Commit 1c672a3d authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

- Non blocking TLS handshaking

parent c818ae89
...@@ -59,7 +59,8 @@ struct tls_session_t ...@@ -59,7 +59,8 @@ struct tls_session_t
void *p_sys; void *p_sys;
struct virtual_socket_t sock; struct virtual_socket_t sock;
tls_session_t * (*pf_handshake) ( tls_session_t *, int ); int (*pf_handshake) ( tls_session_t *, int );
int (*pf_handshake2) ( tls_session_t * );
void (*pf_close) ( tls_session_t * ); void (*pf_close) ( tls_session_t * );
}; };
...@@ -102,6 +103,7 @@ VLC_EXPORT( tls_session_t *, tls_ClientCreate, ( vlc_object_t *, const char *, i ...@@ -102,6 +103,7 @@ VLC_EXPORT( tls_session_t *, tls_ClientCreate, ( vlc_object_t *, const char *, i
VLC_EXPORT( void, tls_ClientDelete, ( tls_session_t * ) ); VLC_EXPORT( void, tls_ClientDelete, ( tls_session_t * ) );
# define tls_SessionHandshake( a, b ) (((tls_session_t *)a)->pf_handshake (a, b)) # define tls_SessionHandshake( a, b ) (((tls_session_t *)a)->pf_handshake (a, b))
# define tls_SessionContinueHandshake( a ) (((tls_session_t *)a)->pf_handshake2 (a))
# define tls_SessionClose( a ) (((tls_session_t *)a)->pf_close (a)) # define tls_SessionClose( a ) (((tls_session_t *)a)->pf_close (a))
......
...@@ -128,26 +128,25 @@ gnutls_Recv( void *p_session, void *buf, int i_length ) ...@@ -128,26 +128,25 @@ gnutls_Recv( void *p_session, void *buf, int i_length )
/***************************************************************************** /*****************************************************************************
* tls_SessionHandshake: * tls_Session(Continue)?Handshake:
***************************************************************************** *****************************************************************************
* Establishes TLS session with a peer through socket <fd>. * Establishes TLS session with a peer through socket <fd>.
* Returns NULL on error (do NOT call tls_SessionClose in case of error or * Returns -1 on error (you need not and must not call tls_SessionClose)
* re-use the session structure). * 0 on succesful handshake completion, 1 if more would-be blocking recv is
* needed, 2 if more would-be blocking send is required.
*****************************************************************************/ *****************************************************************************/
static tls_session_t * static int
gnutls_SessionHandshake( tls_session_t *p_session, int fd ) gnutls_SessionContinueHandshake( tls_session_t *p_session)
{ {
tls_session_sys_t *p_sys; tls_session_sys_t *p_sys;
int val; int val;
p_sys = (tls_session_sys_t *)(p_session->p_sys); p_sys = (tls_session_sys_t *)(p_session->p_sys);
gnutls_transport_set_ptr (p_sys->session, (gnutls_transport_ptr)fd); /* TODO: handle fatal error */
val = gnutls_handshake( p_sys->session );
do if( ( val == GNUTLS_E_AGAIN ) || ( val == GNUTLS_E_INTERRUPTED ) )
/* TODO: handle fatal error */ return 1 + gnutls_record_get_direction( p_sys->session );
val = gnutls_handshake( p_sys->session );
while( ( val == GNUTLS_E_AGAIN ) || ( val == GNUTLS_E_INTERRUPTED ) );
if( val < 0 ) if( val < 0 )
{ {
...@@ -156,10 +155,22 @@ gnutls_SessionHandshake( tls_session_t *p_session, int fd ) ...@@ -156,10 +155,22 @@ gnutls_SessionHandshake( tls_session_t *p_session, int fd )
gnutls_strerror( val ) ); gnutls_strerror( val ) );
free( p_sys ); free( p_sys );
free( p_session ); free( p_session );
return NULL; return -1;
} }
return p_session; return 0;
}
static int
gnutls_SessionHandshake( tls_session_t *p_session, int fd )
{
tls_session_sys_t *p_sys;
p_sys = (tls_session_sys_t *)(p_session->p_sys);
gnutls_transport_set_ptr (p_sys->session, (gnutls_transport_ptr)fd);
return gnutls_SessionContinueHandshake( p_session );
} }
...@@ -376,6 +387,7 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server ) ...@@ -376,6 +387,7 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server )
p_session->sock.pf_send = gnutls_Send; p_session->sock.pf_send = gnutls_Send;
p_session->sock.pf_recv = gnutls_Recv; p_session->sock.pf_recv = gnutls_Recv;
p_session->pf_handshake = gnutls_SessionHandshake; p_session->pf_handshake = gnutls_SessionHandshake;
p_session->pf_handshake2 = gnutls_SessionContinueHandshake;
p_session->pf_close = gnutls_SessionClose; p_session->pf_close = gnutls_SessionClose;
return p_session; return p_session;
......
...@@ -264,6 +264,9 @@ enum ...@@ -264,6 +264,9 @@ enum
HTTPD_CLIENT_WAITING, HTTPD_CLIENT_WAITING,
HTTPD_CLIENT_DEAD, HTTPD_CLIENT_DEAD,
HTTPD_CLIENT_TLS_HS_IN,
HTTPD_CLIENT_TLS_HS_OUT
}; };
/* mode */ /* mode */
enum enum
...@@ -2020,6 +2023,41 @@ static void httpd_ClientSend( httpd_client_t *cl ) ...@@ -2020,6 +2023,41 @@ static void httpd_ClientSend( httpd_client_t *cl )
} }
} }
static void httpd_ClientTlsHsIn( httpd_client_t *cl )
{
switch( tls_SessionContinueHandshake( cl->p_tls ) )
{
case 0:
cl->i_state = HTTPD_CLIENT_RECEIVING;
break;
case -1:
cl->i_state = HTTPD_CLIENT_DEAD;
break;
case 2:
cl->i_state = HTTPD_CLIENT_TLS_HS_OUT;
}
}
static void httpd_ClientTlsHsOut( httpd_client_t *cl )
{
switch( tls_SessionContinueHandshake( cl->p_tls ) )
{
case 0:
cl->i_state = HTTPD_CLIENT_RECEIVING;
break;
case -1:
cl->i_state = HTTPD_CLIENT_DEAD;
break;
case 1:
cl->i_state = HTTPD_CLIENT_TLS_HS_IN;
break;
}
}
static void httpd_HostThread( httpd_host_t *host ) static void httpd_HostThread( httpd_host_t *host )
{ {
tls_session_t *p_tls = NULL; tls_session_t *p_tls = NULL;
...@@ -2077,12 +2115,14 @@ static void httpd_HostThread( httpd_host_t *host ) ...@@ -2077,12 +2115,14 @@ static void httpd_HostThread( httpd_host_t *host )
i_client--; i_client--;
continue; continue;
} }
else if( cl->i_state == HTTPD_CLIENT_RECEIVING ) else if( ( cl->i_state == HTTPD_CLIENT_RECEIVING )
|| ( cl->i_state == HTTPD_CLIENT_TLS_HS_IN ) )
{ {
FD_SET( cl->fd, &fds_read ); FD_SET( cl->fd, &fds_read );
i_handle_max = __MAX( i_handle_max, cl->fd ); i_handle_max = __MAX( i_handle_max, cl->fd );
} }
else if( cl->i_state == HTTPD_CLIENT_SENDING ) else if( ( cl->i_state == HTTPD_CLIENT_SENDING )
|| ( cl->i_state == HTTPD_CLIENT_TLS_HS_OUT ) )
{ {
FD_SET( cl->fd, &fds_write ); FD_SET( cl->fd, &fds_write );
i_handle_max = __MAX( i_handle_max, cl->fd ); i_handle_max = __MAX( i_handle_max, cl->fd );
...@@ -2422,6 +2462,8 @@ static void httpd_HostThread( httpd_host_t *host ) ...@@ -2422,6 +2462,8 @@ static void httpd_HostThread( httpd_host_t *host )
fd = accept( host->fd, (struct sockaddr *)&sock, &i_sock_size ); fd = accept( host->fd, (struct sockaddr *)&sock, &i_sock_size );
if( fd >= 0 ) if( fd >= 0 )
{ {
int i_state = 0;
/* set this new socket non-block */ /* set this new socket non-block */
#if defined( WIN32 ) || defined( UNDER_CE ) #if defined( WIN32 ) || defined( UNDER_CE )
{ {
...@@ -2435,12 +2477,21 @@ static void httpd_HostThread( httpd_host_t *host ) ...@@ -2435,12 +2477,21 @@ static void httpd_HostThread( httpd_host_t *host )
/* FIXME: that MUST be non-blocking */ /* FIXME: that MUST be non-blocking */
if( p_tls != NULL) if( p_tls != NULL)
{ {
p_tls = tls_SessionHandshake( p_tls, fd ); switch ( tls_SessionHandshake( p_tls, fd ) )
if ( p_tls == NULL )
{ {
msg_Err( host, "Rejecting TLS connection" ); case -1:
net_Close( fd ); msg_Err( host, "Rejecting TLS connection" );
fd = -1; net_Close( fd );
fd = -1;
break;
case 1: /* missing input - most likely */
i_state = HTTPD_CLIENT_TLS_HS_IN;
break;
case 2: /* missing output */
i_state = HTTPD_CLIENT_TLS_HS_OUT;
break;
} }
} }
...@@ -2455,7 +2506,9 @@ static void httpd_HostThread( httpd_host_t *host ) ...@@ -2455,7 +2506,9 @@ static void httpd_HostThread( httpd_host_t *host )
TAB_APPEND( host->i_client, host->client, cl ); TAB_APPEND( host->i_client, host->client, cl );
vlc_mutex_unlock( &host->lock ); vlc_mutex_unlock( &host->lock );
if( i_state != 0 )
cl->i_state = i_state; // override state for TLS
// FIXME: it sucks to allocate memory for debug // FIXME: it sucks to allocate memory for debug
ip = httpd_ClientIP( cl ); ip = httpd_ClientIP( cl );
msg_Dbg( host, "new connection (%s)", msg_Dbg( host, "new connection (%s)",
...@@ -2478,6 +2531,14 @@ static void httpd_HostThread( httpd_host_t *host ) ...@@ -2478,6 +2531,14 @@ static void httpd_HostThread( httpd_host_t *host )
{ {
httpd_ClientSend( cl ); httpd_ClientSend( cl );
} }
else if( cl->i_state == HTTPD_CLIENT_TLS_HS_IN )
{
httpd_ClientTlsHsIn( cl );
}
else if( cl->i_state == HTTPD_CLIENT_TLS_HS_OUT )
{
httpd_ClientTlsHsOut( cl );
}
if( cl->i_mode == HTTPD_CLIENT_BIDIR && if( cl->i_mode == HTTPD_CLIENT_BIDIR &&
cl->i_state == HTTPD_CLIENT_SENDING && cl->i_state == HTTPD_CLIENT_SENDING &&
......
...@@ -114,8 +114,7 @@ tls_ClientCreate( vlc_object_t *p_this, const char *psz_ca, int fd ) ...@@ -114,8 +114,7 @@ tls_ClientCreate( vlc_object_t *p_this, const char *psz_ca, int fd )
p_session = __tls_ClientCreate( p_tls, psz_ca ); p_session = __tls_ClientCreate( p_tls, psz_ca );
if( p_session != NULL ) if( p_session != NULL )
{ {
p_session = tls_SessionHandshake( p_session, fd ); if( tls_SessionHandshake( p_session, fd ) )
if( p_session != NULL )
{ {
msg_Dbg( p_this, "TLS/SSL provider initialized" ); msg_Dbg( p_this, "TLS/SSL provider initialized" );
return p_session; return p_session;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment