Пример #1
0
/*
 * Do the handshaking from the beginning.
 */
int do_client_connect(SSL *ssl)
{
    int ret = SSL_OK;

    send_client_hello(ssl);                 /* send the client hello */
    ssl->bm_read_index = 0;
    ssl->next_state = HS_SERVER_HELLO;
    ssl->hs_status = SSL_NOT_OK;            /* not connected */

    /* sit in a loop until it all looks good */
    if (!IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS))
    {
        while (ssl->hs_status != SSL_OK)
        {
            ret = ssl_read(ssl, NULL);
            
            if (ret < SSL_OK)
                break;
        }

        ssl->hs_status = ret;            /* connected? */    
    }

    return ret;
}
Пример #2
0
STATIC mp_uint_t socket_read(mp_obj_t o_in, void *buf, mp_uint_t size, int *errcode) {
    mp_obj_ssl_socket_t *o = MP_OBJ_TO_PTR(o_in);

    while (o->bytes_left == 0) {
        mp_int_t r = ssl_read(o->ssl_sock, &o->buf);
        if (r == SSL_OK) {
            // SSL_OK from ssl_read() means "everything is ok, but there's
            // not user data yet. So, we just keep reading.
            continue;
        }
        if (r < 0) {
            if (r == SSL_CLOSE_NOTIFY || r == SSL_ERROR_CONN_LOST) {
                // EOF
                return 0;
            }
            *errcode = r;
            return MP_STREAM_ERROR;
        }
        o->bytes_left = r;
    }

    if (size > o->bytes_left) {
        size = o->bytes_left;
    }
    memcpy(buf, o->buf, size);
    o->buf += size;
    o->bytes_left -= size;
    return size;
}
Пример #3
0
/*
 * Do the handshaking from the beginning.
 */
int ICACHE_FLASH_ATTR do_client_connect(SSL *ssl)
{
    int ret = SSL_OK;
	
    send_client_hello(ssl);                 /* send the client hello */
    ssl->bm_read_index = 0;
    ssl->next_state = HS_SERVER_HELLO;
    ssl->hs_status = SSL_NOT_OK;            /* not connected */

    /* sit in a loop until it all looks good */
    if (!IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS))
    {
        while (ssl->hs_status != SSL_OK)
        {
//        	esp_ssl_sleep(100);
            ret = ssl_read(ssl, NULL);
            ssl_printf("%s %d %d\n", __func__, __LINE__,ret);
            if (ret < SSL_OK)
                break;
        }

        ssl->hs_status = ret;            /* connected? */    
    }

    return ret;
}
Пример #4
0
/*
 * This function is called after the TCP connect has completed. Setup the TLS
 * layer and do all necessary magic for a blocking connect.
 */
CURLcode
Curl_axtls_connect(struct connectdata *conn,
                  int sockindex)

{
  CURLcode conn_step = connect_prep(conn, sockindex);
  int ssl_fcn_return;
  SSL *ssl = conn->ssl[sockindex].ssl;

  if(conn_step != CURLE_OK) {
    Curl_axtls_close(conn, sockindex);
    return conn_step;
  }

  /* Check to make sure handshake was ok. */
  while(ssl_handshake_status(ssl) != SSL_OK) {
    ssl_fcn_return = ssl_read(ssl, NULL);
    if(ssl_fcn_return < 0) {
      Curl_axtls_close(conn, sockindex);
      ssl_display_error(ssl_fcn_return); /* goes to stdout. */
      return map_error_to_curl(ssl_fcn_return);
    }
    usleep(10000);
  }
  infof (conn->data, "handshake completed successfully\n");

  conn_step = connect_finish(conn, sockindex);
  if(conn_step != CURLE_OK) {
    Curl_axtls_close(conn, sockindex);
    return conn_step;
  }

  return CURLE_OK;
}
Пример #5
0
/*
 *  call-seq:
 *      read( length ) -> string or raises
 *
 *  Reads +length+ bytes from the SSL connection or raises PolarSSL::SSL::Error.
 */
static VALUE R_ssl_read( VALUE self, VALUE length )
{
    ssl_context *ssl;
    VALUE result;
    int buffer_size = NUM2INT( length );
    unsigned char buffer[buffer_size];
    int length_to_read;
    int length_read;

    Check_Type( length, T_FIXNUM );

    Data_Get_Struct( self, ssl_context, ssl );

    length_to_read = sizeof( buffer ) - 1;
    length_read = ssl_read( ssl, buffer, length_to_read );

    if ( length_read == 0 || length_read == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
    {
        result = Qnil;
    }
    else if (length_read < 0)
    {
        rb_raise( e_SSLError, "-0x%x", -length_read );
    }
    else
    {
        result = rb_str_new2( (char *)buffer );
    }

    return result;
}
Пример #6
0
static ioa_socket_handle dtls_accept_client_connection(
				dtls_listener_relay_server_type* server,
				SSL *ssl,
				ioa_addr *remote_addr, ioa_addr *local_addr,
				u08bits *s, int len)
{
	FUNCSTART;

	if (!ssl)
		return NULL;

	int rc = ssl_read(server->udp_listen_s->fd, ssl, (s08bits*)s, ioa_network_buffer_get_capacity(), server->verbose, &len);

	if (rc < 0)
		return NULL;

	addr_debug_print(server->verbose, remote_addr, "Accepted connection from");

	ioa_socket_handle ioas = create_ioa_socket_from_ssl(server->e, server->udp_listen_s, ssl, DTLS_SOCKET, CLIENT_SOCKET, remote_addr, local_addr);
	if(ioas) {

		ioas->listener_server = server;

		addr_cpy(&(server->sm.m.sm.nd.src_addr),remote_addr);
		server->sm.m.sm.nd.recv_ttl = TTL_IGNORE;
		server->sm.m.sm.nd.recv_tos = TOS_IGNORE;
		server->sm.m.sm.s = ioas;
	} else {
		TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot create ioa_socket from SSL\n");
	}

	FUNCEND	;

	return ioas;
}
Пример #7
0
static ssize_t polarssl_recv(struct connectdata *conn,
                             int num,
                             char *buf,
                             size_t buffersize,
                             CURLcode *curlcode)
{
  struct ssl_connect_data *connssl = &conn->ssl[num];
  int ret = -1;
  ssize_t len = -1;

  memset(buf, 0, buffersize);
  ret = ssl_read(&BACKEND->ssl, (unsigned char *)buf, buffersize);

  if(ret <= 0) {
    if(ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY)
      return 0;

    *curlcode = (ret == POLARSSL_ERR_NET_WANT_READ) ?
      CURLE_AGAIN : CURLE_RECV_ERROR;
    return -1;
  }

  len = ret;

  return len;
}
Пример #8
0
static int
polarssl_read(tcpcon_t *tc, void *buf, size_t len, int all)
{
  int ret, tot = 0;
  if(!all) {
    ret = ssl_read(tc->ssl, buf, len);
    return ret > 0 ? ret : -1;
  }

  while(tot != len) {
    ret = ssl_read(tc->ssl, buf + tot, len - tot);
    if(ret < 0) 
      return -1;
    tot += ret;
  }
  return tot;
}
Пример #9
0
/*
 * Use axTLS's non-blocking connection feature to open an SSL connection.
 * This is called after a TCP connection is already established.
*/
CURLcode Curl_axtls_connect_nonblocking(
    struct connectdata *conn,
    int sockindex,
    bool *done)
{
  CURLcode conn_step;
  int ssl_fcn_return;

 *done = FALSE;
  /* connectdata is calloc'd and connecting_state is only changed in this
     function, so this is safe, as the state is effectively initialized. */
  if(conn->ssl[sockindex].connecting_state == ssl_connect_1) {
    conn_step = connect_prep(conn, sockindex);
    if(conn_step != CURLE_OK) {
      Curl_axtls_close(conn, sockindex);
      return conn_step;
    }
    conn->ssl[sockindex].connecting_state = ssl_connect_2;
  }

  if(conn->ssl[sockindex].connecting_state == ssl_connect_2) {
    /* Check to make sure handshake was ok. */
    if(ssl_handshake_status(conn->ssl[sockindex].ssl) != SSL_OK) {
      ssl_fcn_return = ssl_read(conn->ssl[sockindex].ssl, NULL);
      if(ssl_fcn_return < 0) {
        Curl_axtls_close(conn, sockindex);
        ssl_display_error(ssl_fcn_return); /* goes to stdout. */
        return map_error_to_curl(ssl_fcn_return);
      }
      else {
        return CURLE_OK; /* Return control to caller for retries */
      }
    }
    infof (conn->data, "handshake completed successfully\n");
    conn->ssl[sockindex].connecting_state = ssl_connect_3;
  }

  if(conn->ssl[sockindex].connecting_state == ssl_connect_3) {
    conn_step = connect_finish(conn, sockindex);
    if(conn_step != CURLE_OK) {
      Curl_axtls_close(conn, sockindex);
      return conn_step;
    }

    /* Reset connect state */
    conn->ssl[sockindex].connecting_state = ssl_connect_1;

    *done = TRUE;
    return CURLE_OK;
  }

  /* Unrecognized state.  Things are very bad. */
  conn->ssl[sockindex].state  = ssl_connection_none;
  conn->ssl[sockindex].connecting_state = ssl_connect_1;
  /* Return value perhaps not strictly correct, but distinguishes the issue.*/
  return CURLE_BAD_FUNCTION_ARGUMENT;
}
Пример #10
0
static int write_ssl_and_get_response( ssl_context *ssl, unsigned char *buf, size_t len )
{
    int ret;
    unsigned char data[128];
    char code[4];
    size_t i, idx = 0;

    printf("\n%s", buf);
    while( len && ( ret = ssl_write( ssl, buf, len ) ) <= 0 )
    {
        if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
        {
            printf( " failed\n  ! ssl_write returned %d\n\n", ret );
            return -1;
        }
    }

    do
    {
        len = sizeof( data ) - 1;
        memset( data, 0, sizeof( data ) );
        ret = ssl_read( ssl, data, len );

        if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
            continue;

        if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
            return -1;

        if( ret <= 0 )
        {
            printf( "failed\n  ! ssl_read returned %d\n\n", ret );
            return -1;
        }

        printf("\n%s", data);
        len = ret;
        for( i = 0; i < len; i++ )
        {
            if( data[i] != '\n' )
            {
                if( idx < 4 )
                    code[ idx++ ] = data[i];
                continue;
            }

            if( idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ' )
            {
                code[3] = '\0';
                return atoi( code );
            }

            idx = 0;
        }
    }
    while( 1 );
}
Пример #11
0
/**
 * This function reads all the data from a connection into a buffer.
 *
 * @param s32 connection The connection identifier to suck the response out of
 * @return bool True if data downloaded succesfully.
 */
bool tcp_readData(const s32 connection, u8 **buffer, const u32 length)
{
	u8 *p;
	u32 left, block, received;
	s64 t;
	s32 res;

	p = *buffer;
	left = length;
	received = 0;

	t = gettime ();
	while (left)
	{
		if (ticks_to_millisecs (diff_ticks (t, gettime ())) > TCP_BLOCK_RECV_TIMEOUT)
			break;

		// Update the progress bar
		if(displayProgressWindow)
		{
			ShowProgress(received, length);
			if(ProgressCanceled())
			{
				ProgressStop();
				break;
			}
		}

		// Get next block size
		block = left;
		if (block > TCP_BLOCK_SIZE)
			block = TCP_BLOCK_SIZE;

		if(http_port == 443)
			res = ssl_read (connection, p, block);
		else
			res = net_read (connection, p, block);

		if ((res == 0) || (res == -EAGAIN))
		{
			usleep (20 * 1000);
			continue;
		}

		if (res < 0) break;

		received += res;
		left -= res;
		p += res;

		// update timing after each downloaded block
		t = gettime ();
	}

	return left == 0;
}
Пример #12
0
int SSL_accept(SSL *ssl)
{
    while (ssl_read(ssl, NULL) == SSL_OK)
    {
        if (ssl->next_state == HS_CLIENT_HELLO)
            return 1;   /* we're done */
    }

    return -1;
}
Пример #13
0
gint sock_read(SockInfo *sock, gchar *buf, gint len)
{
	g_return_val_if_fail(sock != NULL, -1);

#if USE_SSL
	if (sock->ssl)
		return ssl_read(sock->ssl, buf, len);
#endif
	return fd_read(sock->sock, buf, len);
}
Пример #14
0
static SQRESULT sq_ssl_read(HSQUIRRELVM v){
    SQ_FUNC_VARS(v);
    GET_ssl_INSTANCE();
    SQ_OPT_INTEGER(v, 2, count, 0);
	uint8_t *in_data = NULL;
	int result = ssl_read(self, &in_data, count);
	if (result > SSL_OK) sq_pushstring(v, (const SQChar*)in_data, result);
	else sq_pushinteger(v, result);
	return 1;
}
int32_t bctbx_ssl_read(bctbx_ssl_context_t *ssl_ctx, unsigned char *buf, size_t buf_length) {
	int ret = ssl_read(&(ssl_ctx->ssl_ctx), buf, buf_length);
	/* remap some output code */
	if (ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) {
		ret = BCTBX_ERROR_SSL_PEER_CLOSE_NOTIFY;
	}
	if (ret == POLARSSL_ERR_NET_WANT_READ) {
		ret = BCTBX_ERROR_NET_WANT_READ;
	}
	return ret;
}
Пример #16
0
static ssize_t ssl_recv(IOBuf *iob, char *buffer, int len)
{
    check(iob->use_ssl, "IOBuf not set up to use ssl");
    if(!iob->handshake_performed) {
        int rcode = ssl_do_handshake(iob);
        check(rcode == 0, "handshake failed");
    }
    return ssl_read(&iob->ssl, (unsigned char*) buffer, len);
error:
    return -1;
}
Пример #17
0
static int
polarssl_read(tcpcon_t *tc, void *buf, size_t len, int all,
	      net_read_cb_t *cb, void *opaque)
{
  int ret, tot = 0;
  if(!all) {
    ret = ssl_read(tc->ssl, buf, len);
    return ret > 0 ? ret : -1;
  }

  while(tot != len) {
    ret = ssl_read(tc->ssl, buf + tot, len - tot);
    if(ret < 0) 
      return -1;
    tot += ret;
    if(cb != NULL)
      cb(opaque, tot);
  }
  return tot;
}
Пример #18
0
int Sys_recv(int sockfd, char* buffer, int nbytes)
{
    if (g_enableSSL)
    {
        return ssl_read(sockfd, buffer, nbytes);
    }
    else
    {
        return recv(sockfd, buffer, nbytes, 0);
    }
}
Пример #19
0
    void connect(ClientContext* ctx, const char* hostName, uint32_t timeout_ms) {
        _ssl = ssl_client_new(_ssl_ctx, reinterpret_cast<int>(ctx), nullptr, 0, hostName);
        uint32_t t = millis();

        while (millis() - t < timeout_ms && ssl_handshake_status(_ssl) != SSL_OK) {
            uint8_t* data;
            int rc = ssl_read(_ssl, &data);
            if (rc < SSL_OK) {
                break;
            }
        }
    }
Пример #20
0
int
ftp_read_data(const struct vsf_session* p_sess, char* p_buf, unsigned int len)
{
  if (p_sess->data_use_ssl)
  {
    return ssl_read(p_sess->p_data_ssl, p_buf, len);
  }
  else
  {
    return vsf_sysutil_read(p_sess->data_fd, p_buf, len);
  }
}
Пример #21
0
static int tls_channel_recv(belle_sip_channel_t *obj, void *buf, size_t buflen){
	belle_sip_tls_channel_t* channel = (belle_sip_tls_channel_t*)obj;
	int err = ssl_read(&channel->sslctx,buf,buflen);
	if (err==POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) return 0;
	if (err<0){
		char tmp[256]={0};
		if (err==POLARSSL_ERR_NET_WANT_READ) return -BELLESIP_EWOULDBLOCK;
		error_strerror(err,tmp,sizeof(tmp));
		belle_sip_error("Channel [%p]: ssl_read() error [%i]: %s",obj, err, tmp);
	}
	return err;
}
Пример #22
0
/*
 * This function is called to shut down the SSL layer but keep the
 * socket open (CCC - Clear Command Channel)
 */
int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
{
  /* Outline taken from ssluse.c since functions are in axTLS compat layer.
     axTLS's error set is much smaller, so a lot of error-handling was removed.
   */
  int retval = 0;
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  struct SessionHandle *data = conn->data;
  uint8_t *buf;
  ssize_t nread;

  infof(conn->data, "  Curl_axtls_shutdown\n");

  /* This has only been tested on the proftpd server, and the mod_tls code
     sends a close notify alert without waiting for a close notify alert in
     response. Thus we wait for a close notify alert from the server, but
     we do not send one. Let's hope other servers do the same... */

  /* axTLS compat layer does nothing for SSL_shutdown, so we do nothing too
  if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
      (void)SSL_shutdown(connssl->ssl);
  */

  if(connssl->ssl) {
    int what = Curl_socket_ready(conn->sock[sockindex],
                                 CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
    if(what > 0) {
      /* Something to read, let's do it and hope that it is the close
         notify alert from the server.  buf is managed internally by
         axTLS and will be released upon calling ssl_free via
         free_ssl_structs. */
      nread = (ssize_t)ssl_read(connssl->ssl, &buf);

      if(nread < SSL_OK) {
        failf(data, "close notify alert not received during shutdown");
        retval = -1;
      }
    }
    else if(0 == what) {
      /* timeout */
      failf(data, "SSL shutdown timeout");
    }
    else {
      /* anything that gets here is fatally bad */
      failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
      retval = -1;
    }

    free_ssl_structs(connssl);
  }
  return retval;
}
Пример #23
0
const int IRCClientThread::SocketReceive()
{
	dlib::auto_mutex guard(m_buffermutex);
	if(IsConnected() && m_contype==IRCClientConnection::CON_UNSECURE)
	{
		int rval=recv(m_socket,&m_tempbuffer[0],m_tempbuffer.size(),0);
		if(rval>0)
		{
			m_receivebuffer.insert(m_receivebuffer.end(),m_tempbuffer.begin(),m_tempbuffer.begin()+rval);
			//while(HandleReceivedData())
			{
			}
		}
		else if(rval==0)
		{
			Disconnect();
			m_log->Info("IRCClientThread::SocketReceive remote host closed connection");
		}
		else if(rval==-1)
		{
			Disconnect();
			m_log->Error("IRCClientThread::SocketReceive recv returned -1.  Closing connection.");
		}
		return rval;
	}
	else if(IsConnected() && m_contype==IRCClientConnection::CON_SSL)
	{
		int rval=ssl_read(&(m_ssl->m_ssl),(unsigned char *)&m_tempbuffer[0],m_tempbuffer.size());
		if(rval>0)
		{
			m_receivebuffer.insert(m_receivebuffer.end(),m_tempbuffer.begin(),m_tempbuffer.begin()+rval);
			//while(HandleReceivedData())
			{
			}
		}
		else if(rval==0)
		{
			Disconnect();
			m_log->Error("IRCClientThread::SocketReceive ssl_read returned 0.  Closing connection.");
		}
		else if(rval<0)
		{
			Disconnect();
			m_log->Error("IRCClientThread::SocketReceive ssl_read returned < 0.  Closing connection.");
		}
		return rval;
	}
	else
	{
		return -1;
	}
}
Пример #24
0
/* SSL_read is opied from axTLS compat layer */
static int SSL_read(SSL *ssl, void *buf, int num)
{
  uint8_t *read_buf;
  int ret;

  while((ret = ssl_read(ssl, &read_buf)) == SSL_OK);

  if(ret > SSL_OK) {
    memcpy(buf, read_buf, ret > num ? num : ret);
  }

  return ret;
}
Пример #25
0
static int
polarssl_read(tcpcon_t *tc, void *buf, size_t len, int all)
{
  int ret, tot = 0;
  TRACE(TRACE_INFO, "SSL", "Read %d bytes %d", len, all);
  if(!all) {
    ret = ssl_read(tc->ssl, buf, len);
    TRACE(TRACE_INFO, "SSL", "Read -> 0x%x", ret);
    if(ret >= 0) 
      return ret;
    return -1;
  }

  while(tot != len) {
    ret = ssl_read(tc->ssl, buf + tot, len - tot);
    TRACE(TRACE_INFO, "SSL", "Read -> 0x%x", ret);
    if(ret < 0) 
      return -1;
    tot += ret;
  }
  return tot;
}
Пример #26
0
/* Read data from SSL connection
 */
int ssl_receive(ssl_context *ssl, char *buffer, unsigned int maxlength) {
	int result;

	do {
		result = ssl_read(ssl, (unsigned char*)buffer, maxlength);
	} while (result == POLARSSL_ERR_NET_WANT_READ);

	if (result < 0) {
		return -1;
	}

	return result;
}
Пример #27
0
ScmObj Scm_TLSRead(ScmTLS* t)
{
#if defined(GAUCHE_USE_AXTLS)
    context_check(t, "read");
    close_check(t, "read");
    int r; uint8_t* buf;
    while ((r = ssl_read(t->conn, &buf)) == SSL_OK);
    if (r < 0) Scm_SysError("ssl_read() failed");
    return Scm_MakeString((char*) buf, r, r, SCM_STRING_INCOMPLETE);
#else  /*!GAUCHE_USE_AXTLS*/
    return SCM_FALSE;
#endif /*!GAUCHE_USE_AXTLS*/
}
Пример #28
0
HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *tcptls_session, void *buf, size_t count)
{
	if (tcptls_session->fd == -1) {
		ast_log(LOG_ERROR, "server_read called with an fd of -1\n");
		errno = EIO;
		return -1;
	}

#ifdef DO_SSL
	if (tcptls_session->ssl)
		return ssl_read(tcptls_session->ssl, buf, count);
#endif
	return read(tcptls_session->fd, buf, count);
}
Пример #29
0
__hidden int __ustream_ssl_read(struct ustream_ssl *us, char *buf, int len)
{
    int ret = ssl_read(us->ssl, (unsigned char *) buf, len);

    if (ret < 0) {
        if (ssl_do_wait(ret))
            return U_SSL_PENDING;

        ustream_ssl_error(us, ret);
        return U_SSL_ERROR;
    }

    return ret;
}
Пример #30
0
int
ssl_read_into_str(struct vsf_session* p_sess, void* p_ssl, struct mystr* p_str)
{
  unsigned int len = str_getlen(p_str);
  int ret = ssl_read(p_sess, p_ssl, (char*) str_getbuf(p_str), len);
  if (ret >= 0)
  {
    str_trunc(p_str, (unsigned int) ret);
  }
  else
  {
    str_empty(p_str);
  }
  return ret;
}