conn_tls_check.c (5956B)
1 /* SPDX-License-Identifier: LGPL-2.1-or-later OR (GPL-2.0-or-later WITH eCos-exception-2.0) */ 2 /* 3 This file is part of GNU libmicrohttpd. 4 Copyright (C) 2024 Evgeny Grin (Karlson2k) 5 6 GNU libmicrohttpd is free software; you can redistribute it and/or 7 modify it under the terms of the GNU Lesser General Public 8 License as published by the Free Software Foundation; either 9 version 2.1 of the License, or (at your option) any later version. 10 11 GNU libmicrohttpd is distributed in the hope that it will be useful, 12 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 Lesser General Public License for more details. 15 16 Alternatively, you can redistribute GNU libmicrohttpd and/or 17 modify it under the terms of the GNU General Public License as 18 published by the Free Software Foundation; either version 2 of 19 the License, or (at your option) any later version, together 20 with the eCos exception, as follows: 21 22 As a special exception, if other files instantiate templates or 23 use macros or inline functions from this file, or you compile this 24 file and link it with other works to produce a work based on this 25 file, this file does not by itself cause the resulting work to be 26 covered by the GNU General Public License. However the source code 27 for this file must still be made available in accordance with 28 section (3) of the GNU General Public License v2. 29 30 This exception does not invalidate any other reasons why a work 31 based on this file might be covered by the GNU General Public 32 License. 33 34 You should have received copies of the GNU Lesser General Public 35 License and the GNU General Public License along with this library; 36 if not, see <https://www.gnu.org/licenses/>. 37 */ 38 39 /** 40 * @file src/mhd2/conn_tls_handshake.c 41 * @brief The implementation of connection TLS handling functions 42 * @author Karlson2k (Evgeny Grin) 43 */ 44 45 #include "mhd_sys_options.h" 46 47 #include "conn_tls_check.h" 48 49 #include "mhd_assert.h" 50 #include "mhd_unreachable.h" 51 52 #include "mhd_daemon.h" 53 #include "mhd_connection.h" 54 55 #include "mhd_socket_error_funcs.h" 56 #include "daemon_logger.h" 57 58 #include "mhd_tls_funcs.h" 59 60 #include "conn_mark_ready.h" 61 #include "stream_funcs.h" 62 #include "stream_process_states.h" 63 64 65 MHD_INTERNAL MHD_FN_PAR_NONNULL_ALL_ enum mhd_CommLayerState 66 mhd_conn_tls_check (struct MHD_Connection *restrict c) 67 { 68 mhd_assert (mhd_C_HAS_TLS (c)); 69 mhd_assert (mhd_D_HAS_TLS (c->daemon)); 70 mhd_assert ((mhd_CONN_STATE_TLS_HANDSHAKE_RECV == c->conn_state) || \ 71 (mhd_CONN_STATE_TLS_HANDSHAKE_SEND == c->conn_state) || \ 72 (mhd_CONN_STATE_TLS_CONNECTED == c->conn_state)); 73 74 if (mhd_CONN_STATE_TLS_CONNECTED == c->conn_state) 75 return mhd_COMM_LAYER_OK; /* TLS is already connected */ 76 77 if (0 != (mhd_SOCKET_NET_STATE_ERROR_READY & c->sk.ready)) 78 { 79 /* Some socket error has been detected. Do not try to handshake. */ 80 if (mhd_SOCKET_ERR_NO_ERROR == c->sk.state.discnt_err) 81 c->sk.state.discnt_err = mhd_socket_error_get_from_socket (c->sk.fd); 82 mhd_conn_start_closing_skt_err (c); 83 return mhd_COMM_LAYER_BROKEN; 84 } 85 /* Check whether the socket is ready for the required send/recv operation */ 86 if (0 == (((mhd_CONN_FLAG_RECV | mhd_CONN_FLAG_SEND) 87 & ((unsigned int) c->conn_state) 88 & ((unsigned int) c->sk.ready)))) 89 return mhd_COMM_LAYER_PROCESSING; 90 91 switch (mhd_tls_conn_handshake (c->tls)) 92 { 93 case mhd_TLS_PROCED_SUCCESS: 94 c->conn_state = mhd_CONN_STATE_TLS_CONNECTED; 95 if (! c->sk.props.is_nonblck) 96 { 97 /* The socket is blocking (and polling is not edge-triggering), 98 probably all available data has been processed already. */ 99 c->sk.ready = (enum mhd_SocketNetState) /* Clear 'recv-ready' and 'send-ready' */ 100 (((unsigned int) c->sk.ready) 101 & (~(enum mhd_SocketNetState) 102 mhd_SOCKET_NET_STATE_SEND_READY) 103 & (~(enum mhd_SocketNetState) 104 mhd_SOCKET_NET_STATE_RECV_READY)); 105 } 106 if (mhd_tls_conn_has_data_in (c->tls)) 107 c->tls_has_data_in = mhd_TLS_BUF_HAS_DATA_IN; 108 /* TLS is connected now, set event loop state based on HTTP protocol. 109 Some early application-level data could be processing in this round. */ 110 mhd_conn_event_loop_state_update (c); 111 112 return mhd_COMM_LAYER_OK; 113 break; 114 case mhd_TLS_PROCED_RECV_MORE_NEEDED: 115 c->sk.ready = (enum mhd_SocketNetState) /* Clear 'recv-ready' */ 116 (((unsigned int) c->sk.ready) 117 & (~(enum mhd_SocketNetState) 118 mhd_SOCKET_NET_STATE_RECV_READY)); 119 mhd_FALLTHROUGH; 120 /* Intentional fallthrough */ 121 case mhd_TLS_PROCED_RECV_INTERRUPTED: 122 c->conn_state = mhd_CONN_STATE_TLS_HANDSHAKE_RECV; 123 c->event_loop_info = MHD_EVENT_LOOP_INFO_RECV; 124 break; 125 case mhd_TLS_PROCED_SEND_MORE_NEEDED: 126 c->sk.ready = (enum mhd_SocketNetState) /* Clear 'send-ready' */ 127 (((unsigned int) c->sk.ready) 128 & (~(enum mhd_SocketNetState) 129 mhd_SOCKET_NET_STATE_SEND_READY)); 130 mhd_FALLTHROUGH; 131 /* Intentional fallthrough */ 132 case mhd_TLS_PROCED_SEND_INTERRUPTED: 133 c->conn_state = mhd_CONN_STATE_TLS_HANDSHAKE_SEND; 134 c->event_loop_info = MHD_EVENT_LOOP_INFO_SEND; 135 break; 136 case mhd_TLS_PROCED_FAILED: 137 c->conn_state = mhd_CONN_STATE_TLS_FAILED; 138 mhd_LOG_MSG (c->daemon, \ 139 MHD_SC_TLS_CONNECTION_HANDSHAKED_FAILED, \ 140 "Failed to perform TLS handshake on the new connection"); 141 c->sk.state.discnt_err = mhd_SOCKET_ERR_TLS; 142 mhd_conn_start_closing_skt_err (c); 143 return mhd_COMM_LAYER_BROKEN; 144 break; 145 default: 146 mhd_assert (0 && "Should be unreachable"); 147 mhd_UNREACHABLE (); 148 return mhd_COMM_LAYER_BROKEN; 149 } 150 151 mhd_conn_mark_ready_update (c); 152 return mhd_COMM_LAYER_PROCESSING; 153 }