[apple/security.git] / libsecurity_ssl / sslViewer / ioSock.c

/*
 * Copyright (c) 2006-2008,2010-2012 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

/*
 * ioSock.c - socket-based I/O routines for use with Secure Transport
 */

#include "ioSock.h"
#include <errno.h>
#include <stdio.h>

#include <unistd.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <fcntl.h>

#include <MacErrors.h>
#include <time.h>
#include <strings.h>

/* debugging for this module */
#define SSL_OT_DEBUG		1

/* log errors to stdout */
#define SSL_OT_ERRLOG		1

/* trace all low-level network I/O */
#define SSL_OT_IO_TRACE		0

/* if SSL_OT_IO_TRACE, only log non-zero length transfers */
#define SSL_OT_IO_TRACE_NZ	1

/* pause after each I/O (only meaningful if SSL_OT_IO_TRACE == 1) */
#define SSL_OT_IO_PAUSE		0

/* print a stream of dots while I/O pending */
#define SSL_OT_DOT			1

/* dump some bytes of each I/O (only meaningful if SSL_OT_IO_TRACE == 1) */
#define SSL_OT_IO_DUMP		0
#define SSL_OT_IO_DUMP_SIZE	256

/* indicate errSSLWouldBlock with a '.' */
#define SSL_DISPL_WOULD_BLOCK	0

/* general, not-too-verbose debugging */
#if		SSL_OT_DEBUG
#define dprintf(s)	printf s
#else	
#define dprintf(s)
#endif

/* errors --> stdout */
#if		SSL_OT_ERRLOG
#define eprintf(s)	printf s
#else	
#define eprintf(s)
#endif

/* trace completion of every r/w */
#if		SSL_OT_IO_TRACE
static void tprintf(
	const char *str, 
	UInt32 req, 
	UInt32 act,
	const UInt8 *buf)	
{
	#if	SSL_OT_IO_TRACE_NZ
	if(act == 0) {
		return;
	}
	#endif
	printf("%s(%u): moved (%u) bytes\n", str, (unsigned)req, (unsigned)act);
	#if	SSL_OT_IO_DUMP
	{
		unsigned i;
		
		for(i=0; i<act; i++) {
			printf("%02X ", buf[i]);
			if(i >= (SSL_OT_IO_DUMP_SIZE - 1)) {
				break;
			}
		}
		printf("\n");
	}
	#endif
	#if SSL_OT_IO_PAUSE
	{
		char instr[20];
		printf("CR to continue: ");
		gets(instr);
	}
	#endif
}

#else	
#define tprintf(str, req, act, buf)
#endif	/* SSL_OT_IO_TRACE */

/*
 * If SSL_OT_DOT, output a '.' every so often while waiting for
 * connection. This gives user a chance to do something else with the
 * UI.
 */

#if	SSL_OT_DOT

static time_t lastTime = (time_t)0;
#define TIME_INTERVAL		3

static void outputDot()
{
	time_t thisTime = time(0);
	
	if((thisTime - lastTime) >= TIME_INTERVAL) {
		printf("."); fflush(stdout);
		lastTime = thisTime;
	}
}
#else
#define outputDot()
#endif


/*
 * One-time only init.
 */
void initSslOt(void)
{

}

/*
 * Connect to server. 
 */
#define GETHOST_RETRIES		3

OSStatus MakeServerConnection(
	const char *hostName, 
	int port, 
	int nonBlocking,		// 0 or 1
	otSocket *socketNo, 	// RETURNED
	PeerSpec *peer)			// RETURNED
{
    struct sockaddr_in  addr;
	struct hostent      *ent;
    struct in_addr      host;
	int					sock = 0;
	
	*socketNo = 0;
    if (hostName[0] >= '0' && hostName[0] <= '9')
    {
        host.s_addr = inet_addr(hostName);
    }
    else {
		unsigned dex;
		/* seeing a lot of soft failures here that I really don't want to track down */
		for(dex=0; dex<GETHOST_RETRIES; dex++) {
			if(dex != 0) {
				printf("\n...retrying gethostbyname(%s)", hostName);
			}
			ent = gethostbyname(hostName);
			if(ent != NULL) {
				break;
			}
		}
        if(ent == NULL) {
			printf("\n***gethostbyname(%s) returned: %s\n", hostName, hstrerror(h_errno));
            return ioErr;
        }
        memcpy(&host, ent->h_addr, sizeof(struct in_addr));
    }
    sock = socket(AF_INET, SOCK_STREAM, 0);
    addr.sin_addr = host;
    addr.sin_port = htons((u_short)port);

    addr.sin_family = AF_INET;
    if (connect(sock, (struct sockaddr *) &addr, sizeof(struct sockaddr_in)) != 0)
    {   printf("connect returned error\n");
        return ioErr;
    }

	if(nonBlocking) {
		/* OK to do this after connect? */
		int rtn = fcntl(sock, F_SETFL, O_NONBLOCK);
		if(rtn == -1) {
			perror("fctnl(O_NONBLOCK)");
			return ioErr;
		}
	}
	
    peer->ipAddr = addr.sin_addr.s_addr;
    peer->port = htons((u_short)port);
	*socketNo = (otSocket)sock;
    return noErr;
}

/*
 * Set up an otSocket to listen for client connections. Call once, then
 * use multiple AcceptClientConnection calls. 
 */
OSStatus ListenForClients(
	int port, 
	int nonBlocking,		// 0 or 1
	otSocket *socketNo) 	// RETURNED
{  
	struct sockaddr_in  addr;
    struct hostent      *ent;
    int                 len;
	int 				sock;
	
    sock = socket(AF_INET, SOCK_STREAM, 0);
	if(sock < 1) {
		perror("socket");
		return ioErr;
	}
    
    int reuse = 1;
    int err = setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &reuse, sizeof(reuse));
    if (err != 0) {
        perror("setsockopt");
        return err;
    }
	
    ent = gethostbyname("localhost");
    if (!ent) {
		perror("gethostbyname");
		return ioErr;
    }
    memcpy(&addr.sin_addr, ent->h_addr, sizeof(struct in_addr));
	
    addr.sin_port = htons((u_short)port);
    addr.sin_addr.s_addr = INADDR_ANY;
    addr.sin_family = AF_INET;
    len = sizeof(struct sockaddr_in);
    if (bind(sock, (struct sockaddr *) &addr, len)) {
		int theErr = errno;
		perror("bind");
		if(theErr == EADDRINUSE) {
			return opWrErr;
		}
		else {
			return ioErr;
		}
    }
	if(nonBlocking) {
		int rtn = fcntl(sock, F_SETFL, O_NONBLOCK);
		if(rtn == -1) {
			perror("fctnl(O_NONBLOCK)");
			return ioErr;
		}
	}

	for(;;) {
		int rtn = listen(sock, 1);
		switch(rtn) {
			case 0:
				*socketNo = (otSocket)sock;
				rtn = noErr;
				break;
			case EWOULDBLOCK:
				continue;
			default:
				perror("listen");
				rtn = ioErr;
				break;
		}
		return rtn;
    }
	/* NOT REACHED */
	return 0;
}

/*
 * Accept a client connection.
 */
 
/*
 * Currently we always get back a different peer port number on successive
 * connections, no matter what the client is doing. To test for resumable 
 * session support, force peer port = 0.
 */
#define FORCE_ACCEPT_PEER_PORT_ZERO		1

OSStatus AcceptClientConnection(
	otSocket listenSock, 		// obtained from ListenForClients
	otSocket *acceptSock, 		// RETURNED
	PeerSpec *peer)				// RETURNED
{  
	struct sockaddr_in  addr;
	int					sock;
    socklen_t           len;
	
    len = sizeof(struct sockaddr_in);
	do {
		sock = accept((int)listenSock, (struct sockaddr *) &addr, &len);
		if (sock < 0) {
			if(errno == EAGAIN) {
				/* nonblocking, no connection yet */
				continue;
			}
			else {
				perror("accept");
				return ioErr;
			}
		}
		else {
			break;
		}
    } while(1);
	*acceptSock = (otSocket)sock;
    peer->ipAddr = addr.sin_addr.s_addr;
	#if	FORCE_ACCEPT_PEER_PORT_ZERO
	peer->port = 0;
	#else
    peer->port = ntohs(addr.sin_port);
	#endif
    return noErr;
}

/*
 * Shut down a connection.
 */
void endpointShutdown(
	otSocket sock)
{
	close((int)sock);
}
	
/*
 * R/W. Called out from SSL.
 */
OSStatus SocketRead(
	SSLConnectionRef 	connection,
	void 				*data, 			/* owned by 
	 									 * caller, data
	 									 * RETURNED */
	size_t 				*dataLength)	/* IN/OUT */ 
{
	UInt32			bytesToGo = *dataLength;
	UInt32 			initLen = bytesToGo;
	UInt8			*currData = (UInt8 *)data;
	int				sock = (int)((long)connection);
	OSStatus		rtn = noErr;
	UInt32			bytesRead;
	ssize_t			rrtn;
	
	*dataLength = 0;

	for(;;) {
		bytesRead = 0;
		/* paranoid check, ensure errno is getting written */
		errno = -555;
		rrtn = recv(sock, currData, bytesToGo, 0);
		if (rrtn <= 0) {
			if(rrtn == 0) {
				/* closed, EOF */
				rtn = errSSLClosedGraceful;
				break;
			}
			int theErr = errno;
			switch(theErr) {
				case ENOENT:
					/* 
					 * Undocumented but I definitely see this.
					 * Non-blocking sockets only. Definitely retriable
					 * just like an EAGAIN.
					 */
					dprintf(("SocketRead RETRYING on ENOENT, rrtn %d\n",
						(int)rrtn));
					/* normal... */
					//rtn = errSSLWouldBlock;
					/* ...for temp testing.... */
					rtn = ioErr; 
					break;
				case ECONNRESET:
					/* explicit peer abort */
					rtn = errSSLClosedAbort;
					break;
				case EAGAIN:
					/* nonblocking, no data */
					rtn = errSSLWouldBlock;
					break;
				default:
					dprintf(("SocketRead: read(%u) error %d, rrtn %d\n", 
						(unsigned)bytesToGo, theErr, (int)rrtn));
					rtn = ioErr;
					break;
			}
			/* in any case, we're done with this call if rrtn <= 0 */
			break;
		}
		bytesRead = rrtn;
		bytesToGo -= bytesRead;
		currData  += bytesRead;
		
		if(bytesToGo == 0) {
			/* filled buffer with incoming data, done */
			break;
		}
	}
	*dataLength = initLen - bytesToGo;
	tprintf("SocketRead", initLen, *dataLength, (UInt8 *)data);
	
	#if SSL_OT_DOT || (SSL_OT_DEBUG && !SSL_OT_IO_TRACE)
	if((rtn == 0) && (*dataLength == 0)) {
		/* keep UI alive */
		outputDot();
	}
	#endif
	#if SSL_DISPL_WOULD_BLOCK
	if(rtn == errSSLWouldBlock) {
		printf("."); fflush(stdout);
	}
	#endif
	return rtn;
}

int oneAtATime = 0;

OSStatus SocketWrite(
	SSLConnectionRef 	connection,
	const void	 		*data, 
	size_t 				*dataLength)	/* IN/OUT */ 
{
	size_t		bytesSent = 0;
	int			sock = (int)((long)connection);
	int 		length;
	size_t		dataLen = *dataLength;
	const UInt8 *dataPtr = (UInt8 *)data;
	OSStatus	ortn;
	
	if(oneAtATime && (*dataLength > 1)) {
		size_t i;
		size_t outLen;
		size_t thisMove;
		
		outLen = 0;
		for(i=0; i<dataLen; i++) {
			thisMove = 1;
			ortn = SocketWrite(connection, dataPtr, &thisMove);
			outLen += thisMove;
			dataPtr++;  
			if(ortn) {
				return ortn;
			}
		}
		return noErr;
	}
	*dataLength = 0;

    do {
        length = write(sock, 
				(char*)dataPtr + bytesSent, 
				dataLen - bytesSent);
    } while ((length > 0) && 
			 ( (bytesSent += length) < dataLen) );
	
	if(length <= 0) {
		int theErr = errno;
		switch(theErr) {
			case EAGAIN:
				ortn = errSSLWouldBlock; break;
			case EPIPE:
				ortn = errSSLClosedAbort; break;
			default:
				dprintf(("SocketWrite: write(%u) error %d\n", 
					  (unsigned)(dataLen - bytesSent), theErr));
				ortn = ioErr;
				break;
		}
	}
	else {
		ortn = noErr;
	}
	tprintf("SocketWrite", dataLen, bytesSent, dataPtr);
	*dataLength = bytesSent;
	return ortn;
}
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2006-2008,2010-2012 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*
	25	* ioSock.c - socket-based I/O routines for use with Secure Transport
	26	*/
	27
	28	#include "ioSock.h"
	29	#include <errno.h>
	30	#include <stdio.h>
	31
	32	#include <unistd.h>
	33	#include <sys/types.h>
	34	#include <netinet/in.h>
	35	#include <sys/socket.h>
	36	#include <netdb.h>
	37	#include <arpa/inet.h>
	38	#include <fcntl.h>
	39
	40	#include <MacErrors.h>
	41	#include <time.h>
	42	#include <strings.h>
	43
	44	/* debugging for this module */
	45	#define SSL_OT_DEBUG 1
	46
	47	/* log errors to stdout */
	48	#define SSL_OT_ERRLOG 1
	49
	50	/* trace all low-level network I/O */
	51	#define SSL_OT_IO_TRACE 0
	52
	53	/* if SSL_OT_IO_TRACE, only log non-zero length transfers */
	54	#define SSL_OT_IO_TRACE_NZ 1
	55
	56	/* pause after each I/O (only meaningful if SSL_OT_IO_TRACE == 1) */
	57	#define SSL_OT_IO_PAUSE 0
	58
	59	/* print a stream of dots while I/O pending */
	60	#define SSL_OT_DOT 1
	61
	62	/* dump some bytes of each I/O (only meaningful if SSL_OT_IO_TRACE == 1) */
	63	#define SSL_OT_IO_DUMP 0
	64	#define SSL_OT_IO_DUMP_SIZE 256
65
66	/* indicate errSSLWouldBlock with a '.' */
67	#define SSL_DISPL_WOULD_BLOCK 0
68
69	/* general, not-too-verbose debugging */
70	#if SSL_OT_DEBUG
71	#define dprintf(s) printf s
72	#else
73	#define dprintf(s)
74	#endif
75
76	/* errors --> stdout */
77	#if SSL_OT_ERRLOG
78	#define eprintf(s) printf s
79	#else
80	#define eprintf(s)
81	#endif
82
83	/* trace completion of every r/w */
84	#if SSL_OT_IO_TRACE
85	static void tprintf(
86	const char *str,
87	UInt32 req,
88	UInt32 act,
89	const UInt8 *buf)
90	{
91	#if SSL_OT_IO_TRACE_NZ
92	if(act == 0) {
93	return;
94	}
95	#endif
96	printf("%s(%u): moved (%u) bytes\n", str, (unsigned)req, (unsigned)act);
97	#if SSL_OT_IO_DUMP
98	{
99	unsigned i;
100
101	for(i=0; i<act; i++) {
102	printf("%02X ", buf[i]);
103	if(i >= (SSL_OT_IO_DUMP_SIZE - 1)) {
104	break;
105	}
106	}
107	printf("\n");
108	}
109	#endif
110	#if SSL_OT_IO_PAUSE
111	{
112	char instr[20];
113	printf("CR to continue: ");
114	gets(instr);
115	}
116	#endif
117	}
118
119	#else
120	#define tprintf(str, req, act, buf)
121	#endif /* SSL_OT_IO_TRACE */
122
123	/*
124	* If SSL_OT_DOT, output a '.' every so often while waiting for
125	* connection. This gives user a chance to do something else with the
126	* UI.
127	*/
128
129	#if SSL_OT_DOT
130
131	static time_t lastTime = (time_t)0;
132	#define TIME_INTERVAL 3
133
134	static void outputDot()
135	{
136	time_t thisTime = time(0);
137
138	if((thisTime - lastTime) >= TIME_INTERVAL) {
139	printf("."); fflush(stdout);
140	lastTime = thisTime;
141	}
142	}
143	#else
144	#define outputDot()
145	#endif
146
147
148	/*
149	* One-time only init.
150	*/
151	void initSslOt(void)
152	{
153
154	}
155
156	/*
157	* Connect to server.
158	*/
159	#define GETHOST_RETRIES 3
160
161	OSStatus MakeServerConnection(
162	const char *hostName,
163	int port,
164	int nonBlocking, // 0 or 1
165	otSocket *socketNo, // RETURNED
166	PeerSpec *peer) // RETURNED
167	{
168	struct sockaddr_in addr;
169	struct hostent *ent;
170	struct in_addr host;
171	int sock = 0;
172
173	*socketNo = 0;
174	if (hostName[0] >= '0' && hostName[0] <= '9')
175	{
176	host.s_addr = inet_addr(hostName);
177	}
178	else {
179	unsigned dex;
180	/* seeing a lot of soft failures here that I really don't want to track down */
181	for(dex=0; dex<GETHOST_RETRIES; dex++) {
182	if(dex != 0) {
183	printf("\n...retrying gethostbyname(%s)", hostName);
184	}
185	ent = gethostbyname(hostName);
186	if(ent != NULL) {
187	break;
188	}
189	}
190	if(ent == NULL) {
191	printf("\n***gethostbyname(%s) returned: %s\n", hostName, hstrerror(h_errno));
192	return ioErr;
193	}
194	memcpy(&host, ent->h_addr, sizeof(struct in_addr));
195	}
196	sock = socket(AF_INET, SOCK_STREAM, 0);
197	addr.sin_addr = host;
198	addr.sin_port = htons((u_short)port);
199
200	addr.sin_family = AF_INET;
201	if (connect(sock, (struct sockaddr *) &addr, sizeof(struct sockaddr_in)) != 0)
202	{ printf("connect returned error\n");
203	return ioErr;
204	}
205
206	if(nonBlocking) {
207	/* OK to do this after connect? */
208	int rtn = fcntl(sock, F_SETFL, O_NONBLOCK);
209	if(rtn == -1) {
210	perror("fctnl(O_NONBLOCK)");
211	return ioErr;
212	}
213	}
214
215	peer->ipAddr = addr.sin_addr.s_addr;
216	peer->port = htons((u_short)port);
217	*socketNo = (otSocket)sock;
218	return noErr;
219	}
220
221	/*
222	* Set up an otSocket to listen for client connections. Call once, then
223	* use multiple AcceptClientConnection calls.
224	*/
225	OSStatus ListenForClients(
226	int port,
227	int nonBlocking, // 0 or 1
228	otSocket *socketNo) // RETURNED
229	{
230	struct sockaddr_in addr;
231	struct hostent *ent;
232	int len;
233	int sock;
234
235	sock = socket(AF_INET, SOCK_STREAM, 0);
236	if(sock < 1) {
237	perror("socket");
238	return ioErr;
239	}
240
241	int reuse = 1;
242	int err = setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &reuse, sizeof(reuse));
243	if (err != 0) {
244	perror("setsockopt");
245	return err;
246	}
247
248	ent = gethostbyname("localhost");
249	if (!ent) {
250	perror("gethostbyname");
251	return ioErr;
252	}
253	memcpy(&addr.sin_addr, ent->h_addr, sizeof(struct in_addr));
254
255	addr.sin_port = htons((u_short)port);
256	addr.sin_addr.s_addr = INADDR_ANY;
257	addr.sin_family = AF_INET;
258	len = sizeof(struct sockaddr_in);
259	if (bind(sock, (struct sockaddr *) &addr, len)) {
260	int theErr = errno;
261	perror("bind");
262	if(theErr == EADDRINUSE) {
263	return opWrErr;
264	}
265	else {
266	return ioErr;
267	}
268	}
269	if(nonBlocking) {
270	int rtn = fcntl(sock, F_SETFL, O_NONBLOCK);
271	if(rtn == -1) {
272	perror("fctnl(O_NONBLOCK)");
273	return ioErr;
274	}
275	}
276
277	for(;;) {
278	int rtn = listen(sock, 1);
279	switch(rtn) {
280	case 0:
281	*socketNo = (otSocket)sock;
282	rtn = noErr;
283	break;
284	case EWOULDBLOCK:
285	continue;
286	default:
287	perror("listen");
288	rtn = ioErr;
289	break;
290	}
291	return rtn;
292	}
293	/* NOT REACHED */
294	return 0;
295	}
296
297	/*
298	* Accept a client connection.
299	*/
300
301	/*
302	* Currently we always get back a different peer port number on successive
303	* connections, no matter what the client is doing. To test for resumable
304	* session support, force peer port = 0.
305	*/
306	#define FORCE_ACCEPT_PEER_PORT_ZERO 1
307
308	OSStatus AcceptClientConnection(
309	otSocket listenSock, // obtained from ListenForClients
310	otSocket *acceptSock, // RETURNED
311	PeerSpec *peer) // RETURNED
312	{
313	struct sockaddr_in addr;
314	int sock;
315	socklen_t len;
316
317	len = sizeof(struct sockaddr_in);
318	do {
319	sock = accept((int)listenSock, (struct sockaddr *) &addr, &len);
320	if (sock < 0) {
321	if(errno == EAGAIN) {
322	/* nonblocking, no connection yet */
323	continue;
324	}
325	else {
326	perror("accept");
327	return ioErr;
328	}
329	}
330	else {
331	break;
332	}
333	} while(1);
334	*acceptSock = (otSocket)sock;
335	peer->ipAddr = addr.sin_addr.s_addr;
336	#if FORCE_ACCEPT_PEER_PORT_ZERO
337	peer->port = 0;
338	#else
339	peer->port = ntohs(addr.sin_port);
340	#endif
341	return noErr;
342	}
343
344	/*
345	* Shut down a connection.
346	*/
347	void endpointShutdown(
348	otSocket sock)
349	{
350	close((int)sock);
351	}
352
353	/*
354	* R/W. Called out from SSL.
355	*/
356	OSStatus SocketRead(
357	SSLConnectionRef connection,
358	void data, / owned by
359	* caller, data
360	* RETURNED */
361	size_t dataLength) / IN/OUT */
362	{
363	UInt32 bytesToGo = *dataLength;
364	UInt32 initLen = bytesToGo;
365	UInt8 currData = (UInt8 )data;
366	int sock = (int)((long)connection);
367	OSStatus rtn = noErr;
368	UInt32 bytesRead;
369	ssize_t rrtn;
370
371	*dataLength = 0;
372
373	for(;;) {
374	bytesRead = 0;
375	/* paranoid check, ensure errno is getting written */
376	errno = -555;
377	rrtn = recv(sock, currData, bytesToGo, 0);
378	if (rrtn <= 0) {
379	if(rrtn == 0) {
380	/* closed, EOF */
381	rtn = errSSLClosedGraceful;
382	break;
383	}
384	int theErr = errno;
385	switch(theErr) {
386	case ENOENT:
387	/*
388	* Undocumented but I definitely see this.
389	* Non-blocking sockets only. Definitely retriable
390	* just like an EAGAIN.
391	*/
392	dprintf(("SocketRead RETRYING on ENOENT, rrtn %d\n",
393	(int)rrtn));
394	/* normal... */
395	//rtn = errSSLWouldBlock;
396	/* ...for temp testing.... */
397	rtn = ioErr;
398	break;
399	case ECONNRESET:
400	/* explicit peer abort */
401	rtn = errSSLClosedAbort;
402	break;
403	case EAGAIN:
404	/* nonblocking, no data */
405	rtn = errSSLWouldBlock;
406	break;
407	default:
408	dprintf(("SocketRead: read(%u) error %d, rrtn %d\n",
409	(unsigned)bytesToGo, theErr, (int)rrtn));
410	rtn = ioErr;
411	break;
412	}
413	/* in any case, we're done with this call if rrtn <= 0 */
414	break;
415	}
416	bytesRead = rrtn;
417	bytesToGo -= bytesRead;
418	currData += bytesRead;
419
420	if(bytesToGo == 0) {
421	/* filled buffer with incoming data, done */
422	break;
423	}
424	}
425	*dataLength = initLen - bytesToGo;
426	tprintf("SocketRead", initLen, dataLength, (UInt8 )data);
427
428	#if SSL_OT_DOT \|\| (SSL_OT_DEBUG && !SSL_OT_IO_TRACE)
429	if((rtn == 0) && (*dataLength == 0)) {
430	/* keep UI alive */
431	outputDot();
432	}
433	#endif
434	#if SSL_DISPL_WOULD_BLOCK
435	if(rtn == errSSLWouldBlock) {
436	printf("."); fflush(stdout);
437	}
438	#endif
439	return rtn;
440	}
441
442	int oneAtATime = 0;
443
444	OSStatus SocketWrite(
445	SSLConnectionRef connection,
446	const void *data,
447	size_t dataLength) / IN/OUT */
448	{
449	size_t bytesSent = 0;
450	int sock = (int)((long)connection);
451	int length;
452	size_t dataLen = *dataLength;
453	const UInt8 dataPtr = (UInt8 )data;
454	OSStatus ortn;
455
456	if(oneAtATime && (*dataLength > 1)) {
457	size_t i;
458	size_t outLen;
459	size_t thisMove;
460
461	outLen = 0;
462	for(i=0; i<dataLen; i++) {
463	thisMove = 1;
464	ortn = SocketWrite(connection, dataPtr, &thisMove);
465	outLen += thisMove;
466	dataPtr++;
467	if(ortn) {
468	return ortn;
469	}
470	}
471	return noErr;
472	}
473	*dataLength = 0;
474
475	do {
476	length = write(sock,
477	(char*)dataPtr + bytesSent,
478	dataLen - bytesSent);
479	} while ((length > 0) &&
480	( (bytesSent += length) < dataLen) );
481
482	if(length <= 0) {
483	int theErr = errno;
484	switch(theErr) {
485	case EAGAIN:
486	ortn = errSSLWouldBlock; break;
487	case EPIPE:
488	ortn = errSSLClosedAbort; break;
489	default:
490	dprintf(("SocketWrite: write(%u) error %d\n",
491	(unsigned)(dataLen - bytesSent), theErr));
492	ortn = ioErr;
493	break;
494	}
495	}
496	else {
497	ortn = noErr;
498	}
499	tprintf("SocketWrite", dataLen, bytesSent, dataPtr);
500	*dataLength = bytesSent;
501	return ortn;
502	}