10Sstevel@tonic-gate /* ssl/bio_ssl.c */
20Sstevel@tonic-gate /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
30Sstevel@tonic-gate * All rights reserved.
40Sstevel@tonic-gate *
50Sstevel@tonic-gate * This package is an SSL implementation written
60Sstevel@tonic-gate * by Eric Young (eay@cryptsoft.com).
70Sstevel@tonic-gate * The implementation was written so as to conform with Netscapes SSL.
80Sstevel@tonic-gate *
90Sstevel@tonic-gate * This library is free for commercial and non-commercial use as long as
100Sstevel@tonic-gate * the following conditions are aheared to. The following conditions
110Sstevel@tonic-gate * apply to all code found in this distribution, be it the RC4, RSA,
120Sstevel@tonic-gate * lhash, DES, etc., code; not just the SSL code. The SSL documentation
130Sstevel@tonic-gate * included with this distribution is covered by the same copyright terms
140Sstevel@tonic-gate * except that the holder is Tim Hudson (tjh@cryptsoft.com).
150Sstevel@tonic-gate *
160Sstevel@tonic-gate * Copyright remains Eric Young's, and as such any Copyright notices in
170Sstevel@tonic-gate * the code are not to be removed.
180Sstevel@tonic-gate * If this package is used in a product, Eric Young should be given attribution
190Sstevel@tonic-gate * as the author of the parts of the library used.
200Sstevel@tonic-gate * This can be in the form of a textual message at program startup or
210Sstevel@tonic-gate * in documentation (online or textual) provided with the package.
220Sstevel@tonic-gate *
230Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without
240Sstevel@tonic-gate * modification, are permitted provided that the following conditions
250Sstevel@tonic-gate * are met:
260Sstevel@tonic-gate * 1. Redistributions of source code must retain the copyright
270Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer.
280Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright
290Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in the
300Sstevel@tonic-gate * documentation and/or other materials provided with the distribution.
310Sstevel@tonic-gate * 3. All advertising materials mentioning features or use of this software
320Sstevel@tonic-gate * must display the following acknowledgement:
330Sstevel@tonic-gate * "This product includes cryptographic software written by
340Sstevel@tonic-gate * Eric Young (eay@cryptsoft.com)"
350Sstevel@tonic-gate * The word 'cryptographic' can be left out if the rouines from the library
360Sstevel@tonic-gate * being used are not cryptographic related :-).
370Sstevel@tonic-gate * 4. If you include any Windows specific code (or a derivative thereof) from
380Sstevel@tonic-gate * the apps directory (application code) you must include an acknowledgement:
390Sstevel@tonic-gate * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
400Sstevel@tonic-gate *
410Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
420Sstevel@tonic-gate * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
430Sstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
440Sstevel@tonic-gate * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
450Sstevel@tonic-gate * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
460Sstevel@tonic-gate * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
470Sstevel@tonic-gate * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
480Sstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
490Sstevel@tonic-gate * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
500Sstevel@tonic-gate * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
510Sstevel@tonic-gate * SUCH DAMAGE.
520Sstevel@tonic-gate *
530Sstevel@tonic-gate * The licence and distribution terms for any publically available version or
540Sstevel@tonic-gate * derivative of this code cannot be changed. i.e. this code cannot simply be
550Sstevel@tonic-gate * copied and put under another distribution licence
560Sstevel@tonic-gate * [including the GNU Public Licence.]
570Sstevel@tonic-gate */
580Sstevel@tonic-gate
590Sstevel@tonic-gate #include <stdio.h>
600Sstevel@tonic-gate #include <stdlib.h>
610Sstevel@tonic-gate #include <string.h>
620Sstevel@tonic-gate #include <errno.h>
630Sstevel@tonic-gate #include <openssl/crypto.h>
640Sstevel@tonic-gate #include <openssl/bio.h>
650Sstevel@tonic-gate #include <openssl/err.h>
660Sstevel@tonic-gate #include <openssl/ssl.h>
670Sstevel@tonic-gate
680Sstevel@tonic-gate static int ssl_write(BIO *h, const char *buf, int num);
690Sstevel@tonic-gate static int ssl_read(BIO *h, char *buf, int size);
700Sstevel@tonic-gate static int ssl_puts(BIO *h, const char *str);
710Sstevel@tonic-gate static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
720Sstevel@tonic-gate static int ssl_new(BIO *h);
730Sstevel@tonic-gate static int ssl_free(BIO *data);
740Sstevel@tonic-gate static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
750Sstevel@tonic-gate typedef struct bio_ssl_st
760Sstevel@tonic-gate {
770Sstevel@tonic-gate SSL *ssl; /* The ssl handle :-) */
780Sstevel@tonic-gate /* re-negotiate every time the total number of bytes is this size */
790Sstevel@tonic-gate int num_renegotiates;
800Sstevel@tonic-gate unsigned long renegotiate_count;
810Sstevel@tonic-gate unsigned long byte_count;
820Sstevel@tonic-gate unsigned long renegotiate_timeout;
830Sstevel@tonic-gate unsigned long last_time;
840Sstevel@tonic-gate } BIO_SSL;
850Sstevel@tonic-gate
860Sstevel@tonic-gate static BIO_METHOD methods_sslp=
870Sstevel@tonic-gate {
880Sstevel@tonic-gate BIO_TYPE_SSL,"ssl",
890Sstevel@tonic-gate ssl_write,
900Sstevel@tonic-gate ssl_read,
910Sstevel@tonic-gate ssl_puts,
920Sstevel@tonic-gate NULL, /* ssl_gets, */
930Sstevel@tonic-gate ssl_ctrl,
940Sstevel@tonic-gate ssl_new,
950Sstevel@tonic-gate ssl_free,
960Sstevel@tonic-gate ssl_callback_ctrl,
970Sstevel@tonic-gate };
980Sstevel@tonic-gate
BIO_f_ssl(void)990Sstevel@tonic-gate BIO_METHOD *BIO_f_ssl(void)
1000Sstevel@tonic-gate {
1010Sstevel@tonic-gate return(&methods_sslp);
1020Sstevel@tonic-gate }
1030Sstevel@tonic-gate
ssl_new(BIO * bi)1040Sstevel@tonic-gate static int ssl_new(BIO *bi)
1050Sstevel@tonic-gate {
1060Sstevel@tonic-gate BIO_SSL *bs;
1070Sstevel@tonic-gate
1080Sstevel@tonic-gate bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
1090Sstevel@tonic-gate if (bs == NULL)
1100Sstevel@tonic-gate {
1110Sstevel@tonic-gate BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
1120Sstevel@tonic-gate return(0);
1130Sstevel@tonic-gate }
1140Sstevel@tonic-gate memset(bs,0,sizeof(BIO_SSL));
1150Sstevel@tonic-gate bi->init=0;
1160Sstevel@tonic-gate bi->ptr=(char *)bs;
1170Sstevel@tonic-gate bi->flags=0;
1180Sstevel@tonic-gate return(1);
1190Sstevel@tonic-gate }
1200Sstevel@tonic-gate
ssl_free(BIO * a)1210Sstevel@tonic-gate static int ssl_free(BIO *a)
1220Sstevel@tonic-gate {
1230Sstevel@tonic-gate BIO_SSL *bs;
1240Sstevel@tonic-gate
1250Sstevel@tonic-gate if (a == NULL) return(0);
1260Sstevel@tonic-gate bs=(BIO_SSL *)a->ptr;
1270Sstevel@tonic-gate if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
1280Sstevel@tonic-gate if (a->shutdown)
1290Sstevel@tonic-gate {
1300Sstevel@tonic-gate if (a->init && (bs->ssl != NULL))
1310Sstevel@tonic-gate SSL_free(bs->ssl);
1320Sstevel@tonic-gate a->init=0;
1330Sstevel@tonic-gate a->flags=0;
1340Sstevel@tonic-gate }
1350Sstevel@tonic-gate if (a->ptr != NULL)
1360Sstevel@tonic-gate OPENSSL_free(a->ptr);
1370Sstevel@tonic-gate return(1);
1380Sstevel@tonic-gate }
1390Sstevel@tonic-gate
ssl_read(BIO * b,char * out,int outl)1400Sstevel@tonic-gate static int ssl_read(BIO *b, char *out, int outl)
1410Sstevel@tonic-gate {
1420Sstevel@tonic-gate int ret=1;
1430Sstevel@tonic-gate BIO_SSL *sb;
1440Sstevel@tonic-gate SSL *ssl;
1450Sstevel@tonic-gate int retry_reason=0;
1460Sstevel@tonic-gate int r=0;
1470Sstevel@tonic-gate
1480Sstevel@tonic-gate if (out == NULL) return(0);
1490Sstevel@tonic-gate sb=(BIO_SSL *)b->ptr;
1500Sstevel@tonic-gate ssl=sb->ssl;
1510Sstevel@tonic-gate
1520Sstevel@tonic-gate BIO_clear_retry_flags(b);
1530Sstevel@tonic-gate
1540Sstevel@tonic-gate #if 0
1550Sstevel@tonic-gate if (!SSL_is_init_finished(ssl))
1560Sstevel@tonic-gate {
1570Sstevel@tonic-gate /* ret=SSL_do_handshake(ssl); */
1580Sstevel@tonic-gate if (ret > 0)
1590Sstevel@tonic-gate {
1600Sstevel@tonic-gate
1610Sstevel@tonic-gate outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
1620Sstevel@tonic-gate ret= -1;
1630Sstevel@tonic-gate goto end;
1640Sstevel@tonic-gate }
1650Sstevel@tonic-gate }
1660Sstevel@tonic-gate #endif
1670Sstevel@tonic-gate /* if (ret > 0) */
1680Sstevel@tonic-gate ret=SSL_read(ssl,out,outl);
1690Sstevel@tonic-gate
1700Sstevel@tonic-gate switch (SSL_get_error(ssl,ret))
1710Sstevel@tonic-gate {
1720Sstevel@tonic-gate case SSL_ERROR_NONE:
1730Sstevel@tonic-gate if (ret <= 0) break;
1740Sstevel@tonic-gate if (sb->renegotiate_count > 0)
1750Sstevel@tonic-gate {
1760Sstevel@tonic-gate sb->byte_count+=ret;
1770Sstevel@tonic-gate if (sb->byte_count > sb->renegotiate_count)
1780Sstevel@tonic-gate {
1790Sstevel@tonic-gate sb->byte_count=0;
1800Sstevel@tonic-gate sb->num_renegotiates++;
1810Sstevel@tonic-gate SSL_renegotiate(ssl);
1820Sstevel@tonic-gate r=1;
1830Sstevel@tonic-gate }
1840Sstevel@tonic-gate }
1850Sstevel@tonic-gate if ((sb->renegotiate_timeout > 0) && (!r))
1860Sstevel@tonic-gate {
1870Sstevel@tonic-gate unsigned long tm;
1880Sstevel@tonic-gate
1890Sstevel@tonic-gate tm=(unsigned long)time(NULL);
1900Sstevel@tonic-gate if (tm > sb->last_time+sb->renegotiate_timeout)
1910Sstevel@tonic-gate {
1920Sstevel@tonic-gate sb->last_time=tm;
1930Sstevel@tonic-gate sb->num_renegotiates++;
1940Sstevel@tonic-gate SSL_renegotiate(ssl);
1950Sstevel@tonic-gate }
1960Sstevel@tonic-gate }
1970Sstevel@tonic-gate
1980Sstevel@tonic-gate break;
1990Sstevel@tonic-gate case SSL_ERROR_WANT_READ:
2000Sstevel@tonic-gate BIO_set_retry_read(b);
2010Sstevel@tonic-gate break;
2020Sstevel@tonic-gate case SSL_ERROR_WANT_WRITE:
2030Sstevel@tonic-gate BIO_set_retry_write(b);
2040Sstevel@tonic-gate break;
2050Sstevel@tonic-gate case SSL_ERROR_WANT_X509_LOOKUP:
2060Sstevel@tonic-gate BIO_set_retry_special(b);
2070Sstevel@tonic-gate retry_reason=BIO_RR_SSL_X509_LOOKUP;
2080Sstevel@tonic-gate break;
2090Sstevel@tonic-gate case SSL_ERROR_WANT_ACCEPT:
2100Sstevel@tonic-gate BIO_set_retry_special(b);
2110Sstevel@tonic-gate retry_reason=BIO_RR_ACCEPT;
2120Sstevel@tonic-gate break;
2130Sstevel@tonic-gate case SSL_ERROR_WANT_CONNECT:
2140Sstevel@tonic-gate BIO_set_retry_special(b);
2150Sstevel@tonic-gate retry_reason=BIO_RR_CONNECT;
2160Sstevel@tonic-gate break;
2170Sstevel@tonic-gate case SSL_ERROR_SYSCALL:
2180Sstevel@tonic-gate case SSL_ERROR_SSL:
2190Sstevel@tonic-gate case SSL_ERROR_ZERO_RETURN:
2200Sstevel@tonic-gate default:
2210Sstevel@tonic-gate break;
2220Sstevel@tonic-gate }
2230Sstevel@tonic-gate
2240Sstevel@tonic-gate b->retry_reason=retry_reason;
2250Sstevel@tonic-gate return(ret);
2260Sstevel@tonic-gate }
2270Sstevel@tonic-gate
ssl_write(BIO * b,const char * out,int outl)2280Sstevel@tonic-gate static int ssl_write(BIO *b, const char *out, int outl)
2290Sstevel@tonic-gate {
2300Sstevel@tonic-gate int ret,r=0;
2310Sstevel@tonic-gate int retry_reason=0;
2320Sstevel@tonic-gate SSL *ssl;
2330Sstevel@tonic-gate BIO_SSL *bs;
2340Sstevel@tonic-gate
2350Sstevel@tonic-gate if (out == NULL) return(0);
2360Sstevel@tonic-gate bs=(BIO_SSL *)b->ptr;
2370Sstevel@tonic-gate ssl=bs->ssl;
2380Sstevel@tonic-gate
2390Sstevel@tonic-gate BIO_clear_retry_flags(b);
2400Sstevel@tonic-gate
2410Sstevel@tonic-gate /* ret=SSL_do_handshake(ssl);
2420Sstevel@tonic-gate if (ret > 0) */
2430Sstevel@tonic-gate ret=SSL_write(ssl,out,outl);
2440Sstevel@tonic-gate
2450Sstevel@tonic-gate switch (SSL_get_error(ssl,ret))
2460Sstevel@tonic-gate {
2470Sstevel@tonic-gate case SSL_ERROR_NONE:
2480Sstevel@tonic-gate if (ret <= 0) break;
2490Sstevel@tonic-gate if (bs->renegotiate_count > 0)
2500Sstevel@tonic-gate {
2510Sstevel@tonic-gate bs->byte_count+=ret;
2520Sstevel@tonic-gate if (bs->byte_count > bs->renegotiate_count)
2530Sstevel@tonic-gate {
2540Sstevel@tonic-gate bs->byte_count=0;
2550Sstevel@tonic-gate bs->num_renegotiates++;
2560Sstevel@tonic-gate SSL_renegotiate(ssl);
2570Sstevel@tonic-gate r=1;
2580Sstevel@tonic-gate }
2590Sstevel@tonic-gate }
2600Sstevel@tonic-gate if ((bs->renegotiate_timeout > 0) && (!r))
2610Sstevel@tonic-gate {
2620Sstevel@tonic-gate unsigned long tm;
2630Sstevel@tonic-gate
2640Sstevel@tonic-gate tm=(unsigned long)time(NULL);
2650Sstevel@tonic-gate if (tm > bs->last_time+bs->renegotiate_timeout)
2660Sstevel@tonic-gate {
2670Sstevel@tonic-gate bs->last_time=tm;
2680Sstevel@tonic-gate bs->num_renegotiates++;
2690Sstevel@tonic-gate SSL_renegotiate(ssl);
2700Sstevel@tonic-gate }
2710Sstevel@tonic-gate }
2720Sstevel@tonic-gate break;
2730Sstevel@tonic-gate case SSL_ERROR_WANT_WRITE:
2740Sstevel@tonic-gate BIO_set_retry_write(b);
2750Sstevel@tonic-gate break;
2760Sstevel@tonic-gate case SSL_ERROR_WANT_READ:
2770Sstevel@tonic-gate BIO_set_retry_read(b);
2780Sstevel@tonic-gate break;
2790Sstevel@tonic-gate case SSL_ERROR_WANT_X509_LOOKUP:
2800Sstevel@tonic-gate BIO_set_retry_special(b);
2810Sstevel@tonic-gate retry_reason=BIO_RR_SSL_X509_LOOKUP;
2820Sstevel@tonic-gate break;
2830Sstevel@tonic-gate case SSL_ERROR_WANT_CONNECT:
2840Sstevel@tonic-gate BIO_set_retry_special(b);
2850Sstevel@tonic-gate retry_reason=BIO_RR_CONNECT;
2860Sstevel@tonic-gate case SSL_ERROR_SYSCALL:
2870Sstevel@tonic-gate case SSL_ERROR_SSL:
2880Sstevel@tonic-gate default:
2890Sstevel@tonic-gate break;
2900Sstevel@tonic-gate }
2910Sstevel@tonic-gate
2920Sstevel@tonic-gate b->retry_reason=retry_reason;
2930Sstevel@tonic-gate return(ret);
2940Sstevel@tonic-gate }
2950Sstevel@tonic-gate
ssl_ctrl(BIO * b,int cmd,long num,void * ptr)2960Sstevel@tonic-gate static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
2970Sstevel@tonic-gate {
2980Sstevel@tonic-gate SSL **sslp,*ssl;
2990Sstevel@tonic-gate BIO_SSL *bs;
3000Sstevel@tonic-gate BIO *dbio,*bio;
3010Sstevel@tonic-gate long ret=1;
3020Sstevel@tonic-gate
3030Sstevel@tonic-gate bs=(BIO_SSL *)b->ptr;
3040Sstevel@tonic-gate ssl=bs->ssl;
3050Sstevel@tonic-gate if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
3060Sstevel@tonic-gate return(0);
3070Sstevel@tonic-gate switch (cmd)
3080Sstevel@tonic-gate {
3090Sstevel@tonic-gate case BIO_CTRL_RESET:
3100Sstevel@tonic-gate SSL_shutdown(ssl);
3110Sstevel@tonic-gate
3120Sstevel@tonic-gate if (ssl->handshake_func == ssl->method->ssl_connect)
3130Sstevel@tonic-gate SSL_set_connect_state(ssl);
3140Sstevel@tonic-gate else if (ssl->handshake_func == ssl->method->ssl_accept)
3150Sstevel@tonic-gate SSL_set_accept_state(ssl);
3160Sstevel@tonic-gate
3170Sstevel@tonic-gate SSL_clear(ssl);
3180Sstevel@tonic-gate
3190Sstevel@tonic-gate if (b->next_bio != NULL)
3200Sstevel@tonic-gate ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
3210Sstevel@tonic-gate else if (ssl->rbio != NULL)
3220Sstevel@tonic-gate ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
3230Sstevel@tonic-gate else
3240Sstevel@tonic-gate ret=1;
3250Sstevel@tonic-gate break;
3260Sstevel@tonic-gate case BIO_CTRL_INFO:
3270Sstevel@tonic-gate ret=0;
3280Sstevel@tonic-gate break;
3290Sstevel@tonic-gate case BIO_C_SSL_MODE:
3300Sstevel@tonic-gate if (num) /* client mode */
3310Sstevel@tonic-gate SSL_set_connect_state(ssl);
3320Sstevel@tonic-gate else
3330Sstevel@tonic-gate SSL_set_accept_state(ssl);
3340Sstevel@tonic-gate break;
3350Sstevel@tonic-gate case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
3360Sstevel@tonic-gate ret=bs->renegotiate_timeout;
3370Sstevel@tonic-gate if (num < 60) num=5;
3380Sstevel@tonic-gate bs->renegotiate_timeout=(unsigned long)num;
3390Sstevel@tonic-gate bs->last_time=(unsigned long)time(NULL);
3400Sstevel@tonic-gate break;
3410Sstevel@tonic-gate case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
3420Sstevel@tonic-gate ret=bs->renegotiate_count;
3430Sstevel@tonic-gate if ((long)num >=512)
3440Sstevel@tonic-gate bs->renegotiate_count=(unsigned long)num;
3450Sstevel@tonic-gate break;
3460Sstevel@tonic-gate case BIO_C_GET_SSL_NUM_RENEGOTIATES:
3470Sstevel@tonic-gate ret=bs->num_renegotiates;
3480Sstevel@tonic-gate break;
3490Sstevel@tonic-gate case BIO_C_SET_SSL:
3500Sstevel@tonic-gate if (ssl != NULL)
3510Sstevel@tonic-gate ssl_free(b);
3520Sstevel@tonic-gate b->shutdown=(int)num;
3530Sstevel@tonic-gate ssl=(SSL *)ptr;
3540Sstevel@tonic-gate ((BIO_SSL *)b->ptr)->ssl=ssl;
3550Sstevel@tonic-gate bio=SSL_get_rbio(ssl);
3560Sstevel@tonic-gate if (bio != NULL)
3570Sstevel@tonic-gate {
3580Sstevel@tonic-gate if (b->next_bio != NULL)
3590Sstevel@tonic-gate BIO_push(bio,b->next_bio);
3600Sstevel@tonic-gate b->next_bio=bio;
3610Sstevel@tonic-gate CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
3620Sstevel@tonic-gate }
3630Sstevel@tonic-gate b->init=1;
3640Sstevel@tonic-gate break;
3650Sstevel@tonic-gate case BIO_C_GET_SSL:
3660Sstevel@tonic-gate if (ptr != NULL)
3670Sstevel@tonic-gate {
3680Sstevel@tonic-gate sslp=(SSL **)ptr;
3690Sstevel@tonic-gate *sslp=ssl;
3700Sstevel@tonic-gate }
3710Sstevel@tonic-gate else
3720Sstevel@tonic-gate ret=0;
3730Sstevel@tonic-gate break;
3740Sstevel@tonic-gate case BIO_CTRL_GET_CLOSE:
3750Sstevel@tonic-gate ret=b->shutdown;
3760Sstevel@tonic-gate break;
3770Sstevel@tonic-gate case BIO_CTRL_SET_CLOSE:
3780Sstevel@tonic-gate b->shutdown=(int)num;
3790Sstevel@tonic-gate break;
3800Sstevel@tonic-gate case BIO_CTRL_WPENDING:
3810Sstevel@tonic-gate ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
3820Sstevel@tonic-gate break;
3830Sstevel@tonic-gate case BIO_CTRL_PENDING:
3840Sstevel@tonic-gate ret=SSL_pending(ssl);
3850Sstevel@tonic-gate if (ret == 0)
3860Sstevel@tonic-gate ret=BIO_pending(ssl->rbio);
3870Sstevel@tonic-gate break;
3880Sstevel@tonic-gate case BIO_CTRL_FLUSH:
3890Sstevel@tonic-gate BIO_clear_retry_flags(b);
3900Sstevel@tonic-gate ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
3910Sstevel@tonic-gate BIO_copy_next_retry(b);
3920Sstevel@tonic-gate break;
3930Sstevel@tonic-gate case BIO_CTRL_PUSH:
3940Sstevel@tonic-gate if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
3950Sstevel@tonic-gate {
3960Sstevel@tonic-gate SSL_set_bio(ssl,b->next_bio,b->next_bio);
3970Sstevel@tonic-gate CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
3980Sstevel@tonic-gate }
3990Sstevel@tonic-gate break;
4000Sstevel@tonic-gate case BIO_CTRL_POP:
4010Sstevel@tonic-gate /* ugly bit of a hack */
4020Sstevel@tonic-gate if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */
4030Sstevel@tonic-gate {
4040Sstevel@tonic-gate BIO_free_all(ssl->wbio);
4050Sstevel@tonic-gate }
4060Sstevel@tonic-gate if (b->next_bio != NULL)
4070Sstevel@tonic-gate {
4080Sstevel@tonic-gate CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
4090Sstevel@tonic-gate }
4100Sstevel@tonic-gate ssl->wbio=NULL;
4110Sstevel@tonic-gate ssl->rbio=NULL;
4120Sstevel@tonic-gate break;
4130Sstevel@tonic-gate case BIO_C_DO_STATE_MACHINE:
4140Sstevel@tonic-gate BIO_clear_retry_flags(b);
4150Sstevel@tonic-gate
4160Sstevel@tonic-gate b->retry_reason=0;
4170Sstevel@tonic-gate ret=(int)SSL_do_handshake(ssl);
4180Sstevel@tonic-gate
4190Sstevel@tonic-gate switch (SSL_get_error(ssl,(int)ret))
4200Sstevel@tonic-gate {
4210Sstevel@tonic-gate case SSL_ERROR_WANT_READ:
4220Sstevel@tonic-gate BIO_set_flags(b,
4230Sstevel@tonic-gate BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
4240Sstevel@tonic-gate break;
4250Sstevel@tonic-gate case SSL_ERROR_WANT_WRITE:
4260Sstevel@tonic-gate BIO_set_flags(b,
4270Sstevel@tonic-gate BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
4280Sstevel@tonic-gate break;
4290Sstevel@tonic-gate case SSL_ERROR_WANT_CONNECT:
4300Sstevel@tonic-gate BIO_set_flags(b,
4310Sstevel@tonic-gate BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
4320Sstevel@tonic-gate b->retry_reason=b->next_bio->retry_reason;
4330Sstevel@tonic-gate break;
4340Sstevel@tonic-gate default:
4350Sstevel@tonic-gate break;
4360Sstevel@tonic-gate }
4370Sstevel@tonic-gate break;
4380Sstevel@tonic-gate case BIO_CTRL_DUP:
4390Sstevel@tonic-gate dbio=(BIO *)ptr;
4400Sstevel@tonic-gate if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
4410Sstevel@tonic-gate SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
4420Sstevel@tonic-gate ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
4430Sstevel@tonic-gate ((BIO_SSL *)dbio->ptr)->renegotiate_count=
4440Sstevel@tonic-gate ((BIO_SSL *)b->ptr)->renegotiate_count;
4450Sstevel@tonic-gate ((BIO_SSL *)dbio->ptr)->byte_count=
4460Sstevel@tonic-gate ((BIO_SSL *)b->ptr)->byte_count;
4470Sstevel@tonic-gate ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
4480Sstevel@tonic-gate ((BIO_SSL *)b->ptr)->renegotiate_timeout;
4490Sstevel@tonic-gate ((BIO_SSL *)dbio->ptr)->last_time=
4500Sstevel@tonic-gate ((BIO_SSL *)b->ptr)->last_time;
4510Sstevel@tonic-gate ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
4520Sstevel@tonic-gate break;
4530Sstevel@tonic-gate case BIO_C_GET_FD:
4540Sstevel@tonic-gate ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
4550Sstevel@tonic-gate break;
4560Sstevel@tonic-gate case BIO_CTRL_SET_CALLBACK:
4570Sstevel@tonic-gate {
4580Sstevel@tonic-gate #if 0 /* FIXME: Should this be used? -- Richard Levitte */
459*2139Sjp161948 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
4600Sstevel@tonic-gate ret = -1;
4610Sstevel@tonic-gate #else
4620Sstevel@tonic-gate ret=0;
4630Sstevel@tonic-gate #endif
4640Sstevel@tonic-gate }
4650Sstevel@tonic-gate break;
4660Sstevel@tonic-gate case BIO_CTRL_GET_CALLBACK:
4670Sstevel@tonic-gate {
468*2139Sjp161948 void (**fptr)(const SSL *xssl,int type,int val);
4690Sstevel@tonic-gate
470*2139Sjp161948 fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
4710Sstevel@tonic-gate *fptr=SSL_get_info_callback(ssl);
4720Sstevel@tonic-gate }
4730Sstevel@tonic-gate break;
4740Sstevel@tonic-gate default:
4750Sstevel@tonic-gate ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
4760Sstevel@tonic-gate break;
4770Sstevel@tonic-gate }
4780Sstevel@tonic-gate return(ret);
4790Sstevel@tonic-gate }
4800Sstevel@tonic-gate
ssl_callback_ctrl(BIO * b,int cmd,bio_info_cb * fp)4810Sstevel@tonic-gate static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
4820Sstevel@tonic-gate {
4830Sstevel@tonic-gate SSL *ssl;
4840Sstevel@tonic-gate BIO_SSL *bs;
4850Sstevel@tonic-gate long ret=1;
4860Sstevel@tonic-gate
4870Sstevel@tonic-gate bs=(BIO_SSL *)b->ptr;
4880Sstevel@tonic-gate ssl=bs->ssl;
4890Sstevel@tonic-gate switch (cmd)
4900Sstevel@tonic-gate {
4910Sstevel@tonic-gate case BIO_CTRL_SET_CALLBACK:
4920Sstevel@tonic-gate {
4930Sstevel@tonic-gate /* FIXME: setting this via a completely different prototype
4940Sstevel@tonic-gate seems like a crap idea */
4950Sstevel@tonic-gate SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
4960Sstevel@tonic-gate }
4970Sstevel@tonic-gate break;
4980Sstevel@tonic-gate default:
4990Sstevel@tonic-gate ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
5000Sstevel@tonic-gate break;
5010Sstevel@tonic-gate }
5020Sstevel@tonic-gate return(ret);
5030Sstevel@tonic-gate }
5040Sstevel@tonic-gate
ssl_puts(BIO * bp,const char * str)5050Sstevel@tonic-gate static int ssl_puts(BIO *bp, const char *str)
5060Sstevel@tonic-gate {
5070Sstevel@tonic-gate int n,ret;
5080Sstevel@tonic-gate
5090Sstevel@tonic-gate n=strlen(str);
5100Sstevel@tonic-gate ret=BIO_write(bp,str,n);
5110Sstevel@tonic-gate return(ret);
5120Sstevel@tonic-gate }
5130Sstevel@tonic-gate
BIO_new_buffer_ssl_connect(SSL_CTX * ctx)5140Sstevel@tonic-gate BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
5150Sstevel@tonic-gate {
5160Sstevel@tonic-gate #ifndef OPENSSL_NO_SOCK
5170Sstevel@tonic-gate BIO *ret=NULL,*buf=NULL,*ssl=NULL;
5180Sstevel@tonic-gate
5190Sstevel@tonic-gate if ((buf=BIO_new(BIO_f_buffer())) == NULL)
5200Sstevel@tonic-gate return(NULL);
5210Sstevel@tonic-gate if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
5220Sstevel@tonic-gate goto err;
5230Sstevel@tonic-gate if ((ret=BIO_push(buf,ssl)) == NULL)
5240Sstevel@tonic-gate goto err;
5250Sstevel@tonic-gate return(ret);
5260Sstevel@tonic-gate err:
5270Sstevel@tonic-gate if (buf != NULL) BIO_free(buf);
5280Sstevel@tonic-gate if (ssl != NULL) BIO_free(ssl);
5290Sstevel@tonic-gate #endif
5300Sstevel@tonic-gate return(NULL);
5310Sstevel@tonic-gate }
5320Sstevel@tonic-gate
BIO_new_ssl_connect(SSL_CTX * ctx)5330Sstevel@tonic-gate BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
5340Sstevel@tonic-gate {
5350Sstevel@tonic-gate BIO *ret=NULL,*con=NULL,*ssl=NULL;
5360Sstevel@tonic-gate
5370Sstevel@tonic-gate if ((con=BIO_new(BIO_s_connect())) == NULL)
5380Sstevel@tonic-gate return(NULL);
5390Sstevel@tonic-gate if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
5400Sstevel@tonic-gate goto err;
5410Sstevel@tonic-gate if ((ret=BIO_push(ssl,con)) == NULL)
5420Sstevel@tonic-gate goto err;
5430Sstevel@tonic-gate return(ret);
5440Sstevel@tonic-gate err:
5450Sstevel@tonic-gate if (con != NULL) BIO_free(con);
5460Sstevel@tonic-gate if (ret != NULL) BIO_free(ret);
5470Sstevel@tonic-gate return(NULL);
5480Sstevel@tonic-gate }
5490Sstevel@tonic-gate
BIO_new_ssl(SSL_CTX * ctx,int client)5500Sstevel@tonic-gate BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
5510Sstevel@tonic-gate {
5520Sstevel@tonic-gate BIO *ret;
5530Sstevel@tonic-gate SSL *ssl;
5540Sstevel@tonic-gate
5550Sstevel@tonic-gate if ((ret=BIO_new(BIO_f_ssl())) == NULL)
5560Sstevel@tonic-gate return(NULL);
5570Sstevel@tonic-gate if ((ssl=SSL_new(ctx)) == NULL)
5580Sstevel@tonic-gate {
5590Sstevel@tonic-gate BIO_free(ret);
5600Sstevel@tonic-gate return(NULL);
5610Sstevel@tonic-gate }
5620Sstevel@tonic-gate if (client)
5630Sstevel@tonic-gate SSL_set_connect_state(ssl);
5640Sstevel@tonic-gate else
5650Sstevel@tonic-gate SSL_set_accept_state(ssl);
5660Sstevel@tonic-gate
5670Sstevel@tonic-gate BIO_set_ssl(ret,ssl,BIO_CLOSE);
5680Sstevel@tonic-gate return(ret);
5690Sstevel@tonic-gate }
5700Sstevel@tonic-gate
BIO_ssl_copy_session_id(BIO * t,BIO * f)5710Sstevel@tonic-gate int BIO_ssl_copy_session_id(BIO *t, BIO *f)
5720Sstevel@tonic-gate {
5730Sstevel@tonic-gate t=BIO_find_type(t,BIO_TYPE_SSL);
5740Sstevel@tonic-gate f=BIO_find_type(f,BIO_TYPE_SSL);
5750Sstevel@tonic-gate if ((t == NULL) || (f == NULL))
5760Sstevel@tonic-gate return(0);
5770Sstevel@tonic-gate if ( (((BIO_SSL *)t->ptr)->ssl == NULL) ||
5780Sstevel@tonic-gate (((BIO_SSL *)f->ptr)->ssl == NULL))
5790Sstevel@tonic-gate return(0);
5800Sstevel@tonic-gate SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
5810Sstevel@tonic-gate return(1);
5820Sstevel@tonic-gate }
5830Sstevel@tonic-gate
BIO_ssl_shutdown(BIO * b)5840Sstevel@tonic-gate void BIO_ssl_shutdown(BIO *b)
5850Sstevel@tonic-gate {
5860Sstevel@tonic-gate SSL *s;
5870Sstevel@tonic-gate
5880Sstevel@tonic-gate while (b != NULL)
5890Sstevel@tonic-gate {
5900Sstevel@tonic-gate if (b->method->type == BIO_TYPE_SSL)
5910Sstevel@tonic-gate {
5920Sstevel@tonic-gate s=((BIO_SSL *)b->ptr)->ssl;
5930Sstevel@tonic-gate SSL_shutdown(s);
5940Sstevel@tonic-gate break;
5950Sstevel@tonic-gate }
5960Sstevel@tonic-gate b=b->next_bio;
5970Sstevel@tonic-gate }
5980Sstevel@tonic-gate }
599