TclTLS: Diff

Differences From Artifact [d750d9a254]:

File tlsIO.c — part of check-in [977988aed6] at 2000-07-21 05:32:56 on branch tls-1-3-io-rewrite — * tests/tlsIO.test: corrected various tests to be correct for TLS stacked channels (as opposed to the standard sockets the test suite was adopted from). Key differences are that TLS cannot operate in one process without all channels being non-blocking, or the handshake will block, and handshaking must be forced in some cases. Also, handshakes don't seem to complete unless the client has placed at least one byte for the server to read in the channel. * tests/remote.tcl: corrected the finding of tests certificates * tlsIO.c (TlsCloseProc): removed deleting of timer handler as that is handled by Tls_Clean. * tls.tcl (tls::_accept): corrected the internal _accept to trickle callback errors to the user. * Makefile.in: made the install-binaries target regenerate the pkgIndex.tcl correctly. The test target probably shouldn't screw it up, but this is to be on the safe side. (user: hobbs, size: 22797) [annotate] [blame] [check-ins using]

To Artifact [1cbb80c69b]:

File tlsIO.c — part of check-in [e64e21d80e] at 2000-07-26 22:15:07 on branch tls-1-3-io-rewrite — * tls.c (ImportObjCmd): removed unnecessary use of 'bio' arg. (Tls_Init): check return value of SSL_library_init. Also lots of whitespace cleanup (more like Tcl Eng style guide), but not all code was cleaned up. * tlsBIO.c: minor whitespace cleanup * tlsIO.c: minor whitespace cleanup. (TlsInputProc, TlsOutputProc): Added ERR_clear_error before calls to BIO_read or BIO_write, because we could otherwise end up pulling an error off the stack that didn't belong to us. Also cleanup up excessive use of gotos. (user: hobbs, size: 23797) [annotate] [blame] [check-ins using]

1 2 3 4 5 6 7 8 9 10 11	/* * Copyright (C) 1997-2000 Matt Newman <[email protected]> * * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsIO.c,v 1.7.2.3 2000/07/2~~1 0~~5:~~32:5~~7 hobbs Exp $ * * TLS (aka SSL) Channel - can be layered on any bi-directional * Tcl_Channel (Note: Requires Trf Core Patch) * * This was built from scratch based upon observation of OpenSSL 0.9.2B * * Addition credit is due for Andreas Kupries ([email protected]), for	\|	1 2 3 4 5 6 7 8 9 10 11	/* * Copyright (C) 1997-2000 Matt Newman <[email protected]> * * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsIO.c,v 1.7.2.4 2000/07/26 22:15:07 hobbs Exp $ * * TLS (aka SSL) Channel - can be layered on any bi-directional * Tcl_Channel (Note: Requires Trf Core Patch) * * This was built from scratch based upon observation of OpenSSL 0.9.2B * * Addition credit is due for Andreas Kupries ([email protected]), for
︙			︙
164 165 166 167 168 169 170 ~~171~~ 172 173 174 175 176 177 178	/ Tcl_DeleteChannelHandler(Tls_GetParent(statePtr), TlsChannelHandler, (ClientData) statePtr); #endif Tls_Clean(statePtr); ~~Tcl_EventuallyFree( (ClientData)statePtr, Tls_Free);~~ return TCL_OK; } / ------------------------------------------------------------------- * TlsInputProc --	\|	164 165 166 167 168 169 170 171 172 173 174 175 176 177 178	/ Tcl_DeleteChannelHandler(Tls_GetParent(statePtr), TlsChannelHandler, (ClientData) statePtr); #endif Tls_Clean(statePtr); Tcl_EventuallyFree((ClientData)statePtr, Tls_Free); return TCL_OK; } / ------------------------------------------------------------------- * TlsInputProc --
︙			︙
189 190 191 192 193 194 195 ~~196 197 198 199~~ 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 ~~226~~ 227 228 229 ~~230 231~~ ~~232 233~~ ~~234 235 236 237 238 239 240~~ ~~241~~ 242 243 244 245 246 247 248	* Reads input from the input device of the channel. * ------------------------------------------------------------------- / static int TlsInputProc(ClientData instanceData, /* Socket state. / char buf, /* Where to store data read. / int bufSize, / How much space is available * in the buffer? / int errorCodePtr) /* Where to store error code. / { State statePtr = (State ) instanceData; int bytesRead; / How many bytes were read? / errorCodePtr = 0; dprintf(stderr,"\nBIO_read(%d)", bufSize); if (!SSL_is_init_finished(statePtr->ssl)) { bytesRead = Tls_WaitForConnect(statePtr, errorCodePtr); if (bytesRead <= 0) { goto input; } } if (statePtr->flags & TLS_TCL_INIT) { statePtr->flags &= ~(TLS_TCL_INIT); } bytesRead = BIO_read(statePtr->bio, buf, bufSize); dprintf(stderr,"\nBIO_read -> %d", bytesRead); if (bytesRead < 0) { int err = SSL_get_error(statePtr->ssl, bytesRead); if (err == SSL_ERROR_SSL) { Tls_Error(statePtr, SSL_ERROR(statePtr->ssl, bytesRead)); errorCodePtr = ECONNABORTED; ~~goto input;~~ } else if (BIO_should_retry(statePtr->bio)) { dprintf(stderr,"RE! "); errorCodePtr = EAGAIN; ~~~~goto input;~~ }~~ ~~if (~~Tcl_GetE~~rr~~no()~~ == ECONNRESET) { /* Soft EOF /~~ ~~bytesRead = 0; ~~goto input;~~ ~~} else {~~ errorCodePtr = Tcl_GetErrno(); ~~goto input;~~ } }~~ ~~input:~~ dprintf(stderr, "\nInput(%d) -> %d [%d]", bufSize, bytesRead, errorCodePtr); return bytesRead; } / -------------------------------------------------------------------	\| \| \| \| > > > > > > > > > > > > < < \| > \| \| > \| < < < < \| \| > \|	189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257	* Reads input from the input device of the channel. * ------------------------------------------------------------------- / static int TlsInputProc(ClientData instanceData, /* Socket state. / char buf, /* Where to store data read. / int bufSize, / How much space is available * in the buffer? / int errorCodePtr) /* Where to store error code. / { State statePtr = (State ) instanceData; int bytesRead; / How many bytes were read? / errorCodePtr = 0; dprintf(stderr,"\nBIO_read(%d)", bufSize); if (!SSL_is_init_finished(statePtr->ssl)) { bytesRead = Tls_WaitForConnect(statePtr, errorCodePtr); if (bytesRead <= 0) { goto input; } } if (statePtr->flags & TLS_TCL_INIT) { statePtr->flags &= ~(TLS_TCL_INIT); } /* * We need to clear the SSL error stack now because we sometimes reach * this function with leftover errors in the stack. If BIO_read * returns -1 and intends EAGAIN, there is a leftover error, it will be * misconstrued as an error, not EAGAIN. * * Alternatively, we may want to handle the <0 return codes from * BIO_read specially (as advised in the RSA docs). TLS's lower level BIO * functions play with the retry flags though, and this seems to work * correctly. Similar fix in TlsOutputProc. - hobbs / ERR_clear_error(); bytesRead = BIO_read(statePtr->bio, buf, bufSize); dprintf(stderr,"\nBIO_read -> %d", bytesRead); if (bytesRead < 0) { int err = SSL_get_error(statePtr->ssl, bytesRead); if (err == SSL_ERROR_SSL) { Tls_Error(statePtr, SSL_ERROR(statePtr->ssl, bytesRead)); errorCodePtr = ECONNABORTED; } else if (BIO_should_retry(statePtr->bio)) { dprintf(stderr,"RE! "); errorCodePtr = EAGAIN; } else { errorCodePtr = Tcl_GetErrno(); if (errorCodePtr == ECONNRESET) { / Soft EOF / errorCodePtr = 0; bytesRead = 0; } } } input: dprintf(stderr, "\nInput(%d) -> %d [%d]", bufSize, bytesRead, errorCodePtr); return bytesRead; } / -------------------------------------------------------------------
︙			︙
259 260 261 262 263 264 265 ~~266~~ 267 268 269 270 271 272 273 274 ~~275~~ 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 ~~293~~ 294 ~~295~~ 296 ~~297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315~~ ~~316 317 318~~ ~~319 320~~ ~~321 322 323 324 325~~ ~~326 327~~ 328 329 ~~330~~ 331 332 333 334 335 336 337	* Writes output on the output device of the channel. * ------------------------------------------------------------------- / static int TlsOutputProc(ClientData instanceData, /* Socket state. / ~~char buf, /* The data buffer. /~~ int toWrite, / How many bytes to write? / int errorCodePtr) /* Where to store error code. / { State statePtr = (State ) instanceData; int written, err; errorCodePtr = 0; ~~dprintf(stderr,"\nBIO_write(~~%d)"~~, toWrite);~~ if (!SSL_is_init_finished(statePtr->ssl)) { written = Tls_WaitForConnect(statePtr, errorCodePtr); if (written <= 0) { goto output; } } if (statePtr->flags & TLS_TCL_INIT) { statePtr->flags &= ~(TLS_TCL_INIT); } if (toWrite == 0) { dprintf(stderr, "zero-write\n"); BIO_flush(statePtr->bio); written = 0; goto output; } else { written = BIO_write(statePtr->bio, buf, toWrite); ~~dprintf(stderr,"\nBIO_write(%d) -> [%d]", ~~toWrite, written);~~~~ } ~~if (written < ~~0 \|\| written =~~= 0) {~~ switch ((err = SSL_get_error(statePtr->ssl, written))) { case SSL_ERROR_NONE: if (written <= 0) { written = 0; ~~goto output;~~ } break; case SSL_ERROR_WANT_WRITE: dprintf(stderr,"write W BLOCK\n"); break; case SSL_ERROR_WANT_READ: dprintf(stderr,"write R BLOCK\n"); break; case SSL_ERROR_WANT_X509_LOOKUP: dprintf(stderr,"write X BLOCK\n"); break; case SSL_ERROR_ZERO_RETURN: dprintf(stderr,"closed\n"); written = 0; ~~goto output;~~ ~~case SSL_ERROR_SYSCALL: errorCodePtr = Tcl_GetErrno(); dprintf(stderr,"[%d] syscall errr: %d~~\n", written, Tcl_GetErrno());~~~~ ~~written = -1; ~~goto output;~~~~ ~~case SSL_ERROR_SSL: Tls_Error(statePtr, SSL_ERROR(statePtr->ssl, written)); errorCodePtr = ECONNABORTED; written = -1; ~~goto output;~~~~ ~~default: dprintf(stderr,"unknown err: %d\n", err);~~ } } ~~output:~~ dprintf(stderr, "\nOutput(%d) -> %d", toWrite, written); return written; } /* -------------------------------------------------------------------	\| \| > > > > > > > > > > > > \| > \| \| \| \| < \| \| \| \| \| \| \| \| \| \| \| \| \| \| < > \| \| \| > \| < > \| \| \| \| < > \| \| > \|	268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360	* Writes output on the output device of the channel. * ------------------------------------------------------------------- / static int TlsOutputProc(ClientData instanceData, /* Socket state. / char buf, /* The data buffer. / int toWrite, / How many bytes to write? / int errorCodePtr) /* Where to store error code. / { State statePtr = (State ) instanceData; int written, err; errorCodePtr = 0; dprintf(stderr,"\nBIO_write(0x%x, %d)", statePtr, toWrite); if (!SSL_is_init_finished(statePtr->ssl)) { written = Tls_WaitForConnect(statePtr, errorCodePtr); if (written <= 0) { goto output; } } if (statePtr->flags & TLS_TCL_INIT) { statePtr->flags &= ~(TLS_TCL_INIT); } if (toWrite == 0) { dprintf(stderr, "zero-write\n"); BIO_flush(statePtr->bio); written = 0; goto output; } else { /* * We need to clear the SSL error stack now because we sometimes reach * this function with leftover errors in the stack. If BIO_write * returns -1 and intends EAGAIN, there is a leftover error, it will be * misconstrued as an error, not EAGAIN. * * Alternatively, we may want to handle the <0 return codes from * BIO_write specially (as advised in the RSA docs). TLS's lower level * BIO functions play with the retry flags though, and this seems to * work correctly. Similar fix in TlsInputProc. - hobbs / ERR_clear_error(); written = BIO_write(statePtr->bio, buf, toWrite); dprintf(stderr,"\nBIO_write(0x%x, %d) -> [%d]", statePtr, toWrite, written); } if (written <= 0) { switch ((err = SSL_get_error(statePtr->ssl, written))) { case SSL_ERROR_NONE: if (written < 0) { written = 0; } break; case SSL_ERROR_WANT_WRITE: dprintf(stderr," write W BLOCK"); break; case SSL_ERROR_WANT_READ: dprintf(stderr," write R BLOCK"); break; case SSL_ERROR_WANT_X509_LOOKUP: dprintf(stderr," write X BLOCK"); break; case SSL_ERROR_ZERO_RETURN: dprintf(stderr," closed\n"); written = 0; break; case SSL_ERROR_SYSCALL: errorCodePtr = Tcl_GetErrno(); dprintf(stderr," [%d] syscall errr: %d", written, errorCodePtr); written = -1; break; case SSL_ERROR_SSL: Tls_Error(statePtr, SSL_ERROR(statePtr->ssl, written)); errorCodePtr = ECONNABORTED; written = -1; break; default: dprintf(stderr," unknown err: %d\n", err); break; } } output: dprintf(stderr, "\nOutput(%d) -> %d", toWrite, written); return written; } /* -------------------------------------------------------------------
︙			︙