]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/extra/m_ssl_gnutls.cpp
m_ssl_gnutls, m_ssl_openssl Simplify status handling in IOHook read/write handlers
[user/henk/code/inspircd.git] / src / modules / extra / m_ssl_gnutls.cpp
index 65e55026790f99fbed8a8474d611dac9c4c037aa..30b54ff8be86609eda7933917206f9c724e10a12 100644 (file)
@@ -70,7 +70,7 @@ typedef gnutls_certificate_credentials_t gnutls_certificate_credentials;
 typedef gnutls_dh_params_t gnutls_dh_params;
 #endif
 
-enum issl_status { ISSL_NONE, ISSL_HANDSHAKING_READ, ISSL_HANDSHAKING_WRITE, ISSL_HANDSHAKEN, ISSL_CLOSING, ISSL_CLOSED };
+enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_HANDSHAKEN };
 
 #if INSPIRCD_GNUTLS_HAS_VERSION(2, 12, 0)
 #define GNUTLS_NEW_CERT_CALLBACK_API
@@ -79,6 +79,10 @@ typedef gnutls_retr2_st cert_cb_last_param_type;
 typedef gnutls_retr_st cert_cb_last_param_type;
 #endif
 
+#if INSPIRCD_GNUTLS_HAS_VERSION(3, 3, 5)
+#define INSPIRCD_GNUTLS_HAS_RECV_PACKET
+#endif
+
 class RandGen : public HandlerBase2<void, char*, size_t>
 {
  public:
@@ -451,6 +455,51 @@ namespace GnuTLS
                }
        };
 
+       class DataReader
+       {
+               int retval;
+#ifdef INSPIRCD_GNUTLS_HAS_RECV_PACKET
+               gnutls_packet_t packet;
+
+        public:
+               DataReader(gnutls_session_t sess)
+               {
+                       // Using the packet API avoids the final copy of the data which GnuTLS does if we supply
+                       // our own buffer. Instead, we get the buffer containing the data from GnuTLS and copy it
+                       // to the recvq directly from there in appendto().
+                       retval = gnutls_record_recv_packet(sess, &packet);
+               }
+
+               void appendto(std::string& recvq)
+               {
+                       // Copy data from GnuTLS buffers to recvq
+                       gnutls_datum_t datum;
+                       gnutls_packet_get(packet, &datum, NULL);
+                       recvq.append(reinterpret_cast<const char*>(datum.data), datum.size);
+
+                       gnutls_packet_deinit(packet);
+               }
+#else
+               char* const buffer;
+
+        public:
+               DataReader(gnutls_session_t sess)
+                       : buffer(ServerInstance->GetReadBuffer())
+               {
+                       // Read data from GnuTLS buffers into ReadBuffer
+                       retval = gnutls_record_recv(sess, buffer, ServerInstance->Config->NetBufferSize);
+               }
+
+               void appendto(std::string& recvq)
+               {
+                       // Copy data from ReadBuffer to recvq
+                       recvq.append(buffer, retval);
+               }
+#endif
+
+               int ret() const { return retval; }
+       };
+
        class Profile : public refcountbase
        {
                /** Name of this profile
@@ -579,7 +628,8 @@ class GnuTLSIOHook : public SSLIOHook
                status = ISSL_NONE;
        }
 
-       bool Handshake(StreamSocket* user)
+       // Returns 1 if handshake succeeded, 0 if it is still in progress, -1 if it failed
+       int Handshake(StreamSocket* user)
        {
                int ret = gnutls_handshake(this->sess);
 
@@ -588,28 +638,27 @@ class GnuTLSIOHook : public SSLIOHook
                        if(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
                        {
                                // Handshake needs resuming later, read() or write() would have blocked.
+                               this->status = ISSL_HANDSHAKING;
 
                                if (gnutls_record_get_direction(this->sess) == 0)
                                {
                                        // gnutls_handshake() wants to read() again.
-                                       this->status = ISSL_HANDSHAKING_READ;
                                        SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE);
                                }
                                else
                                {
                                        // gnutls_handshake() wants to write() again.
-                                       this->status = ISSL_HANDSHAKING_WRITE;
                                        SocketEngine::ChangeEventMask(user, FD_WANT_NO_READ | FD_WANT_SINGLE_WRITE);
                                }
+
+                               return 0;
                        }
                        else
                        {
                                user->SetError("Handshake Failed - " + std::string(gnutls_strerror(ret)));
                                CloseSession();
-                               this->status = ISSL_CLOSING;
+                               return -1;
                        }
-
-                       return false;
                }
                else
                {
@@ -621,7 +670,7 @@ class GnuTLSIOHook : public SSLIOHook
                        // Finish writing, if any left
                        SocketEngine::ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_NO_WRITE | FD_ADD_TRIAL_WRITE);
 
-                       return true;
+                       return 1;
                }
        }
 
@@ -832,28 +881,21 @@ info_done_dealloc:
                        return -1;
                }
 
-               if (this->status == ISSL_HANDSHAKING_READ || this->status == ISSL_HANDSHAKING_WRITE)
+               if (this->status == ISSL_HANDSHAKING)
                {
                        // The handshake isn't finished, try to finish it.
-
-                       if (!Handshake(user))
-                       {
-                               if (this->status != ISSL_CLOSING)
-                                       return 0;
-                               return -1;
-                       }
+                       int ret = Handshake(user);
+                       if (ret <= 0)
+                               return ret;
                }
 
                // If we resumed the handshake then this->status will be ISSL_HANDSHAKEN.
-
-               if (this->status == ISSL_HANDSHAKEN)
                {
-                       char* buffer = ServerInstance->GetReadBuffer();
-                       size_t bufsiz = ServerInstance->Config->NetBufferSize;
-                       int ret = gnutls_record_recv(this->sess, buffer, bufsiz);
+                       GnuTLS::DataReader reader(sess);
+                       int ret = reader.ret();
                        if (ret > 0)
                        {
-                               recvq.append(buffer, ret);
+                               reader.appendto(recvq);
                                return 1;
                        }
                        else if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
@@ -873,10 +915,6 @@ info_done_dealloc:
                                return -1;
                        }
                }
-               else if (this->status == ISSL_CLOSING)
-                       return -1;
-
-               return 0;
        }
 
        int OnStreamSocketWrite(StreamSocket* user, std::string& sendq) CXX11_OVERRIDE
@@ -888,18 +926,17 @@ info_done_dealloc:
                        return -1;
                }
 
-               if (this->status == ISSL_HANDSHAKING_WRITE || this->status == ISSL_HANDSHAKING_READ)
+               if (this->status == ISSL_HANDSHAKING)
                {
                        // The handshake isn't finished, try to finish it.
-                       Handshake(user);
-                       if (this->status != ISSL_CLOSING)
-                               return 0;
-                       return -1;
+                       int ret = Handshake(user);
+                       if (ret <= 0)
+                               return ret;
                }
 
+               // Session is ready for transferring application data
                int ret = 0;
 
-               if (this->status == ISSL_HANDSHAKEN)
                {
                        ret = gnutls_record_send(this->sess, sendq.data(), sendq.length());
 
@@ -926,8 +963,6 @@ info_done_dealloc:
                                return -1;
                        }
                }
-
-               return 0;
        }
 
        void TellCiphersAndFingerprint(LocalUser* user)