1 /*
2 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. The name of the author may not be used to endorse or promote products
13 * derived from this software without specific prior written permission.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 // Get rid of OSX 10.7 and greater deprecation warnings.
28 #if defined(__APPLE__) && defined(__clang__)
29 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
30 #endif
31
32 #include "event2/event-config.h"
33 #include "evconfig-private.h"
34
35 #include <sys/types.h>
36
37 #ifdef EVENT__HAVE_SYS_TIME_H
38 #include <sys/time.h>
39 #endif
40
41 #include <errno.h>
42 #include <stdio.h>
43 #include <stdlib.h>
44 #include <string.h>
45 #ifdef EVENT__HAVE_STDARG_H
46 #include <stdarg.h>
47 #endif
48 #ifdef EVENT__HAVE_UNISTD_H
49 #include <unistd.h>
50 #endif
51
52 #ifdef _WIN32
53 #include <winsock2.h>
54 #endif
55
56 #include "event2/bufferevent.h"
57 #include "event2/bufferevent_struct.h"
58 #include "event2/bufferevent_ssl.h"
59 #include "event2/buffer.h"
60 #include "event2/event.h"
61
62 #include "mm-internal.h"
63 #include "bufferevent-internal.h"
64 #include "log-internal.h"
65
66 #include <openssl/bio.h>
67 #include <openssl/ssl.h>
68 #include <openssl/err.h>
69
70 /*
71 * Define an OpenSSL bio that targets a bufferevent.
72 */
73
74 /* --------------------
75 A BIO is an OpenSSL abstraction that handles reading and writing data. The
76 library will happily speak SSL over anything that implements a BIO
77 interface.
78
79 Here we define a BIO implementation that directs its output to a
80 bufferevent. We'll want to use this only when none of OpenSSL's built-in
81 IO mechanisms work for us.
82 -------------------- */
83
84 /* every BIO type needs its own integer type value. */
85 #define BIO_TYPE_LIBEVENT 57
86 /* ???? Arguably, we should set BIO_TYPE_FILTER or BIO_TYPE_SOURCE_SINK on
87 * this. */
88
89 #if 0
90 static void
91 print_err(int val)
92 {
93 int err;
94 printf("Error was %d\n", val);
95
96 while ((err = ERR_get_error())) {
97 const char *msg = (const char*)ERR_reason_error_string(err);
98 const char *lib = (const char*)ERR_lib_error_string(err);
99 const char *func = (const char*)ERR_func_error_string(err);
100
101 printf("%s in %s %s\n", msg, lib, func);
102 }
103 }
104 #else
105 #define print_err(v) ((void)0)
106 #endif
107
108 /* Called to initialize a new BIO */
109 static int
bio_bufferevent_new(BIO * b)110 bio_bufferevent_new(BIO *b)
111 {
112 b->init = 0;
113 b->num = -1;
114 b->ptr = NULL; /* We'll be putting the bufferevent in this field.*/
115 b->flags = 0;
116 return 1;
117 }
118
119 /* Called to uninitialize the BIO. */
120 static int
bio_bufferevent_free(BIO * b)121 bio_bufferevent_free(BIO *b)
122 {
123 if (!b)
124 return 0;
125 if (b->shutdown) {
126 if (b->init && b->ptr)
127 bufferevent_free(b->ptr);
128 b->init = 0;
129 b->flags = 0;
130 b->ptr = NULL;
131 }
132 return 1;
133 }
134
135 /* Called to extract data from the BIO. */
136 static int
bio_bufferevent_read(BIO * b,char * out,int outlen)137 bio_bufferevent_read(BIO *b, char *out, int outlen)
138 {
139 int r = 0;
140 struct evbuffer *input;
141
142 BIO_clear_retry_flags(b);
143
144 if (!out)
145 return 0;
146 if (!b->ptr)
147 return -1;
148
149 input = bufferevent_get_input(b->ptr);
150 if (evbuffer_get_length(input) == 0) {
151 /* If there's no data to read, say so. */
152 BIO_set_retry_read(b);
153 return -1;
154 } else {
155 r = evbuffer_remove(input, out, outlen);
156 }
157
158 return r;
159 }
160
161 /* Called to write data info the BIO */
162 static int
bio_bufferevent_write(BIO * b,const char * in,int inlen)163 bio_bufferevent_write(BIO *b, const char *in, int inlen)
164 {
165 struct bufferevent *bufev = b->ptr;
166 struct evbuffer *output;
167 size_t outlen;
168
169 BIO_clear_retry_flags(b);
170
171 if (!b->ptr)
172 return -1;
173
174 output = bufferevent_get_output(bufev);
175 outlen = evbuffer_get_length(output);
176
177 /* Copy only as much data onto the output buffer as can fit under the
178 * high-water mark. */
179 if (bufev->wm_write.high && bufev->wm_write.high <= (outlen+inlen)) {
180 if (bufev->wm_write.high <= outlen) {
181 /* If no data can fit, we'll need to retry later. */
182 BIO_set_retry_write(b);
183 return -1;
184 }
185 inlen = bufev->wm_write.high - outlen;
186 }
187
188 EVUTIL_ASSERT(inlen > 0);
189 evbuffer_add(output, in, inlen);
190 return inlen;
191 }
192
193 /* Called to handle various requests */
194 static long
bio_bufferevent_ctrl(BIO * b,int cmd,long num,void * ptr)195 bio_bufferevent_ctrl(BIO *b, int cmd, long num, void *ptr)
196 {
197 struct bufferevent *bufev = b->ptr;
198 long ret = 1;
199
200 switch (cmd) {
201 case BIO_CTRL_GET_CLOSE:
202 ret = b->shutdown;
203 break;
204 case BIO_CTRL_SET_CLOSE:
205 b->shutdown = (int)num;
206 break;
207 case BIO_CTRL_PENDING:
208 ret = evbuffer_get_length(bufferevent_get_input(bufev)) != 0;
209 break;
210 case BIO_CTRL_WPENDING:
211 ret = evbuffer_get_length(bufferevent_get_output(bufev)) != 0;
212 break;
213 /* XXXX These two are given a special-case treatment because
214 * of cargo-cultism. I should come up with a better reason. */
215 case BIO_CTRL_DUP:
216 case BIO_CTRL_FLUSH:
217 ret = 1;
218 break;
219 default:
220 ret = 0;
221 break;
222 }
223 return ret;
224 }
225
226 /* Called to write a string to the BIO */
227 static int
bio_bufferevent_puts(BIO * b,const char * s)228 bio_bufferevent_puts(BIO *b, const char *s)
229 {
230 return bio_bufferevent_write(b, s, strlen(s));
231 }
232
233 /* Method table for the bufferevent BIO */
234 static BIO_METHOD methods_bufferevent = {
235 BIO_TYPE_LIBEVENT, "bufferevent",
236 bio_bufferevent_write,
237 bio_bufferevent_read,
238 bio_bufferevent_puts,
239 NULL /* bio_bufferevent_gets */,
240 bio_bufferevent_ctrl,
241 bio_bufferevent_new,
242 bio_bufferevent_free,
243 NULL /* callback_ctrl */,
244 };
245
246 /* Return the method table for the bufferevents BIO */
247 static BIO_METHOD *
BIO_s_bufferevent(void)248 BIO_s_bufferevent(void)
249 {
250 return &methods_bufferevent;
251 }
252
253 /* Create a new BIO to wrap communication around a bufferevent. If close_flag
254 * is true, the bufferevent will be freed when the BIO is closed. */
255 static BIO *
BIO_new_bufferevent(struct bufferevent * bufferevent,int close_flag)256 BIO_new_bufferevent(struct bufferevent *bufferevent, int close_flag)
257 {
258 BIO *result;
259 if (!bufferevent)
260 return NULL;
261 if (!(result = BIO_new(BIO_s_bufferevent())))
262 return NULL;
263 result->init = 1;
264 result->ptr = bufferevent;
265 result->shutdown = close_flag ? 1 : 0;
266 return result;
267 }
268
269 /* --------------------
270 Now, here's the OpenSSL-based implementation of bufferevent.
271
272 The implementation comes in two flavors: one that connects its SSL object
273 to an underlying bufferevent using a BIO_bufferevent, and one that has the
274 SSL object connect to a socket directly. The latter should generally be
275 faster, except on Windows, where your best bet is using a
276 bufferevent_async.
277
278 (OpenSSL supports many other BIO types, too. But we can't use any unless
279 we have a good way to get notified when they become readable/writable.)
280 -------------------- */
281
282 struct bio_data_counts {
283 unsigned long n_written;
284 unsigned long n_read;
285 };
286
287 struct bufferevent_openssl {
288 /* Shared fields with common bufferevent implementation code.
289 If we were set up with an underlying bufferevent, we use the
290 events here as timers only. If we have an SSL, then we use
291 the events as socket events.
292 */
293 struct bufferevent_private bev;
294 /* An underlying bufferevent that we're directing our output to.
295 If it's NULL, then we're connected to an fd, not an evbuffer. */
296 struct bufferevent *underlying;
297 /* The SSL object doing our encryption. */
298 SSL *ssl;
299
300 /* A callback that's invoked when data arrives on our outbuf so we
301 know to write data to the SSL. */
302 struct evbuffer_cb_entry *outbuf_cb;
303
304 /* A count of how much data the bios have read/written total. Used
305 for rate-limiting. */
306 struct bio_data_counts counts;
307
308 /* If this value is greater than 0, then the last SSL_write blocked,
309 * and we need to try it again with this many bytes. */
310 ev_ssize_t last_write;
311
312 #define NUM_ERRORS 3
313 ev_uint32_t errors[NUM_ERRORS];
314
315 /* When we next get available space, we should say "read" instead of
316 "write". This can happen if there's a renegotiation during a read
317 operation. */
318 unsigned read_blocked_on_write : 1;
319 /* When we next get data, we should say "write" instead of "read". */
320 unsigned write_blocked_on_read : 1;
321 /* Treat TCP close before SSL close on SSL >= v3 as clean EOF. */
322 unsigned allow_dirty_shutdown : 1;
323 /* XXXX */
324 unsigned fd_is_set : 1;
325 /* XXX */
326 unsigned n_errors : 2;
327
328 /* Are we currently connecting, accepting, or doing IO? */
329 unsigned state : 2;
330 };
331
332 static int be_openssl_enable(struct bufferevent *, short);
333 static int be_openssl_disable(struct bufferevent *, short);
334 static void be_openssl_unlink(struct bufferevent *);
335 static void be_openssl_destruct(struct bufferevent *);
336 static int be_openssl_adj_timeouts(struct bufferevent *);
337 static int be_openssl_flush(struct bufferevent *bufev,
338 short iotype, enum bufferevent_flush_mode mode);
339 static int be_openssl_ctrl(struct bufferevent *, enum bufferevent_ctrl_op, union bufferevent_ctrl_data *);
340
341 const struct bufferevent_ops bufferevent_ops_openssl = {
342 "ssl",
343 evutil_offsetof(struct bufferevent_openssl, bev.bev),
344 be_openssl_enable,
345 be_openssl_disable,
346 be_openssl_unlink,
347 be_openssl_destruct,
348 be_openssl_adj_timeouts,
349 be_openssl_flush,
350 be_openssl_ctrl,
351 };
352
353 /* Given a bufferevent, return a pointer to the bufferevent_openssl that
354 * contains it, if any. */
355 static inline struct bufferevent_openssl *
upcast(struct bufferevent * bev)356 upcast(struct bufferevent *bev)
357 {
358 struct bufferevent_openssl *bev_o;
359 if (bev->be_ops != &bufferevent_ops_openssl)
360 return NULL;
361 bev_o = (void*)( ((char*)bev) -
362 evutil_offsetof(struct bufferevent_openssl, bev.bev));
363 EVUTIL_ASSERT(bev_o->bev.bev.be_ops == &bufferevent_ops_openssl);
364 return bev_o;
365 }
366
367 static inline void
put_error(struct bufferevent_openssl * bev_ssl,unsigned long err)368 put_error(struct bufferevent_openssl *bev_ssl, unsigned long err)
369 {
370 if (bev_ssl->n_errors == NUM_ERRORS)
371 return;
372 /* The error type according to openssl is "unsigned long", but
373 openssl never uses more than 32 bits of it. It _can't_ use more
374 than 32 bits of it, since it needs to report errors on systems
375 where long is only 32 bits.
376 */
377 bev_ssl->errors[bev_ssl->n_errors++] = (ev_uint32_t) err;
378 }
379
380 /* Have the base communications channel (either the underlying bufferevent or
381 * ev_read and ev_write) start reading. Take the read-blocked-on-write flag
382 * into account. */
383 static int
start_reading(struct bufferevent_openssl * bev_ssl)384 start_reading(struct bufferevent_openssl *bev_ssl)
385 {
386 if (bev_ssl->underlying) {
387 bufferevent_unsuspend_read_(bev_ssl->underlying,
388 BEV_SUSPEND_FILT_READ);
389 return 0;
390 } else {
391 struct bufferevent *bev = &bev_ssl->bev.bev;
392 int r;
393 r = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
394 if (r == 0 && bev_ssl->read_blocked_on_write)
395 r = bufferevent_add_event_(&bev->ev_write,
396 &bev->timeout_write);
397 return r;
398 }
399 }
400
401 /* Have the base communications channel (either the underlying bufferevent or
402 * ev_read and ev_write) start writing. Take the write-blocked-on-read flag
403 * into account. */
404 static int
start_writing(struct bufferevent_openssl * bev_ssl)405 start_writing(struct bufferevent_openssl *bev_ssl)
406 {
407 int r = 0;
408 if (bev_ssl->underlying) {
409 ;
410 } else {
411 struct bufferevent *bev = &bev_ssl->bev.bev;
412 r = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
413 if (!r && bev_ssl->write_blocked_on_read)
414 r = bufferevent_add_event_(&bev->ev_read,
415 &bev->timeout_read);
416 }
417 return r;
418 }
419
420 static void
stop_reading(struct bufferevent_openssl * bev_ssl)421 stop_reading(struct bufferevent_openssl *bev_ssl)
422 {
423 if (bev_ssl->write_blocked_on_read)
424 return;
425 if (bev_ssl->underlying) {
426 bufferevent_suspend_read_(bev_ssl->underlying,
427 BEV_SUSPEND_FILT_READ);
428 } else {
429 struct bufferevent *bev = &bev_ssl->bev.bev;
430 event_del(&bev->ev_read);
431 }
432 }
433
434 static void
stop_writing(struct bufferevent_openssl * bev_ssl)435 stop_writing(struct bufferevent_openssl *bev_ssl)
436 {
437 if (bev_ssl->read_blocked_on_write)
438 return;
439 if (bev_ssl->underlying) {
440 ;
441 } else {
442 struct bufferevent *bev = &bev_ssl->bev.bev;
443 event_del(&bev->ev_write);
444 }
445 }
446
447 static int
set_rbow(struct bufferevent_openssl * bev_ssl)448 set_rbow(struct bufferevent_openssl *bev_ssl)
449 {
450 if (!bev_ssl->underlying)
451 stop_reading(bev_ssl);
452 bev_ssl->read_blocked_on_write = 1;
453 return start_writing(bev_ssl);
454 }
455
456 static int
set_wbor(struct bufferevent_openssl * bev_ssl)457 set_wbor(struct bufferevent_openssl *bev_ssl)
458 {
459 if (!bev_ssl->underlying)
460 stop_writing(bev_ssl);
461 bev_ssl->write_blocked_on_read = 1;
462 return start_reading(bev_ssl);
463 }
464
465 static int
clear_rbow(struct bufferevent_openssl * bev_ssl)466 clear_rbow(struct bufferevent_openssl *bev_ssl)
467 {
468 struct bufferevent *bev = &bev_ssl->bev.bev;
469 int r = 0;
470 bev_ssl->read_blocked_on_write = 0;
471 if (!(bev->enabled & EV_WRITE))
472 stop_writing(bev_ssl);
473 if (bev->enabled & EV_READ)
474 r = start_reading(bev_ssl);
475 return r;
476 }
477
478
479 static int
clear_wbor(struct bufferevent_openssl * bev_ssl)480 clear_wbor(struct bufferevent_openssl *bev_ssl)
481 {
482 struct bufferevent *bev = &bev_ssl->bev.bev;
483 int r = 0;
484 bev_ssl->write_blocked_on_read = 0;
485 if (!(bev->enabled & EV_READ))
486 stop_reading(bev_ssl);
487 if (bev->enabled & EV_WRITE)
488 r = start_writing(bev_ssl);
489 return r;
490 }
491
492 static void
conn_closed(struct bufferevent_openssl * bev_ssl,int when,int errcode,int ret)493 conn_closed(struct bufferevent_openssl *bev_ssl, int when, int errcode, int ret)
494 {
495 int event = BEV_EVENT_ERROR;
496 int dirty_shutdown = 0;
497 unsigned long err;
498
499 switch (errcode) {
500 case SSL_ERROR_ZERO_RETURN:
501 /* Possibly a clean shutdown. */
502 if (SSL_get_shutdown(bev_ssl->ssl) & SSL_RECEIVED_SHUTDOWN)
503 event = BEV_EVENT_EOF;
504 else
505 dirty_shutdown = 1;
506 break;
507 case SSL_ERROR_SYSCALL:
508 /* IO error; possibly a dirty shutdown. */
509 if (ret == 0 && ERR_peek_error() == 0)
510 dirty_shutdown = 1;
511 break;
512 case SSL_ERROR_SSL:
513 /* Protocol error. */
514 break;
515 case SSL_ERROR_WANT_X509_LOOKUP:
516 /* XXXX handle this. */
517 break;
518 case SSL_ERROR_NONE:
519 case SSL_ERROR_WANT_READ:
520 case SSL_ERROR_WANT_WRITE:
521 case SSL_ERROR_WANT_CONNECT:
522 case SSL_ERROR_WANT_ACCEPT:
523 default:
524 /* should be impossible; treat as normal error. */
525 event_warnx("BUG: Unexpected OpenSSL error code %d", errcode);
526 break;
527 }
528
529 while ((err = ERR_get_error())) {
530 put_error(bev_ssl, err);
531 }
532
533 if (dirty_shutdown && bev_ssl->allow_dirty_shutdown)
534 event = BEV_EVENT_EOF;
535
536 stop_reading(bev_ssl);
537 stop_writing(bev_ssl);
538
539 /* when is BEV_EVENT_{READING|WRITING} */
540 event = when | event;
541 bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
542 }
543
544 static void
init_bio_counts(struct bufferevent_openssl * bev_ssl)545 init_bio_counts(struct bufferevent_openssl *bev_ssl)
546 {
547 bev_ssl->counts.n_written =
548 BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
549 bev_ssl->counts.n_read =
550 BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
551 }
552
553 static inline void
decrement_buckets(struct bufferevent_openssl * bev_ssl)554 decrement_buckets(struct bufferevent_openssl *bev_ssl)
555 {
556 unsigned long num_w = BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
557 unsigned long num_r = BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
558 /* These next two subtractions can wrap around. That's okay. */
559 unsigned long w = num_w - bev_ssl->counts.n_written;
560 unsigned long r = num_r - bev_ssl->counts.n_read;
561 if (w)
562 bufferevent_decrement_write_buckets_(&bev_ssl->bev, w);
563 if (r)
564 bufferevent_decrement_read_buckets_(&bev_ssl->bev, r);
565 bev_ssl->counts.n_written = num_w;
566 bev_ssl->counts.n_read = num_r;
567 }
568
569 #define OP_MADE_PROGRESS 1
570 #define OP_BLOCKED 2
571 #define OP_ERR 4
572
573 /* Return a bitmask of OP_MADE_PROGRESS (if we read anything); OP_BLOCKED (if
574 we're now blocked); and OP_ERR (if an error occurred). */
575 static int
do_read(struct bufferevent_openssl * bev_ssl,int n_to_read)576 do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) {
577 /* Requires lock */
578 struct bufferevent *bev = &bev_ssl->bev.bev;
579 struct evbuffer *input = bev->input;
580 int r, n, i, n_used = 0, atmost;
581 struct evbuffer_iovec space[2];
582 int result = 0;
583
584 if (bev_ssl->bev.read_suspended)
585 return 0;
586
587 atmost = bufferevent_get_read_max_(&bev_ssl->bev);
588 if (n_to_read > atmost)
589 n_to_read = atmost;
590
591 n = evbuffer_reserve_space(input, n_to_read, space, 2);
592 if (n < 0)
593 return OP_ERR;
594
595 for (i=0; i<n; ++i) {
596 if (bev_ssl->bev.read_suspended)
597 break;
598 r = SSL_read(bev_ssl->ssl, space[i].iov_base, space[i].iov_len);
599 if (r>0) {
600 result |= OP_MADE_PROGRESS;
601 if (bev_ssl->read_blocked_on_write)
602 if (clear_rbow(bev_ssl) < 0)
603 return OP_ERR | result;
604 ++n_used;
605 space[i].iov_len = r;
606 decrement_buckets(bev_ssl);
607 } else {
608 int err = SSL_get_error(bev_ssl->ssl, r);
609 print_err(err);
610 switch (err) {
611 case SSL_ERROR_WANT_READ:
612 /* Can't read until underlying has more data. */
613 if (bev_ssl->read_blocked_on_write)
614 if (clear_rbow(bev_ssl) < 0)
615 return OP_ERR | result;
616 break;
617 case SSL_ERROR_WANT_WRITE:
618 /* This read operation requires a write, and the
619 * underlying is full */
620 if (!bev_ssl->read_blocked_on_write)
621 if (set_rbow(bev_ssl) < 0)
622 return OP_ERR | result;
623 break;
624 default:
625 conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
626 break;
627 }
628 result |= OP_BLOCKED;
629 break; /* out of the loop */
630 }
631 }
632
633 if (n_used) {
634 evbuffer_commit_space(input, space, n_used);
635 if (bev_ssl->underlying)
636 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
637 }
638
639 return result;
640 }
641
642 /* Return a bitmask of OP_MADE_PROGRESS (if we wrote anything); OP_BLOCKED (if
643 we're now blocked); and OP_ERR (if an error occurred). */
644 static int
do_write(struct bufferevent_openssl * bev_ssl,int atmost)645 do_write(struct bufferevent_openssl *bev_ssl, int atmost)
646 {
647 int i, r, n, n_written = 0;
648 struct bufferevent *bev = &bev_ssl->bev.bev;
649 struct evbuffer *output = bev->output;
650 struct evbuffer_iovec space[8];
651 int result = 0;
652
653 if (bev_ssl->last_write > 0)
654 atmost = bev_ssl->last_write;
655 else
656 atmost = bufferevent_get_write_max_(&bev_ssl->bev);
657
658 n = evbuffer_peek(output, atmost, NULL, space, 8);
659 if (n < 0)
660 return OP_ERR | result;
661
662 if (n > 8)
663 n = 8;
664 for (i=0; i < n; ++i) {
665 if (bev_ssl->bev.write_suspended)
666 break;
667
668 /* SSL_write will (reasonably) return 0 if we tell it to
669 send 0 data. Skip this case so we don't interpret the
670 result as an error */
671 if (space[i].iov_len == 0)
672 continue;
673
674 r = SSL_write(bev_ssl->ssl, space[i].iov_base,
675 space[i].iov_len);
676 if (r > 0) {
677 result |= OP_MADE_PROGRESS;
678 if (bev_ssl->write_blocked_on_read)
679 if (clear_wbor(bev_ssl) < 0)
680 return OP_ERR | result;
681 n_written += r;
682 bev_ssl->last_write = -1;
683 decrement_buckets(bev_ssl);
684 } else {
685 int err = SSL_get_error(bev_ssl->ssl, r);
686 print_err(err);
687 switch (err) {
688 case SSL_ERROR_WANT_WRITE:
689 /* Can't read until underlying has more data. */
690 if (bev_ssl->write_blocked_on_read)
691 if (clear_wbor(bev_ssl) < 0)
692 return OP_ERR | result;
693 bev_ssl->last_write = space[i].iov_len;
694 break;
695 case SSL_ERROR_WANT_READ:
696 /* This read operation requires a write, and the
697 * underlying is full */
698 if (!bev_ssl->write_blocked_on_read)
699 if (set_wbor(bev_ssl) < 0)
700 return OP_ERR | result;
701 bev_ssl->last_write = space[i].iov_len;
702 break;
703 default:
704 conn_closed(bev_ssl, BEV_EVENT_WRITING, err, r);
705 bev_ssl->last_write = -1;
706 break;
707 }
708 result |= OP_BLOCKED;
709 break;
710 }
711 }
712 if (n_written) {
713 evbuffer_drain(output, n_written);
714 if (bev_ssl->underlying)
715 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
716
717 bufferevent_trigger_nolock_(bev, EV_WRITE, 0);
718 }
719 return result;
720 }
721
722 #define WRITE_FRAME 15000
723
724 #define READ_DEFAULT 4096
725
726 /* Try to figure out how many bytes to read; return 0 if we shouldn't be
727 * reading. */
728 static int
bytes_to_read(struct bufferevent_openssl * bev)729 bytes_to_read(struct bufferevent_openssl *bev)
730 {
731 struct evbuffer *input = bev->bev.bev.input;
732 struct event_watermark *wm = &bev->bev.bev.wm_read;
733 int result = READ_DEFAULT;
734 ev_ssize_t limit;
735 /* XXX 99% of this is generic code that nearly all bufferevents will
736 * want. */
737
738 if (bev->write_blocked_on_read) {
739 return 0;
740 }
741
742 if (! (bev->bev.bev.enabled & EV_READ)) {
743 return 0;
744 }
745
746 if (bev->bev.read_suspended) {
747 return 0;
748 }
749
750 if (wm->high) {
751 if (evbuffer_get_length(input) >= wm->high) {
752 return 0;
753 }
754
755 result = wm->high - evbuffer_get_length(input);
756 } else {
757 result = READ_DEFAULT;
758 }
759
760 /* Respect the rate limit */
761 limit = bufferevent_get_read_max_(&bev->bev);
762 if (result > limit) {
763 result = limit;
764 }
765
766 return result;
767 }
768
769
770 /* Things look readable. If write is blocked on read, write till it isn't.
771 * Read from the underlying buffer until we block or we hit our high-water
772 * mark.
773 */
774 static void
consider_reading(struct bufferevent_openssl * bev_ssl)775 consider_reading(struct bufferevent_openssl *bev_ssl)
776 {
777 int r;
778 int n_to_read;
779 int all_result_flags = 0;
780
781 while (bev_ssl->write_blocked_on_read) {
782 r = do_write(bev_ssl, WRITE_FRAME);
783 if (r & (OP_BLOCKED|OP_ERR))
784 break;
785 }
786 if (bev_ssl->write_blocked_on_read)
787 return;
788
789 n_to_read = bytes_to_read(bev_ssl);
790
791 while (n_to_read) {
792 r = do_read(bev_ssl, n_to_read);
793 all_result_flags |= r;
794
795 if (r & (OP_BLOCKED|OP_ERR))
796 break;
797
798 if (bev_ssl->bev.read_suspended)
799 break;
800
801 /* Read all pending data. This won't hit the network
802 * again, and will (most importantly) put us in a state
803 * where we don't need to read anything else until the
804 * socket is readable again. It'll potentially make us
805 * overrun our read high-watermark (somewhat
806 * regrettable). The damage to the rate-limit has
807 * already been done, since OpenSSL went and read a
808 * whole SSL record anyway. */
809 n_to_read = SSL_pending(bev_ssl->ssl);
810
811 /* XXX This if statement is actually a bad bug, added to avoid
812 * XXX a worse bug.
813 *
814 * The bad bug: It can potentially cause resource unfairness
815 * by reading too much data from the underlying bufferevent;
816 * it can potentially cause read looping if the underlying
817 * bufferevent is a bufferevent_pair and deferred callbacks
818 * aren't used.
819 *
820 * The worse bug: If we didn't do this, then we would
821 * potentially not read any more from bev_ssl->underlying
822 * until more data arrived there, which could lead to us
823 * waiting forever.
824 */
825 if (!n_to_read && bev_ssl->underlying)
826 n_to_read = bytes_to_read(bev_ssl);
827 }
828
829 if (all_result_flags & OP_MADE_PROGRESS) {
830 struct bufferevent *bev = &bev_ssl->bev.bev;
831
832 bufferevent_trigger_nolock_(bev, EV_READ, 0);
833 }
834
835 if (!bev_ssl->underlying) {
836 /* Should be redundant, but let's avoid busy-looping */
837 if (bev_ssl->bev.read_suspended ||
838 !(bev_ssl->bev.bev.enabled & EV_READ)) {
839 event_del(&bev_ssl->bev.bev.ev_read);
840 }
841 }
842 }
843
844 static void
consider_writing(struct bufferevent_openssl * bev_ssl)845 consider_writing(struct bufferevent_openssl *bev_ssl)
846 {
847 int r;
848 struct evbuffer *output = bev_ssl->bev.bev.output;
849 struct evbuffer *target = NULL;
850 struct event_watermark *wm = NULL;
851
852 while (bev_ssl->read_blocked_on_write) {
853 r = do_read(bev_ssl, 1024); /* XXXX 1024 is a hack */
854 if (r & OP_MADE_PROGRESS) {
855 struct bufferevent *bev = &bev_ssl->bev.bev;
856
857 bufferevent_trigger_nolock_(bev, EV_READ, 0);
858 }
859 if (r & (OP_ERR|OP_BLOCKED))
860 break;
861 }
862 if (bev_ssl->read_blocked_on_write)
863 return;
864 if (bev_ssl->underlying) {
865 target = bev_ssl->underlying->output;
866 wm = &bev_ssl->underlying->wm_write;
867 }
868 while ((bev_ssl->bev.bev.enabled & EV_WRITE) &&
869 (! bev_ssl->bev.write_suspended) &&
870 evbuffer_get_length(output) &&
871 (!target || (! wm->high || evbuffer_get_length(target) < wm->high))) {
872 int n_to_write;
873 if (wm && wm->high)
874 n_to_write = wm->high - evbuffer_get_length(target);
875 else
876 n_to_write = WRITE_FRAME;
877 r = do_write(bev_ssl, n_to_write);
878 if (r & (OP_BLOCKED|OP_ERR))
879 break;
880 }
881
882 if (!bev_ssl->underlying) {
883 if (evbuffer_get_length(output) == 0) {
884 event_del(&bev_ssl->bev.bev.ev_write);
885 } else if (bev_ssl->bev.write_suspended ||
886 !(bev_ssl->bev.bev.enabled & EV_WRITE)) {
887 /* Should be redundant, but let's avoid busy-looping */
888 event_del(&bev_ssl->bev.bev.ev_write);
889 }
890 }
891 }
892
893 static void
be_openssl_readcb(struct bufferevent * bev_base,void * ctx)894 be_openssl_readcb(struct bufferevent *bev_base, void *ctx)
895 {
896 struct bufferevent_openssl *bev_ssl = ctx;
897 consider_reading(bev_ssl);
898 }
899
900 static void
be_openssl_writecb(struct bufferevent * bev_base,void * ctx)901 be_openssl_writecb(struct bufferevent *bev_base, void *ctx)
902 {
903 struct bufferevent_openssl *bev_ssl = ctx;
904 consider_writing(bev_ssl);
905 }
906
907 static void
be_openssl_eventcb(struct bufferevent * bev_base,short what,void * ctx)908 be_openssl_eventcb(struct bufferevent *bev_base, short what, void *ctx)
909 {
910 struct bufferevent_openssl *bev_ssl = ctx;
911 int event = 0;
912
913 if (what & BEV_EVENT_EOF) {
914 if (bev_ssl->allow_dirty_shutdown)
915 event = BEV_EVENT_EOF;
916 else
917 event = BEV_EVENT_ERROR;
918 } else if (what & BEV_EVENT_TIMEOUT) {
919 /* We sure didn't set this. Propagate it to the user. */
920 event = what;
921 } else if (what & BEV_EVENT_ERROR) {
922 /* An error occurred on the connection. Propagate it to the user. */
923 event = what;
924 } else if (what & BEV_EVENT_CONNECTED) {
925 /* Ignore it. We're saying SSL_connect() already, which will
926 eat it. */
927 }
928 if (event)
929 bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
930 }
931
932 static void
be_openssl_readeventcb(evutil_socket_t fd,short what,void * ptr)933 be_openssl_readeventcb(evutil_socket_t fd, short what, void *ptr)
934 {
935 struct bufferevent_openssl *bev_ssl = ptr;
936 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
937 if (what == EV_TIMEOUT) {
938 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
939 BEV_EVENT_TIMEOUT|BEV_EVENT_READING, 0);
940 } else {
941 consider_reading(bev_ssl);
942 }
943 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
944 }
945
946 static void
be_openssl_writeeventcb(evutil_socket_t fd,short what,void * ptr)947 be_openssl_writeeventcb(evutil_socket_t fd, short what, void *ptr)
948 {
949 struct bufferevent_openssl *bev_ssl = ptr;
950 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
951 if (what == EV_TIMEOUT) {
952 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
953 BEV_EVENT_TIMEOUT|BEV_EVENT_WRITING, 0);
954 } else {
955 consider_writing(bev_ssl);
956 }
957 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
958 }
959
960 static int
set_open_callbacks(struct bufferevent_openssl * bev_ssl,evutil_socket_t fd)961 set_open_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
962 {
963 if (bev_ssl->underlying) {
964 bufferevent_setcb(bev_ssl->underlying,
965 be_openssl_readcb, be_openssl_writecb, be_openssl_eventcb,
966 bev_ssl);
967 return 0;
968 } else {
969 struct bufferevent *bev = &bev_ssl->bev.bev;
970 int rpending=0, wpending=0, r1=0, r2=0;
971 if (fd < 0 && bev_ssl->fd_is_set)
972 fd = event_get_fd(&bev->ev_read);
973 if (bev_ssl->fd_is_set) {
974 rpending = event_pending(&bev->ev_read, EV_READ, NULL);
975 wpending = event_pending(&bev->ev_write, EV_WRITE, NULL);
976 event_del(&bev->ev_read);
977 event_del(&bev->ev_write);
978 }
979 event_assign(&bev->ev_read, bev->ev_base, fd,
980 EV_READ|EV_PERSIST|EV_FINALIZE,
981 be_openssl_readeventcb, bev_ssl);
982 event_assign(&bev->ev_write, bev->ev_base, fd,
983 EV_WRITE|EV_PERSIST|EV_FINALIZE,
984 be_openssl_writeeventcb, bev_ssl);
985 if (rpending)
986 r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
987 if (wpending)
988 r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
989 if (fd >= 0) {
990 bev_ssl->fd_is_set = 1;
991 }
992 return (r1<0 || r2<0) ? -1 : 0;
993 }
994 }
995
996 static int
do_handshake(struct bufferevent_openssl * bev_ssl)997 do_handshake(struct bufferevent_openssl *bev_ssl)
998 {
999 int r;
1000
1001 switch (bev_ssl->state) {
1002 default:
1003 case BUFFEREVENT_SSL_OPEN:
1004 EVUTIL_ASSERT(0);
1005 return -1;
1006 case BUFFEREVENT_SSL_CONNECTING:
1007 case BUFFEREVENT_SSL_ACCEPTING:
1008 r = SSL_do_handshake(bev_ssl->ssl);
1009 break;
1010 }
1011 decrement_buckets(bev_ssl);
1012
1013 if (r==1) {
1014 /* We're done! */
1015 bev_ssl->state = BUFFEREVENT_SSL_OPEN;
1016 set_open_callbacks(bev_ssl, -1); /* XXXX handle failure */
1017 /* Call do_read and do_write as needed */
1018 bufferevent_enable(&bev_ssl->bev.bev, bev_ssl->bev.bev.enabled);
1019 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
1020 BEV_EVENT_CONNECTED, 0);
1021 return 1;
1022 } else {
1023 int err = SSL_get_error(bev_ssl->ssl, r);
1024 print_err(err);
1025 switch (err) {
1026 case SSL_ERROR_WANT_WRITE:
1027 if (!bev_ssl->underlying) {
1028 stop_reading(bev_ssl);
1029 return start_writing(bev_ssl);
1030 }
1031 return 0;
1032 case SSL_ERROR_WANT_READ:
1033 if (!bev_ssl->underlying) {
1034 stop_writing(bev_ssl);
1035 return start_reading(bev_ssl);
1036 }
1037 return 0;
1038 default:
1039 conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
1040 return -1;
1041 }
1042 }
1043 }
1044
1045 static void
be_openssl_handshakecb(struct bufferevent * bev_base,void * ctx)1046 be_openssl_handshakecb(struct bufferevent *bev_base, void *ctx)
1047 {
1048 struct bufferevent_openssl *bev_ssl = ctx;
1049 do_handshake(bev_ssl);/* XXX handle failure */
1050 }
1051
1052 static void
be_openssl_handshakeeventcb(evutil_socket_t fd,short what,void * ptr)1053 be_openssl_handshakeeventcb(evutil_socket_t fd, short what, void *ptr)
1054 {
1055 struct bufferevent_openssl *bev_ssl = ptr;
1056
1057 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
1058 if (what & EV_TIMEOUT) {
1059 bufferevent_run_eventcb_(&bev_ssl->bev.bev, BEV_EVENT_TIMEOUT, 0);
1060 } else
1061 do_handshake(bev_ssl);/* XXX handle failure */
1062 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
1063 }
1064
1065 static int
set_handshake_callbacks(struct bufferevent_openssl * bev_ssl,evutil_socket_t fd)1066 set_handshake_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
1067 {
1068 if (bev_ssl->underlying) {
1069 bufferevent_setcb(bev_ssl->underlying,
1070 be_openssl_handshakecb, be_openssl_handshakecb,
1071 be_openssl_eventcb,
1072 bev_ssl);
1073 return do_handshake(bev_ssl);
1074 } else {
1075 struct bufferevent *bev = &bev_ssl->bev.bev;
1076 int r1=0, r2=0;
1077 if (fd < 0 && bev_ssl->fd_is_set)
1078 fd = event_get_fd(&bev->ev_read);
1079 if (bev_ssl->fd_is_set) {
1080 event_del(&bev->ev_read);
1081 event_del(&bev->ev_write);
1082 }
1083 event_assign(&bev->ev_read, bev->ev_base, fd,
1084 EV_READ|EV_PERSIST|EV_FINALIZE,
1085 be_openssl_handshakeeventcb, bev_ssl);
1086 event_assign(&bev->ev_write, bev->ev_base, fd,
1087 EV_WRITE|EV_PERSIST|EV_FINALIZE,
1088 be_openssl_handshakeeventcb, bev_ssl);
1089 if (fd >= 0) {
1090 r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
1091 r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
1092 bev_ssl->fd_is_set = 1;
1093 }
1094 return (r1<0 || r2<0) ? -1 : 0;
1095 }
1096 }
1097
1098 int
bufferevent_ssl_renegotiate(struct bufferevent * bev)1099 bufferevent_ssl_renegotiate(struct bufferevent *bev)
1100 {
1101 struct bufferevent_openssl *bev_ssl = upcast(bev);
1102 if (!bev_ssl)
1103 return -1;
1104 if (SSL_renegotiate(bev_ssl->ssl) < 0)
1105 return -1;
1106 bev_ssl->state = BUFFEREVENT_SSL_CONNECTING;
1107 if (set_handshake_callbacks(bev_ssl, -1) < 0)
1108 return -1;
1109 if (!bev_ssl->underlying)
1110 return do_handshake(bev_ssl);
1111 return 0;
1112 }
1113
1114 static void
be_openssl_outbuf_cb(struct evbuffer * buf,const struct evbuffer_cb_info * cbinfo,void * arg)1115 be_openssl_outbuf_cb(struct evbuffer *buf,
1116 const struct evbuffer_cb_info *cbinfo, void *arg)
1117 {
1118 struct bufferevent_openssl *bev_ssl = arg;
1119 int r = 0;
1120 /* XXX need to hold a reference here. */
1121
1122 if (cbinfo->n_added && bev_ssl->state == BUFFEREVENT_SSL_OPEN) {
1123 if (cbinfo->orig_size == 0)
1124 r = bufferevent_add_event_(&bev_ssl->bev.bev.ev_write,
1125 &bev_ssl->bev.bev.timeout_write);
1126 consider_writing(bev_ssl);
1127 }
1128 /* XXX Handle r < 0 */
1129 (void)r;
1130 }
1131
1132
1133 static int
be_openssl_enable(struct bufferevent * bev,short events)1134 be_openssl_enable(struct bufferevent *bev, short events)
1135 {
1136 struct bufferevent_openssl *bev_ssl = upcast(bev);
1137 int r1 = 0, r2 = 0;
1138
1139 if (bev_ssl->state != BUFFEREVENT_SSL_OPEN)
1140 return 0;
1141
1142 if (events & EV_READ)
1143 r1 = start_reading(bev_ssl);
1144 if (events & EV_WRITE)
1145 r2 = start_writing(bev_ssl);
1146
1147 if (bev_ssl->underlying) {
1148 if (events & EV_READ)
1149 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
1150 if (events & EV_WRITE)
1151 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
1152
1153 if (events & EV_READ)
1154 consider_reading(bev_ssl);
1155 if (events & EV_WRITE)
1156 consider_writing(bev_ssl);
1157 }
1158 return (r1 < 0 || r2 < 0) ? -1 : 0;
1159 }
1160
1161 static int
be_openssl_disable(struct bufferevent * bev,short events)1162 be_openssl_disable(struct bufferevent *bev, short events)
1163 {
1164 struct bufferevent_openssl *bev_ssl = upcast(bev);
1165 if (bev_ssl->state != BUFFEREVENT_SSL_OPEN)
1166 return 0;
1167
1168 if (events & EV_READ)
1169 stop_reading(bev_ssl);
1170 if (events & EV_WRITE)
1171 stop_writing(bev_ssl);
1172
1173 if (bev_ssl->underlying) {
1174 if (events & EV_READ)
1175 BEV_DEL_GENERIC_READ_TIMEOUT(bev);
1176 if (events & EV_WRITE)
1177 BEV_DEL_GENERIC_WRITE_TIMEOUT(bev);
1178 }
1179 return 0;
1180 }
1181
1182 static void
be_openssl_unlink(struct bufferevent * bev)1183 be_openssl_unlink(struct bufferevent *bev)
1184 {
1185 struct bufferevent_openssl *bev_ssl = upcast(bev);
1186
1187 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1188 if (bev_ssl->underlying) {
1189 if (BEV_UPCAST(bev_ssl->underlying)->refcnt < 2) {
1190 event_warnx("BEV_OPT_CLOSE_ON_FREE set on an "
1191 "bufferevent with too few references");
1192 } else {
1193 bufferevent_free(bev_ssl->underlying);
1194 /* We still have a reference to it, via our
1195 * BIO. So we don't drop this. */
1196 // bev_ssl->underlying = NULL;
1197 }
1198 }
1199 } else {
1200 if (bev_ssl->underlying) {
1201 if (bev_ssl->underlying->errorcb == be_openssl_eventcb)
1202 bufferevent_setcb(bev_ssl->underlying,
1203 NULL,NULL,NULL,NULL);
1204 bufferevent_unsuspend_read_(bev_ssl->underlying,
1205 BEV_SUSPEND_FILT_READ);
1206 }
1207 }
1208 }
1209
1210 static void
be_openssl_destruct(struct bufferevent * bev)1211 be_openssl_destruct(struct bufferevent *bev)
1212 {
1213 struct bufferevent_openssl *bev_ssl = upcast(bev);
1214
1215 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1216 if (! bev_ssl->underlying) {
1217 evutil_socket_t fd = -1;
1218 BIO *bio = SSL_get_wbio(bev_ssl->ssl);
1219 if (bio)
1220 fd = BIO_get_fd(bio, NULL);
1221 if (fd >= 0)
1222 evutil_closesocket(fd);
1223 }
1224 SSL_free(bev_ssl->ssl);
1225 }
1226 }
1227
1228 static int
be_openssl_adj_timeouts(struct bufferevent * bev)1229 be_openssl_adj_timeouts(struct bufferevent *bev)
1230 {
1231 struct bufferevent_openssl *bev_ssl = upcast(bev);
1232
1233 if (bev_ssl->underlying) {
1234 return bufferevent_generic_adj_timeouts_(bev);
1235 } else {
1236 int r1=0, r2=0;
1237 if (event_pending(&bev->ev_read, EV_READ, NULL)) {
1238 if (evutil_timerisset(&bev->timeout_read)) {
1239 r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
1240 } else {
1241 event_remove_timer(&bev->ev_read);
1242 }
1243 }
1244 if (event_pending(&bev->ev_write, EV_WRITE, NULL)) {
1245 if (evutil_timerisset(&bev->timeout_write)) {
1246 r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
1247 } else {
1248 event_remove_timer(&bev->ev_write);
1249 }
1250 }
1251
1252 return (r1<0 || r2<0) ? -1 : 0;
1253 }
1254 }
1255
1256 static int
be_openssl_flush(struct bufferevent * bufev,short iotype,enum bufferevent_flush_mode mode)1257 be_openssl_flush(struct bufferevent *bufev,
1258 short iotype, enum bufferevent_flush_mode mode)
1259 {
1260 /* XXXX Implement this. */
1261 return 0;
1262 }
1263
1264 static int
be_openssl_ctrl(struct bufferevent * bev,enum bufferevent_ctrl_op op,union bufferevent_ctrl_data * data)1265 be_openssl_ctrl(struct bufferevent *bev,
1266 enum bufferevent_ctrl_op op, union bufferevent_ctrl_data *data)
1267 {
1268 struct bufferevent_openssl *bev_ssl = upcast(bev);
1269 switch (op) {
1270 case BEV_CTRL_SET_FD:
1271 if (bev_ssl->underlying)
1272 return -1;
1273 {
1274 BIO *bio;
1275 bio = BIO_new_socket(data->fd, 0);
1276 SSL_set_bio(bev_ssl->ssl, bio, bio);
1277 bev_ssl->fd_is_set = 1;
1278 }
1279 if (data->fd == -1)
1280 bev_ssl->fd_is_set = 0;
1281 if (bev_ssl->state == BUFFEREVENT_SSL_OPEN)
1282 return set_open_callbacks(bev_ssl, data->fd);
1283 else {
1284 return set_handshake_callbacks(bev_ssl, data->fd);
1285 }
1286 case BEV_CTRL_GET_FD:
1287 if (bev_ssl->underlying)
1288 return -1;
1289 if (!bev_ssl->fd_is_set)
1290 return -1;
1291 data->fd = event_get_fd(&bev->ev_read);
1292 return 0;
1293 case BEV_CTRL_GET_UNDERLYING:
1294 if (!bev_ssl->underlying)
1295 return -1;
1296 data->ptr = bev_ssl->underlying;
1297 return 0;
1298 case BEV_CTRL_CANCEL_ALL:
1299 default:
1300 return -1;
1301 }
1302 }
1303
1304 SSL *
bufferevent_openssl_get_ssl(struct bufferevent * bufev)1305 bufferevent_openssl_get_ssl(struct bufferevent *bufev)
1306 {
1307 struct bufferevent_openssl *bev_ssl = upcast(bufev);
1308 if (!bev_ssl)
1309 return NULL;
1310 return bev_ssl->ssl;
1311 }
1312
1313 static struct bufferevent *
bufferevent_openssl_new_impl(struct event_base * base,struct bufferevent * underlying,evutil_socket_t fd,SSL * ssl,enum bufferevent_ssl_state state,int options)1314 bufferevent_openssl_new_impl(struct event_base *base,
1315 struct bufferevent *underlying,
1316 evutil_socket_t fd,
1317 SSL *ssl,
1318 enum bufferevent_ssl_state state,
1319 int options)
1320 {
1321 struct bufferevent_openssl *bev_ssl = NULL;
1322 struct bufferevent_private *bev_p = NULL;
1323 int tmp_options = options & ~BEV_OPT_THREADSAFE;
1324
1325 if (underlying != NULL && fd >= 0)
1326 return NULL; /* Only one can be set. */
1327
1328 if (!(bev_ssl = mm_calloc(1, sizeof(struct bufferevent_openssl))))
1329 goto err;
1330
1331 bev_p = &bev_ssl->bev;
1332
1333 if (bufferevent_init_common_(bev_p, base,
1334 &bufferevent_ops_openssl, tmp_options) < 0)
1335 goto err;
1336
1337 /* Don't explode if we decide to realloc a chunk we're writing from in
1338 * the output buffer. */
1339 SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1340
1341 bev_ssl->underlying = underlying;
1342 bev_ssl->ssl = ssl;
1343
1344 bev_ssl->outbuf_cb = evbuffer_add_cb(bev_p->bev.output,
1345 be_openssl_outbuf_cb, bev_ssl);
1346
1347 if (options & BEV_OPT_THREADSAFE)
1348 bufferevent_enable_locking_(&bev_ssl->bev.bev, NULL);
1349
1350 if (underlying) {
1351 bufferevent_init_generic_timeout_cbs_(&bev_ssl->bev.bev);
1352 bufferevent_incref_(underlying);
1353 }
1354
1355 bev_ssl->state = state;
1356 bev_ssl->last_write = -1;
1357
1358 init_bio_counts(bev_ssl);
1359
1360 switch (state) {
1361 case BUFFEREVENT_SSL_ACCEPTING:
1362 SSL_set_accept_state(bev_ssl->ssl);
1363 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1364 goto err;
1365 break;
1366 case BUFFEREVENT_SSL_CONNECTING:
1367 SSL_set_connect_state(bev_ssl->ssl);
1368 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1369 goto err;
1370 break;
1371 case BUFFEREVENT_SSL_OPEN:
1372 if (set_open_callbacks(bev_ssl, fd) < 0)
1373 goto err;
1374 break;
1375 default:
1376 goto err;
1377 }
1378
1379 if (underlying) {
1380 bufferevent_setwatermark(underlying, EV_READ, 0, 0);
1381 bufferevent_enable(underlying, EV_READ|EV_WRITE);
1382 if (state == BUFFEREVENT_SSL_OPEN)
1383 bufferevent_suspend_read_(underlying,
1384 BEV_SUSPEND_FILT_READ);
1385 } else {
1386 bev_ssl->bev.bev.enabled = EV_READ|EV_WRITE;
1387 if (bev_ssl->fd_is_set) {
1388 if (state != BUFFEREVENT_SSL_OPEN)
1389 if (event_add(&bev_ssl->bev.bev.ev_read, NULL) < 0)
1390 goto err;
1391 if (event_add(&bev_ssl->bev.bev.ev_write, NULL) < 0)
1392 goto err;
1393 }
1394 }
1395
1396 return &bev_ssl->bev.bev;
1397 err:
1398 if (bev_ssl)
1399 bufferevent_free(&bev_ssl->bev.bev);
1400 return NULL;
1401 }
1402
1403 struct bufferevent *
bufferevent_openssl_filter_new(struct event_base * base,struct bufferevent * underlying,SSL * ssl,enum bufferevent_ssl_state state,int options)1404 bufferevent_openssl_filter_new(struct event_base *base,
1405 struct bufferevent *underlying,
1406 SSL *ssl,
1407 enum bufferevent_ssl_state state,
1408 int options)
1409 {
1410 /* We don't tell the BIO to close the bufferevent; we do it ourselves
1411 * on be_openssl_destruct */
1412 int close_flag = 0; /* options & BEV_OPT_CLOSE_ON_FREE; */
1413 BIO *bio;
1414 if (!underlying)
1415 return NULL;
1416 if (!(bio = BIO_new_bufferevent(underlying, close_flag)))
1417 return NULL;
1418
1419 SSL_set_bio(ssl, bio, bio);
1420
1421 return bufferevent_openssl_new_impl(
1422 base, underlying, -1, ssl, state, options);
1423 }
1424
1425 struct bufferevent *
bufferevent_openssl_socket_new(struct event_base * base,evutil_socket_t fd,SSL * ssl,enum bufferevent_ssl_state state,int options)1426 bufferevent_openssl_socket_new(struct event_base *base,
1427 evutil_socket_t fd,
1428 SSL *ssl,
1429 enum bufferevent_ssl_state state,
1430 int options)
1431 {
1432 /* Does the SSL already have an fd? */
1433 BIO *bio = SSL_get_wbio(ssl);
1434 long have_fd = -1;
1435
1436 if (bio)
1437 have_fd = BIO_get_fd(bio, NULL);
1438
1439 if (have_fd >= 0) {
1440 /* The SSL is already configured with an fd. */
1441 if (fd < 0) {
1442 /* We should learn the fd from the SSL. */
1443 fd = (evutil_socket_t) have_fd;
1444 } else if (have_fd == (long)fd) {
1445 /* We already know the fd from the SSL; do nothing */
1446 } else {
1447 /* We specified an fd different from that of the SSL.
1448 This is probably an error on our part. Fail. */
1449 return NULL;
1450 }
1451 (void) BIO_set_close(bio, 0);
1452 } else {
1453 /* The SSL isn't configured with a BIO with an fd. */
1454 if (fd >= 0) {
1455 /* ... and we have an fd we want to use. */
1456 bio = BIO_new_socket(fd, 0);
1457 SSL_set_bio(ssl, bio, bio);
1458 } else {
1459 /* Leave the fd unset. */
1460 }
1461 }
1462
1463 return bufferevent_openssl_new_impl(
1464 base, NULL, fd, ssl, state, options);
1465 }
1466
1467 int
bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent * bev)1468 bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev)
1469 {
1470 int allow_dirty_shutdown = -1;
1471 struct bufferevent_openssl *bev_ssl;
1472 BEV_LOCK(bev);
1473 bev_ssl = upcast(bev);
1474 if (bev_ssl)
1475 allow_dirty_shutdown = bev_ssl->allow_dirty_shutdown;
1476 BEV_UNLOCK(bev);
1477 return allow_dirty_shutdown;
1478 }
1479
1480 void
bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent * bev,int allow_dirty_shutdown)1481 bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev,
1482 int allow_dirty_shutdown)
1483 {
1484 struct bufferevent_openssl *bev_ssl;
1485 BEV_LOCK(bev);
1486 bev_ssl = upcast(bev);
1487 if (bev_ssl)
1488 bev_ssl->allow_dirty_shutdown = !!allow_dirty_shutdown;
1489 BEV_UNLOCK(bev);
1490 }
1491
1492 unsigned long
bufferevent_get_openssl_error(struct bufferevent * bev)1493 bufferevent_get_openssl_error(struct bufferevent *bev)
1494 {
1495 unsigned long err = 0;
1496 struct bufferevent_openssl *bev_ssl;
1497 BEV_LOCK(bev);
1498 bev_ssl = upcast(bev);
1499 if (bev_ssl && bev_ssl->n_errors) {
1500 err = bev_ssl->errors[--bev_ssl->n_errors];
1501 }
1502 BEV_UNLOCK(bev);
1503 return err;
1504 }
1505