1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
/* This is essentially taken from Eric Vermeulen's TLS patch */
#include "tls_timeoutio.h"
#include "error.h"
#include "ndelay.h"
#include "select.h"
#include "now.h"
#define CALLBACK_ADAPTER(func) \
static int func##_adapter(SSL *ssl, void *buf, int len) \
{ \
(void)buf; \
(void)len; \
return func(ssl); \
}
int tls_timeoutio(int (*fun)(SSL *, void *, int), int t, int rfd, int wfd, SSL *ssl, char *buf, int len)
{
int n;
const datetime_sec end = (datetime_sec)t + now();
do {
fd_set fds;
struct timeval tv;
const int r = fun(ssl, buf, len);
if (r > 0) return r;
t = end - now();
if (t < 0) break;
tv.tv_sec = (time_t)t;
tv.tv_usec = 0;
FD_ZERO(&fds);
switch (SSL_get_error(ssl, r)) {
default: return r; /* some other error */
case SSL_ERROR_WANT_READ:
FD_SET(rfd, &fds);
n = select(rfd + 1, &fds, NULL, NULL, &tv);
break;
case SSL_ERROR_WANT_WRITE:
FD_SET(wfd, &fds);
n = select(wfd + 1, NULL, &fds, NULL, &tv);
break;
}
/* n is the number of descriptors that changed status */
} while (n > 0);
if (n != -1) errno = ETIMEDOUT;
return -1;
}
CALLBACK_ADAPTER(SSL_accept);
int tls_timeoutaccept(int t, int rfd, int wfd, SSL *ssl)
{
int r;
/* if connection is established, keep NDELAY */
if (ndelay_on(rfd) == -1 || ndelay_on(wfd) == -1) return -1;
r = tls_timeoutio(SSL_accept_adapter, t, rfd, wfd, ssl, NULL, 0);
if (r <= 0) {
ndelay_off(rfd);
ndelay_off(wfd);
} else {
SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE);
}
return r;
}
CALLBACK_ADAPTER(SSL_connect);
int tls_timeoutconn(int t, int rfd, int wfd, SSL *ssl)
{
int r;
/* if connection is established, keep NDELAY */
if (ndelay_on(rfd) == -1 || ndelay_on(wfd) == -1) return -1;
r = tls_timeoutio(SSL_connect_adapter, t, rfd, wfd, ssl, NULL, 0);
if (r <= 0) {
ndelay_off(rfd);
ndelay_off(wfd);
} else {
SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE);
}
return r;
}
CALLBACK_ADAPTER(SSL_do_handshake);
int tls_timeoutrehandshake(int t, int rfd, int wfd, SSL *ssl)
{
int r;
SSL_renegotiate(ssl);
r = tls_timeoutio(SSL_do_handshake_adapter, t, rfd, wfd, ssl, NULL, 0);
if (r <= 0) return r;
if (SSL_get_state(ssl) & SSL_ST_CONNECT) return -2; /* now a macro in ssl.h */
/* this is for the client only */
SSL_set_connect_state(ssl);
return tls_timeoutio(SSL_do_handshake_adapter, t, rfd, wfd, ssl, NULL, 0);
}
int tls_timeoutread(int t, int rfd, int wfd, SSL *ssl, char *buf, int len)
{
if (!buf) return 0;
if (SSL_pending(ssl)) return SSL_read(ssl, buf, len);
return tls_timeoutio(SSL_read, t, rfd, wfd, ssl, buf, len);
}
int tls_timeoutwrite(int t, int rfd, int wfd, SSL *ssl, char *buf, int len)
{
if (!buf) return 0;
return tls_timeoutio((int (*)(SSL *, void *, int))SSL_write, t, rfd, wfd, ssl, buf, len);
}
|
