Next part of merge. See TODO for details

author: Michael Widenius <monty@askmonty.org> 2012-08-14 17:23:34 +0300
committer: Michael Widenius <monty@askmonty.org> 2012-08-14 17:23:34 +0300
commit: 60589aeee03949033c66da5c1eae70d4342179fc (patch)
tree: 1cd399dbed17c5c7b4ed16eb7b872dc979af1c93 /vio/viossl.c
parent: b39e6e3d093b45f792959ef06fea1c175263ae1a (diff)
download: mariadb-git-60589aeee03949033c66da5c1eae70d4342179fc.tar.gz
1 files changed, 226 insertions, 34 deletions
diff --git a/vio/viossl.c b/vio/viossl.c
index 48881cc2903..dfca68947cc 100644
--- a/vio/viossl.c
+++ b/vio/viossl.c
@@ -61,46 +61,190 @@ report_errors(SSL* ssl)
 #endif
 
 
-size_t vio_ssl_read(Vio *vio, uchar* buf, size_t size)
+/**
+  Obtain the equivalent system error status for the last SSL I/O operation.
+
+  @param ssl_error  The result code of the failed TLS/SSL I/O operation.
+*/
+
+static void ssl_set_sys_error(int ssl_error)
+{
+  int error= 0;
+
+  switch (ssl_error)
+  {
+  case SSL_ERROR_ZERO_RETURN:
+    error= SOCKET_ECONNRESET;
+    break;
+  case SSL_ERROR_WANT_READ:
+  case SSL_ERROR_WANT_WRITE:
+#ifdef SSL_ERROR_WANT_CONNECT
+  case SSL_ERROR_WANT_CONNECT:
+#endif
+#ifdef SSL_ERROR_WANT_ACCEPT
+  case SSL_ERROR_WANT_ACCEPT:
+#endif
+    error= SOCKET_EWOULDBLOCK;
+    break;
+  case SSL_ERROR_SSL:
+    /* Protocol error. */
+#ifdef EPROTO
+    error= EPROTO;
+#else
+    error= SOCKET_ECONNRESET;
+#endif
+    break;
+  case SSL_ERROR_SYSCALL:
+  case SSL_ERROR_NONE:
+  default:
+    break;
+  };
+
+  /* Set error status to a equivalent of the SSL error. */
+  if (error)
+  {
+#ifdef _WIN32
+    WSASetLastError(error);
+#else
+    errno= error;
+#endif
+  }
+}
+
+
+/**
+  Indicate whether a SSL I/O operation must be retried later.
+
+  @param vio  VIO object representing a SSL connection.
+  @param ret  Value returned by a SSL I/O function.
+  @param event[out] The type of I/O event to wait/retry.
+
+  @return Whether a SSL I/O operation should be deferred.
+  @retval TRUE    Temporary failure, retry operation.
+  @retval FALSE   Indeterminate failure.
+*/
+
+static my_bool ssl_should_retry(Vio *vio, int ret, enum enum_vio_io_event *event)
+{
+  int ssl_error;
+  SSL *ssl= vio->ssl_arg;
+  my_bool should_retry= TRUE;
+
+  /* Retrieve the result for the SSL I/O operation. */
+  ssl_error= SSL_get_error(ssl, ret);
+
+  /* Retrieve the result for the SSL I/O operation. */
+  switch (ssl_error)
+  {
+  case SSL_ERROR_WANT_READ:
+    *event= VIO_IO_EVENT_READ;
+    break;
+  case SSL_ERROR_WANT_WRITE:
+    *event= VIO_IO_EVENT_WRITE;
+    break;
+  default:
+#ifndef DBUG_OFF
+    report_errors(ssl);
+#endif
+    should_retry= FALSE;
+    ssl_set_sys_error(ssl_error);
+    break;
+  }
+
+  return should_retry;
+}
+
+
+size_t vio_ssl_read(Vio *vio, uchar *buf, size_t size)
 {
-  size_t r;
+  int ret;
+  SSL *ssl= vio->ssl_arg;
   DBUG_ENTER("vio_ssl_read");
-  DBUG_PRINT("enter", ("sd: %d  buf: 0x%lx  size: %u  ssl: 0x%lx",
-		       vio->sd, (long) buf, (uint) size, (long) vio->ssl_arg));
+  DBUG_PRINT("enter", ("sd: %d  buf: %p  size: %d  ssl: %p",
+		       mysql_socket_getfd(vio->mysql_socket), buf, (int) size,
+                       vio->ssl_arg));
 
   if (vio->async_context && vio->async_context->active)
-    r= my_ssl_read_async(vio->async_context, (SSL *)vio->ssl_arg, buf, size);
+    ret= my_ssl_read_async(vio->async_context, (SSL *)vio->ssl_arg, buf, size);
   else
-    r= SSL_read((SSL*) vio->ssl_arg, buf, size);
+  {
+    while ((ret= SSL_read(ssl, buf, size)) < 0)
+    {
+      enum enum_vio_io_event event;
+      
+      /* Process the SSL I/O error. */
+      if (!ssl_should_retry(vio, ret, &event))
+        break;
+      /* Attempt to wait for an I/O event. */
+      if (vio_socket_io_wait(vio, event))
+        break;
+    }
+  }
+
 #ifndef DBUG_OFF
-  if (r == (size_t) -1)
+  if (ret < 0)
     report_errors((SSL*) vio->ssl_arg);
 #endif
-  DBUG_PRINT("exit", ("%u", (uint) r));
-  DBUG_RETURN(r);
+  DBUG_PRINT("exit", ("%d", (int) ret));
+  DBUG_RETURN(ret < 0 ? -1 : ret);
+
 }
 
 
-size_t vio_ssl_write(Vio *vio, const uchar* buf, size_t size)
+size_t vio_ssl_write(Vio *vio, const uchar *buf, size_t size)
 {
-  size_t r;
+  int ret;
+  SSL *ssl= vio->ssl_arg;
   DBUG_ENTER("vio_ssl_write");
-  DBUG_PRINT("enter", ("sd: %d  buf: 0x%lx  size: %u", vio->sd,
-                       (long) buf, (uint) size));
+  DBUG_PRINT("enter", ("sd: %d  buf: %p  size: %d",
+                       mysql_socket_getfd(vio->mysql_socket),
+                       buf, (int) size));
 
   if (vio->async_context && vio->async_context->active)
-    r= my_ssl_write_async(vio->async_context, (SSL *)vio->ssl_arg, buf, size);
+    ret= my_ssl_write_async(vio->async_context, (SSL *)vio->ssl_arg, buf,
+                            size);
   else
-    r= SSL_write((SSL*) vio->ssl_arg, buf, size);
+  {
+    while ((ret= SSL_write(ssl, buf, size)) < 0)
+    {
+      enum enum_vio_io_event event;
+
+      /* Process the SSL I/O error. */
+      if (!ssl_should_retry(vio, ret, &event))
+        break;
+
+      /* Attempt to wait for an I/O event. */
+      if (vio_socket_io_wait(vio, event))
+        break;
+    }
+  }
+
 #ifndef DBUG_OFF
-  if (r == (size_t) -1)
+  if (ret < 0)
     report_errors((SSL*) vio->ssl_arg);
 #endif
-  DBUG_PRINT("exit", ("%u", (uint) r));
-  DBUG_RETURN(r);
+  DBUG_RETURN(ret < 0 ? -1 : ret);
+}
+
+#ifdef HAVE_YASSL
+
+/* Emulate a blocking recv() call with vio_read(). */
+static long yassl_recv(void *ptr, void *buf, size_t len,
+                       int flag __attribute__((unused)))
+{
+  return vio_read(ptr, buf, len);
 }
 
 
+/* Emulate a blocking send() call with vio_write(). */
+static long yassl_send(void *ptr, const void *buf, size_t len,
+                       int flag __attribute__((unused)))
+{
+  return vio_write(ptr, buf, len);
+}
+
+#endif
+
 int vio_ssl_close(Vio *vio)
 {
   int r= 0;
@@ -158,16 +302,57 @@ void vio_ssl_delete(Vio *vio)
 }
 
 
+/** SSL handshake handler. */
+typedef int (*ssl_handshake_func_t)(SSL*);
+
+
+/**
+  Loop and wait until a SSL handshake is completed.
+
+  @param vio    VIO object representing a SSL connection.
+  @param ssl    SSL structure for the connection.
+  @param func   SSL handshake handler.
+
+  @return Return value is 1 on success.
+*/
+
+static int ssl_handshake_loop(Vio *vio, SSL *ssl, ssl_handshake_func_t func)
+{
+  int ret;
+
+  vio->ssl_arg= ssl;
+
+  /* Initiate the SSL handshake. */
+  while ((ret= func(ssl)) < 1)
+  {
+    enum enum_vio_io_event event;
+
+    /* Process the SSL I/O error. */
+    if (!ssl_should_retry(vio, ret, &event))
+      break;
+
+    /* Wait for I/O so that the handshake can proceed. */
+    if (vio_socket_io_wait(vio, event))
+      break;
+  }
+
+  vio->ssl_arg= NULL;
+
+  return ret;
+}
+
+
 static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
-                  int (*connect_accept_func)(SSL*), unsigned long *errptr)
+                  ssl_handshake_func_t func, unsigned long *errptr)
 {
   int r;
   SSL *ssl;
   my_bool unused;
   my_bool was_blocking;
+  my_socket sd= mysql_socket_getfd(vio->mysql_socket);
   DBUG_ENTER("ssl_do");
   DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d  ctx: 0x%lx",
-                       (long) ptr, vio->sd, (long) ptr->ssl_context));
+                       (long) ptr, sd, (long) ptr->ssl_context));
 
   /* Set socket to blocking if not already set */
   vio_blocking(vio, 1, &was_blocking);
@@ -182,9 +367,23 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
   DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout));
   SSL_clear(ssl);
   SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
-  SSL_set_fd(ssl, vio->sd);
+  SSL_set_fd(ssl, sd);
+
+  /*
+    Since yaSSL does not support non-blocking send operations, use
+    special transport functions that properly handles non-blocking
+    sockets. These functions emulate the behavior of blocking I/O
+    operations by waiting for I/O to become available.
+  */
+#ifdef HAVE_YASSL
+  /* Set first argument of the transport functions. */
+  yaSSL_transport_set_ptr(ssl, vio);
+  /* Set functions to use in order to send and receive data. */
+  yaSSL_transport_set_recv_function(ssl, yassl_recv);
+  yaSSL_transport_set_send_function(ssl, yassl_send);
+#endif
 
-  if ((r= connect_accept_func(ssl)) < 1)
+  if ((r= ssl_handshake_loop(vio, ssl, func)) < 1)
   {
     DBUG_PRINT("error", ("SSL_connect/accept failure"));
     *errptr= SSL_get_error(ssl, r);
@@ -198,8 +397,11 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
     change type, set sd to the fd used when connecting
     and set pointer to the SSL structure
   */
-  vio_reset(vio, VIO_TYPE_SSL, SSL_get_fd(ssl), 0, 0);
-  vio->ssl_arg= (void*)ssl;
+  if (vio_reset(vio, VIO_TYPE_SSL, SSL_get_fd(ssl), ssl, 0))
+  {
+    vio_blocking(vio, was_blocking, &unused);
+    DBUG_RETURN(1);
+  }
 
 #ifndef DBUG_OFF
   {
@@ -249,16 +451,6 @@ int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout, unsigned long *e
 }
 
 
-int vio_ssl_blocking(Vio *vio __attribute__((unused)),
-		     my_bool set_blocking_mode,
-		     my_bool *old_mode)
-{
-  /* Mode is always blocking */
-  *old_mode= 1;
-  /* Return error if we try to change to non_blocking mode */
-  return (set_blocking_mode ? 0 : 1);
-}
-
 my_bool vio_ssl_has_data(Vio *vio)
 {
   return SSL_pending(vio->ssl_arg) > 0 ? TRUE : FALSE;
author	Michael Widenius <monty@askmonty.org>	2012-08-14 17:23:34 +0300
committer	Michael Widenius <monty@askmonty.org>	2012-08-14 17:23:34 +0300
commit	60589aeee03949033c66da5c1eae70d4342179fc (patch)
tree	1cd399dbed17c5c7b4ed16eb7b872dc979af1c93 /vio/viossl.c
parent	b39e6e3d093b45f792959ef06fea1c175263ae1a (diff)
download	mariadb-git-60589aeee03949033c66da5c1eae70d4342179fc.tar.gz