Context Navigation

source: mod_gnutls/src/gnutls_io.c @ 05e2d9e

Visit:

proxy-ticket

Last change on this file since 05e2d9e was 05e2d9e, checked in by Fiona Klute <fiona.klute@…>, 9 months ago
Move function declarations for gnutls_io.c into a separate header
Property mode set to `100644`
File size: 30.9 KB

Line
1	/*
2	* Copyright 2004-2005 Paul Querna
3	* Copyright 2008 Nikos Mavrogiannopoulos
4	* Copyright 2011 Dash Shendy
5	* Copyright 2015-2019 Fiona Klute
6	*
7	* Licensed under the Apache License, Version 2.0 (the "License");
8	* you may not use this file except in compliance with the License.
9	* You may obtain a copy of the License at
10	*
11	* http://www.apache.org/licenses/LICENSE-2.0
12	*
13	* Unless required by applicable law or agreed to in writing, software
14	* distributed under the License is distributed on an "AS IS" BASIS,
15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16	* See the License for the specific language governing permissions and
17	* limitations under the License.
18	*/
19
20	#include "mod_gnutls.h"
21	#include "gnutls_io.h"
22	#include "gnutls_proxy.h"
23
24	#ifdef APLOG_USE_MODULE
25	APLOG_USE_MODULE(gnutls);
26	#endif
27
28	#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
29	#include <inttypes.h>
30	#endif
31
32	/**
33	* @file
34	* Describe how the GnuTLS Filter system works here
35	* - Basicly the same as what mod_ssl does with OpenSSL.
36	*
37	*/
38
39	#define HTTP_ON_HTTPS_PORT \
40	"GET /" CRLF
41
42	#define HTTP_ON_HTTPS_PORT_BUCKET(alloc) \
43	apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \
44	sizeof(HTTP_ON_HTTPS_PORT) - 1, \
45	alloc)
46
47	#define IS_PROXY_STR(c) \
48	((c->is_proxy == GNUTLS_ENABLED_TRUE) ? "proxy " : "")
49
50	/**
51	* Convert `APR_EINTR` or `APR_EAGAIN` to the matching errno. Needed
52	* to pass the status on to GnuTLS from the pull and push functions.
53	*/
54	#define EAI_APR_TO_RAW(s) (APR_STATUS_IS_EAGAIN(s) ? EAGAIN : EINTR)
55
56
57
58	static apr_status_t gnutls_io_filter_error(ap_filter_t * f,
59	apr_bucket_brigade * bb,
60	apr_status_t status) {
61	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
62	apr_bucket *bucket;
63
64	switch (status) {
65	case HTTP_BAD_REQUEST:
66	/* log the situation */
67	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c,
68	"GnuTLS handshake failed: HTTP spoken on HTTPS port; "
69	"trying to send HTML error page");
70	ctxt->status = -1;
71
72	/* fake the request line */
73	bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
74	break;
75
76	default:
77	return status;
78	}
79
80	APR_BRIGADE_INSERT_TAIL(bb, bucket);
81	bucket = apr_bucket_eos_create(f->c->bucket_alloc);
82	APR_BRIGADE_INSERT_TAIL(bb, bucket);
83
84	return APR_SUCCESS;
85	}
86
87	static int char_buffer_read(mgs_char_buffer_t * buffer, char *in, int inl) {
88	if (!buffer->length) {
89	return 0;
90	}
91
92	if (buffer->length > inl) {
93	/* we have have enough to fill the caller's buffer */
94	memmove(in, buffer->value, inl);
95	buffer->value += inl;
96	buffer->length -= inl;
97	} else {
98	/* swallow remainder of the buffer */
99	memmove(in, buffer->value, buffer->length);
100	inl = buffer->length;
101	buffer->value = NULL;
102	buffer->length = 0;
103	}
104
105	return inl;
106	}
107
108	static int char_buffer_write(mgs_char_buffer_t * buffer, char *in, int inl) {
109	buffer->value = in;
110	buffer->length = inl;
111	return inl;
112	}
113
114	/**
115	* From mod_ssl / ssl_engine_io.c
116	* This function will read from a brigade and discard the read buckets as it
117	* proceeds. It will read at most *len bytes.
118	*/
119	static apr_status_t brigade_consume(apr_bucket_brigade * bb,
120	apr_read_type_e block,
121	char c, apr_size_t len) {
122	apr_size_t actual = 0;
123	apr_status_t status = APR_SUCCESS;
124
125	while (!APR_BRIGADE_EMPTY(bb)) {
126	apr_bucket *b = APR_BRIGADE_FIRST(bb);
127	const char *str;
128	apr_size_t str_len;
129	apr_size_t consume;
130
131	/* Justin points out this is an http-ism that might
132	* not fit if brigade_consume is added to APR. Perhaps
133	* apr_bucket_read(eos_bucket) should return APR_EOF?
134	* Then this becomes mainline instead of a one-off.
135	*/
136	if (APR_BUCKET_IS_EOS(b)) {
137	status = APR_EOF;
138	break;
139	}
140
141	/* The reason I'm not offering brigade_consume yet
142	* across to apr-util is that the following call
143	* illustrates how borked that API really is. For
144	* this sort of case (caller provided buffer) it
145	* would be much more trivial for apr_bucket_consume
146	* to do all the work that follows, based on the
147	* particular characteristics of the bucket we are
148	* consuming here.
149	*/
150	status = apr_bucket_read(b, &str, &str_len, block);
151
152	if (status != APR_SUCCESS) {
153	if (APR_STATUS_IS_EOF(status)) {
154	/* This stream bucket was consumed */
155	apr_bucket_delete(b);
156	continue;
157	}
158	break;
159	}
160
161	if (str_len > 0) {
162	/* Do not block once some data has been consumed */
163	block = APR_NONBLOCK_READ;
164
165	/* Assure we don't overflow. */
166	consume =
167	(str_len + actual >
168	len) ? len - actual : str_len;
169
170	memcpy(c, str, consume);
171
172	c += consume;
173	actual += consume;
174
175	if (consume >= b->length) {
176	/* This physical bucket was consumed */
177	apr_bucket_delete(b);
178	} else {
179	/* Only part of this physical bucket was consumed */
180	b->start += consume;
181	b->length -= consume;
182	}
183	} else if (b->length == 0) {
184	apr_bucket_delete(b);
185	}
186
187	/* This could probably be actual == *len, but be safe from stray
188	* photons. */
189	if (actual >= *len) {
190	break;
191	}
192	}
193
194	*len = actual;
195	return status;
196	}
197
198	static apr_status_t gnutls_io_input_read(mgs_handle_t * ctxt,
199	char buf, apr_size_t len)
200	{
201	apr_size_t wanted = *len;
202	apr_size_t bytes = 0;
203	int rc;
204
205	*len = 0;
206
207	/* If we have something leftover from last time, try that first. */
208	if ((bytes = char_buffer_read(&ctxt->input_cbuf, buf, wanted))) {
209	*len = bytes;
210	if (ctxt->input_mode == AP_MODE_SPECULATIVE) {
211	/* We want to rollback this read. */
212	if (ctxt->input_cbuf.length > 0) {
213	ctxt->input_cbuf.value -= bytes;
214	ctxt->input_cbuf.length += bytes;
215	} else {
216	char_buffer_write(&ctxt->input_cbuf, buf,
217	(int) bytes);
218	}
219	return APR_SUCCESS;
220	}
221	/* This could probably be *len == wanted, but be safe from stray
222	* photons.
223	*/
224	if (*len >= wanted) {
225	return APR_SUCCESS;
226	}
227	if (ctxt->input_mode == AP_MODE_GETLINE) {
228	if (memchr(buf, APR_ASCII_LF, *len)) {
229	return APR_SUCCESS;
230	}
231	} else {
232	/* Down to a nonblock pattern as we have some data already
233	*/
234	ctxt->input_block = APR_NONBLOCK_READ;
235	}
236	}
237
238	if (ctxt->session == NULL) {
239	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, ctxt->c,
240	"%s: GnuTLS session is NULL!", __func__);
241	return APR_EGENERAL;
242	}
243
244	while (1)
245	{
246	/* Note: The pull function sets ctxt->input_rc */
247	rc = gnutls_record_recv(ctxt->session, buf + bytes, wanted - bytes);
248
249	if (rc > 0) {
250	*len += rc;
251	if (ctxt->input_mode == AP_MODE_SPECULATIVE) {
252	/* We want to rollback this read. */
253	char_buffer_write(&ctxt->input_cbuf, buf,
254	rc);
255	}
256	return ctxt->input_rc;
257	} else if (rc == 0) {
258	/* EOF, return code depends on whether we still have data
259	* to return. */
260	if (*len > 0) {
261	ctxt->input_rc = APR_SUCCESS;
262	} else {
263	ctxt->input_rc = APR_EOF;
264	}
265	break;
266	} else { /* (rc < 0) */
267
268	if (rc == GNUTLS_E_INTERRUPTED \|\| rc == GNUTLS_E_AGAIN)
269	{
270	ap_log_cerror(APLOG_MARK, APLOG_TRACE2, ctxt->input_rc, ctxt->c,
271	"%s: looping recv after '%s' (%d)",
272	__func__, gnutls_strerror(rc), rc);
273	/* For a blocking read, loop and try again
274	* immediately. Otherwise just notify the caller. */
275	if (ctxt->input_block != APR_NONBLOCK_READ)
276	continue;
277	else
278	ctxt->input_rc =
279	(rc == GNUTLS_E_AGAIN ? APR_EAGAIN : APR_EINTR);
280	} else if (rc == GNUTLS_E_REHANDSHAKE) {
281	/* A client has asked for a new Hankshake. Currently, we don't do it */
282	ap_log_cerror(APLOG_MARK, APLOG_INFO,
283	ctxt->input_rc,
284	ctxt->c,
285	"GnuTLS: Error reading data. Client Requested a New Handshake."
286	" (%d) '%s'", rc,
287	gnutls_strerror(rc));
288	} else if (rc == GNUTLS_E_WARNING_ALERT_RECEIVED) {
289	rc = gnutls_alert_get(ctxt->session);
290	ap_log_cerror(APLOG_MARK, APLOG_INFO,
291	ctxt->input_rc,
292	ctxt->c,
293	"GnuTLS: Warning Alert From Client: "
294	" (%d) '%s'", rc,
295	gnutls_alert_get_name(rc));
296	} else if (rc == GNUTLS_E_FATAL_ALERT_RECEIVED) {
297	rc = gnutls_alert_get(ctxt->session);
298	ap_log_cerror(APLOG_MARK, APLOG_INFO,
299	ctxt->input_rc,
300	ctxt->c,
301	"GnuTLS: Fatal Alert From Client: "
302	"(%d) '%s'", rc,
303	gnutls_alert_get_name(rc));
304	ctxt->input_rc = APR_EGENERAL;
305	break;
306	} else {
307	/* Some Other Error. Report it. Die. */
308	if (gnutls_error_is_fatal(rc)) {
309	ap_log_cerror(APLOG_MARK,
310	APLOG_INFO,
311	ctxt->input_rc,
312	ctxt->c,
313	"GnuTLS: Error reading data. (%d) '%s'",
314	rc,
315	gnutls_strerror(rc));
316	} else if (*len > 0) {
317	ctxt->input_rc = APR_SUCCESS;
318	break;
319	}
320	}
321
322	if (ctxt->input_rc == APR_SUCCESS) {
323	ap_log_cerror(APLOG_MARK, APLOG_INFO, ctxt->input_rc, ctxt->c,
324	"%s: GnuTLS error: %s (%d)",
325	__func__, gnutls_strerror(rc), rc);
326	ctxt->input_rc = APR_EGENERAL;
327	}
328	break;
329	}
330	}
331	return ctxt->input_rc;
332	}
333
334	static apr_status_t gnutls_io_input_getline(mgs_handle_t * ctxt,
335	char buf, apr_size_t len) {
336	const char *pos = NULL;
337	apr_status_t status;
338	apr_size_t tmplen = len, buflen = len, offset = 0;
339
340	*len = 0;
341
342	while (tmplen > 0) {
343	status = gnutls_io_input_read(ctxt, buf + offset, &tmplen);
344
345	if (status != APR_SUCCESS) {
346	return status;
347	}
348
349	*len += tmplen;
350
351	if ((pos = memchr(buf, APR_ASCII_LF, *len))) {
352	break;
353	}
354
355	offset += tmplen;
356	tmplen = buflen - offset;
357	}
358
359	if (pos) {
360	char *value;
361	int length;
362	apr_size_t bytes = pos - buf;
363
364	bytes += 1;
365	value = buf + bytes;
366	length = *len - bytes;
367
368	char_buffer_write(&ctxt->input_cbuf, value, length);
369
370	*len = bytes;
371	}
372
373	return APR_SUCCESS;
374	}
375
376	#define HANDSHAKE_MAX_TRIES 1024
377
378	static int gnutls_do_handshake(mgs_handle_t * ctxt) {
379	int ret;
380	int errcode;
381	int maxtries = HANDSHAKE_MAX_TRIES;
382
383	if (ctxt->status != 0 \|\| ctxt->session == NULL) {
384	return -1;
385	}
386
387	/* Enable SNI and ALPN for proxy connections */
388	if (ctxt->is_proxy == GNUTLS_ENABLED_TRUE)
389	mgs_set_proxy_handshake_ext(ctxt);
390
391	tryagain:
392	do {
393	ret = gnutls_handshake(ctxt->session);
394	maxtries--;
395	} while ((ret == GNUTLS_E_INTERRUPTED \|\| ret == GNUTLS_E_AGAIN)
396	&& maxtries > 0);
397
398	if (maxtries < 1) {
399	ctxt->status = -1;
400	ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c,
401	"GnuTLS: Handshake Failed. Hit Maximum Attempts");
402	if (ctxt->session) {
403	gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
404	gnutls_error_to_alert
405	(GNUTLS_E_INTERNAL_ERROR, NULL));
406	gnutls_deinit(ctxt->session);
407	}
408	ctxt->session = NULL;
409	return -1;
410	}
411
412	if (ret < 0) {
413	if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
414	\|\| ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
415	errcode = gnutls_alert_get(ctxt->session);
416	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, ctxt->c,
417	"GnuTLS: Handshake Alert (%d) '%s'.",
418	errcode, gnutls_alert_get_name(errcode));
419	}
420
421	if (!gnutls_error_is_fatal(ret)) {
422	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, ctxt->c,
423	"GnuTLS: Non-Fatal Handshake Error: (%d) '%s'",
424	ret, gnutls_strerror(ret));
425	goto tryagain;
426	}
427	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, ctxt->c,
428	"GnuTLS: Handshake Failed (%d) '%s'", ret,
429	gnutls_strerror(ret));
430	ctxt->status = -1;
431	if (ctxt->session) {
432	gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
433	gnutls_error_to_alert(ret,
434	NULL));
435	gnutls_deinit(ctxt->session);
436	}
437	ctxt->session = NULL;
438	return ret;
439	} else {
440	/* all done with the handshake */
441	ctxt->status = 1;
442	if (gnutls_session_is_resumed(ctxt->session))
443	{
444	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,
445	"%s: TLS session resumed.", __func__);
446	}
447	return GNUTLS_E_SUCCESS;
448	}
449	}
450
451	int mgs_rehandshake(mgs_handle_t * ctxt) {
452	int rv;
453
454	if (ctxt->session == NULL)
455	return -1;
456
457	rv = gnutls_rehandshake(ctxt->session);
458
459	if (rv != 0) {
460	/* the client did not want to rehandshake. goodbye */
461	ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, ctxt->c,
462	"GnuTLS: Client Refused Rehandshake request.");
463	return -1;
464	}
465
466	ctxt->status = 0;
467
468	rv = gnutls_do_handshake(ctxt);
469
470	return rv;
471	}
472
473
474
475	/**
476	* Close the TLS session associated with the given connection
477	* structure and free its resources
478	*
479	* @param ctxt the mod_gnutls session context
480	*
481	* @return a GnuTLS status code, hopefully `GNUTLS_E_SUCCESS`
482	*/
483	static int mgs_bye(mgs_handle_t* ctxt)
484	{
485	int ret = GNUTLS_E_SUCCESS;
486	/* End Of Connection */
487	if (ctxt->session != NULL)
488	{
489	/* Try A Clean Shutdown */
490	do {
491	ret = gnutls_bye(ctxt->session, GNUTLS_SHUT_WR);
492	} while (ret == GNUTLS_E_INTERRUPTED \|\| ret == GNUTLS_E_AGAIN);
493	if (ret != GNUTLS_E_SUCCESS)
494	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_EGENERAL, ctxt->c,
495	"%s: Error while closing TLS %sconnection: "
496	"'%s' (%d)",
497	__func__, IS_PROXY_STR(ctxt),
498	gnutls_strerror(ret), (int) ret);
499	else
500	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,
501	"%s: TLS %sconnection closed.",
502	__func__, IS_PROXY_STR(ctxt));
503	/* De-Initialize Session */
504	gnutls_deinit(ctxt->session);
505	ctxt->session = NULL;
506	}
507	return ret;
508	}
509
510
511
512	apr_status_t mgs_filter_input(ap_filter_t * f,
513	apr_bucket_brigade * bb,
514	ap_input_mode_t mode,
515	apr_read_type_e block, apr_off_t readbytes)
516	{
517	apr_status_t status = APR_SUCCESS;
518	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
519	apr_size_t len = sizeof (ctxt->input_buffer);
520
521	if (f->c->aborted) {
522	apr_bucket *bucket =
523	apr_bucket_eos_create(f->c->bucket_alloc);
524	APR_BRIGADE_INSERT_TAIL(bb, bucket);
525	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctxt->c,
526	"%s: %sconnection aborted",
527	__func__, IS_PROXY_STR(ctxt));
528	return APR_ECONNABORTED;
529	}
530
531	if (ctxt->status == 0) {
532	int ret = gnutls_do_handshake(ctxt);
533	if (ret == GNUTLS_E_SUCCESS)
534	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctxt->c,
535	"%s: TLS %sconnection opened.",
536	__func__, IS_PROXY_STR(ctxt));
537	}
538
539	if (ctxt->status < 0)
540	{
541	ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, ctxt->c,
542	"%s: %sconnection failed, cannot provide data!",
543	__func__, IS_PROXY_STR(ctxt));
544	apr_bucket *bucket =
545	apr_bucket_eos_create(f->c->bucket_alloc);
546	APR_BRIGADE_INSERT_TAIL(bb, bucket);
547	return APR_ECONNABORTED;
548	}
549
550	/* XXX: we don't currently support anything other than these modes. */
551	if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE &&
552	mode != AP_MODE_SPECULATIVE && mode != AP_MODE_INIT) {
553	return APR_ENOTIMPL;
554	}
555
556	ctxt->input_mode = mode;
557	ctxt->input_block = block;
558
559	if (ctxt->input_mode == AP_MODE_READBYTES \|\|
560	ctxt->input_mode == AP_MODE_SPECULATIVE) {
561	if (readbytes < 0) {
562	/* you're asking us to speculatively read a negative number of bytes! */
563	return APR_ENOTIMPL;
564	}
565	/* 'readbytes' and 'len' are of different integer types, which
566	* might have different lengths. Read sizes should be too
567	* small for 32 or 64 bit to matter, but we have to make
568	* sure. */
569	#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
570	if ((apr_size_t) readbytes < len)
571	{
572	/* If readbytes is negative the function fails in the
573	* check above, but the compiler doesn't get that. */
574	if (__builtin_expect(imaxabs(readbytes) > SIZE_MAX, 0))
575	{
576	ap_log_cerror(APLOG_MARK, APLOG_CRIT, APR_EINVAL, ctxt->c,
577	"%s: prevented buffer length overflow",
578	__func__);
579	return APR_EINVAL;
580	}
581	len = (apr_size_t) readbytes;
582	}
583	#else
584	if ((apr_size_t) readbytes < len
585	&& __builtin_add_overflow(readbytes, 0, &len))
586	{
587	ap_log_cerror(APLOG_MARK, APLOG_CRIT, APR_EINVAL, ctxt->c,
588	"%s: prevented buffer length overflow",
589	__func__);
590	return APR_EINVAL;
591	}
592	#endif
593	status =
594	gnutls_io_input_read(ctxt, ctxt->input_buffer, &len);
595	} else if (ctxt->input_mode == AP_MODE_GETLINE) {
596	status =
597	gnutls_io_input_getline(ctxt, ctxt->input_buffer,
598	&len);
599	} else {
600	/* We have no idea what you are talking about, so return an error. */
601	return APR_ENOTIMPL;
602	}
603
604	if (status != APR_SUCCESS)
605	{
606	/* no data for nonblocking read, return APR_EAGAIN */
607	if ((block == APR_NONBLOCK_READ) && APR_STATUS_IS_EINTR(status))
608	return APR_EAGAIN;
609
610	/* Close TLS session and free resources on EOF,
611	* gnutls_io_filter_error will add an EOS bucket */
612	if (APR_STATUS_IS_EOF(status))
613	mgs_bye(ctxt);
614
615	return gnutls_io_filter_error(f, bb, status);
616	}
617
618	/* Create a transient bucket out of the decrypted data. */
619	if (len > 0) {
620	apr_bucket *bucket =
621	apr_bucket_transient_create(ctxt->input_buffer, len,
622	f->c->bucket_alloc);
623	APR_BRIGADE_INSERT_TAIL(bb, bucket);
624	}
625
626	return status;
627	}
628
629	/**
630	* Try to flush the output bucket brigade.
631	*
632	* @param ctxt the mod_gnutls session context
633	*
634	* @return `1` on success, `-1` on failure.
635	*/
636	static ssize_t write_flush(mgs_handle_t * ctxt) {
637	apr_bucket *e;
638
639	if (!(ctxt->output_blen \|\| ctxt->output_length)) {
640	ctxt->output_rc = APR_SUCCESS;
641	return 1;
642	}
643
644	if (ctxt->output_blen) {
645	e = apr_bucket_transient_create(ctxt->output_buffer,
646	ctxt->output_blen,
647	ctxt->output_bb->
648	bucket_alloc);
649	/* we filled this buffer first so add it to the
650	* * head of the brigade
651	* */
652	APR_BRIGADE_INSERT_HEAD(ctxt->output_bb, e);
653	ctxt->output_blen = 0;
654	}
655
656	ctxt->output_length = 0;
657	e = apr_bucket_flush_create(ctxt->output_bb->bucket_alloc);
658	APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, e);
659
660	ctxt->output_rc = ap_pass_brigade(ctxt->output_filter->next,
661	ctxt->output_bb);
662	/* clear the brigade to be ready for next time */
663	apr_brigade_cleanup(ctxt->output_bb);
664
665	return (ctxt->output_rc == APR_SUCCESS) ? 1 : -1;
666	}
667
668	apr_status_t mgs_filter_output(ap_filter_t * f, apr_bucket_brigade * bb) {
669	int ret;
670	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
671	apr_status_t status = APR_SUCCESS;
672	apr_read_type_e rblock = APR_NONBLOCK_READ;
673
674	if (f->c->aborted) {
675	apr_brigade_cleanup(bb);
676	return APR_ECONNABORTED;
677	}
678
679	if (ctxt->status == 0) {
680	ret = gnutls_do_handshake(ctxt);
681	if (ret == GNUTLS_E_SUCCESS)
682	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctxt->c,
683	"%s: TLS %sconnection opened.",
684	__func__, IS_PROXY_STR(ctxt));
685	else if (ctxt->is_proxy)
686	{
687	/* If mod_proxy receives an error while trying to send its
688	* request it sends an "invalid request" error to the
689	* client. By pretending we could send the request
690	* mod_proxy continues its processing and sends a proper
691	* "proxy error" message when there's no response to read. */
692	apr_bucket *bucket = apr_bucket_eos_create(f->c->bucket_alloc);
693	APR_BRIGADE_INSERT_TAIL(bb, bucket);
694	return APR_SUCCESS;
695	}
696	/* No final else here, the "ctxt->status < 0" check below will
697	* catch that. */
698	}
699
700	if (ctxt->status < 0)
701	{
702	ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, ctxt->c,
703	"%s: %sconnection failed, refusing to send.",
704	__func__, IS_PROXY_STR(ctxt));
705	return APR_ECONNABORTED;
706	}
707
708	while (!APR_BRIGADE_EMPTY(bb)) {
709	apr_bucket *bucket = APR_BRIGADE_FIRST(bb);
710
711	if (APR_BUCKET_IS_EOS(bucket)) {
712	return ap_pass_brigade(f->next, bb);
713	} else if (APR_BUCKET_IS_FLUSH(bucket)) {
714	/* Try Flush */
715	if (write_flush(ctxt) < 0) {
716	/* Flush Error */
717	return ctxt->output_rc;
718	}
719	/* cleanup! */
720	apr_bucket_delete(bucket);
721	} else if (AP_BUCKET_IS_EOC(bucket)) {
722	/* End Of Connection, close TLS session and free
723	* resources */
724	mgs_bye(ctxt);
725	/* cleanup! */
726	apr_bucket_delete(bucket);
727	/* Pass next brigade! */
728	return ap_pass_brigade(f->next, bb);
729	} else {
730	/* filter output */
731	const char *data;
732	apr_size_t len;
733
734	status = apr_bucket_read(bucket, &data, &len, rblock);
735
736	if (APR_STATUS_IS_EAGAIN(status)) {
737	/* No data available so Flush! */
738	if (write_flush(ctxt) < 0) {
739	return ctxt->output_rc;
740	}
741	/* Try again with a blocking read. */
742	rblock = APR_BLOCK_READ;
743	continue;
744	}
745
746	rblock = APR_NONBLOCK_READ;
747
748	if (!APR_STATUS_IS_EOF(status)
749	&& (status != APR_SUCCESS)) {
750	return status;
751	}
752
753	if (len > 0) {
754
755	if (ctxt->session == NULL) {
756	ret = GNUTLS_E_INVALID_REQUEST;
757	} else {
758	do {
759	ret =
760	gnutls_record_send
761	(ctxt->session, data,
762	len);
763	} while (ret == GNUTLS_E_INTERRUPTED
764	\|\| ret == GNUTLS_E_AGAIN);
765	}
766
767	if (ret < 0) {
768	/* error sending output */
769	ap_log_cerror(APLOG_MARK, APLOG_INFO, ctxt->output_rc,
770	ctxt->c,
771	"GnuTLS: Error writing data. (%d) '%s'",
772	ret, gnutls_strerror(ret));
773	if (ctxt->output_rc == APR_SUCCESS) {
774	ctxt->output_rc =
775	APR_EGENERAL;
776	return ctxt->output_rc;
777	}
778	} else if ((apr_size_t)(ret) != len) {
779	/* we know the above cast is OK because len > 0 and ret >= 0 */
780	/* Not able to send the entire bucket,
781	split it and send it again. */
782	apr_bucket_split(bucket, ret);
783	}
784	}
785
786	apr_bucket_delete(bucket);
787	}
788	}
789
790	return status;
791	}
792
793	/**
794	* Pull function for GnuTLS
795	*
796	* Generic errnos used for `gnutls_transport_set_errno()`:
797	* * `EAGAIN`: no data available at the moment, try again (maybe later)
798	* * `EINTR`: read was interrupted, try again
799	* * `EIO`: Unknown I/O error
800	* * `ECONNABORTED`: Input BB does not exist (`NULL`)
801	*
802	* The reason we are not using `APR_TO_OS_ERROR` to map `apr_status_t`
803	* to errnos is this warning [in the APR documentation][apr-warn]:
804	*
805	* > If the statcode was not created by apr_get_os_error or
806	* > APR_FROM_OS_ERROR, the results are undefined.
807	*
808	* We cannot know if this applies to any error we might encounter.
809	*
810	* @param ptr GnuTLS session data pointer (the mod_gnutls context
811	* structure)
812	*
813	* @param buffer buffer for the read data
814	*
815	* @param len maximum number of bytes to read (must fit into the
816	* buffer)
817	*
818	* @return The number of bytes read (may be zero on EOF), or `-1` on
819	* error. Note that some errors may warrant another try (see above).
820	*
821	* [apr-warn]: https://apr.apache.org/docs/apr/1.4/group__apr__errno.html#ga2385cae04b04afbdcb65f1a45c4d8506 "Apache Portable Runtime: Error Codes"
822	*/
823	ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
824	void *buffer, size_t len)
825	{
826	mgs_handle_t *ctxt = ptr;
827	apr_status_t rc;
828	apr_size_t in = len;
829	apr_read_type_e block = ctxt->input_block;
830
831	ctxt->input_rc = APR_SUCCESS;
832
833	/* If Len = 0, we don't do anything. */
834	if (!len \|\| buffer == NULL)
835	{
836	return 0;
837	}
838	/* Input bucket brigade is missing, EOF */
839	if (!ctxt->input_bb)
840	{
841	ctxt->input_rc = APR_EOF;
842	gnutls_transport_set_errno(ctxt->session, ECONNABORTED);
843	return -1;
844	}
845
846	if (APR_BRIGADE_EMPTY(ctxt->input_bb))
847	{
848	rc = ap_get_brigade(ctxt->input_filter->next,
849	ctxt->input_bb, AP_MODE_READBYTES,
850	ctxt->input_block, in);
851
852	/* Not a problem, there was simply no data ready yet.
853	*/
854	if (APR_STATUS_IS_EAGAIN(rc) \|\| APR_STATUS_IS_EINTR(rc)
855	\|\| (rc == APR_SUCCESS
856	&& APR_BRIGADE_EMPTY(ctxt->input_bb)))
857	{
858	/* Turning APR_SUCCESS into APR_EINTR isn't ideal, but
859	* it's the best matching error code for "didn't get data,
860	* but read didn't permanently fail either." */
861	ctxt->input_rc = (rc != APR_SUCCESS ? rc : APR_EINTR);
862	gnutls_transport_set_errno(ctxt->session,
863	EAI_APR_TO_RAW(ctxt->input_rc));
864	return -1;
865	}
866
867	/* Blocking ap_get_brigade() can return a timeout status,
868	* sometimes after a very short time. "Don't give up, just
869	* return the timeout" is what mod_ssl does. */
870	if (ctxt->input_block == APR_BLOCK_READ
871	&& APR_STATUS_IS_TIMEUP(rc)
872	&& APR_BRIGADE_EMPTY(ctxt->input_bb))
873	{
874	ctxt->input_rc = rc;
875	gnutls_transport_set_errno(ctxt->session, EAGAIN);
876	return -1;
877	}
878
879	if (rc != APR_SUCCESS)
880	{
881	/* Unexpected errors discard the brigade */
882	ap_log_cerror(APLOG_MARK, APLOG_INFO, rc, ctxt->c,
883	"%s: Unexpected error!", __func__);
884	apr_brigade_cleanup(ctxt->input_bb);
885	ctxt->input_bb = NULL;
886	gnutls_transport_set_errno(ctxt->session, EIO);
887	return -1;
888	}
889	}
890
891	ctxt->input_rc = brigade_consume(ctxt->input_bb, block, buffer, &len);
892
893	if (ctxt->input_rc == APR_SUCCESS)
894	{
895	return (ssize_t) len;
896	}
897
898	if (APR_STATUS_IS_EAGAIN(ctxt->input_rc)
899	\|\| APR_STATUS_IS_EINTR(ctxt->input_rc))
900	{
901	if (len == 0)
902	{
903	gnutls_transport_set_errno(ctxt->session,
904	EAI_APR_TO_RAW(ctxt->input_rc));
905	return -1;
906	}
907
908	return (ssize_t) len;
909	}
910
911	/* Unexpected errors and APR_EOF clean out the brigade.
912	* Subsequent calls will return APR_EOF. */
913	apr_brigade_cleanup(ctxt->input_bb);
914	ctxt->input_bb = NULL;
915
916	if (APR_STATUS_IS_EOF(ctxt->input_rc) && len)
917	{
918	/* Some data has been received before EOF, return it. */
919	return (ssize_t) len;
920	}
921
922	gnutls_transport_set_errno(ctxt->session, EIO);
923	return -1;
924	}
925
926	/**
927	* Push function for GnuTLS
928	*
929	* `gnutls_transport_set_errno()` will be called with `EAGAIN` or
930	* `EINTR` on recoverable errors, or `EIO` in case of unexpected
931	* errors. See the description of mgs_transport_read() for details on
932	* possible error codes.
933	*
934	* @param ptr GnuTLS session data pointer (the mod_gnutls context
935	* structure)
936	*
937	* @param buffer buffer containing the data to send
938	*
939	* @param len length of the data
940	* buffer)
941	*
942	* @return The number of written bytes, or `-1` on error. Note that
943	* some errors may warrant another try (see above).
944	*/
945	ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
946	const void *buffer, size_t len)
947	{
948	mgs_handle_t *ctxt = ptr;
949
950	/* pass along the encrypted data
951	* need to flush since we're using SSL's malloc-ed buffer
952	* which will be overwritten once we leave here
953	*/
954	apr_bucket *bucket = apr_bucket_transient_create(buffer, len,
955	ctxt->output_bb->
956	bucket_alloc);
957	ctxt->output_length += len;
958	APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, bucket);
959
960	if (write_flush(ctxt) < 0)
961	{
962	/* We encountered an error. APR_EINTR or APR_EAGAIN can be
963	* handled, treat everything else as a generic I/O error. */
964	int err = EIO;
965	if (APR_STATUS_IS_EAGAIN(ctxt->output_rc)
966	\|\| APR_STATUS_IS_EINTR(ctxt->output_rc))
967	err = EAI_APR_TO_RAW(ctxt->output_rc);
968
969	gnutls_transport_set_errno(ctxt->session, err);
970	return -1;
971	}
972	return len;
973	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: