1 files changed, 130 insertions, 0 deletions

diff --git a/src/lib-ssl-iostream/istream-openssl.c b/src/lib-ssl-iostream/istream-openssl.c
new file mode 100644
index 0000000..f0446d9
--- /dev/null
+++ b/src/lib-ssl-iostream/istream-openssl.c
@@ -0,0 +1,130 @@
+/* Copyright (c) 2009-2018 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "istream-private.h"
+#include "iostream-openssl.h"
+
+struct ssl_istream {
+	struct istream_private istream;
+	struct ssl_iostream *ssl_io;
+	bool seen_eof;
+};
+
+static void i_stream_ssl_close(struct iostream_private *stream,
+			       bool close_parent)
+{
+	struct ssl_istream *sstream = (struct ssl_istream *)stream;
+
+	if (close_parent)
+		i_stream_close(sstream->ssl_io->plain_input);
+}
+
+static void i_stream_ssl_destroy(struct iostream_private *stream)
+{
+	struct ssl_istream *sstream = (struct ssl_istream *)stream;
+
+	openssl_iostream_shutdown(sstream->ssl_io);
+	i_stream_free_buffer(&sstream->istream);
+	sstream->ssl_io->ssl_input = NULL;
+	ssl_iostream_unref(&sstream->ssl_io);
+}
+
+static ssize_t i_stream_ssl_read(struct istream_private *stream)
+{
+	struct ssl_istream *sstream = (struct ssl_istream *)stream;
+	struct ssl_iostream *ssl_io = sstream->ssl_io;
+	size_t size;
+	ssize_t ret, total_ret;
+
+	if (sstream->seen_eof) {
+		stream->istream.eof = TRUE;
+		return -1;
+	}
+
+	if (!ssl_io->handshaked) {
+		if ((ret = ssl_iostream_handshake(ssl_io)) <= 0) {
+			if (ret < 0) {
+				/* handshake failed */
+				i_assert(errno != 0);
+				io_stream_set_error(&stream->iostream,
+						    "%s", ssl_io->last_error);
+				stream->istream.stream_errno = errno;
+			}
+			return ret;
+		}
+	}
+	if (openssl_iostream_bio_sync(ssl_io,
+			OPENSSL_IOSTREAM_SYNC_TYPE_HANDSHAKE) < 0) {
+		i_assert(ssl_io->plain_stream_errno != 0 &&
+			 ssl_io->plain_stream_errstr != NULL);
+		io_stream_set_error(&stream->iostream,
+				    "%s", ssl_io->plain_stream_errstr);
+		stream->istream.stream_errno = ssl_io->plain_stream_errno;
+		return -1;
+	}
+
+	total_ret = 0;
+	for (;;) {
+		int pending = SSL_pending(ssl_io->ssl);
+
+		/* Allocate buffer space if needed. */
+		i_assert(stream->buffer_size >= stream->pos);
+		size = stream->buffer_size - stream->pos;
+		if ((pending > 0 || size == 0) &&
+		    !i_stream_try_alloc(stream, I_MAX(pending, 1), &size)) {
+			if (total_ret > 0)
+				break;
+			return -2;
+		}
+
+		ret = SSL_read(ssl_io->ssl, stream->w_buffer + stream->pos, size);
+		if (ret <= 0) {
+			/* failed to read anything */
+			ret = openssl_iostream_handle_error(ssl_io, ret,
+				(total_ret == 0 ?
+				 OPENSSL_IOSTREAM_SYNC_TYPE_CONTINUE_READ :
+				 OPENSSL_IOSTREAM_SYNC_TYPE_NONE), "SSL_read");
+			if (ret <= 0) {
+				if (ret == 0)
+					break;
+				if (ssl_io->last_error != NULL) {
+					io_stream_set_error(&stream->iostream,
+							    "%s", ssl_io->last_error);
+				}
+				if (errno != EPIPE)
+					stream->istream.stream_errno = errno;
+				stream->istream.eof = TRUE;
+				sstream->seen_eof = TRUE;
+				if (total_ret > 0)
+					break;
+				return -1;
+			}
+			/* we did some BIO I/O, try reading again */
+			continue;
+		}
+		stream->pos += ret;
+		total_ret += ret;
+	}
+	if (SSL_pending(ssl_io->ssl) > 0)
+		i_stream_set_input_pending(ssl_io->ssl_input, TRUE);
+	return total_ret;
+}
+
+struct istream *openssl_i_stream_create_ssl(struct ssl_iostream *ssl_io)
+{
+	struct ssl_istream *sstream;
+
+	ssl_io->refcount++;
+
+	sstream = i_new(struct ssl_istream, 1);
+	sstream->ssl_io = ssl_io;
+	sstream->istream.iostream.close = i_stream_ssl_close;
+	sstream->istream.iostream.destroy = i_stream_ssl_destroy;
+	sstream->istream.max_buffer_size =
+		ssl_io->plain_input->real_stream->max_buffer_size;
+	sstream->istream.read = i_stream_ssl_read;
+
+	sstream->istream.istream.readable_fd = FALSE;
+	return i_stream_create(&sstream->istream, NULL,
+			       i_stream_get_fd(ssl_io->plain_input), 0);
+}