1 /* $NetBSD: bufferevent_openssl.c,v 1.6 2020/05/25 20:47:33 christos Exp $ */
2
3 /*
4 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 // Get rid of OSX 10.7 and greater deprecation warnings.
30 #if defined(__APPLE__) && defined(__clang__)
31 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
32 #endif
33
34 #include "event2/event-config.h"
35 #include "evconfig-private.h"
36
37 #include <sys/types.h>
38
39 #ifdef EVENT__HAVE_SYS_TIME_H
40 #include <sys/time.h>
41 #endif
42
43 #include <errno.h>
44 #include <stdio.h>
45 #include <stdlib.h>
46 #include <string.h>
47 #ifdef EVENT__HAVE_STDARG_H
48 #include <stdarg.h>
49 #endif
50 #ifdef EVENT__HAVE_UNISTD_H
51 #include <unistd.h>
52 #endif
53
54 #ifdef _WIN32
55 #include <winsock2.h>
56 #endif
57
58 #include "event2/bufferevent.h"
59 #include "event2/bufferevent_struct.h"
60 #include "event2/bufferevent_ssl.h"
61 #include "event2/buffer.h"
62 #include "event2/event.h"
63
64 #include "mm-internal.h"
65 #include "bufferevent-internal.h"
66 #include "log-internal.h"
67
68 #include <openssl/bio.h>
69 #include <openssl/ssl.h>
70 #include <openssl/err.h>
71
72 /*
73 * Define an OpenSSL bio that targets a bufferevent.
74 */
75
76 /* --------------------
77 A BIO is an OpenSSL abstraction that handles reading and writing data. The
78 library will happily speak SSL over anything that implements a BIO
79 interface.
80
81 Here we define a BIO implementation that directs its output to a
82 bufferevent. We'll want to use this only when none of OpenSSL's built-in
83 IO mechanisms work for us.
84 -------------------- */
85
86 /* every BIO type needs its own integer type value. */
87 #define BIO_TYPE_LIBEVENT 57
88 /* ???? Arguably, we should set BIO_TYPE_FILTER or BIO_TYPE_SOURCE_SINK on
89 * this. */
90
91 #if 0
92 static void
93 print_err(int val)
94 {
95 int err;
96 printf("Error was %d\n", val);
97
98 while ((err = ERR_get_error())) {
99 const char *msg = (const char*)ERR_reason_error_string(err);
100 const char *lib = (const char*)ERR_lib_error_string(err);
101 const char *func = (const char*)ERR_func_error_string(err);
102
103 printf("%s in %s %s\n", msg, lib, func);
104 }
105 }
106 #else
107 #define print_err(v) ((void)0)
108 #endif
109
110 /* Called to initialize a new BIO */
111 static int
bio_bufferevent_new(BIO * b)112 bio_bufferevent_new(BIO *b)
113 {
114 b->init = 0;
115 b->num = -1;
116 b->ptr = NULL; /* We'll be putting the bufferevent in this field.*/
117 b->flags = 0;
118 return 1;
119 }
120
121 /* Called to uninitialize the BIO. */
122 static int
bio_bufferevent_free(BIO * b)123 bio_bufferevent_free(BIO *b)
124 {
125 if (!b)
126 return 0;
127 if (b->shutdown) {
128 if (b->init && b->ptr)
129 bufferevent_free(b->ptr);
130 b->init = 0;
131 b->flags = 0;
132 b->ptr = NULL;
133 }
134 return 1;
135 }
136
137 /* Called to extract data from the BIO. */
138 static int
bio_bufferevent_read(BIO * b,char * out,int outlen)139 bio_bufferevent_read(BIO *b, char *out, int outlen)
140 {
141 int r = 0;
142 struct evbuffer *input;
143
144 BIO_clear_retry_flags(b);
145
146 if (!out)
147 return 0;
148 if (!b->ptr)
149 return -1;
150
151 input = bufferevent_get_input(b->ptr);
152 if (evbuffer_get_length(input) == 0) {
153 /* If there's no data to read, say so. */
154 BIO_set_retry_read(b);
155 return -1;
156 } else {
157 r = evbuffer_remove(input, out, outlen);
158 }
159
160 return r;
161 }
162
163 /* Called to write data info the BIO */
164 static int
bio_bufferevent_write(BIO * b,const char * in,int inlen)165 bio_bufferevent_write(BIO *b, const char *in, int inlen)
166 {
167 struct bufferevent *bufev = b->ptr;
168 struct evbuffer *output;
169 size_t outlen;
170
171 BIO_clear_retry_flags(b);
172
173 if (!b->ptr)
174 return -1;
175
176 output = bufferevent_get_output(bufev);
177 outlen = evbuffer_get_length(output);
178
179 /* Copy only as much data onto the output buffer as can fit under the
180 * high-water mark. */
181 if (bufev->wm_write.high && bufev->wm_write.high <= (outlen+inlen)) {
182 if (bufev->wm_write.high <= outlen) {
183 /* If no data can fit, we'll need to retry later. */
184 BIO_set_retry_write(b);
185 return -1;
186 }
187 inlen = bufev->wm_write.high - outlen;
188 }
189
190 EVUTIL_ASSERT(inlen > 0);
191 evbuffer_add(output, in, inlen);
192 return inlen;
193 }
194
195 /* Called to handle various requests */
196 static long
bio_bufferevent_ctrl(BIO * b,int cmd,long num,void * ptr)197 bio_bufferevent_ctrl(BIO *b, int cmd, long num, void *ptr)
198 {
199 struct bufferevent *bufev = b->ptr;
200 long ret = 1;
201
202 switch (cmd) {
203 case BIO_CTRL_GET_CLOSE:
204 ret = b->shutdown;
205 break;
206 case BIO_CTRL_SET_CLOSE:
207 b->shutdown = (int)num;
208 break;
209 case BIO_CTRL_PENDING:
210 ret = evbuffer_get_length(bufferevent_get_input(bufev)) != 0;
211 break;
212 case BIO_CTRL_WPENDING:
213 ret = evbuffer_get_length(bufferevent_get_output(bufev)) != 0;
214 break;
215 /* XXXX These two are given a special-case treatment because
216 * of cargo-cultism. I should come up with a better reason. */
217 case BIO_CTRL_DUP:
218 case BIO_CTRL_FLUSH:
219 ret = 1;
220 break;
221 default:
222 ret = 0;
223 break;
224 }
225 return ret;
226 }
227
228 /* Called to write a string to the BIO */
229 static int
bio_bufferevent_puts(BIO * b,const char * s)230 bio_bufferevent_puts(BIO *b, const char *s)
231 {
232 return bio_bufferevent_write(b, s, strlen(s));
233 }
234
235 /* Method table for the bufferevent BIO */
236 static BIO_METHOD methods_bufferevent = {
237 BIO_TYPE_LIBEVENT, "bufferevent",
238 bio_bufferevent_write,
239 bio_bufferevent_read,
240 bio_bufferevent_puts,
241 NULL /* bio_bufferevent_gets */,
242 bio_bufferevent_ctrl,
243 bio_bufferevent_new,
244 bio_bufferevent_free,
245 NULL /* callback_ctrl */,
246 };
247
248 /* Return the method table for the bufferevents BIO */
249 static BIO_METHOD *
BIO_s_bufferevent(void)250 BIO_s_bufferevent(void)
251 {
252 return &methods_bufferevent;
253 }
254
255 /* Create a new BIO to wrap communication around a bufferevent. If close_flag
256 * is true, the bufferevent will be freed when the BIO is closed. */
257 static BIO *
BIO_new_bufferevent(struct bufferevent * bufferevent,int close_flag)258 BIO_new_bufferevent(struct bufferevent *bufferevent, int close_flag)
259 {
260 BIO *result;
261 if (!bufferevent)
262 return NULL;
263 if (!(result = BIO_new(BIO_s_bufferevent())))
264 return NULL;
265 result->init = 1;
266 result->ptr = bufferevent;
267 result->shutdown = close_flag ? 1 : 0;
268 return result;
269 }
270
271 /* --------------------
272 Now, here's the OpenSSL-based implementation of bufferevent.
273
274 The implementation comes in two flavors: one that connects its SSL object
275 to an underlying bufferevent using a BIO_bufferevent, and one that has the
276 SSL object connect to a socket directly. The latter should generally be
277 faster, except on Windows, where your best bet is using a
278 bufferevent_async.
279
280 (OpenSSL supports many other BIO types, too. But we can't use any unless
281 we have a good way to get notified when they become readable/writable.)
282 -------------------- */
283
284 struct bio_data_counts {
285 unsigned long n_written;
286 unsigned long n_read;
287 };
288
289 struct bufferevent_openssl {
290 /* Shared fields with common bufferevent implementation code.
291 If we were set up with an underlying bufferevent, we use the
292 events here as timers only. If we have an SSL, then we use
293 the events as socket events.
294 */
295 struct bufferevent_private bev;
296 /* An underlying bufferevent that we're directing our output to.
297 If it's NULL, then we're connected to an fd, not an evbuffer. */
298 struct bufferevent *underlying;
299 /* The SSL object doing our encryption. */
300 SSL *ssl;
301
302 /* A callback that's invoked when data arrives on our outbuf so we
303 know to write data to the SSL. */
304 struct evbuffer_cb_entry *outbuf_cb;
305
306 /* A count of how much data the bios have read/written total. Used
307 for rate-limiting. */
308 struct bio_data_counts counts;
309
310 /* If this value is greater than 0, then the last SSL_write blocked,
311 * and we need to try it again with this many bytes. */
312 ev_ssize_t last_write;
313
314 #define NUM_ERRORS 3
315 ev_uint32_t errors[NUM_ERRORS];
316
317 /* When we next get available space, we should say "read" instead of
318 "write". This can happen if there's a renegotiation during a read
319 operation. */
320 unsigned read_blocked_on_write : 1;
321 /* When we next get data, we should say "write" instead of "read". */
322 unsigned write_blocked_on_read : 1;
323 /* Treat TCP close before SSL close on SSL >= v3 as clean EOF. */
324 unsigned allow_dirty_shutdown : 1;
325 /* XXXX */
326 unsigned fd_is_set : 1;
327 /* XXX */
328 unsigned n_errors : 2;
329
330 /* Are we currently connecting, accepting, or doing IO? */
331 unsigned state : 2;
332 };
333
334 static int be_openssl_enable(struct bufferevent *, short);
335 static int be_openssl_disable(struct bufferevent *, short);
336 static void be_openssl_unlink(struct bufferevent *);
337 static void be_openssl_destruct(struct bufferevent *);
338 static int be_openssl_adj_timeouts(struct bufferevent *);
339 static int be_openssl_flush(struct bufferevent *bufev,
340 short iotype, enum bufferevent_flush_mode mode);
341 static int be_openssl_ctrl(struct bufferevent *, enum bufferevent_ctrl_op, union bufferevent_ctrl_data *);
342
343 const struct bufferevent_ops bufferevent_ops_openssl = {
344 "ssl",
345 evutil_offsetof(struct bufferevent_openssl, bev.bev),
346 be_openssl_enable,
347 be_openssl_disable,
348 be_openssl_unlink,
349 be_openssl_destruct,
350 be_openssl_adj_timeouts,
351 be_openssl_flush,
352 be_openssl_ctrl,
353 };
354
355 /* Given a bufferevent, return a pointer to the bufferevent_openssl that
356 * contains it, if any. */
357 static inline struct bufferevent_openssl *
upcast(struct bufferevent * bev)358 upcast(struct bufferevent *bev)
359 {
360 struct bufferevent_openssl *bev_o;
361 if (bev->be_ops != &bufferevent_ops_openssl)
362 return NULL;
363 bev_o = (void*)( ((char*)bev) -
364 evutil_offsetof(struct bufferevent_openssl, bev.bev));
365 EVUTIL_ASSERT(bev_o->bev.bev.be_ops == &bufferevent_ops_openssl);
366 return bev_o;
367 }
368
369 static inline void
put_error(struct bufferevent_openssl * bev_ssl,unsigned long err)370 put_error(struct bufferevent_openssl *bev_ssl, unsigned long err)
371 {
372 if (bev_ssl->n_errors == NUM_ERRORS)
373 return;
374 /* The error type according to openssl is "unsigned long", but
375 openssl never uses more than 32 bits of it. It _can't_ use more
376 than 32 bits of it, since it needs to report errors on systems
377 where long is only 32 bits.
378 */
379 bev_ssl->errors[bev_ssl->n_errors++] = (ev_uint32_t) err;
380 }
381
382 /* Have the base communications channel (either the underlying bufferevent or
383 * ev_read and ev_write) start reading. Take the read-blocked-on-write flag
384 * into account. */
385 static int
start_reading(struct bufferevent_openssl * bev_ssl)386 start_reading(struct bufferevent_openssl *bev_ssl)
387 {
388 if (bev_ssl->underlying) {
389 bufferevent_unsuspend_read_(bev_ssl->underlying,
390 BEV_SUSPEND_FILT_READ);
391 return 0;
392 } else {
393 struct bufferevent *bev = &bev_ssl->bev.bev;
394 int r;
395 r = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
396 if (r == 0 && bev_ssl->read_blocked_on_write)
397 r = bufferevent_add_event_(&bev->ev_write,
398 &bev->timeout_write);
399 return r;
400 }
401 }
402
403 /* Have the base communications channel (either the underlying bufferevent or
404 * ev_read and ev_write) start writing. Take the write-blocked-on-read flag
405 * into account. */
406 static int
start_writing(struct bufferevent_openssl * bev_ssl)407 start_writing(struct bufferevent_openssl *bev_ssl)
408 {
409 int r = 0;
410 if (bev_ssl->underlying) {
411 ;
412 } else {
413 struct bufferevent *bev = &bev_ssl->bev.bev;
414 r = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
415 if (!r && bev_ssl->write_blocked_on_read)
416 r = bufferevent_add_event_(&bev->ev_read,
417 &bev->timeout_read);
418 }
419 return r;
420 }
421
422 static void
stop_reading(struct bufferevent_openssl * bev_ssl)423 stop_reading(struct bufferevent_openssl *bev_ssl)
424 {
425 if (bev_ssl->write_blocked_on_read)
426 return;
427 if (bev_ssl->underlying) {
428 bufferevent_suspend_read_(bev_ssl->underlying,
429 BEV_SUSPEND_FILT_READ);
430 } else {
431 struct bufferevent *bev = &bev_ssl->bev.bev;
432 event_del(&bev->ev_read);
433 }
434 }
435
436 static void
stop_writing(struct bufferevent_openssl * bev_ssl)437 stop_writing(struct bufferevent_openssl *bev_ssl)
438 {
439 if (bev_ssl->read_blocked_on_write)
440 return;
441 if (bev_ssl->underlying) {
442 ;
443 } else {
444 struct bufferevent *bev = &bev_ssl->bev.bev;
445 event_del(&bev->ev_write);
446 }
447 }
448
449 static int
set_rbow(struct bufferevent_openssl * bev_ssl)450 set_rbow(struct bufferevent_openssl *bev_ssl)
451 {
452 if (!bev_ssl->underlying)
453 stop_reading(bev_ssl);
454 bev_ssl->read_blocked_on_write = 1;
455 return start_writing(bev_ssl);
456 }
457
458 static int
set_wbor(struct bufferevent_openssl * bev_ssl)459 set_wbor(struct bufferevent_openssl *bev_ssl)
460 {
461 if (!bev_ssl->underlying)
462 stop_writing(bev_ssl);
463 bev_ssl->write_blocked_on_read = 1;
464 return start_reading(bev_ssl);
465 }
466
467 static int
clear_rbow(struct bufferevent_openssl * bev_ssl)468 clear_rbow(struct bufferevent_openssl *bev_ssl)
469 {
470 struct bufferevent *bev = &bev_ssl->bev.bev;
471 int r = 0;
472 bev_ssl->read_blocked_on_write = 0;
473 if (!(bev->enabled & EV_WRITE))
474 stop_writing(bev_ssl);
475 if (bev->enabled & EV_READ)
476 r = start_reading(bev_ssl);
477 return r;
478 }
479
480
481 static int
clear_wbor(struct bufferevent_openssl * bev_ssl)482 clear_wbor(struct bufferevent_openssl *bev_ssl)
483 {
484 struct bufferevent *bev = &bev_ssl->bev.bev;
485 int r = 0;
486 bev_ssl->write_blocked_on_read = 0;
487 if (!(bev->enabled & EV_READ))
488 stop_reading(bev_ssl);
489 if (bev->enabled & EV_WRITE)
490 r = start_writing(bev_ssl);
491 return r;
492 }
493
494 static void
conn_closed(struct bufferevent_openssl * bev_ssl,int when,int errcode,int ret)495 conn_closed(struct bufferevent_openssl *bev_ssl, int when, int errcode, int ret)
496 {
497 int event = BEV_EVENT_ERROR;
498 int dirty_shutdown = 0;
499 unsigned long err;
500
501 switch (errcode) {
502 case SSL_ERROR_ZERO_RETURN:
503 /* Possibly a clean shutdown. */
504 if (SSL_get_shutdown(bev_ssl->ssl) & SSL_RECEIVED_SHUTDOWN)
505 event = BEV_EVENT_EOF;
506 else
507 dirty_shutdown = 1;
508 break;
509 case SSL_ERROR_SYSCALL:
510 /* IO error; possibly a dirty shutdown. */
511 if (ret == 0 && ERR_peek_error() == 0)
512 dirty_shutdown = 1;
513 break;
514 case SSL_ERROR_SSL:
515 /* Protocol error. */
516 break;
517 case SSL_ERROR_WANT_X509_LOOKUP:
518 /* XXXX handle this. */
519 break;
520 case SSL_ERROR_NONE:
521 case SSL_ERROR_WANT_READ:
522 case SSL_ERROR_WANT_WRITE:
523 case SSL_ERROR_WANT_CONNECT:
524 case SSL_ERROR_WANT_ACCEPT:
525 default:
526 /* should be impossible; treat as normal error. */
527 event_warnx("BUG: Unexpected OpenSSL error code %d", errcode);
528 break;
529 }
530
531 while ((err = ERR_get_error())) {
532 put_error(bev_ssl, err);
533 }
534
535 if (dirty_shutdown && bev_ssl->allow_dirty_shutdown)
536 event = BEV_EVENT_EOF;
537
538 stop_reading(bev_ssl);
539 stop_writing(bev_ssl);
540
541 /* when is BEV_EVENT_{READING|WRITING} */
542 event = when | event;
543 bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
544 }
545
546 static void
init_bio_counts(struct bufferevent_openssl * bev_ssl)547 init_bio_counts(struct bufferevent_openssl *bev_ssl)
548 {
549 bev_ssl->counts.n_written =
550 BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
551 bev_ssl->counts.n_read =
552 BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
553 }
554
555 static inline void
decrement_buckets(struct bufferevent_openssl * bev_ssl)556 decrement_buckets(struct bufferevent_openssl *bev_ssl)
557 {
558 unsigned long num_w = BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
559 unsigned long num_r = BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
560 /* These next two subtractions can wrap around. That's okay. */
561 unsigned long w = num_w - bev_ssl->counts.n_written;
562 unsigned long r = num_r - bev_ssl->counts.n_read;
563 if (w)
564 bufferevent_decrement_write_buckets_(&bev_ssl->bev, w);
565 if (r)
566 bufferevent_decrement_read_buckets_(&bev_ssl->bev, r);
567 bev_ssl->counts.n_written = num_w;
568 bev_ssl->counts.n_read = num_r;
569 }
570
571 #define OP_MADE_PROGRESS 1
572 #define OP_BLOCKED 2
573 #define OP_ERR 4
574
575 /* Return a bitmask of OP_MADE_PROGRESS (if we read anything); OP_BLOCKED (if
576 we're now blocked); and OP_ERR (if an error occurred). */
577 static int
do_read(struct bufferevent_openssl * bev_ssl,int n_to_read)578 do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) {
579 /* Requires lock */
580 struct bufferevent *bev = &bev_ssl->bev.bev;
581 struct evbuffer *input = bev->input;
582 int r, n, i, n_used = 0, atmost;
583 struct evbuffer_iovec space[2];
584 int result = 0;
585
586 if (bev_ssl->bev.read_suspended)
587 return 0;
588
589 atmost = bufferevent_get_read_max_(&bev_ssl->bev);
590 if (n_to_read > atmost)
591 n_to_read = atmost;
592
593 n = evbuffer_reserve_space(input, n_to_read, space, 2);
594 if (n < 0)
595 return OP_ERR;
596
597 for (i=0; i<n; ++i) {
598 if (bev_ssl->bev.read_suspended)
599 break;
600 r = SSL_read(bev_ssl->ssl, space[i].iov_base, space[i].iov_len);
601 if (r>0) {
602 result |= OP_MADE_PROGRESS;
603 if (bev_ssl->read_blocked_on_write)
604 if (clear_rbow(bev_ssl) < 0)
605 return OP_ERR | result;
606 ++n_used;
607 space[i].iov_len = r;
608 decrement_buckets(bev_ssl);
609 } else {
610 int err = SSL_get_error(bev_ssl->ssl, r);
611 print_err(err);
612 switch (err) {
613 case SSL_ERROR_WANT_READ:
614 /* Can't read until underlying has more data. */
615 if (bev_ssl->read_blocked_on_write)
616 if (clear_rbow(bev_ssl) < 0)
617 return OP_ERR | result;
618 break;
619 case SSL_ERROR_WANT_WRITE:
620 /* This read operation requires a write, and the
621 * underlying is full */
622 if (!bev_ssl->read_blocked_on_write)
623 if (set_rbow(bev_ssl) < 0)
624 return OP_ERR | result;
625 break;
626 default:
627 conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
628 break;
629 }
630 result |= OP_BLOCKED;
631 break; /* out of the loop */
632 }
633 }
634
635 if (n_used) {
636 evbuffer_commit_space(input, space, n_used);
637 if (bev_ssl->underlying)
638 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
639 }
640
641 return result;
642 }
643
644 /* Return a bitmask of OP_MADE_PROGRESS (if we wrote anything); OP_BLOCKED (if
645 we're now blocked); and OP_ERR (if an error occurred). */
646 static int
do_write(struct bufferevent_openssl * bev_ssl,int atmost)647 do_write(struct bufferevent_openssl *bev_ssl, int atmost)
648 {
649 int i, r, n, n_written = 0;
650 struct bufferevent *bev = &bev_ssl->bev.bev;
651 struct evbuffer *output = bev->output;
652 struct evbuffer_iovec space[8];
653 int result = 0;
654
655 if (bev_ssl->last_write > 0)
656 atmost = bev_ssl->last_write;
657 else
658 atmost = bufferevent_get_write_max_(&bev_ssl->bev);
659
660 n = evbuffer_peek(output, atmost, NULL, space, 8);
661 if (n < 0)
662 return OP_ERR | result;
663
664 if (n > 8)
665 n = 8;
666 for (i=0; i < n; ++i) {
667 if (bev_ssl->bev.write_suspended)
668 break;
669
670 /* SSL_write will (reasonably) return 0 if we tell it to
671 send 0 data. Skip this case so we don't interpret the
672 result as an error */
673 if (space[i].iov_len == 0)
674 continue;
675
676 r = SSL_write(bev_ssl->ssl, space[i].iov_base,
677 space[i].iov_len);
678 if (r > 0) {
679 result |= OP_MADE_PROGRESS;
680 if (bev_ssl->write_blocked_on_read)
681 if (clear_wbor(bev_ssl) < 0)
682 return OP_ERR | result;
683 n_written += r;
684 bev_ssl->last_write = -1;
685 decrement_buckets(bev_ssl);
686 } else {
687 int err = SSL_get_error(bev_ssl->ssl, r);
688 print_err(err);
689 switch (err) {
690 case SSL_ERROR_WANT_WRITE:
691 /* Can't read until underlying has more data. */
692 if (bev_ssl->write_blocked_on_read)
693 if (clear_wbor(bev_ssl) < 0)
694 return OP_ERR | result;
695 bev_ssl->last_write = space[i].iov_len;
696 break;
697 case SSL_ERROR_WANT_READ:
698 /* This read operation requires a write, and the
699 * underlying is full */
700 if (!bev_ssl->write_blocked_on_read)
701 if (set_wbor(bev_ssl) < 0)
702 return OP_ERR | result;
703 bev_ssl->last_write = space[i].iov_len;
704 break;
705 default:
706 conn_closed(bev_ssl, BEV_EVENT_WRITING, err, r);
707 bev_ssl->last_write = -1;
708 break;
709 }
710 result |= OP_BLOCKED;
711 break;
712 }
713 }
714 if (n_written) {
715 evbuffer_drain(output, n_written);
716 if (bev_ssl->underlying)
717 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
718
719 bufferevent_trigger_nolock_(bev, EV_WRITE, 0);
720 }
721 return result;
722 }
723
724 #define WRITE_FRAME 15000
725
726 #define READ_DEFAULT 4096
727
728 /* Try to figure out how many bytes to read; return 0 if we shouldn't be
729 * reading. */
730 static int
bytes_to_read(struct bufferevent_openssl * bev)731 bytes_to_read(struct bufferevent_openssl *bev)
732 {
733 struct evbuffer *input = bev->bev.bev.input;
734 struct event_watermark *wm = &bev->bev.bev.wm_read;
735 int result = READ_DEFAULT;
736 ev_ssize_t limit;
737 /* XXX 99% of this is generic code that nearly all bufferevents will
738 * want. */
739
740 if (bev->write_blocked_on_read) {
741 return 0;
742 }
743
744 if (! (bev->bev.bev.enabled & EV_READ)) {
745 return 0;
746 }
747
748 if (bev->bev.read_suspended) {
749 return 0;
750 }
751
752 if (wm->high) {
753 if (evbuffer_get_length(input) >= wm->high) {
754 return 0;
755 }
756
757 result = wm->high - evbuffer_get_length(input);
758 } else {
759 result = READ_DEFAULT;
760 }
761
762 /* Respect the rate limit */
763 limit = bufferevent_get_read_max_(&bev->bev);
764 if (result > limit) {
765 result = limit;
766 }
767
768 return result;
769 }
770
771
772 /* Things look readable. If write is blocked on read, write till it isn't.
773 * Read from the underlying buffer until we block or we hit our high-water
774 * mark.
775 */
776 static void
consider_reading(struct bufferevent_openssl * bev_ssl)777 consider_reading(struct bufferevent_openssl *bev_ssl)
778 {
779 int r;
780 int n_to_read;
781 int all_result_flags = 0;
782
783 while (bev_ssl->write_blocked_on_read) {
784 r = do_write(bev_ssl, WRITE_FRAME);
785 if (r & (OP_BLOCKED|OP_ERR))
786 break;
787 }
788 if (bev_ssl->write_blocked_on_read)
789 return;
790
791 n_to_read = bytes_to_read(bev_ssl);
792
793 while (n_to_read) {
794 r = do_read(bev_ssl, n_to_read);
795 all_result_flags |= r;
796
797 if (r & (OP_BLOCKED|OP_ERR))
798 break;
799
800 if (bev_ssl->bev.read_suspended)
801 break;
802
803 /* Read all pending data. This won't hit the network
804 * again, and will (most importantly) put us in a state
805 * where we don't need to read anything else until the
806 * socket is readable again. It'll potentially make us
807 * overrun our read high-watermark (somewhat
808 * regrettable). The damage to the rate-limit has
809 * already been done, since OpenSSL went and read a
810 * whole SSL record anyway. */
811 n_to_read = SSL_pending(bev_ssl->ssl);
812
813 /* XXX This if statement is actually a bad bug, added to avoid
814 * XXX a worse bug.
815 *
816 * The bad bug: It can potentially cause resource unfairness
817 * by reading too much data from the underlying bufferevent;
818 * it can potentially cause read looping if the underlying
819 * bufferevent is a bufferevent_pair and deferred callbacks
820 * aren't used.
821 *
822 * The worse bug: If we didn't do this, then we would
823 * potentially not read any more from bev_ssl->underlying
824 * until more data arrived there, which could lead to us
825 * waiting forever.
826 */
827 if (!n_to_read && bev_ssl->underlying)
828 n_to_read = bytes_to_read(bev_ssl);
829 }
830
831 if (all_result_flags & OP_MADE_PROGRESS) {
832 struct bufferevent *bev = &bev_ssl->bev.bev;
833
834 bufferevent_trigger_nolock_(bev, EV_READ, 0);
835 }
836
837 if (!bev_ssl->underlying) {
838 /* Should be redundant, but let's avoid busy-looping */
839 if (bev_ssl->bev.read_suspended ||
840 !(bev_ssl->bev.bev.enabled & EV_READ)) {
841 event_del(&bev_ssl->bev.bev.ev_read);
842 }
843 }
844 }
845
846 static void
consider_writing(struct bufferevent_openssl * bev_ssl)847 consider_writing(struct bufferevent_openssl *bev_ssl)
848 {
849 int r;
850 struct evbuffer *output = bev_ssl->bev.bev.output;
851 struct evbuffer *target = NULL;
852 struct event_watermark *wm = NULL;
853
854 while (bev_ssl->read_blocked_on_write) {
855 r = do_read(bev_ssl, 1024); /* XXXX 1024 is a hack */
856 if (r & OP_MADE_PROGRESS) {
857 struct bufferevent *bev = &bev_ssl->bev.bev;
858
859 bufferevent_trigger_nolock_(bev, EV_READ, 0);
860 }
861 if (r & (OP_ERR|OP_BLOCKED))
862 break;
863 }
864 if (bev_ssl->read_blocked_on_write)
865 return;
866 if (bev_ssl->underlying) {
867 target = bev_ssl->underlying->output;
868 wm = &bev_ssl->underlying->wm_write;
869 }
870 while ((bev_ssl->bev.bev.enabled & EV_WRITE) &&
871 (! bev_ssl->bev.write_suspended) &&
872 evbuffer_get_length(output) &&
873 (!target || (! wm->high || evbuffer_get_length(target) < wm->high))) {
874 int n_to_write;
875 if (wm && wm->high)
876 n_to_write = wm->high - evbuffer_get_length(target);
877 else
878 n_to_write = WRITE_FRAME;
879 r = do_write(bev_ssl, n_to_write);
880 if (r & (OP_BLOCKED|OP_ERR))
881 break;
882 }
883
884 if (!bev_ssl->underlying) {
885 if (evbuffer_get_length(output) == 0) {
886 event_del(&bev_ssl->bev.bev.ev_write);
887 } else if (bev_ssl->bev.write_suspended ||
888 !(bev_ssl->bev.bev.enabled & EV_WRITE)) {
889 /* Should be redundant, but let's avoid busy-looping */
890 event_del(&bev_ssl->bev.bev.ev_write);
891 }
892 }
893 }
894
895 static void
be_openssl_readcb(struct bufferevent * bev_base,void * ctx)896 be_openssl_readcb(struct bufferevent *bev_base, void *ctx)
897 {
898 struct bufferevent_openssl *bev_ssl = ctx;
899 consider_reading(bev_ssl);
900 }
901
902 static void
be_openssl_writecb(struct bufferevent * bev_base,void * ctx)903 be_openssl_writecb(struct bufferevent *bev_base, void *ctx)
904 {
905 struct bufferevent_openssl *bev_ssl = ctx;
906 consider_writing(bev_ssl);
907 }
908
909 static void
be_openssl_eventcb(struct bufferevent * bev_base,short what,void * ctx)910 be_openssl_eventcb(struct bufferevent *bev_base, short what, void *ctx)
911 {
912 struct bufferevent_openssl *bev_ssl = ctx;
913 int event = 0;
914
915 if (what & BEV_EVENT_EOF) {
916 if (bev_ssl->allow_dirty_shutdown)
917 event = BEV_EVENT_EOF;
918 else
919 event = BEV_EVENT_ERROR;
920 } else if (what & BEV_EVENT_TIMEOUT) {
921 /* We sure didn't set this. Propagate it to the user. */
922 event = what;
923 } else if (what & BEV_EVENT_ERROR) {
924 /* An error occurred on the connection. Propagate it to the user. */
925 event = what;
926 } else if (what & BEV_EVENT_CONNECTED) {
927 /* Ignore it. We're saying SSL_connect() already, which will
928 eat it. */
929 }
930 if (event)
931 bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
932 }
933
934 static void
be_openssl_readeventcb(evutil_socket_t fd,short what,void * ptr)935 be_openssl_readeventcb(evutil_socket_t fd, short what, void *ptr)
936 {
937 struct bufferevent_openssl *bev_ssl = ptr;
938 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
939 if (what == EV_TIMEOUT) {
940 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
941 BEV_EVENT_TIMEOUT|BEV_EVENT_READING, 0);
942 } else {
943 consider_reading(bev_ssl);
944 }
945 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
946 }
947
948 static void
be_openssl_writeeventcb(evutil_socket_t fd,short what,void * ptr)949 be_openssl_writeeventcb(evutil_socket_t fd, short what, void *ptr)
950 {
951 struct bufferevent_openssl *bev_ssl = ptr;
952 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
953 if (what == EV_TIMEOUT) {
954 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
955 BEV_EVENT_TIMEOUT|BEV_EVENT_WRITING, 0);
956 } else {
957 consider_writing(bev_ssl);
958 }
959 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
960 }
961
962 static int
set_open_callbacks(struct bufferevent_openssl * bev_ssl,evutil_socket_t fd)963 set_open_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
964 {
965 if (bev_ssl->underlying) {
966 bufferevent_setcb(bev_ssl->underlying,
967 be_openssl_readcb, be_openssl_writecb, be_openssl_eventcb,
968 bev_ssl);
969 return 0;
970 } else {
971 struct bufferevent *bev = &bev_ssl->bev.bev;
972 int rpending=0, wpending=0, r1=0, r2=0;
973 if (fd < 0 && bev_ssl->fd_is_set)
974 fd = event_get_fd(&bev->ev_read);
975 if (bev_ssl->fd_is_set) {
976 rpending = event_pending(&bev->ev_read, EV_READ, NULL);
977 wpending = event_pending(&bev->ev_write, EV_WRITE, NULL);
978 event_del(&bev->ev_read);
979 event_del(&bev->ev_write);
980 }
981 event_assign(&bev->ev_read, bev->ev_base, fd,
982 EV_READ|EV_PERSIST|EV_FINALIZE,
983 be_openssl_readeventcb, bev_ssl);
984 event_assign(&bev->ev_write, bev->ev_base, fd,
985 EV_WRITE|EV_PERSIST|EV_FINALIZE,
986 be_openssl_writeeventcb, bev_ssl);
987 if (rpending)
988 r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
989 if (wpending)
990 r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
991 if (fd >= 0) {
992 bev_ssl->fd_is_set = 1;
993 }
994 return (r1<0 || r2<0) ? -1 : 0;
995 }
996 }
997
998 static int
do_handshake(struct bufferevent_openssl * bev_ssl)999 do_handshake(struct bufferevent_openssl *bev_ssl)
1000 {
1001 int r;
1002
1003 switch (bev_ssl->state) {
1004 default:
1005 case BUFFEREVENT_SSL_OPEN:
1006 EVUTIL_ASSERT(0);
1007 return -1;
1008 case BUFFEREVENT_SSL_CONNECTING:
1009 case BUFFEREVENT_SSL_ACCEPTING:
1010 r = SSL_do_handshake(bev_ssl->ssl);
1011 break;
1012 }
1013 decrement_buckets(bev_ssl);
1014
1015 if (r==1) {
1016 /* We're done! */
1017 bev_ssl->state = BUFFEREVENT_SSL_OPEN;
1018 set_open_callbacks(bev_ssl, -1); /* XXXX handle failure */
1019 /* Call do_read and do_write as needed */
1020 bufferevent_enable(&bev_ssl->bev.bev, bev_ssl->bev.bev.enabled);
1021 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
1022 BEV_EVENT_CONNECTED, 0);
1023 return 1;
1024 } else {
1025 int err = SSL_get_error(bev_ssl->ssl, r);
1026 print_err(err);
1027 switch (err) {
1028 case SSL_ERROR_WANT_WRITE:
1029 if (!bev_ssl->underlying) {
1030 stop_reading(bev_ssl);
1031 return start_writing(bev_ssl);
1032 }
1033 return 0;
1034 case SSL_ERROR_WANT_READ:
1035 if (!bev_ssl->underlying) {
1036 stop_writing(bev_ssl);
1037 return start_reading(bev_ssl);
1038 }
1039 return 0;
1040 default:
1041 conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
1042 return -1;
1043 }
1044 }
1045 }
1046
1047 static void
be_openssl_handshakecb(struct bufferevent * bev_base,void * ctx)1048 be_openssl_handshakecb(struct bufferevent *bev_base, void *ctx)
1049 {
1050 struct bufferevent_openssl *bev_ssl = ctx;
1051 do_handshake(bev_ssl);/* XXX handle failure */
1052 }
1053
1054 static void
be_openssl_handshakeeventcb(evutil_socket_t fd,short what,void * ptr)1055 be_openssl_handshakeeventcb(evutil_socket_t fd, short what, void *ptr)
1056 {
1057 struct bufferevent_openssl *bev_ssl = ptr;
1058
1059 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
1060 if (what & EV_TIMEOUT) {
1061 bufferevent_run_eventcb_(&bev_ssl->bev.bev, BEV_EVENT_TIMEOUT, 0);
1062 } else
1063 do_handshake(bev_ssl);/* XXX handle failure */
1064 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
1065 }
1066
1067 static int
set_handshake_callbacks(struct bufferevent_openssl * bev_ssl,evutil_socket_t fd)1068 set_handshake_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
1069 {
1070 if (bev_ssl->underlying) {
1071 bufferevent_setcb(bev_ssl->underlying,
1072 be_openssl_handshakecb, be_openssl_handshakecb,
1073 be_openssl_eventcb,
1074 bev_ssl);
1075 return do_handshake(bev_ssl);
1076 } else {
1077 struct bufferevent *bev = &bev_ssl->bev.bev;
1078 int r1=0, r2=0;
1079 if (fd < 0 && bev_ssl->fd_is_set)
1080 fd = event_get_fd(&bev->ev_read);
1081 if (bev_ssl->fd_is_set) {
1082 event_del(&bev->ev_read);
1083 event_del(&bev->ev_write);
1084 }
1085 event_assign(&bev->ev_read, bev->ev_base, fd,
1086 EV_READ|EV_PERSIST|EV_FINALIZE,
1087 be_openssl_handshakeeventcb, bev_ssl);
1088 event_assign(&bev->ev_write, bev->ev_base, fd,
1089 EV_WRITE|EV_PERSIST|EV_FINALIZE,
1090 be_openssl_handshakeeventcb, bev_ssl);
1091 if (fd >= 0) {
1092 r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
1093 r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
1094 bev_ssl->fd_is_set = 1;
1095 }
1096 return (r1<0 || r2<0) ? -1 : 0;
1097 }
1098 }
1099
1100 int
bufferevent_ssl_renegotiate(struct bufferevent * bev)1101 bufferevent_ssl_renegotiate(struct bufferevent *bev)
1102 {
1103 struct bufferevent_openssl *bev_ssl = upcast(bev);
1104 if (!bev_ssl)
1105 return -1;
1106 if (SSL_renegotiate(bev_ssl->ssl) < 0)
1107 return -1;
1108 bev_ssl->state = BUFFEREVENT_SSL_CONNECTING;
1109 if (set_handshake_callbacks(bev_ssl, -1) < 0)
1110 return -1;
1111 if (!bev_ssl->underlying)
1112 return do_handshake(bev_ssl);
1113 return 0;
1114 }
1115
1116 static void
be_openssl_outbuf_cb(struct evbuffer * buf,const struct evbuffer_cb_info * cbinfo,void * arg)1117 be_openssl_outbuf_cb(struct evbuffer *buf,
1118 const struct evbuffer_cb_info *cbinfo, void *arg)
1119 {
1120 struct bufferevent_openssl *bev_ssl = arg;
1121 int r = 0;
1122 /* XXX need to hold a reference here. */
1123
1124 if (cbinfo->n_added && bev_ssl->state == BUFFEREVENT_SSL_OPEN) {
1125 if (cbinfo->orig_size == 0)
1126 r = bufferevent_add_event_(&bev_ssl->bev.bev.ev_write,
1127 &bev_ssl->bev.bev.timeout_write);
1128 consider_writing(bev_ssl);
1129 }
1130 /* XXX Handle r < 0 */
1131 (void)r;
1132 }
1133
1134
1135 static int
be_openssl_enable(struct bufferevent * bev,short events)1136 be_openssl_enable(struct bufferevent *bev, short events)
1137 {
1138 struct bufferevent_openssl *bev_ssl = upcast(bev);
1139 int r1 = 0, r2 = 0;
1140
1141 if (bev_ssl->state != BUFFEREVENT_SSL_OPEN)
1142 return 0;
1143
1144 if (events & EV_READ)
1145 r1 = start_reading(bev_ssl);
1146 if (events & EV_WRITE)
1147 r2 = start_writing(bev_ssl);
1148
1149 if (bev_ssl->underlying) {
1150 if (events & EV_READ)
1151 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
1152 if (events & EV_WRITE)
1153 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
1154
1155 if (events & EV_READ)
1156 consider_reading(bev_ssl);
1157 if (events & EV_WRITE)
1158 consider_writing(bev_ssl);
1159 }
1160 return (r1 < 0 || r2 < 0) ? -1 : 0;
1161 }
1162
1163 static int
be_openssl_disable(struct bufferevent * bev,short events)1164 be_openssl_disable(struct bufferevent *bev, short events)
1165 {
1166 struct bufferevent_openssl *bev_ssl = upcast(bev);
1167 if (bev_ssl->state != BUFFEREVENT_SSL_OPEN)
1168 return 0;
1169
1170 if (events & EV_READ)
1171 stop_reading(bev_ssl);
1172 if (events & EV_WRITE)
1173 stop_writing(bev_ssl);
1174
1175 if (bev_ssl->underlying) {
1176 if (events & EV_READ)
1177 BEV_DEL_GENERIC_READ_TIMEOUT(bev);
1178 if (events & EV_WRITE)
1179 BEV_DEL_GENERIC_WRITE_TIMEOUT(bev);
1180 }
1181 return 0;
1182 }
1183
1184 static void
be_openssl_unlink(struct bufferevent * bev)1185 be_openssl_unlink(struct bufferevent *bev)
1186 {
1187 struct bufferevent_openssl *bev_ssl = upcast(bev);
1188
1189 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1190 if (bev_ssl->underlying) {
1191 if (BEV_UPCAST(bev_ssl->underlying)->refcnt < 2) {
1192 event_warnx("BEV_OPT_CLOSE_ON_FREE set on an "
1193 "bufferevent with too few references");
1194 } else {
1195 bufferevent_free(bev_ssl->underlying);
1196 /* We still have a reference to it, via our
1197 * BIO. So we don't drop this. */
1198 // bev_ssl->underlying = NULL;
1199 }
1200 }
1201 } else {
1202 if (bev_ssl->underlying) {
1203 if (bev_ssl->underlying->errorcb == be_openssl_eventcb)
1204 bufferevent_setcb(bev_ssl->underlying,
1205 NULL,NULL,NULL,NULL);
1206 bufferevent_unsuspend_read_(bev_ssl->underlying,
1207 BEV_SUSPEND_FILT_READ);
1208 }
1209 }
1210 }
1211
1212 static void
be_openssl_destruct(struct bufferevent * bev)1213 be_openssl_destruct(struct bufferevent *bev)
1214 {
1215 struct bufferevent_openssl *bev_ssl = upcast(bev);
1216
1217 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1218 if (! bev_ssl->underlying) {
1219 evutil_socket_t fd = -1;
1220 BIO *bio = SSL_get_wbio(bev_ssl->ssl);
1221 if (bio)
1222 fd = BIO_get_fd(bio, NULL);
1223 if (fd >= 0)
1224 evutil_closesocket(fd);
1225 }
1226 SSL_free(bev_ssl->ssl);
1227 }
1228 }
1229
1230 static int
be_openssl_adj_timeouts(struct bufferevent * bev)1231 be_openssl_adj_timeouts(struct bufferevent *bev)
1232 {
1233 struct bufferevent_openssl *bev_ssl = upcast(bev);
1234
1235 if (bev_ssl->underlying) {
1236 return bufferevent_generic_adj_timeouts_(bev);
1237 } else {
1238 int r1=0, r2=0;
1239 if (event_pending(&bev->ev_read, EV_READ, NULL)) {
1240 if (evutil_timerisset(&bev->timeout_read)) {
1241 r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
1242 } else {
1243 event_remove_timer(&bev->ev_read);
1244 }
1245 }
1246 if (event_pending(&bev->ev_write, EV_WRITE, NULL)) {
1247 if (evutil_timerisset(&bev->timeout_write)) {
1248 r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
1249 } else {
1250 event_remove_timer(&bev->ev_write);
1251 }
1252 }
1253
1254 return (r1<0 || r2<0) ? -1 : 0;
1255 }
1256 }
1257
1258 static int
be_openssl_flush(struct bufferevent * bufev,short iotype,enum bufferevent_flush_mode mode)1259 be_openssl_flush(struct bufferevent *bufev,
1260 short iotype, enum bufferevent_flush_mode mode)
1261 {
1262 /* XXXX Implement this. */
1263 return 0;
1264 }
1265
1266 static int
be_openssl_ctrl(struct bufferevent * bev,enum bufferevent_ctrl_op op,union bufferevent_ctrl_data * data)1267 be_openssl_ctrl(struct bufferevent *bev,
1268 enum bufferevent_ctrl_op op, union bufferevent_ctrl_data *data)
1269 {
1270 struct bufferevent_openssl *bev_ssl = upcast(bev);
1271 switch (op) {
1272 case BEV_CTRL_SET_FD:
1273 if (bev_ssl->underlying)
1274 return -1;
1275 {
1276 BIO *bio;
1277 bio = BIO_new_socket(data->fd, 0);
1278 SSL_set_bio(bev_ssl->ssl, bio, bio);
1279 bev_ssl->fd_is_set = 1;
1280 }
1281 if (data->fd == -1)
1282 bev_ssl->fd_is_set = 0;
1283 if (bev_ssl->state == BUFFEREVENT_SSL_OPEN)
1284 return set_open_callbacks(bev_ssl, data->fd);
1285 else {
1286 return set_handshake_callbacks(bev_ssl, data->fd);
1287 }
1288 case BEV_CTRL_GET_FD:
1289 if (bev_ssl->underlying)
1290 return -1;
1291 if (!bev_ssl->fd_is_set)
1292 return -1;
1293 data->fd = event_get_fd(&bev->ev_read);
1294 return 0;
1295 case BEV_CTRL_GET_UNDERLYING:
1296 if (!bev_ssl->underlying)
1297 return -1;
1298 data->ptr = bev_ssl->underlying;
1299 return 0;
1300 case BEV_CTRL_CANCEL_ALL:
1301 default:
1302 return -1;
1303 }
1304 }
1305
1306 SSL *
bufferevent_openssl_get_ssl(struct bufferevent * bufev)1307 bufferevent_openssl_get_ssl(struct bufferevent *bufev)
1308 {
1309 struct bufferevent_openssl *bev_ssl = upcast(bufev);
1310 if (!bev_ssl)
1311 return NULL;
1312 return bev_ssl->ssl;
1313 }
1314
1315 static struct bufferevent *
bufferevent_openssl_new_impl(struct event_base * base,struct bufferevent * underlying,evutil_socket_t fd,SSL * ssl,enum bufferevent_ssl_state state,int options)1316 bufferevent_openssl_new_impl(struct event_base *base,
1317 struct bufferevent *underlying,
1318 evutil_socket_t fd,
1319 SSL *ssl,
1320 enum bufferevent_ssl_state state,
1321 int options)
1322 {
1323 struct bufferevent_openssl *bev_ssl = NULL;
1324 struct bufferevent_private *bev_p = NULL;
1325 int tmp_options = options & ~BEV_OPT_THREADSAFE;
1326
1327 if (underlying != NULL && fd >= 0)
1328 return NULL; /* Only one can be set. */
1329
1330 if (!(bev_ssl = mm_calloc(1, sizeof(struct bufferevent_openssl))))
1331 goto err;
1332
1333 bev_p = &bev_ssl->bev;
1334
1335 if (bufferevent_init_common_(bev_p, base,
1336 &bufferevent_ops_openssl, tmp_options) < 0)
1337 goto err;
1338
1339 /* Don't explode if we decide to realloc a chunk we're writing from in
1340 * the output buffer. */
1341 SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1342
1343 bev_ssl->underlying = underlying;
1344 bev_ssl->ssl = ssl;
1345
1346 bev_ssl->outbuf_cb = evbuffer_add_cb(bev_p->bev.output,
1347 be_openssl_outbuf_cb, bev_ssl);
1348
1349 if (options & BEV_OPT_THREADSAFE)
1350 bufferevent_enable_locking_(&bev_ssl->bev.bev, NULL);
1351
1352 if (underlying) {
1353 bufferevent_init_generic_timeout_cbs_(&bev_ssl->bev.bev);
1354 bufferevent_incref_(underlying);
1355 }
1356
1357 bev_ssl->state = state;
1358 bev_ssl->last_write = -1;
1359
1360 init_bio_counts(bev_ssl);
1361
1362 switch (state) {
1363 case BUFFEREVENT_SSL_ACCEPTING:
1364 SSL_set_accept_state(bev_ssl->ssl);
1365 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1366 goto err;
1367 break;
1368 case BUFFEREVENT_SSL_CONNECTING:
1369 SSL_set_connect_state(bev_ssl->ssl);
1370 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1371 goto err;
1372 break;
1373 case BUFFEREVENT_SSL_OPEN:
1374 if (set_open_callbacks(bev_ssl, fd) < 0)
1375 goto err;
1376 break;
1377 default:
1378 goto err;
1379 }
1380
1381 if (underlying) {
1382 bufferevent_setwatermark(underlying, EV_READ, 0, 0);
1383 bufferevent_enable(underlying, EV_READ|EV_WRITE);
1384 if (state == BUFFEREVENT_SSL_OPEN)
1385 bufferevent_suspend_read_(underlying,
1386 BEV_SUSPEND_FILT_READ);
1387 } else {
1388 bev_ssl->bev.bev.enabled = EV_READ|EV_WRITE;
1389 if (bev_ssl->fd_is_set) {
1390 if (state != BUFFEREVENT_SSL_OPEN)
1391 if (event_add(&bev_ssl->bev.bev.ev_read, NULL) < 0)
1392 goto err;
1393 if (event_add(&bev_ssl->bev.bev.ev_write, NULL) < 0)
1394 goto err;
1395 }
1396 }
1397
1398 return &bev_ssl->bev.bev;
1399 err:
1400 if (bev_ssl)
1401 bufferevent_free(&bev_ssl->bev.bev);
1402 return NULL;
1403 }
1404
1405 struct bufferevent *
bufferevent_openssl_filter_new(struct event_base * base,struct bufferevent * underlying,SSL * ssl,enum bufferevent_ssl_state state,int options)1406 bufferevent_openssl_filter_new(struct event_base *base,
1407 struct bufferevent *underlying,
1408 SSL *ssl,
1409 enum bufferevent_ssl_state state,
1410 int options)
1411 {
1412 /* We don't tell the BIO to close the bufferevent; we do it ourselves
1413 * on be_openssl_destruct */
1414 int close_flag = 0; /* options & BEV_OPT_CLOSE_ON_FREE; */
1415 BIO *bio;
1416 if (!underlying)
1417 return NULL;
1418 if (!(bio = BIO_new_bufferevent(underlying, close_flag)))
1419 return NULL;
1420
1421 SSL_set_bio(ssl, bio, bio);
1422
1423 return bufferevent_openssl_new_impl(
1424 base, underlying, -1, ssl, state, options);
1425 }
1426
1427 struct bufferevent *
bufferevent_openssl_socket_new(struct event_base * base,evutil_socket_t fd,SSL * ssl,enum bufferevent_ssl_state state,int options)1428 bufferevent_openssl_socket_new(struct event_base *base,
1429 evutil_socket_t fd,
1430 SSL *ssl,
1431 enum bufferevent_ssl_state state,
1432 int options)
1433 {
1434 /* Does the SSL already have an fd? */
1435 BIO *bio = SSL_get_wbio(ssl);
1436 long have_fd = -1;
1437
1438 if (bio)
1439 have_fd = BIO_get_fd(bio, NULL);
1440
1441 if (have_fd >= 0) {
1442 /* The SSL is already configured with an fd. */
1443 if (fd < 0) {
1444 /* We should learn the fd from the SSL. */
1445 fd = (evutil_socket_t) have_fd;
1446 } else if (have_fd == (long)fd) {
1447 /* We already know the fd from the SSL; do nothing */
1448 } else {
1449 /* We specified an fd different from that of the SSL.
1450 This is probably an error on our part. Fail. */
1451 return NULL;
1452 }
1453 (void) BIO_set_close(bio, 0);
1454 } else {
1455 /* The SSL isn't configured with a BIO with an fd. */
1456 if (fd >= 0) {
1457 /* ... and we have an fd we want to use. */
1458 bio = BIO_new_socket(fd, 0);
1459 SSL_set_bio(ssl, bio, bio);
1460 } else {
1461 /* Leave the fd unset. */
1462 }
1463 }
1464
1465 return bufferevent_openssl_new_impl(
1466 base, NULL, fd, ssl, state, options);
1467 }
1468
1469 int
bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent * bev)1470 bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev)
1471 {
1472 int allow_dirty_shutdown = -1;
1473 struct bufferevent_openssl *bev_ssl;
1474 BEV_LOCK(bev);
1475 bev_ssl = upcast(bev);
1476 if (bev_ssl)
1477 allow_dirty_shutdown = bev_ssl->allow_dirty_shutdown;
1478 BEV_UNLOCK(bev);
1479 return allow_dirty_shutdown;
1480 }
1481
1482 void
bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent * bev,int allow_dirty_shutdown)1483 bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev,
1484 int allow_dirty_shutdown)
1485 {
1486 struct bufferevent_openssl *bev_ssl;
1487 BEV_LOCK(bev);
1488 bev_ssl = upcast(bev);
1489 if (bev_ssl)
1490 bev_ssl->allow_dirty_shutdown = !!allow_dirty_shutdown;
1491 BEV_UNLOCK(bev);
1492 }
1493
1494 unsigned long
bufferevent_get_openssl_error(struct bufferevent * bev)1495 bufferevent_get_openssl_error(struct bufferevent *bev)
1496 {
1497 unsigned long err = 0;
1498 struct bufferevent_openssl *bev_ssl;
1499 BEV_LOCK(bev);
1500 bev_ssl = upcast(bev);
1501 if (bev_ssl && bev_ssl->n_errors) {
1502 err = bev_ssl->errors[--bev_ssl->n_errors];
1503 }
1504 BEV_UNLOCK(bev);
1505 return err;
1506 }
1507