Context Navigation

source: mod_gnutls/src/gnutls_io.c @ 694fc04

Visit:

debian/masterdebian/stretch-backportsjessie-backportsmsvaproxy-ticketupstream

Last change on this file since 694fc04 was 33826c5, checked in by Dash Shendy <neuromancer@…>, 9 years ago
mod_proxy support
Property mode set to `100644`
File size: 23.5 KB

Rev	Line
[fcb122d]	1	/**
	2	* Copyright 2004-2005 Paul Querna
[e183628]	3	* Copyright 2008 Nikos Mavrogiannopoulos
	4	* Copyright 2011 Dash Shendy
[7e2b223]	5	*
	6	* Licensed under the Apache License, Version 2.0 (the "License");
	7	* you may not use this file except in compliance with the License.
	8	* You may obtain a copy of the License at
	9	*
	10	* http://www.apache.org/licenses/LICENSE-2.0
	11	*
	12	* Unless required by applicable law or agreed to in writing, software
	13	* distributed under the License is distributed on an "AS IS" BASIS,
	14	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	15	* See the License for the specific language governing permissions and
	16	* limitations under the License.
	17	*
	18	*/
	19
	20	#include "mod_gnutls.h"
	21
	22	/**
	23	* Describe how the GnuTLS Filter system works here
[dae0aec]	24	* - Basicly the same as what mod_ssl does with OpenSSL.
	25	*
[7e2b223]	26	*/
	27
[dae0aec]	28	#define HTTP_ON_HTTPS_PORT \
	29	"GET /" CRLF
[7e2b223]	30
[dae0aec]	31	#define HTTP_ON_HTTPS_PORT_BUCKET(alloc) \
	32	apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \
	33	sizeof(HTTP_ON_HTTPS_PORT) - 1, \
	34	alloc)
[7e2b223]	35
[dae0aec]	36	static apr_status_t gnutls_io_filter_error(ap_filter_t * f,
[e183628]	37	apr_bucket_brigade * bb,
	38	apr_status_t status) {
	39	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
	40	apr_bucket *bucket;
	41
	42	switch (status) {
	43	case HTTP_BAD_REQUEST:
	44	/* log the situation */
	45	ap_log_error(APLOG_MARK, APLOG_INFO, 0,
	46	f->c->base_server,
	47	"GnuTLS handshake failed: HTTP spoken on HTTPS port; "
	48	"trying to send HTML error page");
	49
	50	ctxt->status = -1;
[33826c5]	51	ctxt->non_ssl_request = 1;
[e183628]	52
	53	/* fake the request line */
	54	bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
	55	break;
	56
	57	default:
	58	return status;
	59	}
	60
	61	APR_BRIGADE_INSERT_TAIL(bb, bucket);
	62	bucket = apr_bucket_eos_create(f->c->bucket_alloc);
	63	APR_BRIGADE_INSERT_TAIL(bb, bucket);
	64
	65	return APR_SUCCESS;
[dae0aec]	66	}
[7e2b223]	67
[e183628]	68	static int char_buffer_read(mgs_char_buffer_t * buffer, char *in, int inl) {
	69	if (!buffer->length) {
	70	return 0;
	71	}
	72
	73	if (buffer->length > inl) {
	74	/* we have have enough to fill the caller's buffer */
	75	memmove(in, buffer->value, inl);
	76	buffer->value += inl;
	77	buffer->length -= inl;
	78	} else {
	79	/* swallow remainder of the buffer */
	80	memmove(in, buffer->value, buffer->length);
	81	inl = buffer->length;
	82	buffer->value = NULL;
	83	buffer->length = 0;
	84	}
	85
	86	return inl;
[dae0aec]	87	}
	88
[e183628]	89	static int char_buffer_write(mgs_char_buffer_t * buffer, char *in, int inl) {
	90	buffer->value = in;
	91	buffer->length = inl;
	92	return inl;
[7e2b223]	93	}
	94
	95	/**
	96	* From mod_ssl / ssl_engine_io.c
	97	* This function will read from a brigade and discard the read buckets as it
	98	* proceeds. It will read at most *len bytes.
	99	*/
	100	static apr_status_t brigade_consume(apr_bucket_brigade * bb,
[e183628]	101	apr_read_type_e block,
	102	char c, apr_size_t len) {
	103	apr_size_t actual = 0;
	104	apr_status_t status = APR_SUCCESS;
	105
	106	while (!APR_BRIGADE_EMPTY(bb)) {
	107	apr_bucket *b = APR_BRIGADE_FIRST(bb);
	108	const char *str;
	109	apr_size_t str_len;
	110	apr_size_t consume;
	111
	112	/* Justin points out this is an http-ism that might
	113	* not fit if brigade_consume is added to APR. Perhaps
	114	* apr_bucket_read(eos_bucket) should return APR_EOF?
	115	* Then this becomes mainline instead of a one-off.
	116	*/
	117	if (APR_BUCKET_IS_EOS(b)) {
	118	status = APR_EOF;
	119	break;
	120	}
	121
	122	/* The reason I'm not offering brigade_consume yet
	123	* across to apr-util is that the following call
	124	* illustrates how borked that API really is. For
	125	* this sort of case (caller provided buffer) it
	126	* would be much more trivial for apr_bucket_consume
	127	* to do all the work that follows, based on the
	128	* particular characteristics of the bucket we are
	129	* consuming here.
	130	*/
	131	status = apr_bucket_read(b, &str, &str_len, block);
	132
	133	if (status != APR_SUCCESS) {
	134	if (APR_STATUS_IS_EOF(status)) {
	135	/* This stream bucket was consumed */
	136	apr_bucket_delete(b);
	137	continue;
	138	}
	139	break;
	140	}
	141
	142	if (str_len > 0) {
	143	/* Do not block once some data has been consumed */
	144	block = APR_NONBLOCK_READ;
	145
	146	/* Assure we don't overflow. */
	147	consume =
	148	(str_len + actual >
	149	len) ? len - actual : str_len;
	150
	151	memcpy(c, str, consume);
	152
	153	c += consume;
	154	actual += consume;
	155
	156	if (consume >= b->length) {
	157	/* This physical bucket was consumed */
	158	apr_bucket_delete(b);
	159	} else {
	160	/* Only part of this physical bucket was consumed */
	161	b->start += consume;
	162	b->length -= consume;
	163	}
	164	} else if (b->length == 0) {
	165	apr_bucket_delete(b);
	166	}
[7e2b223]	167
[e183628]	168	/* This could probably be actual == *len, but be safe from stray
	169	* photons. */
	170	if (actual >= *len) {
	171	break;
	172	}
	173	}
	174
	175	*len = actual;
	176	return status;
	177	}
[7e2b223]	178
[c301152]	179	static apr_status_t gnutls_io_input_read(mgs_handle_t * ctxt,
[e183628]	180	char buf, apr_size_t len) {
	181	apr_size_t wanted = *len;
	182	apr_size_t bytes = 0;
	183	int rc;
	184
	185	*len = 0;
	186
	187	/* If we have something leftover from last time, try that first. */
	188	if ((bytes = char_buffer_read(&ctxt->input_cbuf, buf, wanted))) {
	189	*len = bytes;
	190	if (ctxt->input_mode == AP_MODE_SPECULATIVE) {
	191	/* We want to rollback this read. */
	192	if (ctxt->input_cbuf.length > 0) {
	193	ctxt->input_cbuf.value -= bytes;
	194	ctxt->input_cbuf.length += bytes;
	195	} else {
	196	char_buffer_write(&ctxt->input_cbuf, buf,
	197	(int) bytes);
	198	}
	199	return APR_SUCCESS;
	200	}
	201	/* This could probably be *len == wanted, but be safe from stray
	202	* photons.
	203	*/
	204	if (*len >= wanted) {
	205	return APR_SUCCESS;
	206	}
	207	if (ctxt->input_mode == AP_MODE_GETLINE) {
	208	if (memchr(buf, APR_ASCII_LF, *len)) {
	209	return APR_SUCCESS;
	210	}
	211	} else {
	212	/* Down to a nonblock pattern as we have some data already
	213	*/
	214	ctxt->input_block = APR_NONBLOCK_READ;
	215	}
	216	}
	217
	218	if (ctxt->session == NULL) {
	219	return APR_EGENERAL;
	220	}
	221
	222	while (1) {
	223
	224	rc = gnutls_record_recv(ctxt->session, buf + bytes,
	225	wanted - bytes);
	226
	227	if (rc > 0) {
	228	*len += rc;
	229	if (ctxt->input_mode == AP_MODE_SPECULATIVE) {
	230	/* We want to rollback this read. */
	231	char_buffer_write(&ctxt->input_cbuf, buf,
	232	rc);
	233	}
	234	return ctxt->input_rc;
	235	} else if (rc == 0) {
	236	/* If EAGAIN, we will loop given a blocking read,
	237	* otherwise consider ourselves at EOF.
	238	*/
	239	if (APR_STATUS_IS_EAGAIN(ctxt->input_rc)
	240	\|\| APR_STATUS_IS_EINTR(ctxt->input_rc)) {
	241	/* Already read something, return APR_SUCCESS instead.
	242	* On win32 in particular, but perhaps on other kernels,
	243	* a blocking call isn't 'always' blocking.
	244	*/
	245	if (*len > 0) {
	246	ctxt->input_rc = APR_SUCCESS;
	247	break;
	248	}
	249	if (ctxt->input_block == APR_NONBLOCK_READ) {
	250	break;
	251	}
	252	} else {
	253	if (*len > 0) {
	254	ctxt->input_rc = APR_SUCCESS;
	255	} else {
	256	ctxt->input_rc = APR_EOF;
	257	}
	258	break;
	259	}
	260	} else { /* (rc < 0) */
	261
	262	if (rc == GNUTLS_E_REHANDSHAKE) {
	263	/* A client has asked for a new Hankshake. Currently, we don't do it */
	264	ap_log_error(APLOG_MARK, APLOG_INFO,
	265	ctxt->input_rc,
	266	ctxt->c->base_server,
	267	"GnuTLS: Error reading data. Client Requested a New Handshake."
	268	" (%d) '%s'", rc,
	269	gnutls_strerror(rc));
	270	} else if (rc == GNUTLS_E_WARNING_ALERT_RECEIVED) {
	271	rc = gnutls_alert_get(ctxt->session);
	272	ap_log_error(APLOG_MARK, APLOG_INFO,
	273	ctxt->input_rc,
	274	ctxt->c->base_server,
	275	"GnuTLS: Warning Alert From Client: "
	276	" (%d) '%s'", rc,
	277	gnutls_alert_get_name(rc));
	278	} else if (rc == GNUTLS_E_FATAL_ALERT_RECEIVED) {
	279	rc = gnutls_alert_get(ctxt->session);
	280	ap_log_error(APLOG_MARK, APLOG_INFO,
	281	ctxt->input_rc,
	282	ctxt->c->base_server,
	283	"GnuTLS: Fatal Alert From Client: "
	284	"(%d) '%s'", rc,
	285	gnutls_alert_get_name(rc));
	286	ctxt->input_rc = APR_EGENERAL;
	287	break;
	288	} else {
	289	/* Some Other Error. Report it. Die. */
	290	if (gnutls_error_is_fatal(rc)) {
	291	ap_log_error(APLOG_MARK,
	292	APLOG_INFO,
	293	ctxt->input_rc,
	294	ctxt->c->base_server,
	295	"GnuTLS: Error reading data. (%d) '%s'",
	296	rc,
	297	gnutls_strerror(rc));
	298	} else if (*len > 0) {
	299	ctxt->input_rc = APR_SUCCESS;
	300	break;
	301	}
	302	}
	303
	304	if (ctxt->input_rc == APR_SUCCESS) {
	305	ctxt->input_rc = APR_EGENERAL;
	306	}
	307	break;
	308	}
	309	}
	310	return ctxt->input_rc;
[dae0aec]	311	}
	312
[c301152]	313	static apr_status_t gnutls_io_input_getline(mgs_handle_t * ctxt,
[e183628]	314	char buf, apr_size_t len) {
	315	const char *pos = NULL;
	316	apr_status_t status;
	317	apr_size_t tmplen = len, buflen = len, offset = 0;
[dae0aec]	318
[e183628]	319	*len = 0;
[dae0aec]	320
[e183628]	321	while (tmplen > 0) {
	322	status = gnutls_io_input_read(ctxt, buf + offset, &tmplen);
[dae0aec]	323
[e183628]	324	if (status != APR_SUCCESS) {
	325	return status;
	326	}
[dae0aec]	327
[e183628]	328	*len += tmplen;
[dae0aec]	329
[e183628]	330	if ((pos = memchr(buf, APR_ASCII_LF, *len))) {
	331	break;
	332	}
[dae0aec]	333
[e183628]	334	offset += tmplen;
	335	tmplen = buflen - offset;
	336	}
[dae0aec]	337
[e183628]	338	if (pos) {
	339	char *value;
	340	int length;
	341	apr_size_t bytes = pos - buf;
[dae0aec]	342
[e183628]	343	bytes += 1;
	344	value = buf + bytes;
	345	length = *len - bytes;
[dae0aec]	346
[e183628]	347	char_buffer_write(&ctxt->input_cbuf, value, length);
[dae0aec]	348
[e183628]	349	*len = bytes;
	350	}
[dae0aec]	351
[e183628]	352	return APR_SUCCESS;
[dae0aec]	353	}
	354
[0106b25]	355	#define HANDSHAKE_MAX_TRIES 1024
[e183628]	356
	357	static int gnutls_do_handshake(mgs_handle_t * ctxt) {
	358	int ret;
	359	int errcode;
	360	int maxtries = HANDSHAKE_MAX_TRIES;
	361
	362	if (ctxt->status != 0 \|\| ctxt->session == NULL) {
	363	return -1;
	364	}
	365
	366	tryagain:
	367	do {
	368	ret = gnutls_handshake(ctxt->session);
	369	maxtries--;
	370	} while ((ret == GNUTLS_E_INTERRUPTED \|\| ret == GNUTLS_E_AGAIN)
	371	&& maxtries > 0);
	372
	373	if (maxtries < 1) {
	374	ctxt->status = -1;
[8e33f2d]	375	#if USING_2_1_RECENT
[e183628]	376	ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c,
	377	"GnuTLS: Handshake Failed. Hit Maximum Attempts");
[8e33f2d]	378	#else
[e183628]	379	ap_log_error(APLOG_MARK, APLOG_ERR, 0,
	380	ctxt->c->base_server,
	381	"GnuTLS: Handshake Failed. Hit Maximum Attempts");
[8e33f2d]	382	#endif
[e183628]	383	if (ctxt->session) {
	384	gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
	385	gnutls_error_to_alert
	386	(GNUTLS_E_INTERNAL_ERROR, NULL));
	387	gnutls_deinit(ctxt->session);
	388	}
	389	ctxt->session = NULL;
	390	return -1;
	391	}
	392
	393	if (ret < 0) {
	394	if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
	395	\|\| ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
	396	errcode = gnutls_alert_get(ctxt->session);
	397	ap_log_error(APLOG_MARK, APLOG_INFO, 0,
	398	ctxt->c->base_server,
	399	"GnuTLS: Hanshake Alert (%d) '%s'.",
	400	errcode,
	401	gnutls_alert_get_name(errcode));
	402	}
	403
	404	if (!gnutls_error_is_fatal(ret)) {
	405	ap_log_error(APLOG_MARK, APLOG_INFO, 0,
	406	ctxt->c->base_server,
	407	"GnuTLS: Non-Fatal Handshake Error: (%d) '%s'",
	408	ret, gnutls_strerror(ret));
	409	goto tryagain;
	410	}
[316bd8c]	411	#if USING_2_1_RECENT
[e183628]	412	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, ctxt->c,
	413	"GnuTLS: Handshake Failed (%d) '%s'", ret,
	414	gnutls_strerror(ret));
[316bd8c]	415	#else
[e183628]	416	ap_log_error(APLOG_MARK, APLOG_INFO, 0,
	417	ctxt->c->base_server,
	418	"GnuTLS: Handshake Failed (%d) '%s'", ret,
	419	gnutls_strerror(ret));
[316bd8c]	420	#endif
[e183628]	421	ctxt->status = -1;
	422	if (ctxt->session) {
	423	gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
	424	gnutls_error_to_alert(ret,
	425	NULL));
	426	gnutls_deinit(ctxt->session);
	427	}
	428	ctxt->session = NULL;
	429	return ret;
	430	} else {
	431	/* all done with the handshake */
	432	ctxt->status = 1;
	433	/* If the session was resumed, we did not set the correct
	434	* server_rec in ctxt->sc. Go Find it. (ick!)
	435	*/
	436	if (gnutls_session_is_resumed(ctxt->session)) {
	437	mgs_srvconf_rec *sc;
	438	sc = mgs_find_sni_server(ctxt->session);
	439	if (sc) {
	440	ctxt->sc = sc;
	441	}
	442	}
	443	return 0;
	444	}
[31645b2]	445	}
	446
[e183628]	447	int mgs_rehandshake(mgs_handle_t * ctxt) {
	448	int rv;
[e02dd8c]	449
[e183628]	450	if (ctxt->session == NULL)
	451	return -1;
[e02dd8c]	452
[e183628]	453	rv = gnutls_rehandshake(ctxt->session);
[e02dd8c]	454
[e183628]	455	if (rv != 0) {
	456	/* the client did not want to rehandshake. goodbye */
	457	ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
	458	ctxt->c->base_server,
	459	"GnuTLS: Client Refused Rehandshake request.");
	460	return -1;
	461	}
[e02dd8c]	462
[e183628]	463	ctxt->status = 0;
[e02dd8c]	464
[e183628]	465	rv = gnutls_do_handshake(ctxt);
[e02dd8c]	466
[e183628]	467	return rv;
[dae0aec]	468	}
	469
[e02dd8c]	470	apr_status_t mgs_filter_input(ap_filter_t * f,
[e183628]	471	apr_bucket_brigade * bb,
	472	ap_input_mode_t mode,
	473	apr_read_type_e block, apr_off_t readbytes) {
	474	apr_status_t status = APR_SUCCESS;
	475	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
	476	apr_size_t len = sizeof (ctxt->input_buffer);
	477
	478	if (f->c->aborted) {
	479	apr_bucket *bucket =
	480	apr_bucket_eos_create(f->c->bucket_alloc);
	481	APR_BRIGADE_INSERT_TAIL(bb, bucket);
	482	return APR_ECONNABORTED;
	483	}
	484
	485	if (ctxt->status == 0) {
	486	gnutls_do_handshake(ctxt);
	487	}
	488
	489	if (ctxt->status < 0) {
	490	return ap_get_brigade(f->next, bb, mode, block, readbytes);
	491	}
	492
	493	/* XXX: we don't currently support anything other than these modes. */
	494	if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE &&
	495	mode != AP_MODE_SPECULATIVE && mode != AP_MODE_INIT) {
	496	return APR_ENOTIMPL;
	497	}
	498
	499	ctxt->input_mode = mode;
	500	ctxt->input_block = block;
	501
	502	if (ctxt->input_mode == AP_MODE_READBYTES \|\|
	503	ctxt->input_mode == AP_MODE_SPECULATIVE) {
	504	/* Err. This is bad. readbytes can be a 64bit int! len.. is NOT */
	505	if (readbytes < len) {
	506	len = (apr_size_t) readbytes;
	507	}
	508	status =
	509	gnutls_io_input_read(ctxt, ctxt->input_buffer, &len);
	510	} else if (ctxt->input_mode == AP_MODE_GETLINE) {
	511	status =
	512	gnutls_io_input_getline(ctxt, ctxt->input_buffer,
	513	&len);
	514	} else {
	515	/* We have no idea what you are talking about, so return an error. */
	516	return APR_ENOTIMPL;
	517	}
	518
	519	if (status != APR_SUCCESS) {
	520	return gnutls_io_filter_error(f, bb, status);
	521	}
	522
	523	/* Create a transient bucket out of the decrypted data. */
	524	if (len > 0) {
	525	apr_bucket *bucket =
	526	apr_bucket_transient_create(ctxt->input_buffer, len,
	527	f->c->bucket_alloc);
	528	APR_BRIGADE_INSERT_TAIL(bb, bucket);
	529	}
	530
	531	return status;
[dae0aec]	532	}
	533
[e183628]	534	static ssize_t write_flush(mgs_handle_t * ctxt) {
	535	apr_bucket *e;
	536
	537	if (!(ctxt->output_blen \|\| ctxt->output_length)) {
	538	ctxt->output_rc = APR_SUCCESS;
	539	return 1;
	540	}
	541
	542	if (ctxt->output_blen) {
	543	e = apr_bucket_transient_create(ctxt->output_buffer,
	544	ctxt->output_blen,
	545	ctxt->output_bb->
	546	bucket_alloc);
	547	/* we filled this buffer first so add it to the
	548	* * head of the brigade
	549	* */
	550	APR_BRIGADE_INSERT_HEAD(ctxt->output_bb, e);
	551	ctxt->output_blen = 0;
	552	}
	553
	554	ctxt->output_length = 0;
	555	e = apr_bucket_flush_create(ctxt->output_bb->bucket_alloc);
	556	APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, e);
	557
	558	ctxt->output_rc = ap_pass_brigade(ctxt->output_filter->next,
	559	ctxt->output_bb);
	560	/* clear the brigade to be ready for next time */
	561	apr_brigade_cleanup(ctxt->output_bb);
	562
	563	return (ctxt->output_rc == APR_SUCCESS) ? 1 : -1;
[485d28e]	564	}
	565
[e183628]	566	apr_status_t mgs_filter_output(ap_filter_t * f, apr_bucket_brigade * bb) {
	567	apr_size_t ret;
	568	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
	569	apr_status_t status = APR_SUCCESS;
	570	apr_read_type_e rblock = APR_NONBLOCK_READ;
[9a9bc1e]	571
[e183628]	572	if (f->c->aborted) {
	573	apr_brigade_cleanup(bb);
	574	return APR_ECONNABORTED;
	575	}
	576
	577	if (ctxt->status == 0) {
	578	gnutls_do_handshake(ctxt);
	579	}
	580
	581	if (ctxt->status < 0) {
	582	return ap_pass_brigade(f->next, bb);
	583	}
	584
	585	while (!APR_BRIGADE_EMPTY(bb)) {
	586	apr_bucket *bucket = APR_BRIGADE_FIRST(bb);
	587
	588	if (APR_BUCKET_IS_EOS(bucket)) {
	589	return ap_pass_brigade(f->next, bb);
[9a9bc1e]	590	} else if (APR_BUCKET_IS_FLUSH(bucket)) {
[e183628]	591	/* Try Flush */
	592	if (write_flush(ctxt) < 0) {
	593	/* Flush Error */
	594	return ctxt->output_rc;
	595	}
	596	/* cleanup! */
[9a9bc1e]	597	apr_bucket_delete(bucket);
[e183628]	598	} else if (AP_BUCKET_IS_EOC(bucket)) {
	599	/* End Of Connection */
	600	if (ctxt->session != NULL) {
	601	/* Try A Clean Shutdown */
	602	do {
[9a9bc1e]	603	ret = gnutls_bye(ctxt->session, GNUTLS_SHUT_WR);
	604	} while (ret == GNUTLS_E_INTERRUPTED \|\| ret == GNUTLS_E_AGAIN);
[e183628]	605	/* De-Initialize Session */
	606	gnutls_deinit(ctxt->session);
	607	ctxt->session = NULL;
	608	}
[9a9bc1e]	609	/* cleanup! */
	610	apr_bucket_delete(bucket);
[e183628]	611	/* Pass next brigade! */
	612	return ap_pass_brigade(f->next, bb);
	613	} else {
	614	/* filter output */
	615	const char *data;
	616	apr_size_t len;
	617
[9a9bc1e]	618	status = apr_bucket_read(bucket, &data, &len, rblock);
[e183628]	619
	620	if (APR_STATUS_IS_EAGAIN(status)) {
	621	/* No data available so Flush! */
	622	if (write_flush(ctxt) < 0) {
	623	return ctxt->output_rc;
	624	}
	625	/* Try again with a blocking read. */
	626	rblock = APR_BLOCK_READ;
	627	continue;
	628	}
	629
	630	rblock = APR_NONBLOCK_READ;
	631
	632	if (!APR_STATUS_IS_EOF(status)
	633	&& (status != APR_SUCCESS)) {
	634	return status;
	635	}
	636
	637	if (len > 0) {
	638
	639	if (ctxt->session == NULL) {
	640	ret = GNUTLS_E_INVALID_REQUEST;
[b4a875b]	641	} else {
[e183628]	642	do {
	643	ret =
	644	gnutls_record_send
	645	(ctxt->session, data,
	646	len);
	647	} while (ret == GNUTLS_E_INTERRUPTED
	648	\|\| ret == GNUTLS_E_AGAIN);
	649	}
	650
	651	if (ret < 0) {
	652	/* error sending output */
	653	ap_log_error(APLOG_MARK,
	654	APLOG_INFO,
	655	ctxt->output_rc,
	656	ctxt->c->base_server,
	657	"GnuTLS: Error writing data."
	658	" (%d) '%s'",
	659	(int) ret,
	660	gnutls_strerror(ret));
	661	if (ctxt->output_rc == APR_SUCCESS) {
	662	ctxt->output_rc =
	663	APR_EGENERAL;
	664	return ctxt->output_rc;
	665	}
	666	} else if (ret != len) {
	667	/* Not able to send the entire bucket,
	668	split it and send it again. */
	669	apr_bucket_split(bucket, ret);
	670	}
	671	}
	672
	673	apr_bucket_delete(bucket);
	674	}
	675	}
	676
	677	return status;
[dae0aec]	678	}
	679
[c301152]	680	ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
[e183628]	681	void *buffer, size_t len) {
	682	mgs_handle_t *ctxt = ptr;
	683	apr_status_t rc;
	684	apr_size_t in = len;
	685	apr_read_type_e block = ctxt->input_block;
	686
	687	ctxt->input_rc = APR_SUCCESS;
	688
	689	/* If Len = 0, we don't do anything. */
	690	if (!len \|\| buffer == NULL) {
	691	return 0;
	692	}
	693	if (!ctxt->input_bb) {
	694	ctxt->input_rc = APR_EOF;
	695	return -1;
	696	}
	697
	698	if (APR_BRIGADE_EMPTY(ctxt->input_bb)) {
	699
	700	rc = ap_get_brigade(ctxt->input_filter->next,
	701	ctxt->input_bb, AP_MODE_READBYTES,
	702	ctxt->input_block, in);
	703
	704	/* Not a problem, there was simply no data ready yet.
	705	*/
	706	if (APR_STATUS_IS_EAGAIN(rc) \|\| APR_STATUS_IS_EINTR(rc)
	707	\|\| (rc == APR_SUCCESS
	708	&& APR_BRIGADE_EMPTY(ctxt->input_bb))) {
	709
	710	if (APR_STATUS_IS_EOF(ctxt->input_rc)) {
	711	return 0;
	712	} else {
	713	if (ctxt->session)
	714	gnutls_transport_set_errno(ctxt->
	715	session,
	716	EINTR);
	717	return -1;
	718	}
	719	}
[e02dd8c]	720
	721
[e183628]	722	if (rc != APR_SUCCESS) {
	723	/* Unexpected errors discard the brigade */
	724	apr_brigade_cleanup(ctxt->input_bb);
	725	ctxt->input_bb = NULL;
	726	return -1;
	727	}
	728	}
	729
	730	ctxt->input_rc =
	731	brigade_consume(ctxt->input_bb, block, buffer, &len);
	732
	733	if (ctxt->input_rc == APR_SUCCESS) {
	734	return (ssize_t) len;
	735	}
	736
	737	if (APR_STATUS_IS_EAGAIN(ctxt->input_rc)
	738	\|\| APR_STATUS_IS_EINTR(ctxt->input_rc)) {
	739	if (len == 0) {
	740	if (ctxt->session)
	741	gnutls_transport_set_errno(ctxt->session,
	742	EINTR);
	743	return -1;
[60cf11c]	744	}
[e183628]	745
	746	return (ssize_t) len;
	747	}
	748
	749	/* Unexpected errors and APR_EOF clean out the brigade.
	750	* Subsequent calls will return APR_EOF.
	751	*/
	752	apr_brigade_cleanup(ctxt->input_bb);
	753	ctxt->input_bb = NULL;
	754
	755	if (APR_STATUS_IS_EOF(ctxt->input_rc) && len) {
	756	/* Provide the results of this read pass,
	757	* without resetting the BIO retry_read flag
	758	*/
	759	return (ssize_t) len;
	760	}
	761
	762	return -1;
[dae0aec]	763	}
	764
[c301152]	765	ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
[e183628]	766	const void *buffer, size_t len) {
	767	mgs_handle_t *ctxt = ptr;
	768
	769	/* pass along the encrypted data
	770	* need to flush since we're using SSL's malloc-ed buffer
	771	* which will be overwritten once we leave here
	772	*/
	773	apr_bucket *bucket = apr_bucket_transient_create(buffer, len,
	774	ctxt->output_bb->
	775	bucket_alloc);
	776	ctxt->output_length += len;
	777	APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, bucket);
	778
	779	if (write_flush(ctxt) < 0) {
	780	return -1;
	781	}
	782	return len;
[7e2b223]	783	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: