summaryrefslogtreecommitdiffstats
path: root/src/idevice.c
AgeCommit message (Collapse)AuthorFilesLines
2021-09-01Remove common code in favor of new libimobiledevice-glueGravatar Nikias Bassen1-2/+3
2021-07-30idevice: Reset receive length variable in internal_ssl_read retry loop and ↵Gravatar Nikias Bassen1-1/+2
fix wrong variable in debug message
2021-07-29lockdown: Get DeviceClass to make sure OS version dependent code is executed ↵Gravatar Nikias Bassen1-0/+1
correctly The code in lockdownd_client_new_with_handshake would call the function lockdownd_validate_pair based on the OS version being less than 7.0 without taking into account that Watch OS has a different versioning scheme compared to the other device classes. For this and any future version/device specific checks, the code now queries the DeviceClass and stores it in the idevice_private struct.
2021-07-29Handle error cases in relevant code when retrieving pair record failsGravatar Nikias Bassen1-3/+3
2021-07-27Add support for MbedTLSGravatar Nikias Bassen1-25/+170
2021-07-26idevice: Remove unnecessary memcpy from internal_ssl_read()Gravatar Nikias Bassen1-29/+15
2021-07-26idevice: Route OpenSSL reads/writes through internal_connection_*Gravatar Kabir Oberai1-42/+64
Let's not allow OpenSSL to directly access our file descriptors
2021-07-25idevice: Make sure to handle timeout condition for network connections tooGravatar Nikias Bassen1-9/+11
2021-02-01idevice: Allow partial reads in idevice_connection_receive_timeout() and ↵Gravatar Nikias Bassen1-6/+9
handle timeouts more adequate idevice_connection_receive_timeout(), when in SSL mode, was assuming it should always try to read the exact amount of data specified in `len` parameter. While this works with most protocols that have length fields or fixed sized headers/packets, some others (e.g. debugserver) break because it will request a read but doesn't know the size that is expected to be returned beforehand. This commit will handle timeouts better and return the number of bytes that were read in such cases (instead of returning 0 bytes read + error). Note that in the event of a timeout, IDEVICE_E_TIMEOUT will be returned even though actual data might have been read. The number of bytes read will be returned in recv_bytes.
2020-11-19idevice: Handle -EAGAIN in case usbmuxd_send() returns itGravatar Nikias Bassen1-1/+4
2020-08-06idevice: Fix build with LibreSSLGravatar Nikias Bassen1-1/+1
2020-06-13Allow OpenSSL >= 1.1.0 to use older/disallowed TLS versionsGravatar Author: Frederik Carlier1-1/+5
2020-06-08Remove whitespace errors from all filesGravatar Martin Szulecki1-1/+1
2020-06-08idevice: Add fix for potential SSL_write timeout error caseGravatar Nikias Bassen1-3/+3
2020-06-06idevice: Revert not copying scope id for IPv6 addresses from usbmuxd againGravatar Martin Szulecki1-2/+2
This should still catch the more common case when using usbmuxd on the same host. Not copying the scope id in that case actually removes vital routing information.
2020-06-06idevice: Slightly improve connectivity logic and fix IPv6 for network devicesGravatar Martin Szulecki1-6/+8
This change removes copying the scope id for IPv6 connections which caused problems if the usbmux connection data is used on different hosts or context.
2020-06-06idevice: Add some newlines for better code readabilityGravatar Martin Szulecki1-0/+7
2020-06-04idevice: Fix compiler warning about switch case fallthroughGravatar Martin Szulecki1-1/+1
2020-05-21idevice: [OpenSSL] Handle non-blocking SSL_writeGravatar Nikias Bassen1-0/+13
2020-05-18idevice_connection_send: Make sure send works with non-blocking socketsGravatar Nikias Bassen1-1/+17
2020-05-18Use direct socket connection for network devicesGravatar Nikias Bassen1-7/+76
Instead of relaying data via usbmuxd this change will have it connect directly to the device via network after retrieving its address from usbmuxd
2020-05-17idevice: [OpenSSL] Fix SSL_read with non-blocking socketsGravatar Nikias Bassen1-1/+10
2020-05-15idevice: [OpenSSL] Make sure SSL handshake works with non-blocking socketGravatar Nikias Bassen1-8/+18
2020-02-20introduces optional `idevice_connection_disable_ssl` with ability not to ↵Gravatar Demyan Kimitsa1-13/+23
send SSL shutdown message. As in debugserver this message will be considered as GDB server communication and break things
2020-01-05Define ETIMEDOUT if requiredGravatar Nikias Bassen1-0/+4
2019-11-07Add new idevice_get_device_list_extended() allowing to list all devices, ↵Gravatar Nikias Bassen1-0/+56
including network Instead of just returning a list of UDIDs (like idevice_get_device_list) this function will return idevice_info_t* records which also contains the type of the connection and the connection data.
2019-11-07Add propert support for network (WiFi) devices via new ↵Gravatar Nikias Bassen1-21/+71
idevice_new_with_options()
2019-09-29idevice: properly handle partial SSL writesGravatar Nikias Bassen1-8/+15
2019-09-28idevice: fix hang in SSL_shutdownGravatar Mikkel Kamstrup Erlandsen1-1/+7
2019-09-05idevice: Fix handling SSL/TLS version selection for OpenSSL 1.1.0+ and for ↵Gravatar Nikias Bassen1-11/+19
older devices
2019-08-18idevice: [win32] Move windows.h include after socket.h to prevent 'must ↵Gravatar Nikias Bassen1-4/+4
include winsock.h before windows.h'
2019-08-18Force use of TLSv1 for backwards compatibility with older iOS versionsGravatar Nikias Bassen1-1/+13
2019-07-19OpenSSL: Use SSL_pending() to determine if we want a select() before SSL_read()Gravatar Nikias Bassen1-11/+16
In order to obey the timeout in idevice_connection_receive_timeout(), we are using select() via socket_check_fd(). However, the SSL bio might have buffered more bytes than actually requested upon a call to SSL_read(), so in the next call to idevice_connection_receive_timeout() a select() would not find the fd being ready to read, and make it fail with an error, after the specified timeout is reached. With the help of SSL_pending() we can now skip calling select() so that SSL_read() will directly be called again.
2019-06-22Make sure to not use deprecated API when compiling with OpenSSL >= 1.1Gravatar Rosen Penev1-1/+7
There are several missing headers as well as deprecated functions for which compatibility was added as needed.
2019-06-21Use OPENSSL_THREADID_* API for OpenSSL >= 1.0.0 && < 1.1.0Gravatar Nikias Bassen1-0/+15
2019-06-16service: Silence timeout errorsGravatar Nikias Bassen1-1/+0
2019-06-13Timeout support for SSL connections and better timeout handeling.Gravatar DanyL1-11/+48
2019-06-10Make sure OpenSSL version checks don't fail when using LibreSSLGravatar Nikias Bassen1-7/+6
2018-09-29idevice: Add usbmux device id (handle/mux id) to internal data structureGravatar Nikias Bassen1-13/+6
2017-08-13lockdown: Don't explicitly validate pairing unless we're dealing with an ↵Gravatar Nikias Bassen1-0/+1
older device On newer iOS version, ValidatePair is not mandatory to gain trusted host status. Starting with iOS 11, the ValidatePair request has been removed from lockdownd and will throw an error. This commit adds a version check so that ValidatePair is only called on devices prior iOS 7.
2017-04-27gnutls: check for interrupted gnutls_handshake()Gravatar Nikos Mavrogiannopoulos1-3/+10
That is, recover if gnutls_handshake() returns with non fatal error codes like GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN.
2017-04-26 #ifdef out code which is a no-op with OpenSSL 1.1.0Gravatar Christophe Fergeau1-0/+6
CRYPTO_set_id_callback CRYPTO_set_locking_callback EVP_cleanup CRYPTO_cleanup_all_ex_data SSL_COMP_free_compression_methods are all no-ops with OpenSSL 1.1.0, so we can #ifdef out the corresponding code. This cleans up some warnings about id_function/locking_function being defined but unused (as the calls to CRYPTO_set_id_callback and CRYPTO_set_locking_callback disappear at preprocessing time). Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2017-04-26Don't use ERR_remove_thread_state() with OpenSSL 1.1.0Gravatar Christophe Fergeau1-14/+16
It's deprecated and causes compile-time warnings. We don't want to fallback to ERR_remove_state() either as it's similarly deprecated. This commit adds a helper functions to hide the #ifdef mess between the various openssl versions. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2017-04-26Avoid double free with OpenSSL 1.1.0Gravatar Christophe Fergeau1-1/+9
Since commit OpenSSL_1_1_0-pre3~178 https://github.com/openssl/openssl/commit/b184e3ef73200cb3b7914a603b43a5b8a074c85f OpenSSL automatically cleans up some of its internal data when the program exits. This conflicts with some similar clean up libimobiledevice attempts to do, which causes a double-free. SSL_COMP_free_compression_methods() was available in OpenSSL 1.0.2, and is still there in 1.1.0 as a no-op, so we can use that to free the compression methods. This bug can be hit with a simple idevicebackup2 --help ==14299== Invalid read of size 4 ==14299== at 0x547AEBC: OPENSSL_sk_pop_free (stack.c:263) ==14299== by 0x508B848: ssl_library_stop (ssl_init.c:182) ==14299== by 0x5424D11: OPENSSL_cleanup (init.c:402) ==14299== by 0x5DC3134: __cxa_finalize (cxa_finalize.c:56) ==14299== by 0x53332B2: ??? (in /usr/lib64/libcrypto.so.1.1.0e) ==14299== by 0x4011232: _dl_fini (dl-fini.c:235) ==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) ==14299== by 0x5DC2E19: exit (exit.c:105) ==14299== by 0x5DA8604: (below main) (libc-start.c:329) ==14299== Address 0x6585590 is 0 bytes inside a block of size 40 free'd ==14299== at 0x4C2FCC8: free (vg_replace_malloc.c:530) ==14299== by 0x4E43381: sk_SSL_COMP_free (ssl.h:830) ==14299== by 0x4E434E7: internal_idevice_deinit (idevice.c:103) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x4E5663A: thread_once (thread.c:104) ==14299== by 0x4E43525: libimobiledevice_deinitialize (idevice.c:140) ==14299== by 0x4011232: _dl_fini (dl-fini.c:235) ==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) ==14299== by 0x5DC2E19: exit (exit.c:105) ==14299== by 0x5DA8604: (below main) (libc-start.c:329) ==14299== Block was alloc'd at ==14299== at 0x4C2EB1B: malloc (vg_replace_malloc.c:299) ==14299== by 0x5428908: CRYPTO_zalloc (mem.c:100) ==14299== by 0x547A9AE: OPENSSL_sk_new (stack.c:108) ==14299== by 0x5087D43: sk_SSL_COMP_new (ssl.h:830) ==14299== by 0x5087D43: do_load_builtin_compressions (ssl_ciph.c:482) ==14299== by 0x5087D43: do_load_builtin_compressions_ossl_ (ssl_ciph.c:476) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) ==14299== by 0x5089F96: load_builtin_compressions (ssl_ciph.c:500) ==14299== by 0x5089F96: SSL_COMP_get_compression_methods (ssl_ciph.c:1845) ==14299== by 0x508B68B: ossl_init_ssl_base (ssl_init.c:125) ==14299== by 0x508B68B: ossl_init_ssl_base_ossl_ (ssl_init.c:25) ==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) ==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) ==14299== by 0x508B90A: OPENSSL_init_ssl (ssl_init.c:227) ==14299== by 0x4E43416: internal_idevice_init (idevice.c:73) = Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2017-04-08Propagate lower level errors to callers instead of returning unknownGravatar BALATON Zoltan1-2/+2
error for most failures
2016-08-02idevice: Update GnuTLS code to support iOS 10Gravatar Jay Freeman (saurik)1-1/+1
As of iOS 10 beta 4, the GnuTLS implementation idevice_connection_enable_ssl needs to be updated to support TLS. Using +VERS-TLS-ALL did not work on some of the devices I tested and I wasn't sure how to fix it, but +VERS-TLS1.0 is working on every device I've tested: iOS 9.0.2, 10.0b4, 8.1.1, 6.0, and 3.0.
2016-06-16Fix SSL version negotiation for newer versions of OpenSSLGravatar David Weinstein1-1/+1
Depending on the OpenSSL version (and custom distribution patches), `SSLv3_method()` would return NULL on some systems and also `SSLv23_method()` fails with some older iOS versions...
2016-06-16Revert "Fix SSL version negotiation with newer versions of OpenSSL"Gravatar Nikias Bassen1-1/+1
This reverts commit 6ce120c168b0f0a0146e505649864b5b07dc5093. The change had the negative effect that connecting to older iOS devices wouldn't work anymore.
2016-06-15Fix SSL version negotiation with newer versions of OpenSSLGravatar Nikias Bassen1-1/+1
2016-04-29Updated gnutls certificate callback to new API (backwards compatible)Gravatar Nikos Mavrogiannopoulos1-0/+13