mirror of https://github.com/sipwise/kamailio.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
191 lines
4.9 KiB
191 lines
4.9 KiB
/*
|
|
* $Id$
|
|
*
|
|
* Copyright (C) 2010 iptelorg GmbH
|
|
*
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
*/
|
|
/** tls clear text write queue.
|
|
* (queue clear text when SSL_write() cannot write it immediately due to
|
|
* re-keying).
|
|
* @file modules/tls/tls_ct_wrq.c
|
|
* @ingroup: tls
|
|
* Module: @ref tls
|
|
*/
|
|
/*
|
|
* History:
|
|
* --------
|
|
* 2010-03-31 initial version (andrei)
|
|
*/
|
|
|
|
#include "tls_ct_wrq.h"
|
|
#include "tls_cfg.h"
|
|
#include "tls_server.h"
|
|
#include "../../atomic_ops.h"
|
|
#include "../../mem/shm_mem.h"
|
|
#include <openssl/err.h>
|
|
#include <openssl/ssl.h>
|
|
|
|
|
|
atomic_t* tls_total_ct_wq; /* total clear text bytes queued for a future
|
|
SSL_write() (due to renegotiations/
|
|
SSL_WRITE_WANTS_READ ).*/
|
|
|
|
|
|
|
|
/** init clear text write queues support.
|
|
* @return 0 on success, < 0 on error.
|
|
*/
|
|
int tls_ct_wq_init()
|
|
{
|
|
tls_total_ct_wq = shm_malloc(sizeof(*tls_total_ct_wq));
|
|
if (unlikely(tls_total_ct_wq == 0))
|
|
return -1;
|
|
atomic_set(tls_total_ct_wq, 0);
|
|
return 0;
|
|
}
|
|
|
|
|
|
|
|
/** destroy clear text write queues support. */
|
|
void tls_ct_wq_destroy()
|
|
{
|
|
if (tls_total_ct_wq) {
|
|
shm_free(tls_total_ct_wq);
|
|
tls_total_ct_wq = 0;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
/** total number of wr. queued bytes in all the SSL connections. */
|
|
unsigned int tls_ct_wq_total_bytes()
|
|
{
|
|
return (unsigned)atomic_get(tls_total_ct_wq);
|
|
}
|
|
|
|
|
|
|
|
/** callback for tls_ct_q_flush().
|
|
*
|
|
* @param *ssl - ssl context.
|
|
* @param *err - error reason (set on exit).
|
|
* @return >0 on success (bytes written), <=0 on ssl error (should be
|
|
* handled outside).
|
|
* WARNING: the ssl context must have the wbio and rbio previously set!
|
|
*/
|
|
static int ssl_flush(void* tcp_c, void* error, const void* buf, unsigned size)
|
|
{
|
|
int n;
|
|
int ssl_error;
|
|
struct tls_extra_data* tls_c;
|
|
SSL* ssl;
|
|
|
|
tls_c = ((struct tcp_connection*)tcp_c)->extra_data;
|
|
ssl = tls_c->ssl;
|
|
ssl_error = SSL_ERROR_NONE;
|
|
if (unlikely(tls_c->state == S_TLS_CONNECTING)) {
|
|
n = tls_connect(tcp_c, &ssl_error);
|
|
if (unlikely(n>=1)) {
|
|
n = SSL_write(ssl, buf, size);
|
|
if (unlikely(n <= 0))
|
|
ssl_error = SSL_get_error(ssl, n);
|
|
}
|
|
} else if (unlikely(tls_c->state == S_TLS_ACCEPTING)) {
|
|
n = tls_accept(tcp_c, &ssl_error);
|
|
if (unlikely(n>=1)) {
|
|
n = SSL_write(ssl, buf, size);
|
|
if (unlikely(n <= 0))
|
|
ssl_error = SSL_get_error(ssl, n);
|
|
}
|
|
} else {
|
|
n = SSL_write(ssl, buf, size);
|
|
if (unlikely(n <= 0))
|
|
ssl_error = SSL_get_error(ssl, n);
|
|
}
|
|
|
|
*(long*)error = ssl_error;
|
|
return n;
|
|
}
|
|
|
|
|
|
|
|
|
|
/** wrapper over tls_ct_q_flush().
|
|
* Besides doing a tls_ct_q_add it also keeps track of queue size and
|
|
* total queued bytes.
|
|
* @param ssl - ssl context
|
|
* @param **ct_q - double pointer to clear text queue.
|
|
* @param *flags - filled, @see tls_ct_q_add() for more details.
|
|
* @param ssl_err - set to the ssl err (SSL_ERROR_NONE on full success).
|
|
* @return -1 on internal error, or the number of bytes flushed on success
|
|
* (>=0).
|
|
*/
|
|
int tls_ct_wq_flush(struct tcp_connection* c, tls_ct_q** ct_q,
|
|
int* flags, int* ssl_err)
|
|
{
|
|
int ret;
|
|
long error;
|
|
|
|
error = SSL_ERROR_NONE;
|
|
ret = tls_ct_q_flush(ct_q, flags, ssl_flush, c, &error);
|
|
*ssl_err = (int)error;
|
|
if (likely(ret > 0))
|
|
atomic_add(tls_total_ct_wq, -ret);
|
|
return ret;
|
|
}
|
|
|
|
|
|
|
|
/** wrapper over tls_ct_q_add().
|
|
* Besides doing a tls_ct_q_add it also keeps track of queue size and
|
|
* total queued bytes. If the maximum queue size is exceeded => error.
|
|
* @return 0 on success, < 0 on error (-1 memory allocation, -2 queue size
|
|
* too big).
|
|
*/
|
|
int tls_ct_wq_add(tls_ct_q** ct_q, const void* data, unsigned int size)
|
|
{
|
|
int ret;
|
|
|
|
if (unlikely( (*ct_q && (((*ct_q)->queued + size) >
|
|
cfg_get(tls, tls_cfg, con_ct_wq_max))) ||
|
|
(atomic_get(tls_total_ct_wq) + size) >
|
|
cfg_get(tls, tls_cfg, ct_wq_max))) {
|
|
return -2;
|
|
}
|
|
ret = tls_ct_q_add(ct_q, data, size,
|
|
cfg_get(tls, tls_cfg, ct_wq_blk_size));
|
|
if (likely(ret >= 0))
|
|
atomic_add(tls_total_ct_wq, size);
|
|
return ret;
|
|
}
|
|
|
|
|
|
|
|
/** wrapper over tls_ct_q_destroy().
|
|
* Besides doing a tls_ct_q_destroy it also keeps track of the total queued
|
|
* bytes.
|
|
* @return - number of bytes that used to be queued (>=0),
|
|
*/
|
|
unsigned int tls_ct_wq_free(tls_ct_q** ct_q)
|
|
{
|
|
unsigned int ret;
|
|
|
|
if (likely((ret = tls_ct_q_destroy(ct_q)) > 0))
|
|
atomic_add(tls_total_ct_wq, -ret);
|
|
return ret;
|
|
}
|
|
|
|
|
|
/* vi: set ts=4 sw=4 tw=79:ai:cindent: */
|