tls_wrap: embed TLS encryption into streamwrap

node.gyp

@@ -159,7 +159,12 @@
       'conditions': [
         [ 'node_use_openssl=="true"', {
           'defines': [ 'HAVE_OPENSSL=1' ],
-          'sources': [ 'src/node_crypto.cc', 'src/node_crypto_bio.cc' ],
+          'sources': [
+            'src/node_crypto.cc',
+            'src/node_crypto_bio.cc',
+            'src/tls_wrap.cc',
+            'src/tls_wrap.h'
+          ],
           'conditions': [
             [ 'node_shared_openssl=="false"', {
               'dependencies': [ './deps/openssl/openssl.gyp:openssl' ],

src/node_crypto_bio.cc

@@ -82,6 +82,12 @@ int NodeBIO::Read(BIO* bio, char* out, int len) {
 }
 
 
+char* NodeBIO::Peek(size_t* size) {
+  *size = read_head_->write_pos_ - read_head_->read_pos_;
+  return read_head_->data_ + read_head_->read_pos_;
+}
+
+
 int NodeBIO::Write(BIO* bio, const char* data, int len) {
   BIO_clear_retry_flags(bio);
 
@@ -318,6 +324,29 @@ void NodeBIO::Write(const char* data, size_t size) {
 }
 
 
+char* NodeBIO::PeekWritable(size_t* size) {
+  size_t available = kBufferLength - write_head_->write_pos_;
+  if (*size != 0 && available > *size)
+    available = *size;
+  else
+    *size = available;
+
+  return write_head_->data_ + write_head_->write_pos_;
+}
+
+
+void NodeBIO::Commit(size_t size) {
+  write_head_->write_pos_ += size;
+  length_ += size;
+  assert(write_head_->write_pos_ <= kBufferLength);
+
+  // Allocate new buffer if write head is full,
+  // and there're no other place to go
+  TryAllocateForWrite();
+  write_head_ = write_head_->next_;
+}
+
+
 void NodeBIO::TryAllocateForWrite() {
   // If write head is full, next buffer is either read head or not empty.
   if (write_head_->write_pos_ == kBufferLength &&

src/node_crypto_bio.h

@@ -30,6 +30,13 @@ class NodeBIO {
     return &method_;
   }
 
+  NodeBIO() : length_(0), read_head_(&head_), write_head_(&head_) {
+    // Loop head
+    head_.next_ = &head_;
+  }
+
+  ~NodeBIO();
+
   static int New(BIO* bio);
   static int Free(BIO* bio);
   static int Read(BIO* bio, char* out, int len);
@@ -38,6 +45,47 @@ class NodeBIO {
   static int Gets(BIO* bio, char* out, int size);
   static long Ctrl(BIO* bio, int cmd, long num, void* ptr);
 
+  // Allocate new buffer for write if needed
+  void TryAllocateForWrite();
+
+  // Read `len` bytes maximum into `out`, return actual number of read bytes
+  size_t Read(char* out, size_t size);
+
+  // Memory optimization:
+  // Deallocate children of write head's child if they're empty
+  void FreeEmpty();
+
+  // Return pointer to internal data and amount of
+  // contiguous data available to read
+  char* Peek(size_t* size);
+
+  // Find first appearance of `delim` in buffer or `limit` if `delim`
+  // wasn't found.
+  size_t IndexOf(char delim, size_t limit);
+
+  // Discard all available data
+  void Reset();
+
+  // Put `len` bytes from `data` into buffer
+  void Write(const char* data, size_t size);
+
+  // Return pointer to internal data and amount of
+  // contiguous data available for future writes
+  char* PeekWritable(size_t* size);
+
+  // Commit reserved data
+  void Commit(size_t size);
+
+  // Return size of buffer in bytes
+  size_t inline Length() {
+    return length_;
+  }
+
+  static inline NodeBIO* FromBIO(BIO* bio) {
+    assert(bio->ptr != NULL);
+    return static_cast<NodeBIO*>(bio->ptr);
+  }
+
  protected:
   static const size_t kBufferLength = 16 * 1024;
 
@@ -52,43 +100,6 @@ class NodeBIO {
     char data_[kBufferLength];
   };
 
-  NodeBIO() : length_(0), read_head_(&head_), write_head_(&head_) {
-    // Loop head
-    head_.next_ = &head_;
-  }
-
-  ~NodeBIO();
-
-  // Allocate new buffer for write if needed
-  void TryAllocateForWrite();
-
-  // Read `len` bytes maximum into `out`, return actual number of read bytes
-  size_t Read(char* out, size_t size);
-
-  // Memory optimization:
-  // Deallocate children of write head's child if they're empty
-  void FreeEmpty();
-
-  // Find first appearance of `delim` in buffer or `limit` if `delim`
-  // wasn't found.
-  size_t IndexOf(char delim, size_t limit);
-
-  // Discard all available data
-  void Reset();
-
-  // Put `len` bytes from `data` into buffer
-  void Write(const char* data, size_t size);
-
-  // Return size of buffer in bytes
-  size_t inline Length() {
-    return length_;
-  }
-
-  static inline NodeBIO* FromBIO(BIO* bio) {
-    assert(bio->ptr != NULL);
-    return static_cast<NodeBIO*>(bio->ptr);
-  }
-
   size_t length_;
   Buffer head_;
   Buffer* read_head_;

src/node_extensions.h

@@ -34,6 +34,7 @@ NODE_EXT_LIST_ITEM(node_zlib)
 // libuv rewrite
 NODE_EXT_LIST_ITEM(node_timer_wrap)
 NODE_EXT_LIST_ITEM(node_tcp_wrap)
+NODE_EXT_LIST_ITEM(node_tls_wrap)
 NODE_EXT_LIST_ITEM(node_udp_wrap)
 NODE_EXT_LIST_ITEM(node_pipe_wrap)
 NODE_EXT_LIST_ITEM(node_cares_wrap)

src/tls_wrap.h

@@ -0,0 +1,154 @@
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+#ifndef SRC_TLS_WRAP_H_
+#define SRC_TLS_WRAP_H_
+
+#include <openssl/ssl.h>
+
+#include "v8.h"
+#include "stream_wrap.h"
+#include "queue.h"
+
+namespace node {
+
+// Forward-declarations
+class NodeBIO;
+class WriteWrap;
+namespace crypto {
+  class SecureContext;
+}
+
+class TLSCallbacks : public StreamWrapCallbacks {
+ public:
+  enum Kind {
+    kTLSClient,
+    kTLSServer
+  };
+
+  static void Initialize(v8::Handle<v8::Object> target);
+
+  int DoWrite(WriteWrap* w,
+              uv_buf_t* bufs,
+              size_t count,
+              uv_stream_t* send_handle,
+              uv_write_cb cb);
+  void AfterWrite(WriteWrap* w);
+  uv_buf_t DoAlloc(uv_handle_t* handle, size_t suggested_size);
+  void DoRead(uv_stream_t* handle,
+              ssize_t nread,
+              uv_buf_t buf,
+              uv_handle_type pending);
+  int DoShutdown(ShutdownWrap* req_wrap, uv_shutdown_cb cb);
+
+ protected:
+  static const int kClearOutChunkSize = 1024;
+
+  class WriteItem {
+   public:
+    WriteItem(WriteWrap* w, uv_write_cb cb) : w_(w), cb_(cb) {
+    }
+    ~WriteItem() {
+      w_ = NULL;
+      cb_ = NULL;
+    }
+
+    WriteWrap* w_;
+    uv_write_cb cb_;
+    QUEUE member_;
+  };
+
+  TLSCallbacks(Kind kind, v8::Handle<v8::Object> sc, StreamWrapCallbacks* old);
+  ~TLSCallbacks();
+
+  static void SSLInfoCallback(const SSL* ssl_, int where, int ret);
+  void InitSSL();
+  void EncOut();
+  static void EncOutCb(uv_write_t* req, int status);
+  bool ClearIn();
+  void ClearOut();
+  void InvokeQueued(int status);
+
+  v8::Handle<v8::Value> GetSSLError(int status, int* err);
+
+  static v8::Handle<v8::Value> Wrap(const v8::Arguments& args);
+  static v8::Handle<v8::Value> Start(const v8::Arguments& args);
+  static v8::Handle<v8::Value> GetPeerCertificate(const v8::Arguments& args);
+  static v8::Handle<v8::Value> GetSession(const v8::Arguments& args);
+  static v8::Handle<v8::Value> SetSession(const v8::Arguments& args);
+  static v8::Handle<v8::Value> LoadSession(const v8::Arguments& args);
+  static v8::Handle<v8::Value> GetCurrentCipher(const v8::Arguments& args);
+  static v8::Handle<v8::Value> VerifyError(const v8::Arguments& args);
+  static v8::Handle<v8::Value> SetVerifyMode(const v8::Arguments& args);
+  static v8::Handle<v8::Value> IsSessionReused(const v8::Arguments& args);
+
+#ifdef OPENSSL_NPN_NEGOTIATED
+  static v8::Handle<v8::Value> GetNegotiatedProto(const v8::Arguments& args);
+  static v8::Handle<v8::Value> SetNPNProtocols(const v8::Arguments& args);
+  static int AdvertiseNextProtoCallback(SSL* s,
+                                        const unsigned char** data,
+                                        unsigned int* len,
+                                        void* arg);
+  static int SelectNextProtoCallback(SSL* s,
+                                     unsigned char** out,
+                                     unsigned char* outlen,
+                                     const unsigned char* in,
+                                     unsigned int inlen,
+                                     void* arg);
+#endif  // OPENSSL_NPN_NEGOTIATED
+
+#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+  static v8::Handle<v8::Value> GetServername(const v8::Arguments& args);
+  static v8::Handle<v8::Value> SetServername(const v8::Arguments& args);
+  static int SelectSNIContextCallback(SSL* s, int* ad, void* arg);
+#endif  // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+
+  Kind kind_;
+  crypto::SecureContext* sc_;
+  v8::Persistent<v8::Object> sc_handle_;
+  v8::Persistent<v8::Object> handle_;
+  SSL* ssl_;
+  BIO* enc_in_;
+  BIO* enc_out_;
+  NodeBIO* clear_in_;
+  uv_write_t write_req_;
+  size_t write_size_;
+  size_t write_queue_size_;
+  QUEUE write_item_queue_;
+  WriteItem* pending_write_item_;
+  bool started_;
+  bool established_;
+  bool shutdown_;
+
+#ifdef OPENSSL_NPN_NEGOTIATED
+  v8::Persistent<v8::Object> npn_protos_;
+  v8::Persistent<v8::Value> selected_npn_proto_;
+#endif  // OPENSSL_NPN_NEGOTIATED
+
+#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+  v8::Persistent<v8::String> servername_;
+  v8::Persistent<v8::Value> sni_context_;
+#endif  // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+};
+
+}  // namespace node
+
+#endif  // SRC_TLS_WRAP_H_