_fd_handler_active_set(svr->fd_handler,
ECORE_FD_READ);
else if (svr->ssl && svr->ssl_err ==
SSL_ERROR_WANT_WRITE)
ecore_main_fd_handler_active_set(
svr->fd_handler,
ECORE_FD_WRITE);
if (svr->ssl && svr->ssl_err == SSL_ERROR_WANT_READ)
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_READ);
else if (svr->ssl && svr->ssl_err == SSL_ERROR_WANT_WRITE)
ecore_main_fd_handler_active_set(svr->fd_handler, ECORE_FD_WRITE);
}
if ((svr->ssl_err == SSL_ERROR_ZERO_RETURN) ||