FLB_INLINE int net_io_tls_write(struct flb_thread *th, struct flb_io_upstream *u, void *data, size_t len, size_t *out_len) { int ret; size_t total = 0; if (!u->tls_session) { u->tls_session = flb_tls_session_new(u->tls->context); if (!u->tls_session) { flb_error("[io_tls] could not create tls session"); return -1; } ret = flb_io_net_tls_connect(u, th); if (ret == -1) { flb_error("[io_tls] could not connect/initiate TLS session"); return -1; } } retry_write: ret = mbedtls_ssl_write(&u->tls_session->ssl, data + total, len - total); if (ret == MBEDTLS_ERR_SSL_WANT_WRITE) { io_tls_event_switch(u, MK_EVENT_WRITE); flb_thread_yield(th, FLB_FALSE); goto retry_write; } else if (ret == MBEDTLS_ERR_SSL_WANT_READ) { io_tls_event_switch(u, MK_EVENT_READ); flb_thread_yield(th, FLB_FALSE); goto retry_write; } else if (ret < 0) { char err_buf[72]; mbedtls_strerror(ret, err_buf, sizeof(err_buf)); flb_debug("[tls] SSL error: %s", err_buf); /* There was an error transmitting data */ mk_event_del(u->evl, &u->event); tls_session_destroy(u->tls_session); u->tls_session = NULL; return -1; } /* Update statistics */ //flb_stats_update(out->stats_fd, ret, 0); /* Update counter and check if we need to continue writing */ total += ret; if (total < len) { io_tls_event_switch(u, MK_EVENT_WRITE); flb_thread_yield(th, FLB_FALSE); goto retry_write; } mk_event_del(u->evl, &u->event); return 0; }
static ssize_t rb_ssl_read_or_write(int r_or_w, rb_fde_t *F, void *rbuf, const void *wbuf, size_t count) { ssize_t ret; if(r_or_w == 0) ret = mbedtls_ssl_read(F->ssl, rbuf, count); else ret = mbedtls_ssl_write(F->ssl, wbuf, count); if(ret < 0) { switch (ret) { case MBEDTLS_ERR_SSL_WANT_READ: return RB_RW_SSL_NEED_READ; case MBEDTLS_ERR_SSL_WANT_WRITE: return RB_RW_SSL_NEED_WRITE; default: F->sslerr.ssl_errno = ret; errno = EIO; return RB_RW_IO_ERROR; } } return ret; }
unsigned int HAL_DTLSSession_write(DTLSContext *context, const unsigned char *p_data, unsigned int *p_datalen) { int len = 0; unsigned int err_code = DTLS_SUCCESS; dtls_session_t *p_dtls_session = (dtls_session_t *)context; if (NULL != p_dtls_session && NULL != p_data && p_datalen != NULL) { len = (*p_datalen); len = mbedtls_ssl_write(&p_dtls_session->context, p_data, len); if (len < 0) { if (len == MBEDTLS_ERR_SSL_CONN_EOF) { if (p_dtls_session->context.state < MBEDTLS_SSL_HANDSHAKE_OVER) { err_code = DTLS_HANDSHAKE_IN_PROGRESS; } } } else { (*p_datalen) = len; err_code = DTLS_SUCCESS; } } return err_code; }
IoT_Error_t iot_tls_write(Network *pNetwork, unsigned char *pMsg, size_t len, Timer *timer, size_t *written_len) { size_t written_so_far; bool isErrorFlag = false; int frags, ret = 0; TLSDataParams *tlsDataParams = &(pNetwork->tlsDataParams); for(written_so_far = 0, frags = 0; written_so_far < len && !has_timer_expired(timer); written_so_far += ret, frags++) { while(!has_timer_expired(timer) && (ret = mbedtls_ssl_write(&(tlsDataParams->ssl), pMsg + written_so_far, len - written_so_far)) <= 0) { if(ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { ESP_LOGE(TAG, "failed! mbedtls_ssl_write returned -0x%x", -ret); /* All other negative return values indicate connection needs to be reset. * Will be caught in ping request so ignored here */ isErrorFlag = true; break; } } if(isErrorFlag) { break; } } *written_len = written_so_far; if(isErrorFlag) { return NETWORK_SSL_WRITE_ERROR; } else if(has_timer_expired(timer) && written_so_far != len) { return NETWORK_SSL_WRITE_TIMEOUT_ERROR; } return SUCCESS; }
/* * [0] - dukf_ssl_context_t - pointer * [1] - data to write - buffer or string */ static duk_ret_t js_ssl_write(duk_context *ctx) { char errortext[256]; LOGD(">> js_ssl_write"); dukf_ssl_context_t *dukf_ssl_context = duk_get_pointer(ctx, -2); size_t len; uint8_t *buf; // If the data is a string, then the string is the data to transmit else it // is a buffer and the content of the buffer is the data to transmit, if (duk_is_string(ctx, -1)) { buf = (void *)duk_get_string(ctx, -1); len = strlen((char *)buf); } else { buf = duk_get_buffer_data(ctx, -1, &len); if (len == 0) { LOGE("js_ssl_write: The data buffer is zero length."); return 0; } } LOGD("About to send data over SSL: %.*s", len, buf); int rc = mbedtls_ssl_write(&dukf_ssl_context->ssl, buf, len); if (rc < 0) { mbedtls_strerror(rc, errortext, sizeof(errortext)); LOGE("error from mbedtls_ssl_write: %d - %x - %s", rc, rc, errortext); duk_push_nan(ctx); } else { duk_push_int(ctx, rc); } LOGD("<< js_ssl_write: rc=%d", rc); return 1; } // js_ssl_write
/* send packets from TCP socket */ ssize_t send_cb(websocket_context_ptr ctx, const uint8_t *buf, size_t len, int flags, void *user_data) { ssize_t r; int fd; int retry_cnt = 3; struct websocket_info_t *info = user_data; fd = info->data->fd; SEND_RETRY: if (info->data->tls_enabled) { r = mbedtls_ssl_write(info->data->tls_ssl, buf, len); } else { r = send(fd, buf, len, flags); } if (r < 0) { printf("send err : %d\n", errno); if (retry_cnt == 0) { websocket_set_error(info->data, WEBSOCKET_ERR_CALLBACK_FAILURE); return r; } retry_cnt--; goto SEND_RETRY; } return r; }
ProtocolError DTLSMessageChannel::send(Message& message) { if (ssl_context.state != MBEDTLS_SSL_HANDSHAKE_OVER) return INVALID_STATE; if (message.send_direct()) { // send unencrypted int bytes = this->send(message.buf(), message.length()); return bytes < 0 ? IO_ERROR : NO_ERROR; } #ifdef DEBUG_BUILD LOG(TRACE, "message length %d", message.length()); for (size_t i=0; i<message.length(); i++) { char buf[3]; char c = message.buf()[i]; sprintf(buf, "%02x", c); LOG_PRINT(TRACE, buf); } LOG_PRINT(TRACE, "\n"); #endif int ret = mbedtls_ssl_write(&ssl_context, message.buf(), message.length()); if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { reset_session(); return IO_ERROR; } sessionPersist.update(&ssl_context, callbacks.save, coap_state ? *coap_state : 0); return NO_ERROR; }
Socket::Status TcpSocket::send(const void* data, std::size_t size, std::size_t& sent) { // Check the parameters if (!data || (size == 0)) { err() << "Cannot send data over the network (no data to send)" << std::endl; return Error; } // Loop until every byte has been sent int result = 0; for (sent = 0; sent < size; sent += result) { // Send a chunk of data if (isSecure()) result = mbedtls_ssl_write(&getSecureData().ssl, static_cast<const unsigned char*>(data) + sent, size - sent); else result = ::send(getHandle(), static_cast<const char*>(data) + sent, size - sent, flags); // Check for errors if (result < 0) { Status status = priv::SocketImpl::getErrorStatus(); if ((status == NotReady) && sent) return Partial; return status; } } return Done; }
static int send_one_packet(const char *packet_body, mbedtls_ssl_context *ssl) { int ret, len; unsigned char buf[10000]; plog("sending packet: '%s'", packet_body); len = strlen(packet_body); do { ret = mbedtls_ssl_write(ssl, (unsigned char *)packet_body, len); } while (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE); if (ret < 0) { plog("ERROR: mbedtls_ssl_write returned %d", ret); return ret; } len = ret; plog("%d bytes written: '%s'", len, packet_body); if (strncmp("noreply", packet_body, 7) == 0) { /* Outgoing packet begins with "noreply", so don't attempt to read a * response from the server. Just return successfully. */ return 0; } plog("Read from server..."); len = sizeof(buf) - 1; memset(buf, 0, sizeof(buf)); do { ret = mbedtls_ssl_read(ssl, buf, len); } while (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE); if (ret <= 0) { switch (ret) { case MBEDTLS_ERR_SSL_TIMEOUT: plog("ERROR: timeout"); return ret; case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: plog("ERROR: connection was closed gracefully"); return ret; default: plog("ERROR: mbedtls_ssl_read returned -0x%x", -ret); return ret; } } len = ret; plog("%d bytes read: '%s'", len, buf); if (is_reverse(packet_body, (char *)buf)) { return 0; /* Success */ } return -1; }
static int write_ssl_and_get_response( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) { int ret; unsigned char data[128]; char code[4]; size_t i, idx = 0; mbedtls_printf("\n%s", buf); while( len && ( ret = mbedtls_ssl_write( ssl, buf, len ) ) <= 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); return -1; } } do { len = sizeof( data ) - 1; memset( data, 0, sizeof( data ) ); ret = mbedtls_ssl_read( ssl, data, len ); if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ) continue; if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ) return -1; if( ret <= 0 ) { mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret ); return -1; } mbedtls_printf("\n%s", data); len = ret; for( i = 0; i < len; i++ ) { if( data[i] != '\n' ) { if( idx < 4 ) code[ idx++ ] = data[i]; continue; } if( idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ' ) { code[3] = '\0'; return atoi( code ); } idx = 0; } } while( 1 ); }
static ssize_t tls_write(esp_tls_t *tls, const char *data, size_t datalen) { ssize_t ret = mbedtls_ssl_write(&tls->ssl, (unsigned char*) data, datalen); if (ret < 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { ESP_LOGE(TAG, "write error :%d:", ret); } } return ret; }
int coap_security_handler_send_message(coap_security_t *sec, unsigned char *message, size_t len){ int ret=-1; if( sec ){ do ret = mbedtls_ssl_write( &sec->_ssl, (unsigned char *) message, len ); while( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ); } return ret; //bytes written }
static value ssl_send_char( value ssl, value v ) { unsigned char cc; int c; val_check_kind(ssl,k_ssl); val_check(v,int); c = val_int(v); if( c < 0 || c > 255 ) neko_error(); cc = (unsigned char) c; mbedtls_ssl_write( val_ssl(ssl), &cc, 1 ); return val_true; }
/** Write data to a TLS connection. Calls into mbedTLS, which in turn calls into * @ref altcp_mbedtls_bio_send() to send the encrypted data */ static err_t altcp_mbedtls_write(struct altcp_pcb *conn, const void *dataptr, u16_t len, u8_t apiflags) { int ret; altcp_mbedtls_state_t *state; LWIP_UNUSED_ARG(apiflags); if (conn == NULL) { return ERR_VAL; } state = (altcp_mbedtls_state_t *)conn->state; if (state == NULL) { /* @todo: which error? */ return ERR_CLSD; } if (!(state->flags & ALTCP_MBEDTLS_FLAGS_HANDSHAKE_DONE)) { /* @todo: which error? */ return ERR_VAL; } /* HACK: if thre is something left to send, try to flush it and only allow sending more if this succeeded (this is a hack because neither returning 0 nor MBEDTLS_ERR_SSL_WANT_WRITE worked for me) */ if (state->ssl_context.out_left) { mbedtls_ssl_flush_output(&state->ssl_context); if (state->ssl_context.out_left) { return ERR_MEM; } } ret = mbedtls_ssl_write(&state->ssl_context, (const unsigned char *)dataptr, len); /* try to send data... */ altcp_output(conn->inner_conn); if (ret >= 0) { if (ret == len) { state->flags |= ALTCP_MBEDTLS_FLAGS_APPLDATA_SENT; return ERR_OK; } else { /* @todo/@fixme: assumption: either everything sent or error */ LWIP_ASSERT("ret <= 0", 0); return ERR_MEM; } } else { if (ret == MBEDTLS_ERR_SSL_WANT_WRITE) { /* @todo: convert error to err_t */ return ERR_MEM; } LWIP_ASSERT("unhandled error", 0); return ERR_VAL; } }
static int send_response(struct zoap_packet *request, u8_t response_code) { struct net_pkt *pkt; struct net_buf *frag; struct zoap_packet response; u8_t code, type; u16_t id; int r; code = zoap_header_get_code(request); type = zoap_header_get_type(request); id = zoap_header_get_id(request); printk("*******\n"); printk("type: %u code %u id %u\n", type, code, id); printk("*******\n"); pkt = net_pkt_get_reserve(&zoap_pkt_slab, 0, K_NO_WAIT); if (!pkt) { return -ENOMEM; } frag = net_buf_alloc(&zoap_data_pool, K_NO_WAIT); if (!frag) { return -ENOMEM; } net_pkt_frag_add(pkt, frag); r = zoap_packet_init(&response, pkt); if (r < 0) { return -EINVAL; } zoap_header_set_version(&response, 1); zoap_header_set_type(&response, ZOAP_TYPE_ACK); zoap_header_set_code(&response, response_code); zoap_header_set_id(&response, id); do { r = mbedtls_ssl_write(curr_ctx, frag->data, frag->len); } while (r == MBEDTLS_ERR_SSL_WANT_READ || r == MBEDTLS_ERR_SSL_WANT_WRITE); if (r >= 0) { r = 0; } net_pkt_unref(pkt); return r; }
/* Send data via TLS connection */ int tls_send(mbedtls_ssl_context *context, const char *buffer, unsigned int length) { int result; do { result = mbedtls_ssl_write(context, (unsigned char*)buffer, length); } while (result == MBEDTLS_ERR_SSL_WANT_WRITE); if (result < 0) { return -1; } return result; }
int SSLContext::write(State & state, SSLContextData * ssl_context_data) { Stack * stack = state.stack; if (stack->is<LUA_TSTRING>(1)) { const std::string buffer = stack->toLString(1); int result = mbedtls_ssl_write(ssl_context_data->context, reinterpret_cast<const unsigned char *>(buffer.c_str()), buffer.length()); stack->push<int>(result); return 1; } else { return 0; } }
static int tls_client_write(struct client *c, const void *data, size_t len) { const uint8_t *buf = data; while (len > 0) { ssize_t r = mbedtls_ssl_write(&c->ssl, buf, len); if (r <= 0) return -1; buf += r; len -= r; } return 0; }
int dslink_socket_write(Socket *sock, char *buf, size_t len) { int r; if (sock->secure) { r = mbedtls_ssl_write(((SslSocket *) sock)->ssl, (unsigned char *) buf, len); } else { r = mbedtls_net_send(sock->socket_fd, (unsigned char *) buf, len); } if (r < 0) { errno = r; return DSLINK_SOCK_WRITE_ERR; } return r; }
int openssl_write(struct connection *conn) { int n = mbedtls_ssl_write(conn->ssl, (unsigned char *)conn->curp, conn->length); if (n < 0) switch (n) { case MBEDTLS_ERR_SSL_WANT_READ: case MBEDTLS_ERR_SSL_WANT_WRITE: return -EAGAIN; default: printf("Not read or write\n"); break; } return n; }
int _ssl_write(nsp_state *N, TCP_SOCKET *sock, const void *buf, int max) { #define __FN__ __FILE__ ":_ssl_write()" #if defined HAVE_OPENSSL return SSL_write(sock->ssl, buf, max); #elif defined HAVE_MBEDTLS int rc; do { rc = mbedtls_ssl_write(&sock->ssl, (void *)buf, max); } while (rc == MBEDTLS_ERR_SSL_WANT_READ || rc == MBEDTLS_ERR_SSL_WANT_WRITE); return rc; #endif #undef __FN__ }
int iot_tls_write(Network *pNetwork, unsigned char *pMsg, int len, int timeout_ms) { int written; int frags; for (written = 0, frags = 0; written < len; written += ret, frags++) { while ((ret = mbedtls_ssl_write(&ssl, pMsg + written, len - written)) <= 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { ERROR(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n", -ret); return ret; } } } return written; }
/* Send buffer via TLS */ int tls_send_buffer(mbedtls_ssl_context *context, const char *buffer, int size) { int bytes_written, total_written = 0; if (size <= 0) { return 0; } else while (total_written < size) { if ((bytes_written = mbedtls_ssl_write(context, (unsigned char*)buffer + total_written, size - total_written)) > 0) { total_written += bytes_written; } else if (bytes_written != MBEDTLS_ERR_SSL_WANT_WRITE) { return -1; } } return total_written; }
int ssl_socket_send_all_blocking(void *state_data, const void *data_, size_t size, bool no_signal) { struct ssl_state *state = (struct ssl_state*)state_data; const uint8_t *data = (const uint8_t*)data_; int ret; mbedtls_net_set_block(&state->net_ctx); while ((ret = mbedtls_ssl_write(&state->ctx, data, size)) <= 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) return false; } return true; }
static int write_ssl_data( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) { int ret; mbedtls_printf("\n%s", buf); while( len && ( ret = mbedtls_ssl_write( ssl, buf, len ) ) <= 0 ) { if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); return -1; } } return( 0 ); }
ssize_t ssl_socket_send_all_nonblocking(void *state_data, const void *data_, size_t size, bool no_signal) { struct ssl_state *state = (struct ssl_state*)state_data; const uint8_t *data = (const uint8_t*)data_; ssize_t sent = size; int ret; mbedtls_net_set_nonblock(&state->net_ctx); ret = mbedtls_ssl_write(&state->ctx, data, size); if (ret <= 0) return -1; return sent; }
int clax_send_ssl(void *ctx, const unsigned char *buf, size_t len) { int ret; mbedtls_ssl_context *ssl = ctx; while ((ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { clax_log("failed\n ! mbedtls_ssl_write returned %d", ret); return ret; } } /*clax_log("send (ssl)=%d from %d", ret, len);*/ return ret; }
static ssize_t mbed_send(struct connectdata *conn, int sockindex, const void *mem, size_t len, CURLcode *curlcode) { int ret = -1; ret = mbedtls_ssl_write(&conn->ssl[sockindex].ssl, (unsigned char *)mem, len); if(ret < 0) { *curlcode = (ret == MBEDTLS_ERR_SSL_WANT_WRITE) ? CURLE_AGAIN : CURLE_SEND_ERROR; ret = -1; } return ret; }
/* * This returns -1, or the length sent. * If -1, then you need to find out if the error was * fatal or recoverable using SSL_get_error() */ int ssl_pm_send(SSL *ssl, const void *buffer, int len) { int ret; struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; ret = mbedtls_ssl_write(&ssl_pm->ssl, buffer, len); /* * We can get a positive number, which may be less than len... that * much was sent successfully and you can call again to send more. * * We can get a negative mbedtls error code... if WANT_WRITE or WANT_READ, * it's nonfatal and means it should be retried as-is. If something else, * it's fatal actually. * * If this function returns something other than a positive value or * MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context becomes unusable, and * you should either free it or call mbedtls_ssl_session_reset() on it * before re-using it for a new connection; the current connection must * be closed. * * When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, it must be * called later with the same arguments, until it returns a positive value. */ if (ret < 0) { SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_write() return -0x%x", -ret); switch (ret) { case MBEDTLS_ERR_NET_CONN_RESET: ssl->err = SSL_ERROR_SYSCALL; break; case MBEDTLS_ERR_SSL_WANT_WRITE: ssl->err = SSL_ERROR_WANT_WRITE; break; case MBEDTLS_ERR_SSL_WANT_READ: ssl->err = SSL_ERROR_WANT_READ; break; default: break; } ret = -1; } return ret; }
STATIC mp_uint_t socket_write(mp_obj_t o_in, const void *buf, mp_uint_t size, int *errcode) { mp_obj_ssl_socket_t *o = MP_OBJ_TO_PTR(o_in); int ret = mbedtls_ssl_write(&o->ssl, buf, size); if (ret >= 0) { return ret; } if (ret == MBEDTLS_ERR_SSL_WANT_WRITE) { ret = MP_EWOULDBLOCK; } else if (ret == MBEDTLS_ERR_SSL_WANT_READ) { // If handshake is not finished, write attempt may end up in protocol // wanting to read next handshake message. The same may happen with // renegotation. ret = MP_EWOULDBLOCK; } *errcode = ret; return MP_STREAM_ERROR; }