Big cleanup of TLS interface

include/vlc_common.h

@@ -344,10 +344,6 @@ typedef int (*httpd_handler_callback_t)( httpd_handler_sys_t *, httpd_handler_t
 typedef struct httpd_redirect_t httpd_redirect_t;
 typedef struct httpd_stream_t httpd_stream_t;
 
-/* TLS support */
-typedef struct tls_server_t tls_server_t;
-typedef struct tls_session_t tls_session_t;
-
 /* Hashing */
 typedef struct md5_s md5_t;
 

include/vlc_network.h

@@ -146,8 +146,8 @@ VLC_API int net_SetCSCov( int fd, int sendcov, int recvcov );
 struct virtual_socket_t
 {
     void *p_sys;
-    int (*pf_recv) ( void *, void *, int );
-    int (*pf_send) ( void *, const void *, int );
+    int (*pf_recv) ( void *, void *, size_t );
+    int (*pf_send) ( void *, const void *, size_t );
 };
 
 VLC_API ssize_t net_Read( vlc_object_t *p_this, int fd, const v_socket_t *, void *p_data, size_t i_data, bool b_retry );

include/vlc_tls.h

 /*****************************************************************************
- * tls.c: Transport Layer Security API
+ * vlc_tls.h: Transport Layer Security API
  *****************************************************************************
- * Copyright (C) 2004-2007 the VideoLAN team
- * $Id$
- *
- * Authors: Rémi Denis-Courmont <rem # videolan.org>
+ * Copyright (C) 2004-2011 Rémi Denis-Courmont
+ * Copyright (C) 2005-2006 the VideoLAN team
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -31,52 +29,56 @@
 
 # include <vlc_network.h>
 
-typedef struct tls_server_sys_t tls_server_sys_t;
+typedef struct vlc_tls_sys vlc_tls_sys_t;
 
-struct tls_server_t
+typedef struct vlc_tls
 {
     VLC_COMMON_MEMBERS
 
-    module_t  *p_module;
-    tls_server_sys_t *p_sys;
+    union {
+        module_t *module; /**< Plugin handle (client) */
+        void    (*close) (struct vlc_tls *); /**< Close callback (server) */
+    } u;
+    vlc_tls_sys_t *sys;
 
-    int (*pf_add_CA) ( tls_server_t *, const char * );
-    int (*pf_add_CRL) ( tls_server_t *, const char * );
+    struct virtual_socket_t sock;
+    int  (*handshake) (struct vlc_tls *);
+} vlc_tls_t;
 
-    tls_session_t * (*pf_open)  ( tls_server_t * );
-    void            (*pf_close) ( tls_server_t *, tls_session_t * );
-};
+VLC_API vlc_tls_t *vlc_tls_ClientCreate (vlc_object_t *, int fd,
+                                         const char *hostname);
+VLC_API void vlc_tls_ClientDelete (vlc_tls_t *);
 
-typedef struct tls_session_sys_t tls_session_sys_t;
+/* NOTE: It is assumed that a->sock.p_sys = a */
+# define tls_Send( a, b, c ) (((vlc_tls_t *)a)->sock.pf_send (a, b, c))
 
-struct tls_session_t
-{
-    VLC_COMMON_MEMBERS
+# define tls_Recv( a, b, c ) (((vlc_tls_t *)a)->sock.pf_recv (a, b, c))
 
-    module_t  *p_module;
-    tls_session_sys_t *p_sys;
 
-    struct virtual_socket_t sock;
-    void (*pf_set_fd) ( tls_session_t *, int );
-    int  (*pf_handshake) ( tls_session_t * );
-};
+typedef struct vlc_tls_creds_sys vlc_tls_creds_sys_t;
 
+/** TLS (server-side) credentials */
+typedef struct vlc_tls_creds
+{
+    VLC_COMMON_MEMBERS
 
-tls_server_t *tls_ServerCreate (vlc_object_t *, const char *, const char *);
-void tls_ServerDelete (tls_server_t *);
-int tls_ServerAddCA (tls_server_t *srv, const char *path);
-int tls_ServerAddCRL (tls_server_t *srv, const char *path);
+    module_t  *module;
+    vlc_tls_creds_sys_t *sys;
 
-tls_session_t *tls_ServerSessionCreate (tls_server_t *, int fd);
-int tls_ServerSessionHandshake (tls_session_t *);
-void tls_ServerSessionDelete (tls_session_t *);
+    int (*add_CA) (struct vlc_tls_creds *, const char *path);
+    int (*add_CRL) (struct vlc_tls_creds *, const char *path);
 
-VLC_API tls_session_t * tls_ClientCreate( vlc_object_t *, int, const char * );
-VLC_API void tls_ClientDelete( tls_session_t * );
+    vlc_tls_t *(*open) (struct vlc_tls_creds *, int fd);
+} vlc_tls_creds_t;
 
-/* NOTE: It is assumed that a->sock.p_sys = a */
-# define tls_Send( a, b, c ) (((tls_session_t *)a)->sock.pf_send (a, b, c ))
+vlc_tls_creds_t *vlc_tls_ServerCreate (vlc_object_t *,
+                                       const char *cert, const char *key);
+void vlc_tls_ServerDelete (vlc_tls_creds_t *);
+int vlc_tls_ServerAddCA (vlc_tls_creds_t *srv, const char *path);
+int vlc_tls_ServerAddCRL (vlc_tls_creds_t *srv, const char *path);
 
-# define tls_Recv( a, b, c ) (((tls_session_t *)a)->sock.pf_recv (a, b, c ))
+vlc_tls_t *vlc_tls_ServerSessionCreate (vlc_tls_creds_t *, int fd);
+int vlc_tls_ServerSessionHandshake (vlc_tls_t *);
+void vlc_tls_ServerSessionDelete (vlc_tls_t *);
 
 #endif

modules/access/http.c

@@ -142,7 +142,7 @@ struct access_sys_t
 {
     int fd;
     bool b_error;
-    tls_session_t *p_tls;
+    vlc_tls_t  *p_tls;
     v_socket_t *p_vs;
 
     /* From uri */
@@ -1195,7 +1195,7 @@ static int Connect( access_t *p_access, uint64_t i_tell )
         }
 
         /* TLS/SSL handshake */
-        p_sys->p_tls = tls_ClientCreate( VLC_OBJECT(p_access), p_sys->fd,
+        p_sys->p_tls = vlc_tls_ClientCreate( VLC_OBJECT(p_access), p_sys->fd,
                                              p_sys->url.psz_host );
         if( p_sys->p_tls == NULL )
         {
@@ -1621,7 +1621,7 @@ static void Disconnect( access_t *p_access )
 
     if( p_sys->p_tls != NULL)
     {
-        tls_ClientDelete( p_sys->p_tls );
+        vlc_tls_ClientDelete( p_sys->p_tls );
         p_sys->p_tls = NULL;
         p_sys->p_vs = NULL;
     }

src/libvlccore.sym

@@ -436,8 +436,8 @@ subpicture_Update
 subpicture_region_ChainDelete
 subpicture_region_Delete
 subpicture_region_New
-tls_ClientCreate
-tls_ClientDelete
+vlc_tls_ClientCreate
+vlc_tls_ClientDelete
 ToCharset
 ToLocale
 ToLocaleDup

src/network/httpd.c

@@ -108,7 +108,7 @@ struct httpd_host_t
     httpd_client_t **client;
 
     /* TLS data */
-    tls_server_t *p_tls;
+    vlc_tls_creds_t *p_tls;
 };
 
 
@@ -180,7 +180,7 @@ struct httpd_client_t
     httpd_message_t answer; /* httpd -> client */
 
     /* TLS data */
-    tls_session_t *p_tls;
+    vlc_tls_t *p_tls;
 };
 
 
@@ -982,7 +982,7 @@ httpd_host_t *httpd_TLSHostNew( vlc_object_t *p_this, const char *psz_hostname,
 {
     httpd_t      *httpd;
     httpd_host_t *host;
-    tls_server_t *p_tls;
+    vlc_tls_creds_t *p_tls;
     char *psz_host;
     int i;
 
@@ -1043,20 +1043,20 @@ httpd_host_t *httpd_TLSHostNew( vlc_object_t *p_this, const char *psz_hostname,
     /* determine TLS configuration */
     if ( psz_cert != NULL )
     {
-        p_tls = tls_ServerCreate( p_this, psz_cert, psz_key );
+        p_tls = vlc_tls_ServerCreate( p_this, psz_cert, psz_key );
         if ( p_tls == NULL )
         {
             msg_Err( p_this, "TLS initialization error" );
             goto error;
         }
 
-        if ( ( psz_ca != NULL) && tls_ServerAddCA( p_tls, psz_ca ) )
+        if ( ( psz_ca != NULL) && vlc_tls_ServerAddCA( p_tls, psz_ca ) )
         {
             msg_Err( p_this, "TLS CA error" );
             goto error;
         }
 
-        if ( ( psz_crl != NULL) && tls_ServerAddCRL( p_tls, psz_crl ) )
+        if ( ( psz_crl != NULL) && vlc_tls_ServerAddCRL( p_tls, psz_crl ) )
         {
             msg_Err( p_this, "TLS CRL error" );
             goto error;
@@ -1132,7 +1132,7 @@ error:
     }
 
     if( p_tls != NULL )
-        tls_ServerDelete( p_tls );
+        vlc_tls_ServerDelete( p_tls );
 
     return NULL;
 }
@@ -1184,7 +1184,7 @@ void httpd_HostDelete( httpd_host_t *host )
     }
 
     if( host->p_tls != NULL)
-        tls_ServerDelete( host->p_tls );
+        vlc_tls_ServerDelete( host->p_tls );
 
     net_ListenClose( host->fds );
     free( host->psz_hostname );
@@ -1429,7 +1429,7 @@ static void httpd_ClientClean( httpd_client_t *cl )
     if( cl->fd >= 0 )
     {
         if( cl->p_tls != NULL )
-            tls_ServerSessionDelete( cl->p_tls );
+            vlc_tls_ServerSessionDelete( cl->p_tls );
         net_Close( cl->fd );
         cl->fd = -1;
     }
@@ -1441,7 +1441,7 @@ static void httpd_ClientClean( httpd_client_t *cl )
     cl->p_buffer = NULL;
 }
 
-static httpd_client_t *httpd_ClientNew( int fd, tls_session_t *p_tls, mtime_t now )
+static httpd_client_t *httpd_ClientNew( int fd, vlc_tls_t *p_tls, mtime_t now )
 {
     httpd_client_t *cl = malloc( sizeof( httpd_client_t ) );
 
@@ -1460,7 +1460,7 @@ static httpd_client_t *httpd_ClientNew( int fd, tls_session_t *p_tls, mtime_t no
 static
 ssize_t httpd_NetRecv (httpd_client_t *cl, uint8_t *p, size_t i_len)
 {
-    tls_session_t *p_tls;
+    vlc_tls_t *p_tls;
     ssize_t val;
 
     p_tls = cl->p_tls;
@@ -1474,7 +1474,7 @@ ssize_t httpd_NetRecv (httpd_client_t *cl, uint8_t *p, size_t i_len)
 static
 ssize_t httpd_NetSend (httpd_client_t *cl, const uint8_t *p, size_t i_len)
 {
-    tls_session_t *p_tls;
+    vlc_tls_t *p_tls;
     ssize_t val;
 
     p_tls = cl->p_tls;
@@ -2015,7 +2015,7 @@ static void httpd_ClientSend( httpd_client_t *cl )
 
 static void httpd_ClientTlsHsIn( httpd_client_t *cl )
 {
-    switch( tls_ServerSessionHandshake( cl->p_tls ) )
+    switch( vlc_tls_ServerSessionHandshake( cl->p_tls ) )
     {
         case 0:
             cl->i_state = HTTPD_CLIENT_RECEIVING;
@@ -2033,7 +2033,7 @@ static void httpd_ClientTlsHsIn( httpd_client_t *cl )
 
 static void httpd_ClientTlsHsOut( httpd_client_t *cl )
 {
-    switch( tls_ServerSessionHandshake( cl->p_tls ) )
+    switch( vlc_tls_ServerSessionHandshake( cl->p_tls ) )
     {
         case 0:
             cl->i_state = HTTPD_CLIENT_RECEIVING;
@@ -2533,12 +2533,12 @@ static void* httpd_HostThread( void *data )
             setsockopt (fd, SOL_SOCKET, SO_REUSEADDR,
                         &(int){ 1 }, sizeof(int));
 
-            tls_session_t *p_tls;
+            vlc_tls_t *p_tls;
 
             if( host->p_tls != NULL )
             {
-                p_tls = tls_ServerSessionCreate( host->p_tls, fd );
-                switch( tls_ServerSessionHandshake( p_tls ) )
+                p_tls = vlc_tls_ServerSessionCreate( host->p_tls, fd );
+                switch( vlc_tls_ServerSessionHandshake( p_tls ) )
                 {
                     case -1:
                         msg_Err( host, "Rejecting TLS connection" );

src/network/tls.c

@@ -46,14 +46,12 @@
  *
  * @return NULL on error.
  */
-tls_server_t *
-tls_ServerCreate (vlc_object_t *obj, const char *cert_path,
+vlc_tls_creds_t *
+vlc_tls_ServerCreate (vlc_object_t *obj, const char *cert_path,
                       const char *key_path)
 {
-    tls_server_t *srv;
-
-    srv = (tls_server_t *)vlc_custom_create (obj, sizeof (*srv), "tls server");
-    if (srv == NULL)
+    vlc_tls_creds_t *srv = vlc_custom_create (obj, sizeof (*srv), "tls creds");
+    if (unlikely(srv == NULL))
         return NULL;
 
     var_Create (srv, "tls-x509-cert", VLC_VAR_STRING);
@@ -68,8 +66,8 @@ tls_ServerCreate (vlc_object_t *obj, const char *cert_path,
         var_SetString (srv, "tls-x509-key", key_path);
     }
 
-    srv->p_module = module_need (srv, "tls server", NULL, false );
-    if (srv->p_module == NULL)
+    srv->module = module_need (srv, "tls server", NULL, false );
+    if (srv->module == NULL)
     {
         msg_Err (srv, "TLS server plugin not available");
         vlc_object_release (srv);
@@ -82,15 +80,15 @@ tls_ServerCreate (vlc_object_t *obj, const char *cert_path,
 
 
 /**
- * Releases data allocated with tls_ServerCreate.
+ * Releases data allocated with vlc_tls_ServerCreate().
  * @param srv TLS server object to be destroyed, or NULL
  */
-void tls_ServerDelete (tls_server_t *srv)
+void vlc_tls_ServerDelete (vlc_tls_creds_t *srv)
 {
     if (srv == NULL)
         return;
 
-    module_unneed (srv, srv->p_module);
+    module_unneed (srv, srv->module);
     vlc_object_release (srv);
 }
 
@@ -99,9 +97,9 @@ void tls_ServerDelete (tls_server_t *srv)
  * Adds one or more certificate authorities from a file.
  * @return -1 on error, 0 on success.
  */
-int tls_ServerAddCA (tls_server_t *srv, const char *path)
+int vlc_tls_ServerAddCA (vlc_tls_creds_t *srv, const char *path)
 {
-    return srv->pf_add_CA (srv, path);
+    return srv->add_CA (srv, path);
 }
 
 
@@ -109,37 +107,54 @@ int tls_ServerAddCA (tls_server_t *srv, const char *path)
  * Adds one or more certificate revocation list from a file.
  * @return -1 on error, 0 on success.
  */
-int tls_ServerAddCRL (tls_server_t *srv, const char *path)
+int vlc_tls_ServerAddCRL (vlc_tls_creds_t *srv, const char *path)
 {
-    return srv->pf_add_CRL (srv, path);
+    return srv->add_CRL (srv, path);
 }
 
 
-tls_session_t *tls_ServerSessionCreate (tls_server_t *srv, int fd)
+vlc_tls_t *vlc_tls_ServerSessionCreate (vlc_tls_creds_t *srv, int fd)
 {
-    tls_session_t *ses = srv->pf_open (srv);
-    if (ses != NULL)
-        ses->pf_set_fd (ses, fd);
-    return ses;
+    return srv->open (srv, fd);
 }
 
 
-void tls_ServerSessionDelete (tls_session_t *ses)
+void vlc_tls_ServerSessionDelete (vlc_tls_t *ses)
 {
-    tls_server_t *srv = (tls_server_t *)(ses->p_parent);
-    srv->pf_close (srv, ses);
+    ses->u.close (ses);
 }
 
 
-int tls_ServerSessionHandshake (tls_session_t *ses)
+int vlc_tls_ServerSessionHandshake (vlc_tls_t *ses)
 {
-    int val = ses->pf_handshake (ses);
+    int val = ses->handshake (ses);
     if (val < 0)
-        tls_ServerSessionDelete (ses);
+        vlc_tls_ServerSessionDelete (ses);
     return val;
 }
 
 
+/*** TLS client session ***/
+/* TODO: cache certificates for the whole VLC instance lifetime */
+
+static int tls_client_start(void *func, va_list ap)
+{
+    int (*activate) (vlc_tls_t *, int fd, const char *hostname) = func;
+    vlc_tls_t *session = va_arg (ap, vlc_tls_t *);
+    int fd = va_arg (ap, int);
+    const char *hostname = va_arg (ap, const char *);
+
+    return activate (session, fd, hostname);
+}
+
+static void tls_client_stop(void *func, va_list ap)
+{
+    void (*deactivate) (vlc_tls_t *) = func;
+    vlc_tls_t *session = va_arg (ap, vlc_tls_t *);
+
+    deactivate (session);
+}
+
 /**
  * Allocates a client's TLS credentials and shakes hands through the network.
  * This is a blocking network operation.
@@ -150,61 +165,49 @@ int tls_ServerSessionHandshake (tls_session_t *ses)
  *
  * @return NULL on error.
  **/
-tls_session_t *
-tls_ClientCreate (vlc_object_t *obj, int fd, const char *psz_hostname)
+vlc_tls_t *
+vlc_tls_ClientCreate (vlc_object_t *obj, int fd, const char *hostname)
 {
-    tls_session_t *cl;
-    int val;
-
-    cl = (tls_session_t *)vlc_custom_create (obj, sizeof (*cl), "tls client");
-    if (cl == NULL)
+    vlc_tls_t *cl = vlc_custom_create (obj, sizeof (*cl), "tls client");
+    if (unlikely(cl == NULL))
         return NULL;
 
-    var_Create (cl, "tls-server-name", VLC_VAR_STRING);
-    if (psz_hostname != NULL)
-    {
-        msg_Dbg (cl, "requested server name: %s", psz_hostname);
-        var_SetString (cl, "tls-server-name", psz_hostname);
-    }
-    else
-        msg_Dbg (cl, "requested anonymous server");
-
-    cl->p_module = module_need (cl, "tls client", NULL, false );
-    if (cl->p_module == NULL)
+    cl->u.module = vlc_module_load (cl, "tls client", NULL, false,
+                                    tls_client_start, cl, fd, hostname);
+    if (cl->u.module == NULL)
     {
         msg_Err (cl, "TLS client plugin not available");
         vlc_object_release (cl);
         return NULL;
     }
 
-    cl->pf_set_fd (cl, fd);
-
+    /* TODO: do this directly in the TLS plugin */
+    int val;
     do
-        val = cl->pf_handshake (cl);
+        val = cl->handshake (cl);
     while (val > 0);
 
-    if (val == 0)
+    if (val != 0)
     {
-        msg_Dbg (cl, "TLS client session initialized");
-        return cl;
-    }
         msg_Err (cl, "TLS client session handshake error");
-
-    module_unneed (cl, cl->p_module);
+        vlc_module_unload (cl->u.module, tls_client_stop, cl);
         vlc_object_release (cl);
         return NULL;
+    }
+    msg_Dbg (cl, "TLS client session initialized");
+    return cl;
 }
 
 
 /**
- * Releases data allocated with tls_ClientCreate.
+ * Releases data allocated with vlc_tls_ClientCreate().
  * It is your job to close the underlying socket.
  */
-void tls_ClientDelete (tls_session_t *cl)
+void vlc_tls_ClientDelete (vlc_tls_t *cl)
 {
     if (cl == NULL)
         return;
 
-    module_unneed (cl, cl->p_module);
+    vlc_module_unload (cl->u.module, tls_client_stop, cl);
     vlc_object_release (cl);
 }