Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	usr.sbin/relayd/check_tls.c	Lines:	0	110	0.0 %
Date:	2017-11-07	Branches:	0	50	0.0 %


/*	$OpenBSD: check_tls.c,v 1.1 2017/05/27 08:33:25 claudio Exp $	*/

/*
 * Copyright (c) 2017 Claudio Jeker <claudio@openbsd.org>
 * Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
 * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/types.h>
#include <sys/queue.h>
#include <sys/uio.h>

#include <limits.h>
#include <event.h>
#include <unistd.h>
#include <string.h>
#include <imsg.h>

#include "relayd.h"

void	check_tls_read(int, short, void *);
void	check_tls_write(int, short, void *);
void	check_tls_handshake(int, short, void *);
void	check_tls_cleanup(struct ctl_tcp_event *);
void	check_tls_error(struct ctl_tcp_event *, const char *, const char *);

void
check_tls_read(int s, short event, void *arg)
{
	char			 rbuf[SMALL_READ_BUF_SIZE];
	struct ctl_tcp_event	*cte = arg;
	int			 retry_flag = EV_READ;
	int			 ret;

	if (event == EV_TIMEOUT) {
		cte->host->up = HOST_DOWN;
		check_tls_cleanup(cte);
		hce_notify_done(cte->host, HCE_TLS_READ_TIMEOUT);
		return;
	}

	bzero(rbuf, sizeof(rbuf));

	ret = tls_read(cte->tls, rbuf, sizeof(rbuf));
	if (ret > 0) {
		if (ibuf_add(cte->buf, rbuf, ret) == -1)
			fatal("check_tls_read: buf_add error");
		if (cte->validate_read != NULL &&
		    cte->validate_read(cte) == 0) {
			check_tls_cleanup(cte);
			hce_notify_done(cte->host, cte->host->he);
			return;
		}
	} else if (ret == 0) {
		cte->host->up = HOST_DOWN;
		(void)cte->validate_close(cte);
		check_tls_cleanup(cte);
		hce_notify_done(cte->host, cte->host->he);
		return;
	} else if (ret == TLS_WANT_POLLIN) {
		retry_flag = EV_READ;
	} else if (ret == TLS_WANT_POLLOUT) {
		retry_flag = EV_WRITE;
	} else {
		cte->host->up = HOST_DOWN;
		check_tls_error(cte, cte->host->conf.name, "cannot read");
		check_tls_cleanup(cte);
		hce_notify_done(cte->host, HCE_TLS_READ_ERROR);
		return;
	}

	event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, check_tls_read,
	    &cte->tv_start, &cte->table->conf.timeout, cte);
	return;
}

void
check_tls_write(int s, short event, void *arg)
{
	struct ctl_tcp_event	*cte = arg;
	int			 retry_flag = EV_WRITE;
	int			 len;
	int			 ret;

	if (event == EV_TIMEOUT) {
		cte->host->up = HOST_DOWN;
		check_tls_cleanup(cte);
		hce_notify_done(cte->host, HCE_TLS_WRITE_TIMEOUT);
		return;
	}

	len = strlen(cte->table->sendbuf);

	ret = tls_write(cte->tls, cte->table->sendbuf, len);
	if (ret > 0) {
		if ((cte->buf = ibuf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) ==
		    NULL)
			fatalx("ssl_write: cannot create dynamic buffer");

		event_again(&cte->ev, s, EV_TIMEOUT|EV_READ, check_tls_read,
		    &cte->tv_start, &cte->table->conf.timeout, cte);
		return;
	} else if (ret == TLS_WANT_POLLIN) {
		retry_flag = EV_READ;
	} else if (ret == TLS_WANT_POLLOUT) {
		retry_flag = EV_WRITE;
	} else {
		cte->host->up = HOST_DOWN;
		check_tls_error(cte, cte->host->conf.name, "cannot write");
		check_tls_cleanup(cte);
		hce_notify_done(cte->host, HCE_TLS_WRITE_ERROR);
		return;
	}

	event_again(&cte->ev, s, EV_TIMEOUT|retry_flag, check_tls_write,
	    &cte->tv_start, &cte->table->conf.timeout, cte);
}

void
check_tls_handshake(int fd, short event, void *arg)
{
	struct ctl_tcp_event	*cte = arg;
	int			 retry_flag = 0;
	int			 ret;

	if (event == EV_TIMEOUT) {
		cte->host->up = HOST_DOWN;
		hce_notify_done(cte->host, HCE_TLS_CONNECT_TIMEOUT);
		check_tls_cleanup(cte);
		return;
	}

	ret = tls_handshake(cte->tls);
	if (ret == 0) {
		if (cte->table->conf.check == CHECK_TCP) {
			cte->host->up = HOST_UP;
			hce_notify_done(cte->host, HCE_TLS_CONNECT_OK);
			check_tls_cleanup(cte);
			return;
		}
		if (cte->table->sendbuf != NULL) {
			event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_WRITE,
			    check_tls_write, &cte->tv_start,
			    &cte->table->conf.timeout, cte);
			return;
		}
		if ((cte->buf = ibuf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) ==
		    NULL)
			fatalx("ssl_connect: cannot create dynamic buffer");
		event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_READ,
		    check_tls_read, &cte->tv_start, &cte->table->conf.timeout,
		    cte);
		return;
	} else if (ret == TLS_WANT_POLLIN) {
		retry_flag = EV_READ;
	} else if (ret == TLS_WANT_POLLOUT) {
		retry_flag = EV_WRITE;
	} else {
		cte->host->up = HOST_DOWN;
		check_tls_error(cte, cte->host->conf.name,
		   "cannot connect");
		hce_notify_done(cte->host, HCE_TLS_CONNECT_FAIL);
		check_tls_cleanup(cte);
		return;
	}

	event_again(&cte->ev, cte->s, EV_TIMEOUT|retry_flag,
	    check_tls_handshake,
	    &cte->tv_start, &cte->table->conf.timeout, cte);
}

void
check_tls_cleanup(struct ctl_tcp_event *cte)
{
	tls_close(cte->tls);
	tls_reset(cte->tls);
	close(cte->s);
	ibuf_free(cte->buf);
	cte->buf = NULL;
}

void
check_tls_error(struct ctl_tcp_event *cte, const char *where, const char *what)
{
	if (log_getverbose() < 2)
		return;
	log_debug("TLS error: %s: %s: %s", where, what, tls_error(cte->tls));
}

void
check_tls(struct ctl_tcp_event *cte)
{
	if (cte->tls == NULL) {
		cte->tls = tls_client();
		if (cte->tls == NULL)
			fatal("cannot create TLS connection");
	}
	/* need to re-configure because of tls_reset */
	if (tls_configure(cte->tls, cte->table->tls_cfg) == -1)
		fatal("cannot configure TLS connection");

	if (tls_connect_socket(cte->tls, cte->s, NULL) == -1) {
		check_tls_error(cte, cte->host->conf.name,
		    "cannot connect");
		tls_close(cte->tls);
		tls_reset(cte->tls);
		cte->host->up = HOST_UNKNOWN;
		hce_notify_done(cte->host, HCE_TLS_CONNECT_ERROR);
		return;
	}

	event_again(&cte->ev, cte->s, EV_TIMEOUT|EV_WRITE, check_tls_handshake,
	    &cte->tv_start, &cte->table->conf.timeout, cte);
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: check_tls.c,v 1.1 2017/05/27 08:33:25 claudio Exp $ */
2
3			/*
4			* Copyright (c) 2017 Claudio Jeker <claudio@openbsd.org>
5			* Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
6			* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
7			*
8			* Permission to use, copy, modify, and distribute this software for any
9			* purpose with or without fee is hereby granted, provided that the above
10			* copyright notice and this permission notice appear in all copies.
11			*
12			* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13			* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14			* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15			* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16			* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17			* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18			* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19			*/
20
21			#include <sys/types.h>
22			#include <sys/queue.h>
23			#include <sys/uio.h>
24
25			#include <limits.h>
26			#include <event.h>
27			#include <unistd.h>
28			#include <string.h>
29			#include <imsg.h>
30
31			#include "relayd.h"
32
33			void check_tls_read(int, short, void *);
34			void check_tls_write(int, short, void *);
35			void check_tls_handshake(int, short, void *);
36			void check_tls_cleanup(struct ctl_tcp_event *);
37			void check_tls_error(struct ctl_tcp_event , const char , const char *);
38
39			void
40			check_tls_read(int s, short event, void *arg)
41			{
42			char rbuf[SMALL_READ_BUF_SIZE];
43			struct ctl_tcp_event *cte = arg;
44			int retry_flag = EV_READ;
45			int ret;
46
47			if (event == EV_TIMEOUT) {
48			cte->host->up = HOST_DOWN;
49			check_tls_cleanup(cte);
50			hce_notify_done(cte->host, HCE_TLS_READ_TIMEOUT);
51			return;
52			}
53
54			bzero(rbuf, sizeof(rbuf));
55
56			ret = tls_read(cte->tls, rbuf, sizeof(rbuf));
57			if (ret > 0) {
58			if (ibuf_add(cte->buf, rbuf, ret) == -1)
59			fatal("check_tls_read: buf_add error");
60			if (cte->validate_read != NULL &&
61			cte->validate_read(cte) == 0) {
62			check_tls_cleanup(cte);
63			hce_notify_done(cte->host, cte->host->he);
64			return;
65			}
66			} else if (ret == 0) {
67			cte->host->up = HOST_DOWN;
68			(void)cte->validate_close(cte);
69			check_tls_cleanup(cte);
70			hce_notify_done(cte->host, cte->host->he);
71			return;
72			} else if (ret == TLS_WANT_POLLIN) {
73			retry_flag = EV_READ;
74			} else if (ret == TLS_WANT_POLLOUT) {
75			retry_flag = EV_WRITE;
76			} else {
77			cte->host->up = HOST_DOWN;
78			check_tls_error(cte, cte->host->conf.name, "cannot read");
79			check_tls_cleanup(cte);
80			hce_notify_done(cte->host, HCE_TLS_READ_ERROR);
81			return;
82			}
83
84			event_again(&cte->ev, s, EV_TIMEOUT\|retry_flag, check_tls_read,
85			&cte->tv_start, &cte->table->conf.timeout, cte);
86			return;
87			}
88
89			void
90			check_tls_write(int s, short event, void *arg)
91			{
92			struct ctl_tcp_event *cte = arg;
93			int retry_flag = EV_WRITE;
94			int len;
95			int ret;
96
97			if (event == EV_TIMEOUT) {
98			cte->host->up = HOST_DOWN;
99			check_tls_cleanup(cte);
100			hce_notify_done(cte->host, HCE_TLS_WRITE_TIMEOUT);
101			return;
102			}
103
104			len = strlen(cte->table->sendbuf);
105
106			ret = tls_write(cte->tls, cte->table->sendbuf, len);
107			if (ret > 0) {
108			if ((cte->buf = ibuf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) ==
109			NULL)
110			fatalx("ssl_write: cannot create dynamic buffer");
111
112			event_again(&cte->ev, s, EV_TIMEOUT\|EV_READ, check_tls_read,
113			&cte->tv_start, &cte->table->conf.timeout, cte);
114			return;
115			} else if (ret == TLS_WANT_POLLIN) {
116			retry_flag = EV_READ;
117			} else if (ret == TLS_WANT_POLLOUT) {
118			retry_flag = EV_WRITE;
119			} else {
120			cte->host->up = HOST_DOWN;
121			check_tls_error(cte, cte->host->conf.name, "cannot write");
122			check_tls_cleanup(cte);
123			hce_notify_done(cte->host, HCE_TLS_WRITE_ERROR);
124			return;
125			}
126
127			event_again(&cte->ev, s, EV_TIMEOUT\|retry_flag, check_tls_write,
128			&cte->tv_start, &cte->table->conf.timeout, cte);
129			}
130
131			void
132			check_tls_handshake(int fd, short event, void *arg)
133			{
134			struct ctl_tcp_event *cte = arg;
135			int retry_flag = 0;
136			int ret;
137
138			if (event == EV_TIMEOUT) {
139			cte->host->up = HOST_DOWN;
140			hce_notify_done(cte->host, HCE_TLS_CONNECT_TIMEOUT);
141			check_tls_cleanup(cte);
142			return;
143			}
144
145			ret = tls_handshake(cte->tls);
146			if (ret == 0) {
147			if (cte->table->conf.check == CHECK_TCP) {
148			cte->host->up = HOST_UP;
149			hce_notify_done(cte->host, HCE_TLS_CONNECT_OK);
150			check_tls_cleanup(cte);
151			return;
152			}
153			if (cte->table->sendbuf != NULL) {
154			event_again(&cte->ev, cte->s, EV_TIMEOUT\|EV_WRITE,
155			check_tls_write, &cte->tv_start,
156			&cte->table->conf.timeout, cte);
157			return;
158			}
159			if ((cte->buf = ibuf_dynamic(SMALL_READ_BUF_SIZE, UINT_MAX)) ==
160			NULL)
161			fatalx("ssl_connect: cannot create dynamic buffer");
162			event_again(&cte->ev, cte->s, EV_TIMEOUT\|EV_READ,
163			check_tls_read, &cte->tv_start, &cte->table->conf.timeout,
164			cte);
165			return;
166			} else if (ret == TLS_WANT_POLLIN) {
167			retry_flag = EV_READ;
168			} else if (ret == TLS_WANT_POLLOUT) {
169			retry_flag = EV_WRITE;
170			} else {
171			cte->host->up = HOST_DOWN;
172			check_tls_error(cte, cte->host->conf.name,
173			"cannot connect");
174			hce_notify_done(cte->host, HCE_TLS_CONNECT_FAIL);
175			check_tls_cleanup(cte);
176			return;
177			}
178
179			event_again(&cte->ev, cte->s, EV_TIMEOUT\|retry_flag,
180			check_tls_handshake,
181			&cte->tv_start, &cte->table->conf.timeout, cte);
182			}
183
184			void
185			check_tls_cleanup(struct ctl_tcp_event *cte)
186			{
187			tls_close(cte->tls);
188			tls_reset(cte->tls);
189			close(cte->s);
190			ibuf_free(cte->buf);
191			cte->buf = NULL;
192			}
193
194			void
195			check_tls_error(struct ctl_tcp_event cte, const char where, const char *what)
196			{
197			if (log_getverbose() < 2)
198			return;
199			log_debug("TLS error: %s: %s: %s", where, what, tls_error(cte->tls));
200			}
201
202			void
203			check_tls(struct ctl_tcp_event *cte)
204			{
205			if (cte->tls == NULL) {
206			cte->tls = tls_client();
207			if (cte->tls == NULL)
208			fatal("cannot create TLS connection");
209			}
210			/* need to re-configure because of tls_reset */
211			if (tls_configure(cte->tls, cte->table->tls_cfg) == -1)
212			fatal("cannot configure TLS connection");
213
214			if (tls_connect_socket(cte->tls, cte->s, NULL) == -1) {
215			check_tls_error(cte, cte->host->conf.name,
216			"cannot connect");
217			tls_close(cte->tls);
218			tls_reset(cte->tls);
219			cte->host->up = HOST_UNKNOWN;
220			hce_notify_done(cte->host, HCE_TLS_CONNECT_ERROR);
221			return;
222			}
223
224			event_again(&cte->ev, cte->s, EV_TIMEOUT\|EV_WRITE, check_tls_handshake,
225			&cte->tv_start, &cte->table->conf.timeout, cte);
226			}