1 /* $NetBSD: bufferevent_openssl.c,v 1.2 2021/04/07 03:36:48 christos Exp $ */
2 /*
3 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 // Get rid of OSX 10.7 and greater deprecation warnings.
29 #if defined(__APPLE__) && defined(__clang__)
30 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
31 #endif
32
33 #include "event2/event-config.h"
34 #include <sys/cdefs.h>
35 __RCSID("$NetBSD: bufferevent_openssl.c,v 1.2 2021/04/07 03:36:48 christos Exp $");
36 #include "evconfig-private.h"
37
38 #include <sys/types.h>
39
40 #ifdef EVENT__HAVE_SYS_TIME_H
41 #include <sys/time.h>
42 #endif
43
44 #include <errno.h>
45 #include <stdio.h>
46 #include <stdlib.h>
47 #include <string.h>
48 #ifdef EVENT__HAVE_STDARG_H
49 #include <stdarg.h>
50 #endif
51 #ifdef EVENT__HAVE_UNISTD_H
52 #include <unistd.h>
53 #endif
54
55 #ifdef _WIN32
56 #include <winsock2.h>
57 #endif
58
59 #include "event2/bufferevent.h"
60 #include "event2/bufferevent_struct.h"
61 #include "event2/bufferevent_ssl.h"
62 #include "event2/buffer.h"
63 #include "event2/event.h"
64
65 #include "mm-internal.h"
66 #include "bufferevent-internal.h"
67 #include "log-internal.h"
68
69 #include <openssl/ssl.h>
70 #include <openssl/err.h>
71 #include "openssl-compat.h"
72
73 /*
74 * Define an OpenSSL bio that targets a bufferevent.
75 */
76
77 /* --------------------
78 A BIO is an OpenSSL abstraction that handles reading and writing data. The
79 library will happily speak SSL over anything that implements a BIO
80 interface.
81
82 Here we define a BIO implementation that directs its output to a
83 bufferevent. We'll want to use this only when none of OpenSSL's built-in
84 IO mechanisms work for us.
85 -------------------- */
86
87 /* every BIO type needs its own integer type value. */
88 #define BIO_TYPE_LIBEVENT 57
89 /* ???? Arguably, we should set BIO_TYPE_FILTER or BIO_TYPE_SOURCE_SINK on
90 * this. */
91
92 #if 0
93 static void
94 print_err(int val)
95 {
96 int err;
97 printf("Error was %d\n", val);
98
99 while ((err = ERR_get_error())) {
100 const char *msg = (const char*)ERR_reason_error_string(err);
101 const char *lib = (const char*)ERR_lib_error_string(err);
102 const char *func = (const char*)ERR_func_error_string(err);
103
104 printf("%s in %s %s\n", msg, lib, func);
105 }
106 }
107 #else
108 #define print_err(v) ((void)0)
109 #endif
110
111 /* Called to initialize a new BIO */
112 static int
bio_bufferevent_new(BIO * b)113 bio_bufferevent_new(BIO *b)
114 {
115 BIO_set_init(b, 0);
116 BIO_set_data(b, NULL); /* We'll be putting the bufferevent in this field.*/
117 return 1;
118 }
119
120 /* Called to uninitialize the BIO. */
121 static int
bio_bufferevent_free(BIO * b)122 bio_bufferevent_free(BIO *b)
123 {
124 if (!b)
125 return 0;
126 if (BIO_get_shutdown(b)) {
127 if (BIO_get_init(b) && BIO_get_data(b))
128 bufferevent_free(BIO_get_data(b));
129 BIO_free(b);
130 }
131 return 1;
132 }
133
134 /* Called to extract data from the BIO. */
135 static int
bio_bufferevent_read(BIO * b,char * out,int outlen)136 bio_bufferevent_read(BIO *b, char *out, int outlen)
137 {
138 int r = 0;
139 struct evbuffer *input;
140
141 BIO_clear_retry_flags(b);
142
143 if (!out)
144 return 0;
145 if (!BIO_get_data(b))
146 return -1;
147
148 input = bufferevent_get_input(BIO_get_data(b));
149 if (evbuffer_get_length(input) == 0) {
150 /* If there's no data to read, say so. */
151 BIO_set_retry_read(b);
152 return -1;
153 } else {
154 r = evbuffer_remove(input, out, outlen);
155 }
156
157 return r;
158 }
159
160 /* Called to write data into the BIO */
161 static int
bio_bufferevent_write(BIO * b,const char * in,int inlen)162 bio_bufferevent_write(BIO *b, const char *in, int inlen)
163 {
164 struct bufferevent *bufev = BIO_get_data(b);
165 struct evbuffer *output;
166 size_t outlen;
167
168 BIO_clear_retry_flags(b);
169
170 if (!BIO_get_data(b))
171 return -1;
172
173 output = bufferevent_get_output(bufev);
174 outlen = evbuffer_get_length(output);
175
176 /* Copy only as much data onto the output buffer as can fit under the
177 * high-water mark. */
178 if (bufev->wm_write.high && bufev->wm_write.high <= (outlen+inlen)) {
179 if (bufev->wm_write.high <= outlen) {
180 /* If no data can fit, we'll need to retry later. */
181 BIO_set_retry_write(b);
182 return -1;
183 }
184 inlen = bufev->wm_write.high - outlen;
185 }
186
187 EVUTIL_ASSERT(inlen > 0);
188 evbuffer_add(output, in, inlen);
189 return inlen;
190 }
191
192 /* Called to handle various requests */
193 static long
bio_bufferevent_ctrl(BIO * b,int cmd,long num,void * ptr)194 bio_bufferevent_ctrl(BIO *b, int cmd, long num, void *ptr)
195 {
196 struct bufferevent *bufev = BIO_get_data(b);
197 long ret = 1;
198
199 switch (cmd) {
200 case BIO_CTRL_GET_CLOSE:
201 ret = BIO_get_shutdown(b);
202 break;
203 case BIO_CTRL_SET_CLOSE:
204 BIO_set_shutdown(b, (int)num);
205 break;
206 case BIO_CTRL_PENDING:
207 ret = evbuffer_get_length(bufferevent_get_input(bufev)) != 0;
208 break;
209 case BIO_CTRL_WPENDING:
210 ret = evbuffer_get_length(bufferevent_get_output(bufev)) != 0;
211 break;
212 /* XXXX These two are given a special-case treatment because
213 * of cargo-cultism. I should come up with a better reason. */
214 case BIO_CTRL_DUP:
215 case BIO_CTRL_FLUSH:
216 ret = 1;
217 break;
218 default:
219 ret = 0;
220 break;
221 }
222 return ret;
223 }
224
225 /* Called to write a string to the BIO */
226 static int
bio_bufferevent_puts(BIO * b,const char * s)227 bio_bufferevent_puts(BIO *b, const char *s)
228 {
229 return bio_bufferevent_write(b, s, strlen(s));
230 }
231
232 /* Method table for the bufferevent BIO */
233 static BIO_METHOD *methods_bufferevent;
234
235 /* Return the method table for the bufferevents BIO */
236 static BIO_METHOD *
BIO_s_bufferevent(void)237 BIO_s_bufferevent(void)
238 {
239 if (methods_bufferevent == NULL) {
240 methods_bufferevent = BIO_meth_new(BIO_TYPE_LIBEVENT, "bufferevent");
241 if (methods_bufferevent == NULL)
242 return NULL;
243 BIO_meth_set_write(methods_bufferevent, bio_bufferevent_write);
244 BIO_meth_set_read(methods_bufferevent, bio_bufferevent_read);
245 BIO_meth_set_puts(methods_bufferevent, bio_bufferevent_puts);
246 BIO_meth_set_ctrl(methods_bufferevent, bio_bufferevent_ctrl);
247 BIO_meth_set_create(methods_bufferevent, bio_bufferevent_new);
248 BIO_meth_set_destroy(methods_bufferevent, bio_bufferevent_free);
249 }
250 return methods_bufferevent;
251 }
252
253 /* Create a new BIO to wrap communication around a bufferevent. If close_flag
254 * is true, the bufferevent will be freed when the BIO is closed. */
255 static BIO *
BIO_new_bufferevent(struct bufferevent * bufferevent)256 BIO_new_bufferevent(struct bufferevent *bufferevent)
257 {
258 BIO *result;
259 if (!bufferevent)
260 return NULL;
261 if (!(result = BIO_new(BIO_s_bufferevent())))
262 return NULL;
263 BIO_set_init(result, 1);
264 BIO_set_data(result, bufferevent);
265 /* We don't tell the BIO to close the bufferevent; we do it ourselves on
266 * be_openssl_destruct() */
267 BIO_set_shutdown(result, 0);
268 return result;
269 }
270
271 /* --------------------
272 Now, here's the OpenSSL-based implementation of bufferevent.
273
274 The implementation comes in two flavors: one that connects its SSL object
275 to an underlying bufferevent using a BIO_bufferevent, and one that has the
276 SSL object connect to a socket directly. The latter should generally be
277 faster, except on Windows, where your best bet is using a
278 bufferevent_async.
279
280 (OpenSSL supports many other BIO types, too. But we can't use any unless
281 we have a good way to get notified when they become readable/writable.)
282 -------------------- */
283
284 struct bio_data_counts {
285 unsigned long n_written;
286 unsigned long n_read;
287 };
288
289 struct bufferevent_openssl {
290 /* Shared fields with common bufferevent implementation code.
291 If we were set up with an underlying bufferevent, we use the
292 events here as timers only. If we have an SSL, then we use
293 the events as socket events.
294 */
295 struct bufferevent_private bev;
296 /* An underlying bufferevent that we're directing our output to.
297 If it's NULL, then we're connected to an fd, not an evbuffer. */
298 struct bufferevent *underlying;
299 /* The SSL object doing our encryption. */
300 SSL *ssl;
301
302 /* A callback that's invoked when data arrives on our outbuf so we
303 know to write data to the SSL. */
304 struct evbuffer_cb_entry *outbuf_cb;
305
306 /* A count of how much data the bios have read/written total. Used
307 for rate-limiting. */
308 struct bio_data_counts counts;
309
310 /* If this value is greater than 0, then the last SSL_write blocked,
311 * and we need to try it again with this many bytes. */
312 ev_ssize_t last_write;
313
314 #define NUM_ERRORS 3
315 ev_uint32_t errors[NUM_ERRORS];
316
317 /* When we next get available space, we should say "read" instead of
318 "write". This can happen if there's a renegotiation during a read
319 operation. */
320 unsigned read_blocked_on_write : 1;
321 /* When we next get data, we should say "write" instead of "read". */
322 unsigned write_blocked_on_read : 1;
323 /* Treat TCP close before SSL close on SSL >= v3 as clean EOF. */
324 unsigned allow_dirty_shutdown : 1;
325 /* XXX */
326 unsigned n_errors : 2;
327
328 /* Are we currently connecting, accepting, or doing IO? */
329 unsigned state : 2;
330 /* If we reset fd, we sould reset state too */
331 unsigned old_state : 2;
332 };
333
334 static int be_openssl_enable(struct bufferevent *, short);
335 static int be_openssl_disable(struct bufferevent *, short);
336 static void be_openssl_unlink(struct bufferevent *);
337 static void be_openssl_destruct(struct bufferevent *);
338 static int be_openssl_adj_timeouts(struct bufferevent *);
339 static int be_openssl_flush(struct bufferevent *bufev,
340 short iotype, enum bufferevent_flush_mode mode);
341 static int be_openssl_ctrl(struct bufferevent *, enum bufferevent_ctrl_op, union bufferevent_ctrl_data *);
342
343 const struct bufferevent_ops bufferevent_ops_openssl = {
344 "ssl",
345 evutil_offsetof(struct bufferevent_openssl, bev.bev),
346 be_openssl_enable,
347 be_openssl_disable,
348 be_openssl_unlink,
349 be_openssl_destruct,
350 be_openssl_adj_timeouts,
351 be_openssl_flush,
352 be_openssl_ctrl,
353 };
354
355 /* Given a bufferevent, return a pointer to the bufferevent_openssl that
356 * contains it, if any. */
357 static inline struct bufferevent_openssl *
upcast(struct bufferevent * bev)358 upcast(struct bufferevent *bev)
359 {
360 struct bufferevent_openssl *bev_o;
361 if (!BEV_IS_OPENSSL(bev))
362 return NULL;
363 bev_o = (void*)( ((char*)bev) -
364 evutil_offsetof(struct bufferevent_openssl, bev.bev));
365 EVUTIL_ASSERT(BEV_IS_OPENSSL(&bev_o->bev.bev));
366 return bev_o;
367 }
368
369 static inline void
put_error(struct bufferevent_openssl * bev_ssl,unsigned long err)370 put_error(struct bufferevent_openssl *bev_ssl, unsigned long err)
371 {
372 if (bev_ssl->n_errors == NUM_ERRORS)
373 return;
374 /* The error type according to openssl is "unsigned long", but
375 openssl never uses more than 32 bits of it. It _can't_ use more
376 than 32 bits of it, since it needs to report errors on systems
377 where long is only 32 bits.
378 */
379 bev_ssl->errors[bev_ssl->n_errors++] = (ev_uint32_t) err;
380 }
381
382 /* Have the base communications channel (either the underlying bufferevent or
383 * ev_read and ev_write) start reading. Take the read-blocked-on-write flag
384 * into account. */
385 static int
start_reading(struct bufferevent_openssl * bev_ssl)386 start_reading(struct bufferevent_openssl *bev_ssl)
387 {
388 if (bev_ssl->underlying) {
389 bufferevent_unsuspend_read_(bev_ssl->underlying,
390 BEV_SUSPEND_FILT_READ);
391 return 0;
392 } else {
393 struct bufferevent *bev = &bev_ssl->bev.bev;
394 int r;
395 r = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
396 if (r == 0 && bev_ssl->read_blocked_on_write)
397 r = bufferevent_add_event_(&bev->ev_write,
398 &bev->timeout_write);
399 return r;
400 }
401 }
402
403 /* Have the base communications channel (either the underlying bufferevent or
404 * ev_read and ev_write) start writing. Take the write-blocked-on-read flag
405 * into account. */
406 static int
start_writing(struct bufferevent_openssl * bev_ssl)407 start_writing(struct bufferevent_openssl *bev_ssl)
408 {
409 int r = 0;
410 if (bev_ssl->underlying) {
411 if (bev_ssl->write_blocked_on_read) {
412 bufferevent_unsuspend_read_(bev_ssl->underlying,
413 BEV_SUSPEND_FILT_READ);
414 }
415 } else {
416 struct bufferevent *bev = &bev_ssl->bev.bev;
417 r = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
418 if (!r && bev_ssl->write_blocked_on_read)
419 r = bufferevent_add_event_(&bev->ev_read,
420 &bev->timeout_read);
421 }
422 return r;
423 }
424
425 static void
stop_reading(struct bufferevent_openssl * bev_ssl)426 stop_reading(struct bufferevent_openssl *bev_ssl)
427 {
428 if (bev_ssl->write_blocked_on_read)
429 return;
430 if (bev_ssl->underlying) {
431 bufferevent_suspend_read_(bev_ssl->underlying,
432 BEV_SUSPEND_FILT_READ);
433 } else {
434 struct bufferevent *bev = &bev_ssl->bev.bev;
435 event_del(&bev->ev_read);
436 }
437 }
438
439 static void
stop_writing(struct bufferevent_openssl * bev_ssl)440 stop_writing(struct bufferevent_openssl *bev_ssl)
441 {
442 if (bev_ssl->read_blocked_on_write)
443 return;
444 if (bev_ssl->underlying) {
445 bufferevent_unsuspend_read_(bev_ssl->underlying,
446 BEV_SUSPEND_FILT_READ);
447 } else {
448 struct bufferevent *bev = &bev_ssl->bev.bev;
449 event_del(&bev->ev_write);
450 }
451 }
452
453 static int
set_rbow(struct bufferevent_openssl * bev_ssl)454 set_rbow(struct bufferevent_openssl *bev_ssl)
455 {
456 if (!bev_ssl->underlying)
457 stop_reading(bev_ssl);
458 bev_ssl->read_blocked_on_write = 1;
459 return start_writing(bev_ssl);
460 }
461
462 static int
set_wbor(struct bufferevent_openssl * bev_ssl)463 set_wbor(struct bufferevent_openssl *bev_ssl)
464 {
465 if (!bev_ssl->underlying)
466 stop_writing(bev_ssl);
467 bev_ssl->write_blocked_on_read = 1;
468 return start_reading(bev_ssl);
469 }
470
471 static int
clear_rbow(struct bufferevent_openssl * bev_ssl)472 clear_rbow(struct bufferevent_openssl *bev_ssl)
473 {
474 struct bufferevent *bev = &bev_ssl->bev.bev;
475 int r = 0;
476 bev_ssl->read_blocked_on_write = 0;
477 if (!(bev->enabled & EV_WRITE))
478 stop_writing(bev_ssl);
479 if (bev->enabled & EV_READ)
480 r = start_reading(bev_ssl);
481 return r;
482 }
483
484
485 static int
clear_wbor(struct bufferevent_openssl * bev_ssl)486 clear_wbor(struct bufferevent_openssl *bev_ssl)
487 {
488 struct bufferevent *bev = &bev_ssl->bev.bev;
489 int r = 0;
490 bev_ssl->write_blocked_on_read = 0;
491 if (!(bev->enabled & EV_READ))
492 stop_reading(bev_ssl);
493 if (bev->enabled & EV_WRITE)
494 r = start_writing(bev_ssl);
495 return r;
496 }
497
498 static void
conn_closed(struct bufferevent_openssl * bev_ssl,int when,int errcode,int ret)499 conn_closed(struct bufferevent_openssl *bev_ssl, int when, int errcode, int ret)
500 {
501 int event = BEV_EVENT_ERROR;
502 int dirty_shutdown = 0;
503 unsigned long err;
504
505 switch (errcode) {
506 case SSL_ERROR_ZERO_RETURN:
507 /* Possibly a clean shutdown. */
508 if (SSL_get_shutdown(bev_ssl->ssl) & SSL_RECEIVED_SHUTDOWN)
509 event = BEV_EVENT_EOF;
510 else
511 dirty_shutdown = 1;
512 break;
513 case SSL_ERROR_SYSCALL:
514 /* IO error; possibly a dirty shutdown. */
515 if ((ret == 0 || ret == -1) && ERR_peek_error() == 0)
516 dirty_shutdown = 1;
517 put_error(bev_ssl, errcode);
518 break;
519 case SSL_ERROR_SSL:
520 /* Protocol error. */
521 put_error(bev_ssl, errcode);
522 break;
523 case SSL_ERROR_WANT_X509_LOOKUP:
524 /* XXXX handle this. */
525 put_error(bev_ssl, errcode);
526 break;
527 case SSL_ERROR_NONE:
528 case SSL_ERROR_WANT_READ:
529 case SSL_ERROR_WANT_WRITE:
530 case SSL_ERROR_WANT_CONNECT:
531 case SSL_ERROR_WANT_ACCEPT:
532 default:
533 /* should be impossible; treat as normal error. */
534 event_warnx("BUG: Unexpected OpenSSL error code %d", errcode);
535 break;
536 }
537
538 while ((err = ERR_get_error())) {
539 put_error(bev_ssl, err);
540 }
541
542 if (dirty_shutdown && bev_ssl->allow_dirty_shutdown)
543 event = BEV_EVENT_EOF;
544
545 stop_reading(bev_ssl);
546 stop_writing(bev_ssl);
547
548 /* when is BEV_EVENT_{READING|WRITING} */
549 event = when | event;
550 bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
551 }
552
553 static void
init_bio_counts(struct bufferevent_openssl * bev_ssl)554 init_bio_counts(struct bufferevent_openssl *bev_ssl)
555 {
556 BIO *rbio, *wbio;
557
558 wbio = SSL_get_wbio(bev_ssl->ssl);
559 bev_ssl->counts.n_written = wbio ? BIO_number_written(wbio) : 0;
560 rbio = SSL_get_rbio(bev_ssl->ssl);
561 bev_ssl->counts.n_read = rbio ? BIO_number_read(rbio) : 0;
562 }
563
564 static inline void
decrement_buckets(struct bufferevent_openssl * bev_ssl)565 decrement_buckets(struct bufferevent_openssl *bev_ssl)
566 {
567 unsigned long num_w = BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
568 unsigned long num_r = BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
569 /* These next two subtractions can wrap around. That's okay. */
570 unsigned long w = num_w - bev_ssl->counts.n_written;
571 unsigned long r = num_r - bev_ssl->counts.n_read;
572 if (w)
573 bufferevent_decrement_write_buckets_(&bev_ssl->bev, w);
574 if (r)
575 bufferevent_decrement_read_buckets_(&bev_ssl->bev, r);
576 bev_ssl->counts.n_written = num_w;
577 bev_ssl->counts.n_read = num_r;
578 }
579
580 #define OP_MADE_PROGRESS 1
581 #define OP_BLOCKED 2
582 #define OP_ERR 4
583
584 /* Return a bitmask of OP_MADE_PROGRESS (if we read anything); OP_BLOCKED (if
585 we're now blocked); and OP_ERR (if an error occurred). */
586 static int
do_read(struct bufferevent_openssl * bev_ssl,int n_to_read)587 do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) {
588 /* Requires lock */
589 struct bufferevent *bev = &bev_ssl->bev.bev;
590 struct evbuffer *input = bev->input;
591 int r, n, i, n_used = 0, atmost;
592 struct evbuffer_iovec space[2];
593 int result = 0;
594
595 if (bev_ssl->bev.read_suspended)
596 return 0;
597
598 atmost = bufferevent_get_read_max_(&bev_ssl->bev);
599 if (n_to_read > atmost)
600 n_to_read = atmost;
601
602 n = evbuffer_reserve_space(input, n_to_read, space, 2);
603 if (n < 0)
604 return OP_ERR;
605
606 for (i=0; i<n; ++i) {
607 if (bev_ssl->bev.read_suspended)
608 break;
609 ERR_clear_error();
610 r = SSL_read(bev_ssl->ssl, space[i].iov_base, space[i].iov_len);
611 if (r>0) {
612 result |= OP_MADE_PROGRESS;
613 if (bev_ssl->read_blocked_on_write)
614 if (clear_rbow(bev_ssl) < 0)
615 return OP_ERR | result;
616 ++n_used;
617 space[i].iov_len = r;
618 decrement_buckets(bev_ssl);
619 } else {
620 int err = SSL_get_error(bev_ssl->ssl, r);
621 print_err(err);
622 switch (err) {
623 case SSL_ERROR_WANT_READ:
624 /* Can't read until underlying has more data. */
625 if (bev_ssl->read_blocked_on_write)
626 if (clear_rbow(bev_ssl) < 0)
627 return OP_ERR | result;
628 break;
629 case SSL_ERROR_WANT_WRITE:
630 /* This read operation requires a write, and the
631 * underlying is full */
632 if (!bev_ssl->read_blocked_on_write)
633 if (set_rbow(bev_ssl) < 0)
634 return OP_ERR | result;
635 break;
636 default:
637 conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
638 break;
639 }
640 result |= OP_BLOCKED;
641 break; /* out of the loop */
642 }
643 }
644
645 if (n_used) {
646 evbuffer_commit_space(input, space, n_used);
647 if (bev_ssl->underlying)
648 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
649 }
650
651 return result;
652 }
653
654 /* Return a bitmask of OP_MADE_PROGRESS (if we wrote anything); OP_BLOCKED (if
655 we're now blocked); and OP_ERR (if an error occurred). */
656 static int
do_write(struct bufferevent_openssl * bev_ssl,int atmost)657 do_write(struct bufferevent_openssl *bev_ssl, int atmost)
658 {
659 int i, r, n, n_written = 0;
660 struct bufferevent *bev = &bev_ssl->bev.bev;
661 struct evbuffer *output = bev->output;
662 struct evbuffer_iovec space[8];
663 int result = 0;
664
665 if (bev_ssl->last_write > 0)
666 atmost = bev_ssl->last_write;
667 else
668 atmost = bufferevent_get_write_max_(&bev_ssl->bev);
669
670 n = evbuffer_peek(output, atmost, NULL, space, 8);
671 if (n < 0)
672 return OP_ERR | result;
673
674 if (n > 8)
675 n = 8;
676 for (i=0; i < n; ++i) {
677 if (bev_ssl->bev.write_suspended)
678 break;
679
680 /* SSL_write will (reasonably) return 0 if we tell it to
681 send 0 data. Skip this case so we don't interpret the
682 result as an error */
683 if (space[i].iov_len == 0)
684 continue;
685
686 ERR_clear_error();
687 r = SSL_write(bev_ssl->ssl, space[i].iov_base,
688 space[i].iov_len);
689 if (r > 0) {
690 result |= OP_MADE_PROGRESS;
691 if (bev_ssl->write_blocked_on_read)
692 if (clear_wbor(bev_ssl) < 0)
693 return OP_ERR | result;
694 n_written += r;
695 bev_ssl->last_write = -1;
696 decrement_buckets(bev_ssl);
697 } else {
698 int err = SSL_get_error(bev_ssl->ssl, r);
699 print_err(err);
700 switch (err) {
701 case SSL_ERROR_WANT_WRITE:
702 /* Can't read until underlying has more data. */
703 if (bev_ssl->write_blocked_on_read)
704 if (clear_wbor(bev_ssl) < 0)
705 return OP_ERR | result;
706 bev_ssl->last_write = space[i].iov_len;
707 break;
708 case SSL_ERROR_WANT_READ:
709 /* This read operation requires a write, and the
710 * underlying is full */
711 if (!bev_ssl->write_blocked_on_read)
712 if (set_wbor(bev_ssl) < 0)
713 return OP_ERR | result;
714 bev_ssl->last_write = space[i].iov_len;
715 break;
716 default:
717 conn_closed(bev_ssl, BEV_EVENT_WRITING, err, r);
718 bev_ssl->last_write = -1;
719 break;
720 }
721 result |= OP_BLOCKED;
722 break;
723 }
724 }
725 if (n_written) {
726 evbuffer_drain(output, n_written);
727 if (bev_ssl->underlying)
728 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
729
730 bufferevent_trigger_nolock_(bev, EV_WRITE, BEV_OPT_DEFER_CALLBACKS);
731 }
732 return result;
733 }
734
735 #define WRITE_FRAME 15000
736
737 #define READ_DEFAULT 4096
738
739 /* Try to figure out how many bytes to read; return 0 if we shouldn't be
740 * reading. */
741 static int
bytes_to_read(struct bufferevent_openssl * bev)742 bytes_to_read(struct bufferevent_openssl *bev)
743 {
744 struct evbuffer *input = bev->bev.bev.input;
745 struct event_watermark *wm = &bev->bev.bev.wm_read;
746 int result = READ_DEFAULT;
747 ev_ssize_t limit;
748 /* XXX 99% of this is generic code that nearly all bufferevents will
749 * want. */
750
751 if (bev->write_blocked_on_read) {
752 return 0;
753 }
754
755 if (! (bev->bev.bev.enabled & EV_READ)) {
756 return 0;
757 }
758
759 if (bev->bev.read_suspended) {
760 return 0;
761 }
762
763 if (wm->high) {
764 if (evbuffer_get_length(input) >= wm->high) {
765 return 0;
766 }
767
768 result = wm->high - evbuffer_get_length(input);
769 } else {
770 result = READ_DEFAULT;
771 }
772
773 /* Respect the rate limit */
774 limit = bufferevent_get_read_max_(&bev->bev);
775 if (result > limit) {
776 result = limit;
777 }
778
779 return result;
780 }
781
782
783 /* Things look readable. If write is blocked on read, write till it isn't.
784 * Read from the underlying buffer until we block or we hit our high-water
785 * mark.
786 */
787 static void
consider_reading(struct bufferevent_openssl * bev_ssl)788 consider_reading(struct bufferevent_openssl *bev_ssl)
789 {
790 int r;
791 int n_to_read;
792 int all_result_flags = 0;
793
794 while (bev_ssl->write_blocked_on_read) {
795 r = do_write(bev_ssl, WRITE_FRAME);
796 if (r & (OP_BLOCKED|OP_ERR))
797 break;
798 }
799 if (bev_ssl->write_blocked_on_read)
800 return;
801
802 n_to_read = bytes_to_read(bev_ssl);
803
804 while (n_to_read) {
805 r = do_read(bev_ssl, n_to_read);
806 all_result_flags |= r;
807
808 if (r & (OP_BLOCKED|OP_ERR))
809 break;
810
811 if (bev_ssl->bev.read_suspended)
812 break;
813
814 /* Read all pending data. This won't hit the network
815 * again, and will (most importantly) put us in a state
816 * where we don't need to read anything else until the
817 * socket is readable again. It'll potentially make us
818 * overrun our read high-watermark (somewhat
819 * regrettable). The damage to the rate-limit has
820 * already been done, since OpenSSL went and read a
821 * whole SSL record anyway. */
822 n_to_read = SSL_pending(bev_ssl->ssl);
823
824 /* XXX This if statement is actually a bad bug, added to avoid
825 * XXX a worse bug.
826 *
827 * The bad bug: It can potentially cause resource unfairness
828 * by reading too much data from the underlying bufferevent;
829 * it can potentially cause read looping if the underlying
830 * bufferevent is a bufferevent_pair and deferred callbacks
831 * aren't used.
832 *
833 * The worse bug: If we didn't do this, then we would
834 * potentially not read any more from bev_ssl->underlying
835 * until more data arrived there, which could lead to us
836 * waiting forever.
837 */
838 if (!n_to_read && bev_ssl->underlying)
839 n_to_read = bytes_to_read(bev_ssl);
840 }
841
842 if (all_result_flags & OP_MADE_PROGRESS) {
843 struct bufferevent *bev = &bev_ssl->bev.bev;
844
845 bufferevent_trigger_nolock_(bev, EV_READ, 0);
846 }
847
848 if (!bev_ssl->underlying) {
849 /* Should be redundant, but let's avoid busy-looping */
850 if (bev_ssl->bev.read_suspended ||
851 !(bev_ssl->bev.bev.enabled & EV_READ)) {
852 event_del(&bev_ssl->bev.bev.ev_read);
853 }
854 }
855 }
856
857 static void
consider_writing(struct bufferevent_openssl * bev_ssl)858 consider_writing(struct bufferevent_openssl *bev_ssl)
859 {
860 int r;
861 struct evbuffer *output = bev_ssl->bev.bev.output;
862 struct evbuffer *target = NULL;
863 struct event_watermark *wm = NULL;
864
865 while (bev_ssl->read_blocked_on_write) {
866 r = do_read(bev_ssl, 1024); /* XXXX 1024 is a hack */
867 if (r & OP_MADE_PROGRESS) {
868 struct bufferevent *bev = &bev_ssl->bev.bev;
869
870 bufferevent_trigger_nolock_(bev, EV_READ, 0);
871 }
872 if (r & (OP_ERR|OP_BLOCKED))
873 break;
874 }
875 if (bev_ssl->read_blocked_on_write)
876 return;
877 if (bev_ssl->underlying) {
878 target = bev_ssl->underlying->output;
879 wm = &bev_ssl->underlying->wm_write;
880 }
881 while ((bev_ssl->bev.bev.enabled & EV_WRITE) &&
882 (! bev_ssl->bev.write_suspended) &&
883 evbuffer_get_length(output) &&
884 (!target || (! wm->high || evbuffer_get_length(target) < wm->high))) {
885 int n_to_write;
886 if (wm && wm->high)
887 n_to_write = wm->high - evbuffer_get_length(target);
888 else
889 n_to_write = WRITE_FRAME;
890 r = do_write(bev_ssl, n_to_write);
891 if (r & (OP_BLOCKED|OP_ERR))
892 break;
893 }
894
895 if (!bev_ssl->underlying) {
896 if (evbuffer_get_length(output) == 0) {
897 event_del(&bev_ssl->bev.bev.ev_write);
898 } else if (bev_ssl->bev.write_suspended ||
899 !(bev_ssl->bev.bev.enabled & EV_WRITE)) {
900 /* Should be redundant, but let's avoid busy-looping */
901 event_del(&bev_ssl->bev.bev.ev_write);
902 }
903 }
904 }
905
906 static void
be_openssl_readcb(struct bufferevent * bev_base,void * ctx)907 be_openssl_readcb(struct bufferevent *bev_base, void *ctx)
908 {
909 struct bufferevent_openssl *bev_ssl = ctx;
910 consider_reading(bev_ssl);
911 }
912
913 static void
be_openssl_writecb(struct bufferevent * bev_base,void * ctx)914 be_openssl_writecb(struct bufferevent *bev_base, void *ctx)
915 {
916 struct bufferevent_openssl *bev_ssl = ctx;
917 consider_writing(bev_ssl);
918 }
919
920 static void
be_openssl_eventcb(struct bufferevent * bev_base,short what,void * ctx)921 be_openssl_eventcb(struct bufferevent *bev_base, short what, void *ctx)
922 {
923 struct bufferevent_openssl *bev_ssl = ctx;
924 int event = 0;
925
926 if (what & BEV_EVENT_EOF) {
927 if (bev_ssl->allow_dirty_shutdown)
928 event = BEV_EVENT_EOF;
929 else
930 event = BEV_EVENT_ERROR;
931 } else if (what & BEV_EVENT_TIMEOUT) {
932 /* We sure didn't set this. Propagate it to the user. */
933 event = what;
934 } else if (what & BEV_EVENT_ERROR) {
935 /* An error occurred on the connection. Propagate it to the user. */
936 event = what;
937 } else if (what & BEV_EVENT_CONNECTED) {
938 /* Ignore it. We're saying SSL_connect() already, which will
939 eat it. */
940 }
941 if (event)
942 bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
943 }
944
945 static void
be_openssl_readeventcb(evutil_socket_t fd,short what,void * ptr)946 be_openssl_readeventcb(evutil_socket_t fd, short what, void *ptr)
947 {
948 struct bufferevent_openssl *bev_ssl = ptr;
949 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
950 if (what == EV_TIMEOUT) {
951 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
952 BEV_EVENT_TIMEOUT|BEV_EVENT_READING, 0);
953 } else {
954 consider_reading(bev_ssl);
955 }
956 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
957 }
958
959 static void
be_openssl_writeeventcb(evutil_socket_t fd,short what,void * ptr)960 be_openssl_writeeventcb(evutil_socket_t fd, short what, void *ptr)
961 {
962 struct bufferevent_openssl *bev_ssl = ptr;
963 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
964 if (what == EV_TIMEOUT) {
965 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
966 BEV_EVENT_TIMEOUT|BEV_EVENT_WRITING, 0);
967 } else {
968 consider_writing(bev_ssl);
969 }
970 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
971 }
972
973 static evutil_socket_t
be_openssl_auto_fd(struct bufferevent_openssl * bev_ssl,evutil_socket_t fd)974 be_openssl_auto_fd(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
975 {
976 if (!bev_ssl->underlying) {
977 struct bufferevent *bev = &bev_ssl->bev.bev;
978 if (event_initialized(&bev->ev_read) && fd < 0) {
979 fd = event_get_fd(&bev->ev_read);
980 }
981 }
982 return fd;
983 }
984
985 static int
set_open_callbacks(struct bufferevent_openssl * bev_ssl,evutil_socket_t fd)986 set_open_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
987 {
988 if (bev_ssl->underlying) {
989 bufferevent_setcb(bev_ssl->underlying,
990 be_openssl_readcb, be_openssl_writecb, be_openssl_eventcb,
991 bev_ssl);
992 return 0;
993 } else {
994 struct bufferevent *bev = &bev_ssl->bev.bev;
995 int rpending=0, wpending=0, r1=0, r2=0;
996
997 if (event_initialized(&bev->ev_read)) {
998 rpending = event_pending(&bev->ev_read, EV_READ, NULL);
999 wpending = event_pending(&bev->ev_write, EV_WRITE, NULL);
1000
1001 event_del(&bev->ev_read);
1002 event_del(&bev->ev_write);
1003 }
1004
1005 event_assign(&bev->ev_read, bev->ev_base, fd,
1006 EV_READ|EV_PERSIST|EV_FINALIZE,
1007 be_openssl_readeventcb, bev_ssl);
1008 event_assign(&bev->ev_write, bev->ev_base, fd,
1009 EV_WRITE|EV_PERSIST|EV_FINALIZE,
1010 be_openssl_writeeventcb, bev_ssl);
1011
1012 if (rpending)
1013 r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
1014 if (wpending)
1015 r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
1016
1017 return (r1<0 || r2<0) ? -1 : 0;
1018 }
1019 }
1020
1021 static int
do_handshake(struct bufferevent_openssl * bev_ssl)1022 do_handshake(struct bufferevent_openssl *bev_ssl)
1023 {
1024 int r;
1025
1026 switch (bev_ssl->state) {
1027 default:
1028 case BUFFEREVENT_SSL_OPEN:
1029 EVUTIL_ASSERT(0);
1030 return -1;
1031 case BUFFEREVENT_SSL_CONNECTING:
1032 case BUFFEREVENT_SSL_ACCEPTING:
1033 ERR_clear_error();
1034 r = SSL_do_handshake(bev_ssl->ssl);
1035 break;
1036 }
1037 decrement_buckets(bev_ssl);
1038
1039 if (r==1) {
1040 evutil_socket_t fd = event_get_fd(&bev_ssl->bev.bev.ev_read);
1041 /* We're done! */
1042 bev_ssl->state = BUFFEREVENT_SSL_OPEN;
1043 set_open_callbacks(bev_ssl, fd); /* XXXX handle failure */
1044 /* Call do_read and do_write as needed */
1045 bufferevent_enable(&bev_ssl->bev.bev, bev_ssl->bev.bev.enabled);
1046 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
1047 BEV_EVENT_CONNECTED, 0);
1048 return 1;
1049 } else {
1050 int err = SSL_get_error(bev_ssl->ssl, r);
1051 print_err(err);
1052 switch (err) {
1053 case SSL_ERROR_WANT_WRITE:
1054 stop_reading(bev_ssl);
1055 return start_writing(bev_ssl);
1056 case SSL_ERROR_WANT_READ:
1057 stop_writing(bev_ssl);
1058 return start_reading(bev_ssl);
1059 default:
1060 conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
1061 return -1;
1062 }
1063 }
1064 }
1065
1066 static void
be_openssl_handshakecb(struct bufferevent * bev_base,void * ctx)1067 be_openssl_handshakecb(struct bufferevent *bev_base, void *ctx)
1068 {
1069 struct bufferevent_openssl *bev_ssl = ctx;
1070 do_handshake(bev_ssl);/* XXX handle failure */
1071 }
1072
1073 static void
be_openssl_handshakeeventcb(evutil_socket_t fd,short what,void * ptr)1074 be_openssl_handshakeeventcb(evutil_socket_t fd, short what, void *ptr)
1075 {
1076 struct bufferevent_openssl *bev_ssl = ptr;
1077
1078 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
1079 if (what & EV_TIMEOUT) {
1080 bufferevent_run_eventcb_(&bev_ssl->bev.bev, BEV_EVENT_TIMEOUT, 0);
1081 } else
1082 do_handshake(bev_ssl);/* XXX handle failure */
1083 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
1084 }
1085
1086 static int
set_handshake_callbacks(struct bufferevent_openssl * bev_ssl,evutil_socket_t fd)1087 set_handshake_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
1088 {
1089 if (bev_ssl->underlying) {
1090 bufferevent_setcb(bev_ssl->underlying,
1091 be_openssl_handshakecb, be_openssl_handshakecb,
1092 be_openssl_eventcb,
1093 bev_ssl);
1094
1095 if (fd < 0)
1096 return 0;
1097
1098 if (bufferevent_setfd(bev_ssl->underlying, fd))
1099 return 1;
1100
1101 return do_handshake(bev_ssl);
1102 } else {
1103 struct bufferevent *bev = &bev_ssl->bev.bev;
1104
1105 if (event_initialized(&bev->ev_read)) {
1106 event_del(&bev->ev_read);
1107 event_del(&bev->ev_write);
1108 }
1109
1110 event_assign(&bev->ev_read, bev->ev_base, fd,
1111 EV_READ|EV_PERSIST|EV_FINALIZE,
1112 be_openssl_handshakeeventcb, bev_ssl);
1113 event_assign(&bev->ev_write, bev->ev_base, fd,
1114 EV_WRITE|EV_PERSIST|EV_FINALIZE,
1115 be_openssl_handshakeeventcb, bev_ssl);
1116 if (fd >= 0)
1117 bufferevent_enable(bev, bev->enabled);
1118 return 0;
1119 }
1120 }
1121
1122 int
bufferevent_ssl_renegotiate(struct bufferevent * bev)1123 bufferevent_ssl_renegotiate(struct bufferevent *bev)
1124 {
1125 struct bufferevent_openssl *bev_ssl = upcast(bev);
1126 if (!bev_ssl)
1127 return -1;
1128 if (SSL_renegotiate(bev_ssl->ssl) < 0)
1129 return -1;
1130 bev_ssl->state = BUFFEREVENT_SSL_CONNECTING;
1131 if (set_handshake_callbacks(bev_ssl, be_openssl_auto_fd(bev_ssl, -1)) < 0)
1132 return -1;
1133 if (!bev_ssl->underlying)
1134 return do_handshake(bev_ssl);
1135 return 0;
1136 }
1137
1138 static void
be_openssl_outbuf_cb(struct evbuffer * buf,const struct evbuffer_cb_info * cbinfo,void * arg)1139 be_openssl_outbuf_cb(struct evbuffer *buf,
1140 const struct evbuffer_cb_info *cbinfo, void *arg)
1141 {
1142 struct bufferevent_openssl *bev_ssl = arg;
1143 int r = 0;
1144 /* XXX need to hold a reference here. */
1145
1146 if (cbinfo->n_added && bev_ssl->state == BUFFEREVENT_SSL_OPEN) {
1147 if (cbinfo->orig_size == 0)
1148 r = bufferevent_add_event_(&bev_ssl->bev.bev.ev_write,
1149 &bev_ssl->bev.bev.timeout_write);
1150
1151 if (bev_ssl->underlying)
1152 consider_writing(bev_ssl);
1153 }
1154 /* XXX Handle r < 0 */
1155 (void)r;
1156 }
1157
1158
1159 static int
be_openssl_enable(struct bufferevent * bev,short events)1160 be_openssl_enable(struct bufferevent *bev, short events)
1161 {
1162 struct bufferevent_openssl *bev_ssl = upcast(bev);
1163 int r1 = 0, r2 = 0;
1164
1165 if (events & EV_READ)
1166 r1 = start_reading(bev_ssl);
1167 if (events & EV_WRITE)
1168 r2 = start_writing(bev_ssl);
1169
1170 if (bev_ssl->underlying) {
1171 if (events & EV_READ)
1172 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
1173 if (events & EV_WRITE)
1174 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
1175
1176 if (events & EV_READ)
1177 consider_reading(bev_ssl);
1178 if (events & EV_WRITE)
1179 consider_writing(bev_ssl);
1180 }
1181 return (r1 < 0 || r2 < 0) ? -1 : 0;
1182 }
1183
1184 static int
be_openssl_disable(struct bufferevent * bev,short events)1185 be_openssl_disable(struct bufferevent *bev, short events)
1186 {
1187 struct bufferevent_openssl *bev_ssl = upcast(bev);
1188
1189 if (events & EV_READ)
1190 stop_reading(bev_ssl);
1191 if (events & EV_WRITE)
1192 stop_writing(bev_ssl);
1193
1194 if (bev_ssl->underlying) {
1195 if (events & EV_READ)
1196 BEV_DEL_GENERIC_READ_TIMEOUT(bev);
1197 if (events & EV_WRITE)
1198 BEV_DEL_GENERIC_WRITE_TIMEOUT(bev);
1199 }
1200 return 0;
1201 }
1202
1203 static void
be_openssl_unlink(struct bufferevent * bev)1204 be_openssl_unlink(struct bufferevent *bev)
1205 {
1206 struct bufferevent_openssl *bev_ssl = upcast(bev);
1207
1208 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1209 if (bev_ssl->underlying) {
1210 if (BEV_UPCAST(bev_ssl->underlying)->refcnt < 2) {
1211 event_warnx("BEV_OPT_CLOSE_ON_FREE set on an "
1212 "bufferevent with too few references");
1213 } else {
1214 bufferevent_free(bev_ssl->underlying);
1215 /* We still have a reference to it, via our
1216 * BIO. So we don't drop this. */
1217 // bev_ssl->underlying = NULL;
1218 }
1219 }
1220 } else {
1221 if (bev_ssl->underlying) {
1222 if (bev_ssl->underlying->errorcb == be_openssl_eventcb)
1223 bufferevent_setcb(bev_ssl->underlying,
1224 NULL,NULL,NULL,NULL);
1225 bufferevent_unsuspend_read_(bev_ssl->underlying,
1226 BEV_SUSPEND_FILT_READ);
1227 }
1228 }
1229 }
1230
1231 static void
be_openssl_destruct(struct bufferevent * bev)1232 be_openssl_destruct(struct bufferevent *bev)
1233 {
1234 struct bufferevent_openssl *bev_ssl = upcast(bev);
1235
1236 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1237 if (! bev_ssl->underlying) {
1238 evutil_socket_t fd = EVUTIL_INVALID_SOCKET;
1239 BIO *bio = SSL_get_wbio(bev_ssl->ssl);
1240 if (bio)
1241 fd = BIO_get_fd(bio, NULL);
1242 if (fd >= 0)
1243 evutil_closesocket(fd);
1244 }
1245 SSL_free(bev_ssl->ssl);
1246 }
1247 }
1248
1249 static int
be_openssl_adj_timeouts(struct bufferevent * bev)1250 be_openssl_adj_timeouts(struct bufferevent *bev)
1251 {
1252 struct bufferevent_openssl *bev_ssl = upcast(bev);
1253
1254 if (bev_ssl->underlying) {
1255 return bufferevent_generic_adj_timeouts_(bev);
1256 } else {
1257 return bufferevent_generic_adj_existing_timeouts_(bev);
1258 }
1259 }
1260
1261 static int
be_openssl_flush(struct bufferevent * bufev,short iotype,enum bufferevent_flush_mode mode)1262 be_openssl_flush(struct bufferevent *bufev,
1263 short iotype, enum bufferevent_flush_mode mode)
1264 {
1265 /* XXXX Implement this. */
1266 return 0;
1267 }
1268
1269 static int
be_openssl_set_fd(struct bufferevent_openssl * bev_ssl,enum bufferevent_ssl_state state,evutil_socket_t fd)1270 be_openssl_set_fd(struct bufferevent_openssl *bev_ssl,
1271 enum bufferevent_ssl_state state, evutil_socket_t fd)
1272 {
1273 bev_ssl->state = state;
1274
1275 switch (state) {
1276 case BUFFEREVENT_SSL_ACCEPTING:
1277 if (!SSL_clear(bev_ssl->ssl))
1278 return -1;
1279 SSL_set_accept_state(bev_ssl->ssl);
1280 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1281 return -1;
1282 break;
1283 case BUFFEREVENT_SSL_CONNECTING:
1284 if (!SSL_clear(bev_ssl->ssl))
1285 return -1;
1286 SSL_set_connect_state(bev_ssl->ssl);
1287 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1288 return -1;
1289 break;
1290 case BUFFEREVENT_SSL_OPEN:
1291 if (set_open_callbacks(bev_ssl, fd) < 0)
1292 return -1;
1293 break;
1294 default:
1295 return -1;
1296 }
1297
1298 return 0;
1299 }
1300
1301 static int
be_openssl_ctrl(struct bufferevent * bev,enum bufferevent_ctrl_op op,union bufferevent_ctrl_data * data)1302 be_openssl_ctrl(struct bufferevent *bev,
1303 enum bufferevent_ctrl_op op, union bufferevent_ctrl_data *data)
1304 {
1305 struct bufferevent_openssl *bev_ssl = upcast(bev);
1306 switch (op) {
1307 case BEV_CTRL_SET_FD:
1308 if (!bev_ssl->underlying) {
1309 BIO *bio;
1310 bio = BIO_new_socket((int)data->fd, 0);
1311 SSL_set_bio(bev_ssl->ssl, bio, bio);
1312 } else {
1313 BIO *bio;
1314 if (!(bio = BIO_new_bufferevent(bev_ssl->underlying)))
1315 return -1;
1316 SSL_set_bio(bev_ssl->ssl, bio, bio);
1317 }
1318
1319 return be_openssl_set_fd(bev_ssl, bev_ssl->old_state, data->fd);
1320 case BEV_CTRL_GET_FD:
1321 if (bev_ssl->underlying) {
1322 data->fd = event_get_fd(&bev_ssl->underlying->ev_read);
1323 } else {
1324 data->fd = event_get_fd(&bev->ev_read);
1325 }
1326 return 0;
1327 case BEV_CTRL_GET_UNDERLYING:
1328 data->ptr = bev_ssl->underlying;
1329 return 0;
1330 case BEV_CTRL_CANCEL_ALL:
1331 default:
1332 return -1;
1333 }
1334 }
1335
1336 SSL *
bufferevent_openssl_get_ssl(struct bufferevent * bufev)1337 bufferevent_openssl_get_ssl(struct bufferevent *bufev)
1338 {
1339 struct bufferevent_openssl *bev_ssl = upcast(bufev);
1340 if (!bev_ssl)
1341 return NULL;
1342 return bev_ssl->ssl;
1343 }
1344
1345 static struct bufferevent *
bufferevent_openssl_new_impl(struct event_base * base,struct bufferevent * underlying,evutil_socket_t fd,SSL * ssl,enum bufferevent_ssl_state state,int options)1346 bufferevent_openssl_new_impl(struct event_base *base,
1347 struct bufferevent *underlying,
1348 evutil_socket_t fd,
1349 SSL *ssl,
1350 enum bufferevent_ssl_state state,
1351 int options)
1352 {
1353 struct bufferevent_openssl *bev_ssl = NULL;
1354 struct bufferevent_private *bev_p = NULL;
1355 int tmp_options = options & ~BEV_OPT_THREADSAFE;
1356
1357 /* Only one can be set. */
1358 if (underlying != NULL && fd >= 0)
1359 goto err;
1360
1361 if (!(bev_ssl = mm_calloc(1, sizeof(struct bufferevent_openssl))))
1362 goto err;
1363
1364 bev_p = &bev_ssl->bev;
1365
1366 if (bufferevent_init_common_(bev_p, base,
1367 &bufferevent_ops_openssl, tmp_options) < 0)
1368 goto err;
1369
1370 /* Don't explode if we decide to realloc a chunk we're writing from in
1371 * the output buffer. */
1372 SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1373
1374 bev_ssl->underlying = underlying;
1375 bev_ssl->ssl = ssl;
1376
1377 bev_ssl->outbuf_cb = evbuffer_add_cb(bev_p->bev.output,
1378 be_openssl_outbuf_cb, bev_ssl);
1379
1380 if (options & BEV_OPT_THREADSAFE)
1381 bufferevent_enable_locking_(&bev_ssl->bev.bev, NULL);
1382
1383 if (underlying) {
1384 bufferevent_init_generic_timeout_cbs_(&bev_ssl->bev.bev);
1385 bufferevent_incref_(underlying);
1386 }
1387
1388 bev_ssl->old_state = state;
1389 bev_ssl->last_write = -1;
1390
1391 init_bio_counts(bev_ssl);
1392
1393 fd = be_openssl_auto_fd(bev_ssl, fd);
1394 if (be_openssl_set_fd(bev_ssl, state, fd))
1395 goto err;
1396
1397 if (underlying) {
1398 bufferevent_setwatermark(underlying, EV_READ, 0, 0);
1399 bufferevent_enable(underlying, EV_READ|EV_WRITE);
1400 if (state == BUFFEREVENT_SSL_OPEN)
1401 bufferevent_suspend_read_(underlying,
1402 BEV_SUSPEND_FILT_READ);
1403 }
1404
1405 return &bev_ssl->bev.bev;
1406 err:
1407 if (options & BEV_OPT_CLOSE_ON_FREE)
1408 SSL_free(ssl);
1409 if (bev_ssl) {
1410 bev_ssl->ssl = NULL;
1411 bufferevent_free(&bev_ssl->bev.bev);
1412 }
1413 return NULL;
1414 }
1415
1416 struct bufferevent *
bufferevent_openssl_filter_new(struct event_base * base,struct bufferevent * underlying,SSL * ssl,enum bufferevent_ssl_state state,int options)1417 bufferevent_openssl_filter_new(struct event_base *base,
1418 struct bufferevent *underlying,
1419 SSL *ssl,
1420 enum bufferevent_ssl_state state,
1421 int options)
1422 {
1423 BIO *bio;
1424 struct bufferevent *bev;
1425
1426 if (!underlying)
1427 goto err;
1428 if (!(bio = BIO_new_bufferevent(underlying)))
1429 goto err;
1430
1431 SSL_set_bio(ssl, bio, bio);
1432
1433 bev = bufferevent_openssl_new_impl(
1434 base, underlying, -1, ssl, state, options);
1435 return bev;
1436
1437 err:
1438 if (options & BEV_OPT_CLOSE_ON_FREE)
1439 SSL_free(ssl);
1440 return NULL;
1441 }
1442
1443 struct bufferevent *
bufferevent_openssl_socket_new(struct event_base * base,evutil_socket_t fd,SSL * ssl,enum bufferevent_ssl_state state,int options)1444 bufferevent_openssl_socket_new(struct event_base *base,
1445 evutil_socket_t fd,
1446 SSL *ssl,
1447 enum bufferevent_ssl_state state,
1448 int options)
1449 {
1450 /* Does the SSL already have an fd? */
1451 BIO *bio = SSL_get_wbio(ssl);
1452 long have_fd = -1;
1453
1454 if (bio)
1455 have_fd = BIO_get_fd(bio, NULL);
1456
1457 if (have_fd >= 0) {
1458 /* The SSL is already configured with an fd. */
1459 if (fd < 0) {
1460 /* We should learn the fd from the SSL. */
1461 fd = (evutil_socket_t) have_fd;
1462 } else if (have_fd == (long)fd) {
1463 /* We already know the fd from the SSL; do nothing */
1464 } else {
1465 /* We specified an fd different from that of the SSL.
1466 This is probably an error on our part. Fail. */
1467 goto err;
1468 }
1469 (void)BIO_set_close(bio, 0);
1470 } else {
1471 /* The SSL isn't configured with a BIO with an fd. */
1472 if (fd >= 0) {
1473 /* ... and we have an fd we want to use. */
1474 bio = BIO_new_socket((int)fd, 0);
1475 SSL_set_bio(ssl, bio, bio);
1476 } else {
1477 /* Leave the fd unset. */
1478 }
1479 }
1480
1481 return bufferevent_openssl_new_impl(
1482 base, NULL, fd, ssl, state, options);
1483
1484 err:
1485 if (options & BEV_OPT_CLOSE_ON_FREE)
1486 SSL_free(ssl);
1487 return NULL;
1488 }
1489
1490 int
bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent * bev)1491 bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev)
1492 {
1493 int allow_dirty_shutdown = -1;
1494 struct bufferevent_openssl *bev_ssl;
1495 BEV_LOCK(bev);
1496 bev_ssl = upcast(bev);
1497 if (bev_ssl)
1498 allow_dirty_shutdown = bev_ssl->allow_dirty_shutdown;
1499 BEV_UNLOCK(bev);
1500 return allow_dirty_shutdown;
1501 }
1502
1503 void
bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent * bev,int allow_dirty_shutdown)1504 bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev,
1505 int allow_dirty_shutdown)
1506 {
1507 struct bufferevent_openssl *bev_ssl;
1508 BEV_LOCK(bev);
1509 bev_ssl = upcast(bev);
1510 if (bev_ssl)
1511 bev_ssl->allow_dirty_shutdown = !!allow_dirty_shutdown;
1512 BEV_UNLOCK(bev);
1513 }
1514
1515 unsigned long
bufferevent_get_openssl_error(struct bufferevent * bev)1516 bufferevent_get_openssl_error(struct bufferevent *bev)
1517 {
1518 unsigned long err = 0;
1519 struct bufferevent_openssl *bev_ssl;
1520 BEV_LOCK(bev);
1521 bev_ssl = upcast(bev);
1522 if (bev_ssl && bev_ssl->n_errors) {
1523 err = bev_ssl->errors[--bev_ssl->n_errors];
1524 }
1525 BEV_UNLOCK(bev);
1526 return err;
1527 }
1528