Context Navigation

source: mod_gnutls/src/gnutls_io.c @ 564f33f

Visit:

debian/master

Last change on this file since 564f33f was 564f33f, checked in by Fiona Klute <fiona.klute@…>, 16 months ago
Move SNI and ALPN setup for proxy connections to gnutls_proxy.c
Property mode set to `100644`
File size: 30.8 KB

Line
1	/*
2	* Copyright 2004-2005 Paul Querna
3	* Copyright 2008 Nikos Mavrogiannopoulos
4	* Copyright 2011 Dash Shendy
5	* Copyright 2015-2018 Fiona Klute
6	*
7	* Licensed under the Apache License, Version 2.0 (the "License");
8	* you may not use this file except in compliance with the License.
9	* You may obtain a copy of the License at
10	*
11	* http://www.apache.org/licenses/LICENSE-2.0
12	*
13	* Unless required by applicable law or agreed to in writing, software
14	* distributed under the License is distributed on an "AS IS" BASIS,
15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16	* See the License for the specific language governing permissions and
17	* limitations under the License.
18	*/
19
20	#include "mod_gnutls.h"
21	#include "gnutls_proxy.h"
22
23	#ifdef APLOG_USE_MODULE
24	APLOG_USE_MODULE(gnutls);
25	#endif
26
27	#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
28	#include <inttypes.h>
29	#endif
30
31	/**
32	* @file
33	* Describe how the GnuTLS Filter system works here
34	* - Basicly the same as what mod_ssl does with OpenSSL.
35	*
36	*/
37
38	#define HTTP_ON_HTTPS_PORT \
39	"GET /" CRLF
40
41	#define HTTP_ON_HTTPS_PORT_BUCKET(alloc) \
42	apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \
43	sizeof(HTTP_ON_HTTPS_PORT) - 1, \
44	alloc)
45
46	#define IS_PROXY_STR(c) \
47	((c->is_proxy == GNUTLS_ENABLED_TRUE) ? "proxy " : "")
48
49	/**
50	* Convert `APR_EINTR` or `APR_EAGAIN` to the matching errno. Needed
51	* to pass the status on to GnuTLS from the pull and push functions.
52	*/
53	#define EAI_APR_TO_RAW(s) (APR_STATUS_IS_EAGAIN(s) ? EAGAIN : EINTR)
54
55
56
57	static apr_status_t gnutls_io_filter_error(ap_filter_t * f,
58	apr_bucket_brigade * bb,
59	apr_status_t status) {
60	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
61	apr_bucket *bucket;
62
63	switch (status) {
64	case HTTP_BAD_REQUEST:
65	/* log the situation */
66	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c,
67	"GnuTLS handshake failed: HTTP spoken on HTTPS port; "
68	"trying to send HTML error page");
69	ctxt->status = -1;
70
71	/* fake the request line */
72	bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
73	break;
74
75	default:
76	return status;
77	}
78
79	APR_BRIGADE_INSERT_TAIL(bb, bucket);
80	bucket = apr_bucket_eos_create(f->c->bucket_alloc);
81	APR_BRIGADE_INSERT_TAIL(bb, bucket);
82
83	return APR_SUCCESS;
84	}
85
86	static int char_buffer_read(mgs_char_buffer_t * buffer, char *in, int inl) {
87	if (!buffer->length) {
88	return 0;
89	}
90
91	if (buffer->length > inl) {
92	/* we have have enough to fill the caller's buffer */
93	memmove(in, buffer->value, inl);
94	buffer->value += inl;
95	buffer->length -= inl;
96	} else {
97	/* swallow remainder of the buffer */
98	memmove(in, buffer->value, buffer->length);
99	inl = buffer->length;
100	buffer->value = NULL;
101	buffer->length = 0;
102	}
103
104	return inl;
105	}
106
107	static int char_buffer_write(mgs_char_buffer_t * buffer, char *in, int inl) {
108	buffer->value = in;
109	buffer->length = inl;
110	return inl;
111	}
112
113	/**
114	* From mod_ssl / ssl_engine_io.c
115	* This function will read from a brigade and discard the read buckets as it
116	* proceeds. It will read at most *len bytes.
117	*/
118	static apr_status_t brigade_consume(apr_bucket_brigade * bb,
119	apr_read_type_e block,
120	char c, apr_size_t len) {
121	apr_size_t actual = 0;
122	apr_status_t status = APR_SUCCESS;
123
124	while (!APR_BRIGADE_EMPTY(bb)) {
125	apr_bucket *b = APR_BRIGADE_FIRST(bb);
126	const char *str;
127	apr_size_t str_len;
128	apr_size_t consume;
129
130	/* Justin points out this is an http-ism that might
131	* not fit if brigade_consume is added to APR. Perhaps
132	* apr_bucket_read(eos_bucket) should return APR_EOF?
133	* Then this becomes mainline instead of a one-off.
134	*/
135	if (APR_BUCKET_IS_EOS(b)) {
136	status = APR_EOF;
137	break;
138	}
139
140	/* The reason I'm not offering brigade_consume yet
141	* across to apr-util is that the following call
142	* illustrates how borked that API really is. For
143	* this sort of case (caller provided buffer) it
144	* would be much more trivial for apr_bucket_consume
145	* to do all the work that follows, based on the
146	* particular characteristics of the bucket we are
147	* consuming here.
148	*/
149	status = apr_bucket_read(b, &str, &str_len, block);
150
151	if (status != APR_SUCCESS) {
152	if (APR_STATUS_IS_EOF(status)) {
153	/* This stream bucket was consumed */
154	apr_bucket_delete(b);
155	continue;
156	}
157	break;
158	}
159
160	if (str_len > 0) {
161	/* Do not block once some data has been consumed */
162	block = APR_NONBLOCK_READ;
163
164	/* Assure we don't overflow. */
165	consume =
166	(str_len + actual >
167	len) ? len - actual : str_len;
168
169	memcpy(c, str, consume);
170
171	c += consume;
172	actual += consume;
173
174	if (consume >= b->length) {
175	/* This physical bucket was consumed */
176	apr_bucket_delete(b);
177	} else {
178	/* Only part of this physical bucket was consumed */
179	b->start += consume;
180	b->length -= consume;
181	}
182	} else if (b->length == 0) {
183	apr_bucket_delete(b);
184	}
185
186	/* This could probably be actual == *len, but be safe from stray
187	* photons. */
188	if (actual >= *len) {
189	break;
190	}
191	}
192
193	*len = actual;
194	return status;
195	}
196
197	static apr_status_t gnutls_io_input_read(mgs_handle_t * ctxt,
198	char buf, apr_size_t len)
199	{
200	apr_size_t wanted = *len;
201	apr_size_t bytes = 0;
202	int rc;
203
204	*len = 0;
205
206	/* If we have something leftover from last time, try that first. */
207	if ((bytes = char_buffer_read(&ctxt->input_cbuf, buf, wanted))) {
208	*len = bytes;
209	if (ctxt->input_mode == AP_MODE_SPECULATIVE) {
210	/* We want to rollback this read. */
211	if (ctxt->input_cbuf.length > 0) {
212	ctxt->input_cbuf.value -= bytes;
213	ctxt->input_cbuf.length += bytes;
214	} else {
215	char_buffer_write(&ctxt->input_cbuf, buf,
216	(int) bytes);
217	}
218	return APR_SUCCESS;
219	}
220	/* This could probably be *len == wanted, but be safe from stray
221	* photons.
222	*/
223	if (*len >= wanted) {
224	return APR_SUCCESS;
225	}
226	if (ctxt->input_mode == AP_MODE_GETLINE) {
227	if (memchr(buf, APR_ASCII_LF, *len)) {
228	return APR_SUCCESS;
229	}
230	} else {
231	/* Down to a nonblock pattern as we have some data already
232	*/
233	ctxt->input_block = APR_NONBLOCK_READ;
234	}
235	}
236
237	if (ctxt->session == NULL) {
238	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, ctxt->c,
239	"%s: GnuTLS session is NULL!", __func__);
240	return APR_EGENERAL;
241	}
242
243	while (1)
244	{
245	/* Note: The pull function sets ctxt->input_rc */
246	rc = gnutls_record_recv(ctxt->session, buf + bytes, wanted - bytes);
247
248	if (rc > 0) {
249	*len += rc;
250	if (ctxt->input_mode == AP_MODE_SPECULATIVE) {
251	/* We want to rollback this read. */
252	char_buffer_write(&ctxt->input_cbuf, buf,
253	rc);
254	}
255	return ctxt->input_rc;
256	} else if (rc == 0) {
257	/* EOF, return code depends on whether we still have data
258	* to return. */
259	if (*len > 0) {
260	ctxt->input_rc = APR_SUCCESS;
261	} else {
262	ctxt->input_rc = APR_EOF;
263	}
264	break;
265	} else { /* (rc < 0) */
266
267	if (rc == GNUTLS_E_INTERRUPTED \|\| rc == GNUTLS_E_AGAIN)
268	{
269	ap_log_cerror(APLOG_MARK, APLOG_TRACE2, ctxt->input_rc, ctxt->c,
270	"%s: looping recv after '%s' (%d)",
271	__func__, gnutls_strerror(rc), rc);
272	/* For a blocking read, loop and try again
273	* immediately. Otherwise just notify the caller. */
274	if (ctxt->input_block != APR_NONBLOCK_READ)
275	continue;
276	else
277	ctxt->input_rc =
278	(rc == GNUTLS_E_AGAIN ? APR_EAGAIN : APR_EINTR);
279	} else if (rc == GNUTLS_E_REHANDSHAKE) {
280	/* A client has asked for a new Hankshake. Currently, we don't do it */
281	ap_log_cerror(APLOG_MARK, APLOG_INFO,
282	ctxt->input_rc,
283	ctxt->c,
284	"GnuTLS: Error reading data. Client Requested a New Handshake."
285	" (%d) '%s'", rc,
286	gnutls_strerror(rc));
287	} else if (rc == GNUTLS_E_WARNING_ALERT_RECEIVED) {
288	rc = gnutls_alert_get(ctxt->session);
289	ap_log_cerror(APLOG_MARK, APLOG_INFO,
290	ctxt->input_rc,
291	ctxt->c,
292	"GnuTLS: Warning Alert From Client: "
293	" (%d) '%s'", rc,
294	gnutls_alert_get_name(rc));
295	} else if (rc == GNUTLS_E_FATAL_ALERT_RECEIVED) {
296	rc = gnutls_alert_get(ctxt->session);
297	ap_log_cerror(APLOG_MARK, APLOG_INFO,
298	ctxt->input_rc,
299	ctxt->c,
300	"GnuTLS: Fatal Alert From Client: "
301	"(%d) '%s'", rc,
302	gnutls_alert_get_name(rc));
303	ctxt->input_rc = APR_EGENERAL;
304	break;
305	} else {
306	/* Some Other Error. Report it. Die. */
307	if (gnutls_error_is_fatal(rc)) {
308	ap_log_cerror(APLOG_MARK,
309	APLOG_INFO,
310	ctxt->input_rc,
311	ctxt->c,
312	"GnuTLS: Error reading data. (%d) '%s'",
313	rc,
314	gnutls_strerror(rc));
315	} else if (*len > 0) {
316	ctxt->input_rc = APR_SUCCESS;
317	break;
318	}
319	}
320
321	if (ctxt->input_rc == APR_SUCCESS) {
322	ap_log_cerror(APLOG_MARK, APLOG_INFO, ctxt->input_rc, ctxt->c,
323	"%s: GnuTLS error: %s (%d)",
324	__func__, gnutls_strerror(rc), rc);
325	ctxt->input_rc = APR_EGENERAL;
326	}
327	break;
328	}
329	}
330	return ctxt->input_rc;
331	}
332
333	static apr_status_t gnutls_io_input_getline(mgs_handle_t * ctxt,
334	char buf, apr_size_t len) {
335	const char *pos = NULL;
336	apr_status_t status;
337	apr_size_t tmplen = len, buflen = len, offset = 0;
338
339	*len = 0;
340
341	while (tmplen > 0) {
342	status = gnutls_io_input_read(ctxt, buf + offset, &tmplen);
343
344	if (status != APR_SUCCESS) {
345	return status;
346	}
347
348	*len += tmplen;
349
350	if ((pos = memchr(buf, APR_ASCII_LF, *len))) {
351	break;
352	}
353
354	offset += tmplen;
355	tmplen = buflen - offset;
356	}
357
358	if (pos) {
359	char *value;
360	int length;
361	apr_size_t bytes = pos - buf;
362
363	bytes += 1;
364	value = buf + bytes;
365	length = *len - bytes;
366
367	char_buffer_write(&ctxt->input_cbuf, value, length);
368
369	*len = bytes;
370	}
371
372	return APR_SUCCESS;
373	}
374
375	#define HANDSHAKE_MAX_TRIES 1024
376
377	static int gnutls_do_handshake(mgs_handle_t * ctxt) {
378	int ret;
379	int errcode;
380	int maxtries = HANDSHAKE_MAX_TRIES;
381
382	if (ctxt->status != 0 \|\| ctxt->session == NULL) {
383	return -1;
384	}
385
386	/* Enable SNI and ALPN for proxy connections */
387	if (ctxt->is_proxy == GNUTLS_ENABLED_TRUE)
388	mgs_set_proxy_handshake_ext(ctxt);
389
390	tryagain:
391	do {
392	ret = gnutls_handshake(ctxt->session);
393	maxtries--;
394	} while ((ret == GNUTLS_E_INTERRUPTED \|\| ret == GNUTLS_E_AGAIN)
395	&& maxtries > 0);
396
397	if (maxtries < 1) {
398	ctxt->status = -1;
399	ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c,
400	"GnuTLS: Handshake Failed. Hit Maximum Attempts");
401	if (ctxt->session) {
402	gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
403	gnutls_error_to_alert
404	(GNUTLS_E_INTERNAL_ERROR, NULL));
405	gnutls_deinit(ctxt->session);
406	}
407	ctxt->session = NULL;
408	return -1;
409	}
410
411	if (ret < 0) {
412	if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
413	\|\| ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
414	errcode = gnutls_alert_get(ctxt->session);
415	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, ctxt->c,
416	"GnuTLS: Handshake Alert (%d) '%s'.",
417	errcode, gnutls_alert_get_name(errcode));
418	}
419
420	if (!gnutls_error_is_fatal(ret)) {
421	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, ctxt->c,
422	"GnuTLS: Non-Fatal Handshake Error: (%d) '%s'",
423	ret, gnutls_strerror(ret));
424	goto tryagain;
425	}
426	ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, ctxt->c,
427	"GnuTLS: Handshake Failed (%d) '%s'", ret,
428	gnutls_strerror(ret));
429	ctxt->status = -1;
430	if (ctxt->session) {
431	gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
432	gnutls_error_to_alert(ret,
433	NULL));
434	gnutls_deinit(ctxt->session);
435	}
436	ctxt->session = NULL;
437	return ret;
438	} else {
439	/* all done with the handshake */
440	ctxt->status = 1;
441	if (gnutls_session_is_resumed(ctxt->session))
442	{
443	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,
444	"%s: TLS session resumed.", __func__);
445	}
446	return GNUTLS_E_SUCCESS;
447	}
448	}
449
450	int mgs_rehandshake(mgs_handle_t * ctxt) {
451	int rv;
452
453	if (ctxt->session == NULL)
454	return -1;
455
456	rv = gnutls_rehandshake(ctxt->session);
457
458	if (rv != 0) {
459	/* the client did not want to rehandshake. goodbye */
460	ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, ctxt->c,
461	"GnuTLS: Client Refused Rehandshake request.");
462	return -1;
463	}
464
465	ctxt->status = 0;
466
467	rv = gnutls_do_handshake(ctxt);
468
469	return rv;
470	}
471
472
473
474	/**
475	* Close the TLS session associated with the given connection
476	* structure and free its resources
477	*
478	* @param ctxt the mod_gnutls session context
479	*
480	* @return a GnuTLS status code, hopefully `GNUTLS_E_SUCCESS`
481	*/
482	static int mgs_bye(mgs_handle_t* ctxt)
483	{
484	int ret = GNUTLS_E_SUCCESS;
485	/* End Of Connection */
486	if (ctxt->session != NULL)
487	{
488	/* Try A Clean Shutdown */
489	do {
490	ret = gnutls_bye(ctxt->session, GNUTLS_SHUT_WR);
491	} while (ret == GNUTLS_E_INTERRUPTED \|\| ret == GNUTLS_E_AGAIN);
492	if (ret != GNUTLS_E_SUCCESS)
493	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_EGENERAL, ctxt->c,
494	"%s: Error while closing TLS %sconnection: "
495	"'%s' (%d)",
496	__func__, IS_PROXY_STR(ctxt),
497	gnutls_strerror(ret), (int) ret);
498	else
499	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,
500	"%s: TLS %sconnection closed.",
501	__func__, IS_PROXY_STR(ctxt));
502	/* De-Initialize Session */
503	gnutls_deinit(ctxt->session);
504	ctxt->session = NULL;
505	}
506	return ret;
507	}
508
509
510
511	apr_status_t mgs_filter_input(ap_filter_t * f,
512	apr_bucket_brigade * bb,
513	ap_input_mode_t mode,
514	apr_read_type_e block, apr_off_t readbytes)
515	{
516	apr_status_t status = APR_SUCCESS;
517	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
518	apr_size_t len = sizeof (ctxt->input_buffer);
519
520	if (f->c->aborted) {
521	apr_bucket *bucket =
522	apr_bucket_eos_create(f->c->bucket_alloc);
523	APR_BRIGADE_INSERT_TAIL(bb, bucket);
524	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctxt->c,
525	"%s: %sconnection aborted",
526	__func__, IS_PROXY_STR(ctxt));
527	return APR_ECONNABORTED;
528	}
529
530	if (ctxt->status == 0) {
531	int ret = gnutls_do_handshake(ctxt);
532	if (ret == GNUTLS_E_SUCCESS)
533	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctxt->c,
534	"%s: TLS %sconnection opened.",
535	__func__, IS_PROXY_STR(ctxt));
536	}
537
538	if (ctxt->status < 0)
539	{
540	ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, ctxt->c,
541	"%s: %sconnection failed, cannot provide data!",
542	__func__, IS_PROXY_STR(ctxt));
543	apr_bucket *bucket =
544	apr_bucket_eos_create(f->c->bucket_alloc);
545	APR_BRIGADE_INSERT_TAIL(bb, bucket);
546	return APR_ECONNABORTED;
547	}
548
549	/* XXX: we don't currently support anything other than these modes. */
550	if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE &&
551	mode != AP_MODE_SPECULATIVE && mode != AP_MODE_INIT) {
552	return APR_ENOTIMPL;
553	}
554
555	ctxt->input_mode = mode;
556	ctxt->input_block = block;
557
558	if (ctxt->input_mode == AP_MODE_READBYTES \|\|
559	ctxt->input_mode == AP_MODE_SPECULATIVE) {
560	if (readbytes < 0) {
561	/* you're asking us to speculatively read a negative number of bytes! */
562	return APR_ENOTIMPL;
563	}
564	/* 'readbytes' and 'len' are of different integer types, which
565	* might have different lengths. Read sizes should be too
566	* small for 32 or 64 bit to matter, but we have to make
567	* sure. */
568	#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
569	if ((apr_size_t) readbytes < len)
570	{
571	/* If readbytes is negative the function fails in the
572	* check above, but the compiler doesn't get that. */
573	if (__builtin_expect(imaxabs(readbytes) > SIZE_MAX, 0))
574	{
575	ap_log_cerror(APLOG_MARK, APLOG_CRIT, APR_EINVAL, ctxt->c,
576	"%s: prevented buffer length overflow",
577	__func__);
578	return APR_EINVAL;
579	}
580	len = (apr_size_t) readbytes;
581	}
582	#else
583	if ((apr_size_t) readbytes < len
584	&& __builtin_add_overflow(readbytes, 0, &len))
585	{
586	ap_log_cerror(APLOG_MARK, APLOG_CRIT, APR_EINVAL, ctxt->c,
587	"%s: prevented buffer length overflow",
588	__func__);
589	return APR_EINVAL;
590	}
591	#endif
592	status =
593	gnutls_io_input_read(ctxt, ctxt->input_buffer, &len);
594	} else if (ctxt->input_mode == AP_MODE_GETLINE) {
595	status =
596	gnutls_io_input_getline(ctxt, ctxt->input_buffer,
597	&len);
598	} else {
599	/* We have no idea what you are talking about, so return an error. */
600	return APR_ENOTIMPL;
601	}
602
603	if (status != APR_SUCCESS)
604	{
605	/* no data for nonblocking read, return APR_EAGAIN */
606	if ((block == APR_NONBLOCK_READ) && APR_STATUS_IS_EINTR(status))
607	return APR_EAGAIN;
608
609	/* Close TLS session and free resources on EOF,
610	* gnutls_io_filter_error will add an EOS bucket */
611	if (APR_STATUS_IS_EOF(status))
612	mgs_bye(ctxt);
613
614	return gnutls_io_filter_error(f, bb, status);
615	}
616
617	/* Create a transient bucket out of the decrypted data. */
618	if (len > 0) {
619	apr_bucket *bucket =
620	apr_bucket_transient_create(ctxt->input_buffer, len,
621	f->c->bucket_alloc);
622	APR_BRIGADE_INSERT_TAIL(bb, bucket);
623	}
624
625	return status;
626	}
627
628	/**
629	* Try to flush the output bucket brigade.
630	*
631	* @param ctxt the mod_gnutls session context
632	*
633	* @return `1` on success, `-1` on failure.
634	*/
635	static ssize_t write_flush(mgs_handle_t * ctxt) {
636	apr_bucket *e;
637
638	if (!(ctxt->output_blen \|\| ctxt->output_length)) {
639	ctxt->output_rc = APR_SUCCESS;
640	return 1;
641	}
642
643	if (ctxt->output_blen) {
644	e = apr_bucket_transient_create(ctxt->output_buffer,
645	ctxt->output_blen,
646	ctxt->output_bb->
647	bucket_alloc);
648	/* we filled this buffer first so add it to the
649	* * head of the brigade
650	* */
651	APR_BRIGADE_INSERT_HEAD(ctxt->output_bb, e);
652	ctxt->output_blen = 0;
653	}
654
655	ctxt->output_length = 0;
656	e = apr_bucket_flush_create(ctxt->output_bb->bucket_alloc);
657	APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, e);
658
659	ctxt->output_rc = ap_pass_brigade(ctxt->output_filter->next,
660	ctxt->output_bb);
661	/* clear the brigade to be ready for next time */
662	apr_brigade_cleanup(ctxt->output_bb);
663
664	return (ctxt->output_rc == APR_SUCCESS) ? 1 : -1;
665	}
666
667	apr_status_t mgs_filter_output(ap_filter_t * f, apr_bucket_brigade * bb) {
668	int ret;
669	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
670	apr_status_t status = APR_SUCCESS;
671	apr_read_type_e rblock = APR_NONBLOCK_READ;
672
673	if (f->c->aborted) {
674	apr_brigade_cleanup(bb);
675	return APR_ECONNABORTED;
676	}
677
678	if (ctxt->status == 0) {
679	ret = gnutls_do_handshake(ctxt);
680	if (ret == GNUTLS_E_SUCCESS)
681	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, ctxt->c,
682	"%s: TLS %sconnection opened.",
683	__func__, IS_PROXY_STR(ctxt));
684	}
685
686	if (ctxt->status < 0)
687	{
688	ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, ctxt->c,
689	"%s: %sconnection failed, refusing to send.",
690	__func__, IS_PROXY_STR(ctxt));
691	if (ctxt->is_proxy)
692	{
693	/* If mod_proxy receives an error while trying to send its
694	* request it sends an "invalid request" error to the
695	* client. By pretending we could send the request
696	* mod_proxy continues its processing and sends a proper
697	* "proxy error" message when there's no response to read. */
698	apr_bucket *bucket = apr_bucket_eos_create(f->c->bucket_alloc);
699	APR_BRIGADE_INSERT_TAIL(bb, bucket);
700	return APR_SUCCESS;
701	}
702	else
703	return APR_ECONNABORTED;
704	}
705
706	while (!APR_BRIGADE_EMPTY(bb)) {
707	apr_bucket *bucket = APR_BRIGADE_FIRST(bb);
708
709	if (APR_BUCKET_IS_EOS(bucket)) {
710	return ap_pass_brigade(f->next, bb);
711	} else if (APR_BUCKET_IS_FLUSH(bucket)) {
712	/* Try Flush */
713	if (write_flush(ctxt) < 0) {
714	/* Flush Error */
715	return ctxt->output_rc;
716	}
717	/* cleanup! */
718	apr_bucket_delete(bucket);
719	} else if (AP_BUCKET_IS_EOC(bucket)) {
720	/* End Of Connection, close TLS session and free
721	* resources */
722	mgs_bye(ctxt);
723	/* cleanup! */
724	apr_bucket_delete(bucket);
725	/* Pass next brigade! */
726	return ap_pass_brigade(f->next, bb);
727	} else {
728	/* filter output */
729	const char *data;
730	apr_size_t len;
731
732	status = apr_bucket_read(bucket, &data, &len, rblock);
733
734	if (APR_STATUS_IS_EAGAIN(status)) {
735	/* No data available so Flush! */
736	if (write_flush(ctxt) < 0) {
737	return ctxt->output_rc;
738	}
739	/* Try again with a blocking read. */
740	rblock = APR_BLOCK_READ;
741	continue;
742	}
743
744	rblock = APR_NONBLOCK_READ;
745
746	if (!APR_STATUS_IS_EOF(status)
747	&& (status != APR_SUCCESS)) {
748	return status;
749	}
750
751	if (len > 0) {
752
753	if (ctxt->session == NULL) {
754	ret = GNUTLS_E_INVALID_REQUEST;
755	} else {
756	do {
757	ret =
758	gnutls_record_send
759	(ctxt->session, data,
760	len);
761	} while (ret == GNUTLS_E_INTERRUPTED
762	\|\| ret == GNUTLS_E_AGAIN);
763	}
764
765	if (ret < 0) {
766	/* error sending output */
767	ap_log_cerror(APLOG_MARK, APLOG_INFO, ctxt->output_rc,
768	ctxt->c,
769	"GnuTLS: Error writing data. (%d) '%s'",
770	ret, gnutls_strerror(ret));
771	if (ctxt->output_rc == APR_SUCCESS) {
772	ctxt->output_rc =
773	APR_EGENERAL;
774	return ctxt->output_rc;
775	}
776	} else if ((apr_size_t)(ret) != len) {
777	/* we know the above cast is OK because len > 0 and ret >= 0 */
778	/* Not able to send the entire bucket,
779	split it and send it again. */
780	apr_bucket_split(bucket, ret);
781	}
782	}
783
784	apr_bucket_delete(bucket);
785	}
786	}
787
788	return status;
789	}
790
791	/**
792	* Pull function for GnuTLS
793	*
794	* Generic errnos used for `gnutls_transport_set_errno()`:
795	* * `EAGAIN`: no data available at the moment, try again (maybe later)
796	* * `EINTR`: read was interrupted, try again
797	* * `EIO`: Unknown I/O error
798	* * `ECONNABORTED`: Input BB does not exist (`NULL`)
799	*
800	* The reason we are not using `APR_TO_OS_ERROR` to map `apr_status_t`
801	* to errnos is this warning [in the APR documentation][apr-warn]:
802	*
803	* > If the statcode was not created by apr_get_os_error or
804	* > APR_FROM_OS_ERROR, the results are undefined.
805	*
806	* We cannot know if this applies to any error we might encounter.
807	*
808	* @param ptr GnuTLS session data pointer (the mod_gnutls context
809	* structure)
810	*
811	* @param buffer buffer for the read data
812	*
813	* @param len maximum number of bytes to read (must fit into the
814	* buffer)
815	*
816	* @return The number of bytes read (may be zero on EOF), or `-1` on
817	* error. Note that some errors may warrant another try (see above).
818	*
819	* [apr-warn]: https://apr.apache.org/docs/apr/1.4/group__apr__errno.html#ga2385cae04b04afbdcb65f1a45c4d8506 "Apache Portable Runtime: Error Codes"
820	*/
821	ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
822	void *buffer, size_t len)
823	{
824	mgs_handle_t *ctxt = ptr;
825	apr_status_t rc;
826	apr_size_t in = len;
827	apr_read_type_e block = ctxt->input_block;
828
829	ctxt->input_rc = APR_SUCCESS;
830
831	/* If Len = 0, we don't do anything. */
832	if (!len \|\| buffer == NULL)
833	{
834	return 0;
835	}
836	/* Input bucket brigade is missing, EOF */
837	if (!ctxt->input_bb)
838	{
839	ctxt->input_rc = APR_EOF;
840	gnutls_transport_set_errno(ctxt->session, ECONNABORTED);
841	return -1;
842	}
843
844	if (APR_BRIGADE_EMPTY(ctxt->input_bb))
845	{
846	rc = ap_get_brigade(ctxt->input_filter->next,
847	ctxt->input_bb, AP_MODE_READBYTES,
848	ctxt->input_block, in);
849
850	/* Not a problem, there was simply no data ready yet.
851	*/
852	if (APR_STATUS_IS_EAGAIN(rc) \|\| APR_STATUS_IS_EINTR(rc)
853	\|\| (rc == APR_SUCCESS
854	&& APR_BRIGADE_EMPTY(ctxt->input_bb)))
855	{
856	/* Turning APR_SUCCESS into APR_EINTR isn't ideal, but
857	* it's the best matching error code for "didn't get data,
858	* but read didn't permanently fail either." */
859	ctxt->input_rc = (rc != APR_SUCCESS ? rc : APR_EINTR);
860	gnutls_transport_set_errno(ctxt->session,
861	EAI_APR_TO_RAW(ctxt->input_rc));
862	return -1;
863	}
864
865	/* Blocking ap_get_brigade() can return a timeout status,
866	* sometimes after a very short time. "Don't give up, just
867	* return the timeout" is what mod_ssl does. */
868	if (ctxt->input_block == APR_BLOCK_READ
869	&& APR_STATUS_IS_TIMEUP(rc)
870	&& APR_BRIGADE_EMPTY(ctxt->input_bb))
871	{
872	ctxt->input_rc = rc;
873	gnutls_transport_set_errno(ctxt->session, EAGAIN);
874	return -1;
875	}
876
877	if (rc != APR_SUCCESS)
878	{
879	/* Unexpected errors discard the brigade */
880	ap_log_cerror(APLOG_MARK, APLOG_INFO, rc, ctxt->c,
881	"%s: Unexpected error!", __func__);
882	apr_brigade_cleanup(ctxt->input_bb);
883	ctxt->input_bb = NULL;
884	gnutls_transport_set_errno(ctxt->session, EIO);
885	return -1;
886	}
887	}
888
889	ctxt->input_rc = brigade_consume(ctxt->input_bb, block, buffer, &len);
890
891	if (ctxt->input_rc == APR_SUCCESS)
892	{
893	return (ssize_t) len;
894	}
895
896	if (APR_STATUS_IS_EAGAIN(ctxt->input_rc)
897	\|\| APR_STATUS_IS_EINTR(ctxt->input_rc))
898	{
899	if (len == 0)
900	{
901	gnutls_transport_set_errno(ctxt->session,
902	EAI_APR_TO_RAW(ctxt->input_rc));
903	return -1;
904	}
905
906	return (ssize_t) len;
907	}
908
909	/* Unexpected errors and APR_EOF clean out the brigade.
910	* Subsequent calls will return APR_EOF. */
911	apr_brigade_cleanup(ctxt->input_bb);
912	ctxt->input_bb = NULL;
913
914	if (APR_STATUS_IS_EOF(ctxt->input_rc) && len)
915	{
916	/* Some data has been received before EOF, return it. */
917	return (ssize_t) len;
918	}
919
920	gnutls_transport_set_errno(ctxt->session, EIO);
921	return -1;
922	}
923
924	/**
925	* Push function for GnuTLS
926	*
927	* `gnutls_transport_set_errno()` will be called with `EAGAIN` or
928	* `EINTR` on recoverable errors, or `EIO` in case of unexpected
929	* errors. See the description of mgs_transport_read() for details on
930	* possible error codes.
931	*
932	* @param ptr GnuTLS session data pointer (the mod_gnutls context
933	* structure)
934	*
935	* @param buffer buffer containing the data to send
936	*
937	* @param len length of the data
938	* buffer)
939	*
940	* @return The number of written bytes, or `-1` on error. Note that
941	* some errors may warrant another try (see above).
942	*/
943	ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
944	const void *buffer, size_t len)
945	{
946	mgs_handle_t *ctxt = ptr;
947
948	/* pass along the encrypted data
949	* need to flush since we're using SSL's malloc-ed buffer
950	* which will be overwritten once we leave here
951	*/
952	apr_bucket *bucket = apr_bucket_transient_create(buffer, len,
953	ctxt->output_bb->
954	bucket_alloc);
955	ctxt->output_length += len;
956	APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, bucket);
957
958	if (write_flush(ctxt) < 0)
959	{
960	/* We encountered an error. APR_EINTR or APR_EAGAIN can be
961	* handled, treat everything else as a generic I/O error. */
962	int err = EIO;
963	if (APR_STATUS_IS_EAGAIN(ctxt->output_rc)
964	\|\| APR_STATUS_IS_EINTR(ctxt->output_rc))
965	err = EAI_APR_TO_RAW(ctxt->output_rc);
966
967	gnutls_transport_set_errno(ctxt->session, err);
968	return -1;
969	}
970	return len;
971	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: