static bool recv_handler(struct sa *src, struct mbuf *mb, void *arg)
{
struct dtls_flow *flow = arg;
uint8_t b;
int r, n;
if (mbuf_get_left(mb) < 1)
return false;
/* ignore non-DTLS packets */
b = mb->buf[mb->pos];
if (b < 20 || b > 63)
return false;
if (!sa_cmp(src, &flow->peer, SA_ALL))
return false;
/* feed SSL data to the BIO */
r = BIO_write(flow->sbio_in, mbuf_buf(mb), (int)mbuf_get_left(mb));
if (r <= 0)
return true;
n = SSL_read(flow->ssl, mbuf_buf(mb), (int)mbuf_get_space(mb));
if (n <= 0) {
ERR_clear_error();
}
if (!flow->up && SSL_state(flow->ssl) == SSL_ST_OK) {
struct key client_key, server_key;
char profile[256];
int err;
flow->up = true;
err = get_srtp_key_info(flow, profile, sizeof(profile),
&client_key, &server_key);
if (err) {
warning("dtls: SRTP key info: %m\n", err);
return true;
}
flow->estabh(0, flow, profile,
&client_key, &server_key, flow->arg);
}
return true;
}
extern "C" int32_t CryptoNative_IsSslStateOK(SSL* ssl)
{
return SSL_state(ssl) == SSL_ST_OK;
}
static int openssl_ssl_get(lua_State*L)
{
SSL* s = CHECK_OBJECT(1, SSL, "openssl.ssl");
int i;
int top = lua_gettop(L);
for (i = 2; i <= top; i++)
{
const char* what = luaL_checklstring(L, i, NULL);
if (strcmp(what, "fd") == 0)
{
lua_pushinteger(L, SSL_get_fd(s));
}
else if (strcmp(what, "rfd") == 0)
{
lua_pushinteger(L, SSL_get_rfd(s));
}
else if (strcmp(what, "wfd") == 0)
{
lua_pushinteger(L, SSL_get_wfd(s));
}
else if (strcmp(what, "client_CA_list") == 0)
{
STACK_OF(X509_NAME)* sn = SSL_get_client_CA_list(s);
PUSH_OBJECT(sn, "openssl.sk_x509_name");
}
else if (strcmp(what, "read_ahead") == 0)
{
lua_pushboolean(L, SSL_get_read_ahead(s));
}
else if (strcmp(what, "shared_ciphers") == 0)
{
char buf[LUAL_BUFFERSIZE] = {0};
lua_pushstring(L, SSL_get_shared_ciphers(s, buf, sizeof(buf)));
}
else if (strcmp(what, "cipher_list") == 0)
{
//TODO FIX
lua_pushstring(L, SSL_get_cipher_list(s, 0));
}
else if (strcmp(what, "verify_mode") == 0)
{
//FIX
lua_pushinteger(L, SSL_get_verify_mode(s));
}
else if (strcmp(what, "verify_depth") == 0)
{
lua_pushinteger(L, SSL_get_verify_depth(s));
}
else if (strcmp(what, "state_string") == 0)
{
lua_pushstring(L, SSL_state_string(s));
}
else if (strcmp(what, "state_string_long") == 0)
{
lua_pushstring(L, SSL_state_string_long(s));
}
else if (strcmp(what, "rstate_string") == 0)
{
lua_pushstring(L, SSL_rstate_string(s));
}
else if (strcmp(what, "rstate_string_long") == 0)
{
lua_pushstring(L, SSL_rstate_string_long(s));
}
else if (strcmp(what, "version") == 0)
{
lua_pushstring(L, SSL_get_version(s));
}
else if (strcmp(what, "iversion") == 0)
{
lua_pushinteger(L, SSL_version(s));
}
else if (strcmp(what, "default_timeout") == 0)
{
lua_pushinteger(L, SSL_get_default_timeout(s));
}
else if (strcmp(what, "certificate") == 0)
{
X509* cert = SSL_get_certificate(s);
PUSH_OBJECT(cert, "openssl.x509");
}
else if (strcmp(what, "verify_result") == 0)
{
long l = SSL_get_verify_result(s);
lua_pushinteger(L, l);
}
else if (strcmp(what, "version") == 0)
{
lua_pushstring(L, SSL_get_version(s));
}
else if (strcmp(what, "state") == 0)
{
lua_pushinteger(L, SSL_state(s));
}
else if (strcmp(what, "hostname") == 0)
{
lua_pushstring(L, SSL_get_servername(s, TLSEXT_NAMETYPE_host_name));
}
else
luaL_argerror(L, i, "can't understant");
}
return top - 1;
}
int32_t local_SSL_is_init_finished(const SSL* ssl)
{
return SSL_state(ssl) == SSL_ST_OK;
}
static bool recv_handler(int *err, struct mbuf *mb, bool *estab, void *arg)
{
struct tls_conn *tc = arg;
int r;
/* feed SSL data to the BIO */
r = BIO_write(tc->sbio_in, mbuf_buf(mb), (int)mbuf_get_left(mb));
if (r <= 0) {
DEBUG_WARNING("recv: BIO_write %d\n", r);
*err = ENOMEM;
return true;
}
if (SSL_state(tc->ssl) != SSL_ST_OK) {
if (tc->up) {
*err = EPROTO;
return true;
}
if (tc->active) {
*err = tls_connect(tc);
}
else {
*err = tls_accept(tc);
}
DEBUG_INFO("state=0x%04x\n", SSL_state(tc->ssl));
/* TLS connection is established */
if (SSL_state(tc->ssl) != SSL_ST_OK)
return true;
*estab = true;
tc->up = true;
}
mbuf_set_pos(mb, 0);
for (;;) {
int n;
if (mbuf_get_space(mb) < 4096) {
*err = mbuf_resize(mb, mb->size + 8192);
if (*err)
return true;
}
n = SSL_read(tc->ssl, mbuf_buf(mb), (int)mbuf_get_space(mb));
if (n < 0) {
const int ssl_err = SSL_get_error(tc->ssl, n);
switch (ssl_err) {
case SSL_ERROR_WANT_READ:
break;
default:
*err = EPROTO;
return true;
}
break;
}
else if (n == 0)
break;
mb->pos += n;
}
mbuf_set_end(mb, mb->pos);
mbuf_set_pos(mb, 0);
return false;
}
