ssl: buffered handshake detection

This commit is contained in:
anon 2020-12-27 01:55:12 +00:00 committed by selsta
parent a99d6e56b6
commit b8bc4d77b7
5 changed files with 14 additions and 13 deletions

View File

@ -207,7 +207,6 @@ PRAGMA_WARNING_DISABLE_VS(4355)
buffer_ssl_init_fill = 0; buffer_ssl_init_fill = 0;
if (is_income && m_ssl_support != epee::net_utils::ssl_support_t::e_ssl_support_disabled) if (is_income && m_ssl_support != epee::net_utils::ssl_support_t::e_ssl_support_disabled)
socket().async_receive(boost::asio::buffer(buffer_), socket().async_receive(boost::asio::buffer(buffer_),
boost::asio::socket_base::message_peek,
strand_.wrap( strand_.wrap(
std::bind(&connection<t_protocol_handler>::handle_receive, self, std::bind(&connection<t_protocol_handler>::handle_receive, self,
std::placeholders::_1, std::placeholders::_1,
@ -447,16 +446,11 @@ PRAGMA_WARNING_DISABLE_VS(4355)
return; return;
} }
buffer_ssl_init_fill = bytes_transferred; buffer_ssl_init_fill += bytes_transferred;
MTRACE("we now have " << buffer_ssl_init_fill << "/" << get_ssl_magic_size() << " bytes needed to detect SSL"); MTRACE("we now have " << buffer_ssl_init_fill << "/" << get_ssl_magic_size() << " bytes needed to detect SSL");
if (buffer_ssl_init_fill < get_ssl_magic_size()) if (buffer_ssl_init_fill < get_ssl_magic_size())
{ {
// don't busy loop on this, ideally we'd want to queue a "async_receive_if_new_data" but there doesn't socket().async_receive(boost::asio::buffer(buffer_.data() + buffer_ssl_init_fill, buffer_.size() - buffer_ssl_init_fill),
// seem to be something like that in boost if we want to just peek at the data, so we'd need to copy and
// have a bit more code just for this. Though I'm just seeing async_read_until which might just work.
epee::misc_utils::sleep_no_w(100);
socket().async_receive(boost::asio::buffer(buffer_.data(), buffer_.size()),
boost::asio::socket_base::message_peek,
strand_.wrap( strand_.wrap(
boost::bind(&connection<t_protocol_handler>::handle_receive, connection<t_protocol_handler>::shared_from_this(), boost::bind(&connection<t_protocol_handler>::handle_receive, connection<t_protocol_handler>::shared_from_this(),
boost::asio::placeholders::error, boost::asio::placeholders::error,
@ -482,7 +476,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
if (m_ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_enabled) if (m_ssl_support == epee::net_utils::ssl_support_t::e_ssl_support_enabled)
{ {
// Handshake // Handshake
if (!handshake(boost::asio::ssl::stream_base::server)) if (!handshake(boost::asio::ssl::stream_base::server, boost::asio::const_buffer(buffer_.data(), buffer_ssl_init_fill)))
{ {
MERROR("SSL handshake failed"); MERROR("SSL handshake failed");
boost::interprocess::ipcdetail::atomic_write32(&m_want_close_connection, 1); boost::interprocess::ipcdetail::atomic_write32(&m_want_close_connection, 1);
@ -497,6 +491,11 @@ PRAGMA_WARNING_DISABLE_VS(4355)
return; return;
} }
} }
else
{
handle_read(e, buffer_ssl_init_fill);
return;
}
async_read_some(boost::asio::buffer(buffer_), async_read_some(boost::asio::buffer(buffer_),
strand_.wrap( strand_.wrap(

View File

@ -132,10 +132,10 @@ class connection_basic { // not-templated base class for rapid developmet of som
ssl_support_t get_ssl_support() const { return m_ssl_support; } ssl_support_t get_ssl_support() const { return m_ssl_support; }
void disable_ssl() { m_ssl_support = epee::net_utils::ssl_support_t::e_ssl_support_disabled; } void disable_ssl() { m_ssl_support = epee::net_utils::ssl_support_t::e_ssl_support_disabled; }
bool handshake(boost::asio::ssl::stream_base::handshake_type type) bool handshake(boost::asio::ssl::stream_base::handshake_type type, boost::asio::const_buffer buffer = {})
{ {
//m_state != nullptr verified in constructor //m_state != nullptr verified in constructor
return m_state->ssl_options().handshake(socket_, type); return m_state->ssl_options().handshake(socket_, type, buffer);
} }
template<typename MutableBufferSequence, typename ReadHandler> template<typename MutableBufferSequence, typename ReadHandler>

View File

@ -178,7 +178,7 @@ namespace net_utils
// SSL Options // SSL Options
if (m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_enabled || m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect) if (m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_enabled || m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
{ {
if (!m_ssl_options.handshake(*m_ssl_socket, boost::asio::ssl::stream_base::client, addr, timeout)) if (!m_ssl_options.handshake(*m_ssl_socket, boost::asio::ssl::stream_base::client, {}, addr, timeout))
{ {
if (m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect) if (m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
{ {

View File

@ -132,6 +132,7 @@ namespace net_utils
bool handshake( bool handshake(
boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket, boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket,
boost::asio::ssl::stream_base::handshake_type type, boost::asio::ssl::stream_base::handshake_type type,
boost::asio::const_buffer buffer = {},
const std::string& host = {}, const std::string& host = {},
std::chrono::milliseconds timeout = std::chrono::seconds(15)) const; std::chrono::milliseconds timeout = std::chrono::seconds(15)) const;
}; };

View File

@ -473,6 +473,7 @@ bool ssl_options_t::has_fingerprint(boost::asio::ssl::verify_context &ctx) const
bool ssl_options_t::handshake( bool ssl_options_t::handshake(
boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket, boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket,
boost::asio::ssl::stream_base::handshake_type type, boost::asio::ssl::stream_base::handshake_type type,
boost::asio::const_buffer buffer,
const std::string& host, const std::string& host,
std::chrono::milliseconds timeout) const std::chrono::milliseconds timeout) const
{ {
@ -530,7 +531,7 @@ bool ssl_options_t::handshake(
}); });
boost::system::error_code ec = boost::asio::error::would_block; boost::system::error_code ec = boost::asio::error::would_block;
socket.async_handshake(type, boost::lambda::var(ec) = boost::lambda::_1); socket.async_handshake(type, boost::asio::buffer(buffer), boost::lambda::var(ec) = boost::lambda::_1);
if (io_service.stopped()) if (io_service.stopped())
{ {
io_service.reset(); io_service.reset();