[PATCH 04/17] reds: Move SSL-related code to RedsStream

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Code to initiate a SSL stream belongs there
---
 server/reds.c        | 85 +++++++++++++++++++---------------------------------
 server/reds_stream.c | 50 +++++++++++++++++++++++++++++++
 server/reds_stream.h |  2 ++
 3 files changed, 82 insertions(+), 55 deletions(-)

diff --git a/server/reds.c b/server/reds.c
index ce8bb97..cf1dca3 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -37,12 +37,8 @@
 #include <ctype.h>
 #include <stdbool.h>
 
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/ssl.h>
 #include <openssl/err.h>
+
 #if HAVE_SASL
 #include <sasl/sasl.h>
 #endif
@@ -2676,24 +2672,22 @@ static void reds_handle_new_link(RedLinkInfo *link)
 static void reds_handle_ssl_accept(int fd, int event, void *data)
 {
     RedLinkInfo *link = (RedLinkInfo *)data;
-    int return_code;
+    int return_code = reds_stream_ssl_accept(link->stream);
 
-    if ((return_code = SSL_accept(link->stream->ssl)) != 1) {
-        int ssl_error = SSL_get_error(link->stream->ssl, return_code);
-        if (ssl_error != SSL_ERROR_WANT_READ && ssl_error != SSL_ERROR_WANT_WRITE) {
-            spice_warning("SSL_accept failed, error=%d", ssl_error);
+    switch (return_code) {
+        case REDS_STREAM_SSL_STATUS_ERROR:
             reds_link_free(link);
-        } else {
-            if (ssl_error == SSL_ERROR_WANT_READ) {
-                core->watch_update_mask(link->stream->watch, SPICE_WATCH_EVENT_READ);
-            } else {
-                core->watch_update_mask(link->stream->watch, SPICE_WATCH_EVENT_WRITE);
-            }
-        }
-        return;
+            return;
+        case REDS_STREAM_SSL_STATUS_WAIT_FOR_READ:
+            core->watch_update_mask(link->stream->watch, SPICE_WATCH_EVENT_READ);
+            return;
+        case REDS_STREAM_SSL_STATUS_WAIT_FOR_WRITE:
+            core->watch_update_mask(link->stream->watch, SPICE_WATCH_EVENT_WRITE);
+            return;
+        case REDS_STREAM_SSL_STATUS_OK:
+            reds_stream_remove_watch(link->stream);
+            reds_handle_new_link(link);
     }
-    reds_stream_remove_watch(link->stream);
-    reds_handle_new_link(link);
 }
 
 static RedLinkInfo *reds_init_client_connection(int socket)
@@ -2755,52 +2749,33 @@ error:
 static RedLinkInfo *reds_init_client_ssl_connection(int socket)
 {
     RedLinkInfo *link;
-    int return_code;
-    int ssl_error;
-    BIO *sbio;
+    int ssl_status;
 
     link = reds_init_client_connection(socket);
     if (link == NULL)
         goto error;
 
-    // Handle SSL handshaking
-    if (!(sbio = BIO_new_socket(link->stream->socket, BIO_NOCLOSE))) {
-        spice_warning("could not allocate ssl bio socket");
-        goto error;
-    }
-
-    link->stream->ssl = SSL_new(reds->ctx);
-    if (!link->stream->ssl) {
-        spice_warning("could not allocate ssl context");
-        BIO_free(sbio);
-        goto error;
-    }
-
-    SSL_set_bio(link->stream->ssl, sbio, sbio);
-
     link->stream->write = stream_ssl_write_cb;
     link->stream->read = stream_ssl_read_cb;
     link->stream->writev = NULL;
 
-    return_code = SSL_accept(link->stream->ssl);
-    if (return_code == 1) {
-        reds_handle_new_link(link);
-        return link;
-    }
-
-    ssl_error = SSL_get_error(link->stream->ssl, return_code);
-    if (return_code == -1 && (ssl_error == SSL_ERROR_WANT_READ ||
-                              ssl_error == SSL_ERROR_WANT_WRITE)) {
-        int eventmask = ssl_error == SSL_ERROR_WANT_READ ?
-            SPICE_WATCH_EVENT_READ : SPICE_WATCH_EVENT_WRITE;
-        link->stream->watch = core->watch_add(link->stream->socket, eventmask,
+    ssl_status = reds_stream_enable_ssl(link->stream, reds->ctx);
+    switch (ssl_status) {
+        case REDS_STREAM_SSL_STATUS_OK:
+            reds_handle_new_link(link);
+            return link;
+        case REDS_STREAM_SSL_STATUS_ERROR:
+            goto error;
+        case REDS_STREAM_SSL_STATUS_WAIT_FOR_READ:
+            link->stream->watch = core->watch_add(link->stream->socket, SPICE_WATCH_EVENT_READ,
                                             reds_handle_ssl_accept, link);
-        return link;
+            break;
+        case REDS_STREAM_SSL_STATUS_WAIT_FOR_WRITE:
+            link->stream->watch = core->watch_add(link->stream->socket, SPICE_WATCH_EVENT_WRITE,
+                                                  reds_handle_ssl_accept, link);
+            break;
     }
-
-    ERR_print_errors_fp(stderr);
-    spice_warning("SSL_accept failed, error=%d", ssl_error);
-    SSL_free(link->stream->ssl);
+    return link;
 
 error:
     free(link->stream);
diff --git a/server/reds_stream.c b/server/reds_stream.c
index 093621f..5ec0efa 100644
--- a/server/reds_stream.c
+++ b/server/reds_stream.c
@@ -149,6 +149,56 @@ void reds_stream_push_channel_event(RedsStream *s, int event)
     main_dispatcher_channel_event(event, s->info);
 }
 
+RedsStreamSslStatus reds_stream_ssl_accept(RedsStream *stream)
+{
+    int ssl_error;
+    int return_code;
+
+    return_code = SSL_accept(stream->ssl);
+    if (return_code == 1) {
+        return REDS_STREAM_SSL_STATUS_OK;
+    }
+
+    ssl_error = SSL_get_error(stream->ssl, return_code);
+    if (return_code == -1 && (ssl_error == SSL_ERROR_WANT_READ ||
+                              ssl_error == SSL_ERROR_WANT_WRITE)) {
+        if (ssl_error == SSL_ERROR_WANT_READ) {
+            return REDS_STREAM_SSL_STATUS_WAIT_FOR_READ;
+        } else {
+            return REDS_STREAM_SSL_STATUS_WAIT_FOR_WRITE;
+        }
+    }
+
+    ERR_print_errors_fp(stderr);
+    spice_warning("SSL_accept failed, error=%d", ssl_error);
+    SSL_free(stream->ssl);
+    stream->ssl = NULL;
+
+    return REDS_STREAM_SSL_STATUS_ERROR;
+}
+
+int reds_stream_enable_ssl(RedsStream *stream, SSL_CTX *ctx)
+{
+    BIO *sbio;
+
+    // Handle SSL handshaking
+    if (!(sbio = BIO_new_socket(stream->socket, BIO_NOCLOSE))) {
+        spice_warning("could not allocate ssl bio socket");
+        return REDS_STREAM_SSL_STATUS_ERROR;
+    }
+
+    stream->ssl = SSL_new(ctx);
+    if (!stream->ssl) {
+        spice_warning("could not allocate ssl context");
+        BIO_free(sbio);
+        return REDS_STREAM_SSL_STATUS_ERROR;
+    }
+
+    SSL_set_bio(stream->ssl, sbio, sbio);
+
+    return reds_stream_ssl_accept(stream);
+}
+
 #if HAVE_SASL
 bool reds_stream_write_u8(RedsStream *s, uint8_t n)
 {
diff --git a/server/reds_stream.h b/server/reds_stream.h
index c725414..a0a3651 100644
--- a/server/reds_stream.h
+++ b/server/reds_stream.h
@@ -101,5 +101,7 @@ void reds_stream_free(RedsStream *s);
 
 void reds_stream_push_channel_event(RedsStream *s, int event);
 void reds_stream_remove_watch(RedsStream* s);
+RedsStreamSslStatus reds_stream_ssl_accept(RedsStream *stream);
+int reds_stream_enable_ssl(RedsStream *stream, SSL_CTX *ctx);
 
 #endif
-- 
1.8.4.2

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]