Overview
| Comment: | More work on improving I/O routines |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | wip-fix-io-layer |
| Files: | files | file ages | folders |
| SHA1: |
7df7a8696e009447be8352858f37081f |
| User & Date: | rkeene on 2016-12-12 01:14:06.133 |
| Other Links: | branch diff | manifest | tags |
Context
|
2016-12-12
| ||
| 01:15 | Updated wording in debugging message to be more accurate check-in: 6462992c95 user: rkeene tags: wip-fix-io-layer | |
| 01:14 | More work on improving I/O routines check-in: 7df7a8696e user: rkeene tags: wip-fix-io-layer | |
| 01:13 | Updated debugging printf() calls to write to a temporary buffer so that multiple calls are not mixed up when writing check-in: 4c6adaabfc user: rkeene tags: wip-fix-io-layer | |
Changes
Modified tls.c
from [04ea01d342]
to [2904872c77].
| ︙ | ︙ | |||
874 875 876 877 878 879 880 881 882 883 884 885 886 887 |
/*
* We need to make sure that the channel works in binary (for the
* encryption not to get goofed up).
* We only want to adjust the buffering in pre-v2 channels, where
* each channel in the stack maintained its own buffers.
*/
Tcl_SetChannelOption(interp, chan, "-translation", "binary");
dprintf("Consuming Tcl channel %s", Tcl_GetChannelName(chan));
statePtr->self = Tcl_StackChannel(interp, Tls_ChannelType(), (ClientData) statePtr, (TCL_READABLE | TCL_WRITABLE), chan);
dprintf("Created channel named %s", Tcl_GetChannelName(statePtr->self));
if (statePtr->self == (Tcl_Channel) NULL) {
/*
* No use of Tcl_EventuallyFree because no possible Tcl_Preserve.
*/
| > | 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 |
/*
* We need to make sure that the channel works in binary (for the
* encryption not to get goofed up).
* We only want to adjust the buffering in pre-v2 channels, where
* each channel in the stack maintained its own buffers.
*/
Tcl_SetChannelOption(interp, chan, "-translation", "binary");
Tcl_SetChannelOption(interp, chan, "-blocking", "true");
dprintf("Consuming Tcl channel %s", Tcl_GetChannelName(chan));
statePtr->self = Tcl_StackChannel(interp, Tls_ChannelType(), (ClientData) statePtr, (TCL_READABLE | TCL_WRITABLE), chan);
dprintf("Created channel named %s", Tcl_GetChannelName(statePtr->self));
if (statePtr->self == (Tcl_Channel) NULL) {
/*
* No use of Tcl_EventuallyFree because no possible Tcl_Preserve.
*/
|
| ︙ | ︙ |
Modified tlsIO.c
from [b04673cb79]
to [38a7baa9a1].
| ︙ | ︙ | |||
191 192 193 194 195 196 197 | * * Side effects: * Reads input from the input device of the channel. * *------------------------------------------------------------------- */ | < | < < < < < | | > > | | | | | | | | < | | | | | | | | | | < > | < | | | > | | | | | | | | | | | | | | < | < < < | | | > | > > > > > > | < > | > | | | < | < < < < | | | < | < < < < | | | | | | | | | < > | < | | | | | < < < | | | | > > > | < | < | < | > | | | | | | | | | | | | | | | | | | | | | < | | | | | | | | | | < | | | | 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 |
*
* Side effects:
* Reads input from the input device of the channel.
*
*-------------------------------------------------------------------
*/
static int TlsInputProc(ClientData instanceData, char *buf, int bufSize, int *errorCodePtr) {
State *statePtr = (State *) instanceData;
int bytesRead;
int tlsConnect;
int err;
*errorCodePtr = 0;
dprintf("BIO_read(%d)", bufSize);
if (statePtr->flags & TLS_TCL_CALLBACK) {
/* don't process any bytes while verify callback is running */
dprintf("Callback is running, reading 0 bytes");
bytesRead = 0;
return(0);
}
dprintf("Calling Tls_WaitForConnect");
tlsConnect = Tls_WaitForConnect(statePtr, errorCodePtr);
if (tlsConnect < 0) {
dprintf("Got an error (bytesRead = %i)", bytesRead);
if (*errorCodePtr == ECONNRESET) {
dprintf("Got connection reset");
/* Soft EOF */
*errorCodePtr = 0;
bytesRead = 0;
}
return(bytesRead);
}
if (statePtr->flags & TLS_TCL_INIT) {
statePtr->flags &= ~(TLS_TCL_INIT);
}
/*
* We need to clear the SSL error stack now because we sometimes reach
* this function with leftover errors in the stack. If BIO_read
* returns -1 and intends EAGAIN, there is a leftover error, it will be
* misconstrued as an error, not EAGAIN.
*
* Alternatively, we may want to handle the <0 return codes from
* BIO_read specially (as advised in the RSA docs). TLS's lower level BIO
* functions play with the retry flags though, and this seems to work
* correctly. Similar fix in TlsOutputProc. - hobbs
*/
ERR_clear_error();
bytesRead = BIO_read(statePtr->bio, buf, bufSize);
dprintf("BIO_read -> %d", bytesRead);
err = SSL_get_error(statePtr->ssl, bytesRead);
if (BIO_should_retry(statePtr->bio)) {
dprintf("I/O failed, will retry based on EAGAIN");
*errorCodePtr = EAGAIN;
}
switch (err) {
case SSL_ERROR_NONE:
dprintBuffer(buf, bytesRead);
break;
case SSL_ERROR_SSL:
Tls_Error(statePtr, TCLTLS_SSL_ERROR(statePtr->ssl, bytesRead));
*errorCodePtr = ECONNABORTED;
break;
case SSL_ERROR_SYSCALL:
dprintf("I/O error reading, treating it as EOF");
*errorCodePtr = 0;
bytesRead = 0;
break;
}
input:
dprintf("Input(%d) -> %d [%d]", bufSize, bytesRead, *errorCodePtr);
return bytesRead;
}
/*
*-------------------------------------------------------------------
*
* TlsOutputProc --
*
* This procedure is invoked by the generic IO level
* to write output to a SSL socket based channel.
*
* Results:
* The number of bytes written is returned. An output argument is
* set to a POSIX error code if an error occurred, or zero.
*
* Side effects:
* Writes output on the output device of the channel.
*
*-------------------------------------------------------------------
*/
static int TlsOutputProc(ClientData instanceData, CONST char *buf, int toWrite, int *errorCodePtr) {
State *statePtr = (State *) instanceData;
int written, err;
*errorCodePtr = 0;
dprintf("BIO_write(%p, %d)", (void *) statePtr, toWrite);
dprintBuffer(buf, toWrite);
if (statePtr->flags & TLS_TCL_CALLBACK) {
dprintf("Don't process output while callbacks are running")
written = -1;
*errorCodePtr = EAGAIN;
return(-1);
}
dprintf("Calling Tls_WaitForConnect");
written = Tls_WaitForConnect(statePtr, errorCodePtr);
if (written < 0) {
dprintf("Tls_WaitForConnect returned %i (err = %i)", written, *errorCodePtr);
return(-1);
}
if (toWrite == 0) {
dprintf("zero-write");
BIO_flush(statePtr->bio);
written = 0;
*errorCodePtr = 0;
return(0);
}
/*
* We need to clear the SSL error stack now because we sometimes reach
* this function with leftover errors in the stack. If BIO_write
* returns -1 and intends EAGAIN, there is a leftover error, it will be
* misconstrued as an error, not EAGAIN.
*
* Alternatively, we may want to handle the <0 return codes from
* BIO_write specially (as advised in the RSA docs). TLS's lower level
* BIO functions play with the retry flags though, and this seems to
* work correctly. Similar fix in TlsInputProc. - hobbs
*/
ERR_clear_error();
written = BIO_write(statePtr->bio, buf, toWrite);
dprintf("BIO_write(%p, %d) -> [%d]", (void *) statePtr, toWrite, written);
err = SSL_get_error(statePtr->ssl, written);
switch (err) {
case SSL_ERROR_NONE:
if (written < 0) {
written = 0;
}
break;
case SSL_ERROR_WANT_WRITE:
dprintf(" write W BLOCK");
break;
case SSL_ERROR_WANT_READ:
dprintf(" write R BLOCK");
break;
case SSL_ERROR_WANT_X509_LOOKUP:
dprintf(" write X BLOCK");
break;
case SSL_ERROR_ZERO_RETURN:
dprintf(" closed");
written = 0;
break;
case SSL_ERROR_SYSCALL:
*errorCodePtr = Tcl_GetErrno();
dprintf(" [%d] syscall errr: %d", written, *errorCodePtr);
written = -1;
break;
case SSL_ERROR_SSL:
Tls_Error(statePtr, TCLTLS_SSL_ERROR(statePtr->ssl, written));
*errorCodePtr = ECONNABORTED;
written = -1;
break;
default:
dprintf(" unknown err: %d", err);
break;
}
output:
dprintf("Output(%d) -> %d", toWrite, written);
return(written);
}
/*
*-------------------------------------------------------------------
*
* TlsGetOptionProc --
*
|
| ︙ | ︙ | |||
562 563 564 565 566 567 568 |
* Side effects:
* May process the incoming event by itself.
*
*-------------------------------------------------------------------
*/
static int TlsNotifyProc(ClientData instanceData, int mask) {
| | > | | | | | < | | | | | | | | < | | | | | | | < < < | > | | | | | | | < | | | 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 |
* Side effects:
* May process the incoming event by itself.
*
*-------------------------------------------------------------------
*/
static int TlsNotifyProc(ClientData instanceData, int mask) {
State *statePtr = (State *) instanceData;
int errorCode;
/*
* An event occured in the underlying channel. This
* transformation doesn't process such events thus returns the
* incoming mask unchanged.
*/
if (statePtr->timer != (Tcl_TimerToken) NULL) {
/*
* Delete an existing timer. It was not fired, yet we are
* here, so the channel below generated such an event and we
* don't have to. The renewal of the interest after the
* execution of channel handlers will eventually cause us to
* recreate the timer (in WatchProc).
*/
Tcl_DeleteTimerHandler(statePtr->timer);
statePtr->timer = (Tcl_TimerToken) NULL;
}
if (statePtr->flags & TLS_TCL_CALLBACK) {
dprintf("Returning 0 due to callback");
return 0;
}
dprintf("Calling Tls_WaitForConnect");
errorCode = 0;
if (Tls_WaitForConnect(statePtr, &errorCode) < 0) {
if (errorCode == EAGAIN) {
dprintf("Async flag could be set (didn't check) and errorCode == EAGAIN: Returning 0");
return 0;
}
dprintf("Tls_WaitForConnect returned an error");
}
dprintf("Returning %i", mask);
return(mask);
}
#if 0
/*
*------------------------------------------------------*
*
* TlsChannelHandler --
|
| ︙ | ︙ | |||
709 710 711 712 713 714 715 | * * Result: * None. * *------------------------------------------------------* */ | < | < < | | > > | | > > | | > | > > | | > > | > > > > | 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 |
*
* Result:
* None.
*
*------------------------------------------------------*
*/
static void TlsChannelHandlerTimer(ClientData clientData) {
State *statePtr = (State *) clientData;
int mask = 0;
dprintf("Called");
statePtr->timer = (Tcl_TimerToken) NULL;
if (BIO_wpending(statePtr->bio)) {
dprintf("[chan=%p] BIO writable", statePtr->self);
mask |= TCL_WRITABLE;
}
if (BIO_pending(statePtr->bio)) {
dprintf("[chan=%p] BIO readable", statePtr->self);
mask |= TCL_READABLE;
}
dprintf("Notifying ourselves");
Tcl_NotifyChannel(statePtr->self, mask);
dprintf("Returning");
return;
}
/*
*------------------------------------------------------*
*
* Tls_WaitForConnect --
*
|
| ︙ | ︙ | |||
747 748 749 750 751 752 753 754 755 756 757 758 759 760 |
int Tls_WaitForConnect(State *statePtr, int *errorCodePtr) {
unsigned long backingError;
int err, rc;
int bioShouldRetry;
dprintf("WaitForConnect(%p)", (void *) statePtr);
dprintFlags(statePtr);
if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) {
/*
* We choose ECONNRESET over ECONNABORTED here because some server
* side code, on the wiki for example, sets up a read handler that
* does a read and if eof closes the channel. There is no catch/try
* around the reads so exceptions will result in potentially many
| > > > > > > | 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 |
int Tls_WaitForConnect(State *statePtr, int *errorCodePtr) {
unsigned long backingError;
int err, rc;
int bioShouldRetry;
dprintf("WaitForConnect(%p)", (void *) statePtr);
dprintFlags(statePtr);
if (!(statePtr->flags & TLS_TCL_INIT)) {
dprintf("Tls_WaitForConnect called on already initialized channel -- returning with immediate success");
*errorCodePtr = 0;
return(0);
}
if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) {
/*
* We choose ECONNRESET over ECONNABORTED here because some server
* side code, on the wiki for example, sets up a read handler that
* does a read and if eof closes the channel. There is no catch/try
* around the reads so exceptions will result in potentially many
|
| ︙ | ︙ | |||
786 787 788 789 790 791 792 |
rc = SSL_get_error(statePtr->ssl, err);
dprintf("Got error: %i (rc = %i)", err, rc);
bioShouldRetry = 0;
if (err <= 0) {
| | > > > > | 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 |
rc = SSL_get_error(statePtr->ssl, err);
dprintf("Got error: %i (rc = %i)", err, rc);
bioShouldRetry = 0;
if (err <= 0) {
if (rc == SSL_ERROR_WANT_CONNECT || rc == SSL_ERROR_WANT_ACCEPT || rc == SSL_ERROR_WANT_READ || rc == SSL_ERROR_WANT_WRITE) {
bioShouldRetry = 1;
} else if (BIO_should_retry(statePtr->bio)) {
bioShouldRetry = 1;
}
} else {
if (!SSL_is_init_finished(statePtr->ssl)) {
bioShouldRetry = 1;
}
}
if (bioShouldRetry) {
dprintf("The I/O did not complete -- but we should try it again");
if (statePtr->flags & TLS_TCL_ASYNC) {
dprintf("Returning EAGAIN so that it can be retried later");
|
| ︙ | ︙ | |||
823 824 825 826 827 828 829 |
switch (rc) {
case SSL_ERROR_NONE:
/* The connection is up, we are done here */
dprintf("The connection is up");
break;
case SSL_ERROR_ZERO_RETURN:
dprintf("SSL_ERROR_ZERO_RETURN: Connect returned an invalid value...")
| < < < < < | < > > > > > | 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 |
switch (rc) {
case SSL_ERROR_NONE:
/* The connection is up, we are done here */
dprintf("The connection is up");
break;
case SSL_ERROR_ZERO_RETURN:
dprintf("SSL_ERROR_ZERO_RETURN: Connect returned an invalid value...")
return(-1);
case SSL_ERROR_SYSCALL:
backingError = ERR_get_error();
dprintf("I/O error occured");
if (backingError == 0 && err == 0) {
dprintf("EOF reached")
}
statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
*errorCodePtr = ECONNRESET;
return(-1);
case SSL_ERROR_SSL:
dprintf("Got permanent fatal SSL error, aborting immediately");
Tls_Error(statePtr, (char *)ERR_reason_error_string(ERR_get_error()));
statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
*errorCodePtr = ECONNABORTED;
return(-1);
case SSL_ERROR_WANT_CONNECT:
case SSL_ERROR_WANT_ACCEPT:
case SSL_ERROR_WANT_X509_LOOKUP:
default:
dprintf("We got a confusing reply: %i", rc);
*errorCodePtr = Tcl_GetErrno();
dprintf("ERR(%d, %d) ", rc, *errorCodePtr);
return(-1);
}
if (statePtr->flags & TLS_TCL_SERVER) {
dprintf("This is an TLS server, checking the certificate for the peer");
err = SSL_get_verify_result(statePtr->ssl);
if (err != X509_V_OK) {
dprintf("Invalid certificate, returning in failure");
Tls_Error(statePtr, (char *)X509_verify_cert_error_string(err));
statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
*errorCodePtr = ECONNABORTED;
return(-1);
}
}
dprintf("Removing the \"TLS_TCL_INIT\" flag since we have completed the handshake");
statePtr->flags &= ~TLS_TCL_INIT;
dprintf("Returning in success");
*errorCodePtr = 0;
return(0);
}
Tcl_Channel Tls_GetParent(State *statePtr, int maskFlags) {
dprintf("Requested to get parent of channel %p", statePtr->self);
if ((statePtr->flags & ~maskFlags) & TLS_TCL_FASTPATH) {
dprintf("Asked to get the parent channel while we are using FastPath -- returning NULL");
return(NULL);
}
return(Tcl_GetStackedChannel(statePtr->self));
}
|