2
0

ddd-02-conn-nonblocking.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449
  1. #include <sys/poll.h>
  2. #include <openssl/ssl.h>
  3. /*
  4. * Demo 2: Client — Managed Connection — Nonblocking
  5. * ==============================================================
  6. *
  7. * This is an example of (part of) an application which uses libssl in an
  8. * asynchronous, nonblocking fashion. The functions show all interactions with
  9. * libssl the application makes, and would hypothetically be linked into a
  10. * larger application.
  11. *
  12. * In this example, libssl still makes syscalls directly using an fd, which is
  13. * configured in nonblocking mode. As such, the application can still be
  14. * abstracted from the details of what that fd is (is it a TCP socket? is it a
  15. * UDP socket?); this code passes the application an fd and the application
  16. * simply calls back into this code when poll()/etc. indicates it is ready.
  17. */
  18. typedef struct app_conn_st {
  19. SSL *ssl;
  20. BIO *ssl_bio;
  21. int rx_need_tx, tx_need_rx;
  22. } APP_CONN;
  23. /*
  24. * The application is initializing and wants an SSL_CTX which it will use for
  25. * some number of outgoing connections, which it creates in subsequent calls to
  26. * new_conn. The application may also call this function multiple times to
  27. * create multiple SSL_CTX.
  28. */
  29. SSL_CTX *create_ssl_ctx(void)
  30. {
  31. SSL_CTX *ctx;
  32. #ifdef USE_QUIC
  33. ctx = SSL_CTX_new(OSSL_QUIC_client_method());
  34. #else
  35. ctx = SSL_CTX_new(TLS_client_method());
  36. #endif
  37. if (ctx == NULL)
  38. return NULL;
  39. /* Enable trust chain verification. */
  40. SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
  41. /* Load default root CA store. */
  42. if (SSL_CTX_set_default_verify_paths(ctx) == 0) {
  43. SSL_CTX_free(ctx);
  44. return NULL;
  45. }
  46. return ctx;
  47. }
  48. /*
  49. * The application wants to create a new outgoing connection using a given
  50. * SSL_CTX.
  51. *
  52. * hostname is a string like "openssl.org:443" or "[::1]:443".
  53. */
  54. APP_CONN *new_conn(SSL_CTX *ctx, const char *hostname)
  55. {
  56. APP_CONN *conn;
  57. BIO *out, *buf;
  58. SSL *ssl = NULL;
  59. const char *bare_hostname;
  60. #ifdef USE_QUIC
  61. static const unsigned char alpn[] = {5, 'd', 'u', 'm', 'm', 'y'};
  62. #endif
  63. conn = calloc(1, sizeof(APP_CONN));
  64. if (conn == NULL)
  65. return NULL;
  66. out = BIO_new_ssl_connect(ctx);
  67. if (out == NULL) {
  68. free(conn);
  69. return NULL;
  70. }
  71. if (BIO_get_ssl(out, &ssl) == 0) {
  72. BIO_free_all(out);
  73. free(conn);
  74. return NULL;
  75. }
  76. /*
  77. * NOTE: QUIC cannot operate with a buffering BIO between the QUIC SSL
  78. * object in the network. In this case, the call to BIO_push() is not
  79. * supported by the QUIC SSL object and will be ignored, thus this code
  80. * works without removing this line. However, the buffering BIO is not
  81. * actually used as a result and should be removed when adapting code to use
  82. * QUIC.
  83. *
  84. * Setting a buffer as the underlying BIO on the QUIC SSL object using
  85. * SSL_set_bio() will not work, though BIO_s_dgram_pair is available for
  86. * buffering the input and output to the QUIC SSL object on the network side
  87. * if desired.
  88. */
  89. buf = BIO_new(BIO_f_buffer());
  90. if (buf == NULL) {
  91. BIO_free_all(out);
  92. free(conn);
  93. return NULL;
  94. }
  95. BIO_push(out, buf);
  96. if (BIO_set_conn_hostname(out, hostname) == 0) {
  97. BIO_free_all(out);
  98. free(conn);
  99. return NULL;
  100. }
  101. /* Returns the parsed hostname extracted from the hostname:port string. */
  102. bare_hostname = BIO_get_conn_hostname(out);
  103. if (bare_hostname == NULL) {
  104. BIO_free_all(out);
  105. free(conn);
  106. return NULL;
  107. }
  108. /* Tell the SSL object the hostname to check certificates against. */
  109. if (SSL_set1_host(ssl, bare_hostname) <= 0) {
  110. BIO_free_all(out);
  111. free(conn);
  112. return NULL;
  113. }
  114. #ifdef USE_QUIC
  115. /* Configure ALPN, which is required for QUIC. */
  116. if (SSL_set_alpn_protos(ssl, alpn, sizeof(alpn))) {
  117. /* Note: SSL_set_alpn_protos returns 1 for failure. */
  118. BIO_free_all(out);
  119. return NULL;
  120. }
  121. #endif
  122. /* Make the BIO nonblocking. */
  123. BIO_set_nbio(out, 1);
  124. conn->ssl_bio = out;
  125. return conn;
  126. }
  127. /*
  128. * Non-blocking transmission.
  129. *
  130. * Returns -1 on error. Returns -2 if the function would block (corresponds to
  131. * EWOULDBLOCK).
  132. */
  133. int tx(APP_CONN *conn, const void *buf, int buf_len)
  134. {
  135. int l;
  136. conn->tx_need_rx = 0;
  137. l = BIO_write(conn->ssl_bio, buf, buf_len);
  138. if (l <= 0) {
  139. if (BIO_should_retry(conn->ssl_bio)) {
  140. conn->tx_need_rx = BIO_should_read(conn->ssl_bio);
  141. return -2;
  142. } else {
  143. return -1;
  144. }
  145. }
  146. return l;
  147. }
  148. /*
  149. * Non-blocking reception.
  150. *
  151. * Returns -1 on error. Returns -2 if the function would block (corresponds to
  152. * EWOULDBLOCK).
  153. */
  154. int rx(APP_CONN *conn, void *buf, int buf_len)
  155. {
  156. int l;
  157. conn->rx_need_tx = 0;
  158. l = BIO_read(conn->ssl_bio, buf, buf_len);
  159. if (l <= 0) {
  160. if (BIO_should_retry(conn->ssl_bio)) {
  161. conn->rx_need_tx = BIO_should_write(conn->ssl_bio);
  162. return -2;
  163. } else {
  164. return -1;
  165. }
  166. }
  167. return l;
  168. }
  169. /*
  170. * The application wants to know a fd it can poll on to determine when the
  171. * SSL state machine needs to be pumped.
  172. */
  173. int get_conn_fd(APP_CONN *conn)
  174. {
  175. #ifdef USE_QUIC
  176. BIO_POLL_DESCRIPTOR d;
  177. if (!BIO_get_rpoll_descriptor(conn->ssl_bio, &d))
  178. return -1;
  179. return d.value.fd;
  180. #else
  181. return BIO_get_fd(conn->ssl_bio, NULL);
  182. #endif
  183. }
  184. /*
  185. * These functions returns zero or more of:
  186. *
  187. * POLLIN: The SSL state machine is interested in socket readability events.
  188. *
  189. * POLLOUT: The SSL state machine is interested in socket writeability events.
  190. *
  191. * POLLERR: The SSL state machine is interested in socket error events.
  192. *
  193. * get_conn_pending_tx returns events which may cause SSL_write to make
  194. * progress and get_conn_pending_rx returns events which may cause SSL_read
  195. * to make progress.
  196. */
  197. int get_conn_pending_tx(APP_CONN *conn)
  198. {
  199. #ifdef USE_QUIC
  200. return (SSL_net_read_desired(conn->ssl) ? POLLIN : 0)
  201. | (SSL_net_write_desired(conn->ssl) ? POLLOUT : 0)
  202. | POLLERR;
  203. #else
  204. return (conn->tx_need_rx ? POLLIN : 0) | POLLOUT | POLLERR;
  205. #endif
  206. }
  207. int get_conn_pending_rx(APP_CONN *conn)
  208. {
  209. #ifdef USE_QUIC
  210. return get_conn_pending_tx(conn);
  211. #else
  212. return (conn->rx_need_tx ? POLLOUT : 0) | POLLIN | POLLERR;
  213. #endif
  214. }
  215. #ifdef USE_QUIC
  216. /*
  217. * Returns the number of milliseconds after which some call to libssl must be
  218. * made. Any call (BIO_read/BIO_write/BIO_pump) will do. Returns -1 if
  219. * there is no need for such a call. This may change after the next call
  220. * to libssl.
  221. */
  222. static inline int timeval_to_ms(const struct timeval *t);
  223. int get_conn_pump_timeout(APP_CONN *conn)
  224. {
  225. struct timeval tv;
  226. int is_infinite;
  227. if (!SSL_get_event_timeout(conn->ssl, &tv, &is_infinite))
  228. return -1;
  229. return is_infinite ? -1 : timeval_to_ms(&tv);
  230. }
  231. /*
  232. * Called to advance internals of libssl state machines without having to
  233. * perform an application-level read/write.
  234. */
  235. void pump(APP_CONN *conn)
  236. {
  237. SSL_handle_events(conn->ssl);
  238. }
  239. #endif
  240. /*
  241. * The application wants to close the connection and free bookkeeping
  242. * structures.
  243. */
  244. void teardown(APP_CONN *conn)
  245. {
  246. BIO_free_all(conn->ssl_bio);
  247. free(conn);
  248. }
  249. /*
  250. * The application is shutting down and wants to free a previously
  251. * created SSL_CTX.
  252. */
  253. void teardown_ctx(SSL_CTX *ctx)
  254. {
  255. SSL_CTX_free(ctx);
  256. }
  257. /*
  258. * ============================================================================
  259. * Example driver for the above code. This is just to demonstrate that the code
  260. * works and is not intended to be representative of a real application.
  261. */
  262. #include <sys/time.h>
  263. static inline void ms_to_timeval(struct timeval *t, int ms)
  264. {
  265. t->tv_sec = ms < 0 ? -1 : ms/1000;
  266. t->tv_usec = ms < 0 ? 0 : (ms%1000)*1000;
  267. }
  268. static inline int timeval_to_ms(const struct timeval *t)
  269. {
  270. return t->tv_sec*1000 + t->tv_usec/1000;
  271. }
  272. int main(int argc, char **argv)
  273. {
  274. static char tx_msg[384], host_port[300];
  275. const char *tx_p = tx_msg;
  276. char rx_buf[2048];
  277. int res = 1, l, tx_len;
  278. #ifdef USE_QUIC
  279. struct timeval timeout;
  280. #else
  281. int timeout = 2000 /* ms */;
  282. #endif
  283. APP_CONN *conn = NULL;
  284. SSL_CTX *ctx = NULL;
  285. #ifdef USE_QUIC
  286. ms_to_timeval(&timeout, 2000);
  287. #endif
  288. if (argc < 3) {
  289. fprintf(stderr, "usage: %s host port\n", argv[0]);
  290. goto fail;
  291. }
  292. snprintf(host_port, sizeof(host_port), "%s:%s", argv[1], argv[2]);
  293. tx_len = snprintf(tx_msg, sizeof(tx_msg),
  294. "GET / HTTP/1.0\r\nHost: %s\r\n\r\n", argv[1]);
  295. ctx = create_ssl_ctx();
  296. if (ctx == NULL) {
  297. fprintf(stderr, "cannot create SSL context\n");
  298. goto fail;
  299. }
  300. conn = new_conn(ctx, host_port);
  301. if (conn == NULL) {
  302. fprintf(stderr, "cannot establish connection\n");
  303. goto fail;
  304. }
  305. /* TX */
  306. while (tx_len != 0) {
  307. l = tx(conn, tx_p, tx_len);
  308. if (l > 0) {
  309. tx_p += l;
  310. tx_len -= l;
  311. } else if (l == -1) {
  312. fprintf(stderr, "tx error\n");
  313. } else if (l == -2) {
  314. #ifdef USE_QUIC
  315. struct timeval start, now, deadline, t;
  316. #endif
  317. struct pollfd pfd = {0};
  318. #ifdef USE_QUIC
  319. ms_to_timeval(&t, get_conn_pump_timeout(conn));
  320. if (t.tv_sec < 0 || timercmp(&t, &timeout, >))
  321. t = timeout;
  322. gettimeofday(&start, NULL);
  323. timeradd(&start, &timeout, &deadline);
  324. #endif
  325. pfd.fd = get_conn_fd(conn);
  326. pfd.events = get_conn_pending_tx(conn);
  327. #ifdef USE_QUIC
  328. if (poll(&pfd, 1, timeval_to_ms(&t)) == 0)
  329. #else
  330. if (poll(&pfd, 1, timeout) == 0)
  331. #endif
  332. {
  333. #ifdef USE_QUIC
  334. pump(conn);
  335. gettimeofday(&now, NULL);
  336. if (timercmp(&now, &deadline, >=))
  337. #endif
  338. {
  339. fprintf(stderr, "tx timeout\n");
  340. goto fail;
  341. }
  342. }
  343. }
  344. }
  345. /* RX */
  346. for (;;) {
  347. l = rx(conn, rx_buf, sizeof(rx_buf));
  348. if (l > 0) {
  349. fwrite(rx_buf, 1, l, stdout);
  350. } else if (l == -1) {
  351. break;
  352. } else if (l == -2) {
  353. #ifdef USE_QUIC
  354. struct timeval start, now, deadline, t;
  355. #endif
  356. struct pollfd pfd = {0};
  357. #ifdef USE_QUIC
  358. ms_to_timeval(&t, get_conn_pump_timeout(conn));
  359. if (t.tv_sec < 0 || timercmp(&t, &timeout, >))
  360. t = timeout;
  361. gettimeofday(&start, NULL);
  362. timeradd(&start, &timeout, &deadline);
  363. #endif
  364. pfd.fd = get_conn_fd(conn);
  365. pfd.events = get_conn_pending_rx(conn);
  366. #ifdef USE_QUIC
  367. if (poll(&pfd, 1, timeval_to_ms(&t)) == 0)
  368. #else
  369. if (poll(&pfd, 1, timeout) == 0)
  370. #endif
  371. {
  372. #ifdef USE_QUIC
  373. pump(conn);
  374. gettimeofday(&now, NULL);
  375. if (timercmp(&now, &deadline, >=))
  376. #endif
  377. {
  378. fprintf(stderr, "rx timeout\n");
  379. goto fail;
  380. }
  381. }
  382. }
  383. }
  384. res = 0;
  385. fail:
  386. if (conn != NULL)
  387. teardown(conn);
  388. if (ctx != NULL)
  389. teardown_ctx(ctx);
  390. return res;
  391. }