MySQL 9.1.0
Source Code Documentation
ssl_operation.h
Go to the documentation of this file.
1/*
2 Copyright (c) 2021, 2024, Oracle and/or its affiliates.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License, version 2.0,
6 as published by the Free Software Foundation.
7
8 This program is designed to work with certain software (including
9 but not limited to OpenSSL) that is licensed under separate terms,
10 as designated in a particular file or component or in included license
11 documentation. The authors of MySQL hereby grant you an additional
12 permission to link the program and your derivative works with the
13 separately licensed software that they have either included with
14 the program or referenced in the documentation.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24*/
25
26#ifndef ROUTER_SRC_HTTP_SRC_TLS_SSL_OPERATION_H_
27#define ROUTER_SRC_HTTP_SRC_TLS_SSL_OPERATION_H_
28
29#include <openssl/bio.h>
30#include <openssl/err.h>
31#include <openssl/ssl.h>
32
33// OpenSSL version hex format: 0xMNN00PPSL
34#define NET_TLS_USE_BACKWARD_COMPATIBLE_OPENSSL 0x10100000L
35
36namespace net {
37namespace tls {
38
39class Operation {
40 public:
41 enum Result { ok, close, fatal, want_read, want_write };
42
43 public:
44 virtual ~Operation() = default;
45
46 protected:
47 class AnalyzeOperation {
48 public:
49 AnalyzeOperation(BIO *bio, SSL *ssl)
50 : bio_{bio}, ssl_{ssl}, pending_{BIO_pending(bio)} {
51 ERR_clear_error();
52 }
53
54 Result check_ssl_result(int ssl_result) {
55 auto pending = BIO_pending(bio_);
56
57 Result op_result = ok;
58
59 if (ssl_result <= 0) {
60 auto error_cause = SSL_get_error(ssl_, ssl_result);
61
62 switch (error_cause) {
63 case SSL_ERROR_WANT_READ:
64 op_result = want_read;
65 break;
66
67 case SSL_ERROR_WANT_WRITE:
68 op_result = want_write;
69 break;
70
71 case SSL_ERROR_ZERO_RETURN:
72 return close;
73
74 case SSL_ERROR_SYSCALL:
75 if (pending > pending_) return want_write;
76 return fatal;
77
78 case SSL_ERROR_SSL:
79 return fatal;
80
81 default:
82 return fatal;
83 }
84 }
85
86 if (pending) {
87 op_result = want_write;
88 }
89
90 return op_result;
91 }
92
93 BIO *bio_;
94 SSL *ssl_;
95 int pending_;
96 };
97};
98
99class SslReadOperation : public Operation {
100 public:
101 static bool is_read_operation() { return true; }
102
103#if OPENSSL_VERSION_NUMBER >= NET_TLS_USE_BACKWARD_COMPATIBLE_OPENSSL
104 static int read_ex(SSL *ssl, void *buf, size_t num,
105 size_t *out_number_of_bytes_io) {
106 return SSL_read_ex(ssl, buf, num, out_number_of_bytes_io);
107 }
108#else
109 static int read_ex(SSL *ssl, void *buf, size_t num,
110 size_t *out_number_of_bytes_io) {
111 *out_number_of_bytes_io = 0;
112 auto result = SSL_read(ssl, buf, num);
113 if (result > 0) *out_number_of_bytes_io = result;
114 return result;
115 }
116#endif
117
118 static Result op(BIO *bio, SSL *ssl, void *buffer, const size_t buffer_size,
119 size_t *out_number_of_bytes_io) {
120 AnalyzeOperation op{
121 bio,
122 ssl,
123 };
124
125 if (!buffer_size) return ok;
126
127 return op.check_ssl_result(
128 read_ex(ssl, buffer, buffer_size, out_number_of_bytes_io));
129 }
130};
131
132class SslWriteOperation : public Operation {
133 public:
134#if OPENSSL_VERSION_NUMBER >= NET_TLS_USE_BACKWARD_COMPATIBLE_OPENSSL
135 static int write_ex(SSL *ssl, const void *buf, size_t num,
136 size_t *out_number_of_bytes_io) {
137 return SSL_write_ex(ssl, buf, num, out_number_of_bytes_io);
138 }
139#else
140 static int write_ex(SSL *ssl, const void *buf, size_t num,
141 size_t *out_number_of_bytes_io) {
142 *out_number_of_bytes_io = 0;
143 auto result = SSL_write(ssl, buf, num);
144 if (result > 0) *out_number_of_bytes_io = result;
145 return result;
146 }
147#endif
148
149 static bool is_read_operation() { return false; }
150
151 static Result op(BIO *bio, SSL *ssl, const void *buffer,
152 const size_t buffer_size, size_t *out_number_of_bytes_io) {
153 AnalyzeOperation op{
154 bio,
155 ssl,
156 };
157
158 if (!buffer_size) return ok;
159
160 return op.check_ssl_result(
161 write_ex(ssl, buffer, buffer_size, out_number_of_bytes_io));
162 }
163};
164
165class SslHandshakeClientOperation : public Operation {
166 public:
167 static bool is_read_operation() { return false; }
168
169 static Result op(BIO *bio, SSL *ssl, [[maybe_unused]] const void *buffer,
170 [[maybe_unused]] const size_t buffer_size,
171 [[maybe_unused]] size_t *out_number_of_bytes_io) {
172 AnalyzeOperation op{
173 bio,
174 ssl,
175 };
176
177 return op.check_ssl_result(SSL_connect(ssl));
178 }
179};
180
181} // namespace tls
182} // namespace net
183
184#endif // ROUTER_SRC_HTTP_SRC_TLS_SSL_OPERATION_H_
net::tls::Operation::AnalyzeOperation
Definition: ssl_operation.h:47
net::tls::Operation::AnalyzeOperation::check_ssl_result
Result check_ssl_result(int ssl_result)
Definition: ssl_operation.h:54
net::tls::Operation::AnalyzeOperation::AnalyzeOperation
AnalyzeOperation(BIO *bio, SSL *ssl)
Definition: ssl_operation.h:49
net::tls::Operation::AnalyzeOperation::bio_
BIO * bio_
Definition: ssl_operation.h:93
net::tls::Operation::AnalyzeOperation::pending_
int pending_
Definition: ssl_operation.h:95
net::tls::Operation::AnalyzeOperation::ssl_
SSL * ssl_
Definition: ssl_operation.h:94
net::tls::Operation
Definition: ssl_operation.h:39
net::tls::Operation::Result
Result
Definition: ssl_operation.h:41
net::tls::Operation::want_read
@ want_read
Definition: ssl_operation.h:41
net::tls::Operation::fatal
@ fatal
Definition: ssl_operation.h:41
net::tls::Operation::want_write
@ want_write
Definition: ssl_operation.h:41
net::tls::Operation::ok
@ ok
Definition: ssl_operation.h:41
net::tls::Operation::close
@ close
Definition: ssl_operation.h:41
net::tls::Operation::~Operation
virtual ~Operation()=default
net::tls::SslHandshakeClientOperation
Definition: ssl_operation.h:165
net::tls::SslHandshakeClientOperation::op
static Result op(BIO *bio, SSL *ssl, const void *buffer, const size_t buffer_size, size_t *out_number_of_bytes_io)
Definition: ssl_operation.h:169
net::tls::SslHandshakeClientOperation::is_read_operation
static bool is_read_operation()
Definition: ssl_operation.h:167
net::tls::SslReadOperation
Definition: ssl_operation.h:99
net::tls::SslReadOperation::read_ex
static int read_ex(SSL *ssl, void *buf, size_t num, size_t *out_number_of_bytes_io)
Definition: ssl_operation.h:109
net::tls::SslReadOperation::op
static Result op(BIO *bio, SSL *ssl, void *buffer, const size_t buffer_size, size_t *out_number_of_bytes_io)
Definition: ssl_operation.h:118
net::tls::SslReadOperation::is_read_operation
static bool is_read_operation()
Definition: ssl_operation.h:101
net::tls::SslWriteOperation
Definition: ssl_operation.h:132
net::tls::SslWriteOperation::is_read_operation
static bool is_read_operation()
Definition: ssl_operation.h:149
net::tls::SslWriteOperation::op
static Result op(BIO *bio, SSL *ssl, const void *buffer, const size_t buffer_size, size_t *out_number_of_bytes_io)
Definition: ssl_operation.h:151
net::tls::SslWriteOperation::write_ex
static int write_ex(SSL *ssl, const void *buf, size_t num, size_t *out_number_of_bytes_io)
Definition: ssl_operation.h:140
buf
Definition: buf0block_hint.cc:30
classic_protocol::capabilities::pos::ssl
constexpr value_type ssl
Definition: classic_protocol_constants.h:49
net
Definition: buffer.h:45
net::buffer
mutable_buffer buffer(void *p, size_t n) noexcept
Definition: buffer.h:418
net::buffer_size
size_t buffer_size(const ConstBufferSequence &buffers) noexcept
Definition: buffer.h:313
tls
Definition: tls_keylog_dumper.h:32
result
struct result result
Definition: result.h:34
result
Definition: result.h:30