1 /* $NetBSD: bufferevent_openssl.c,v 1.2 2021/04/07 03:36:48 christos Exp $ */ 2 /* 3 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 // Get rid of OSX 10.7 and greater deprecation warnings. 29 #if defined(__APPLE__) && defined(__clang__) 30 #pragma clang diagnostic ignored "-Wdeprecated-declarations" 31 #endif 32 33 #include "event2/event-config.h" 34 #include <sys/cdefs.h> 35 __RCSID("$NetBSD: bufferevent_openssl.c,v 1.2 2021/04/07 03:36:48 christos Exp $"); 36 #include "evconfig-private.h" 37 38 #include <sys/types.h> 39 40 #ifdef EVENT__HAVE_SYS_TIME_H 41 #include <sys/time.h> 42 #endif 43 44 #include <errno.h> 45 #include <stdio.h> 46 #include <stdlib.h> 47 #include <string.h> 48 #ifdef EVENT__HAVE_STDARG_H 49 #include <stdarg.h> 50 #endif 51 #ifdef EVENT__HAVE_UNISTD_H 52 #include <unistd.h> 53 #endif 54 55 #ifdef _WIN32 56 #include <winsock2.h> 57 #endif 58 59 #include "event2/bufferevent.h" 60 #include "event2/bufferevent_struct.h" 61 #include "event2/bufferevent_ssl.h" 62 #include "event2/buffer.h" 63 #include "event2/event.h" 64 65 #include "mm-internal.h" 66 #include "bufferevent-internal.h" 67 #include "log-internal.h" 68 69 #include <openssl/ssl.h> 70 #include <openssl/err.h> 71 #include "openssl-compat.h" 72 73 /* 74 * Define an OpenSSL bio that targets a bufferevent. 75 */ 76 77 /* -------------------- 78 A BIO is an OpenSSL abstraction that handles reading and writing data. The 79 library will happily speak SSL over anything that implements a BIO 80 interface. 81 82 Here we define a BIO implementation that directs its output to a 83 bufferevent. We'll want to use this only when none of OpenSSL's built-in 84 IO mechanisms work for us. 85 -------------------- */ 86 87 /* every BIO type needs its own integer type value. */ 88 #define BIO_TYPE_LIBEVENT 57 89 /* ???? Arguably, we should set BIO_TYPE_FILTER or BIO_TYPE_SOURCE_SINK on 90 * this. */ 91 92 #if 0 93 static void 94 print_err(int val) 95 { 96 int err; 97 printf("Error was %d\n", val); 98 99 while ((err = ERR_get_error())) { 100 const char *msg = (const char*)ERR_reason_error_string(err); 101 const char *lib = (const char*)ERR_lib_error_string(err); 102 const char *func = (const char*)ERR_func_error_string(err); 103 104 printf("%s in %s %s\n", msg, lib, func); 105 } 106 } 107 #else 108 #define print_err(v) ((void)0) 109 #endif 110 111 /* Called to initialize a new BIO */ 112 static int 113 bio_bufferevent_new(BIO *b) 114 { 115 BIO_set_init(b, 0); 116 BIO_set_data(b, NULL); /* We'll be putting the bufferevent in this field.*/ 117 return 1; 118 } 119 120 /* Called to uninitialize the BIO. */ 121 static int 122 bio_bufferevent_free(BIO *b) 123 { 124 if (!b) 125 return 0; 126 if (BIO_get_shutdown(b)) { 127 if (BIO_get_init(b) && BIO_get_data(b)) 128 bufferevent_free(BIO_get_data(b)); 129 BIO_free(b); 130 } 131 return 1; 132 } 133 134 /* Called to extract data from the BIO. */ 135 static int 136 bio_bufferevent_read(BIO *b, char *out, int outlen) 137 { 138 int r = 0; 139 struct evbuffer *input; 140 141 BIO_clear_retry_flags(b); 142 143 if (!out) 144 return 0; 145 if (!BIO_get_data(b)) 146 return -1; 147 148 input = bufferevent_get_input(BIO_get_data(b)); 149 if (evbuffer_get_length(input) == 0) { 150 /* If there's no data to read, say so. */ 151 BIO_set_retry_read(b); 152 return -1; 153 } else { 154 r = evbuffer_remove(input, out, outlen); 155 } 156 157 return r; 158 } 159 160 /* Called to write data into the BIO */ 161 static int 162 bio_bufferevent_write(BIO *b, const char *in, int inlen) 163 { 164 struct bufferevent *bufev = BIO_get_data(b); 165 struct evbuffer *output; 166 size_t outlen; 167 168 BIO_clear_retry_flags(b); 169 170 if (!BIO_get_data(b)) 171 return -1; 172 173 output = bufferevent_get_output(bufev); 174 outlen = evbuffer_get_length(output); 175 176 /* Copy only as much data onto the output buffer as can fit under the 177 * high-water mark. */ 178 if (bufev->wm_write.high && bufev->wm_write.high <= (outlen+inlen)) { 179 if (bufev->wm_write.high <= outlen) { 180 /* If no data can fit, we'll need to retry later. */ 181 BIO_set_retry_write(b); 182 return -1; 183 } 184 inlen = bufev->wm_write.high - outlen; 185 } 186 187 EVUTIL_ASSERT(inlen > 0); 188 evbuffer_add(output, in, inlen); 189 return inlen; 190 } 191 192 /* Called to handle various requests */ 193 static long 194 bio_bufferevent_ctrl(BIO *b, int cmd, long num, void *ptr) 195 { 196 struct bufferevent *bufev = BIO_get_data(b); 197 long ret = 1; 198 199 switch (cmd) { 200 case BIO_CTRL_GET_CLOSE: 201 ret = BIO_get_shutdown(b); 202 break; 203 case BIO_CTRL_SET_CLOSE: 204 BIO_set_shutdown(b, (int)num); 205 break; 206 case BIO_CTRL_PENDING: 207 ret = evbuffer_get_length(bufferevent_get_input(bufev)) != 0; 208 break; 209 case BIO_CTRL_WPENDING: 210 ret = evbuffer_get_length(bufferevent_get_output(bufev)) != 0; 211 break; 212 /* XXXX These two are given a special-case treatment because 213 * of cargo-cultism. I should come up with a better reason. */ 214 case BIO_CTRL_DUP: 215 case BIO_CTRL_FLUSH: 216 ret = 1; 217 break; 218 default: 219 ret = 0; 220 break; 221 } 222 return ret; 223 } 224 225 /* Called to write a string to the BIO */ 226 static int 227 bio_bufferevent_puts(BIO *b, const char *s) 228 { 229 return bio_bufferevent_write(b, s, strlen(s)); 230 } 231 232 /* Method table for the bufferevent BIO */ 233 static BIO_METHOD *methods_bufferevent; 234 235 /* Return the method table for the bufferevents BIO */ 236 static BIO_METHOD * 237 BIO_s_bufferevent(void) 238 { 239 if (methods_bufferevent == NULL) { 240 methods_bufferevent = BIO_meth_new(BIO_TYPE_LIBEVENT, "bufferevent"); 241 if (methods_bufferevent == NULL) 242 return NULL; 243 BIO_meth_set_write(methods_bufferevent, bio_bufferevent_write); 244 BIO_meth_set_read(methods_bufferevent, bio_bufferevent_read); 245 BIO_meth_set_puts(methods_bufferevent, bio_bufferevent_puts); 246 BIO_meth_set_ctrl(methods_bufferevent, bio_bufferevent_ctrl); 247 BIO_meth_set_create(methods_bufferevent, bio_bufferevent_new); 248 BIO_meth_set_destroy(methods_bufferevent, bio_bufferevent_free); 249 } 250 return methods_bufferevent; 251 } 252 253 /* Create a new BIO to wrap communication around a bufferevent. If close_flag 254 * is true, the bufferevent will be freed when the BIO is closed. */ 255 static BIO * 256 BIO_new_bufferevent(struct bufferevent *bufferevent) 257 { 258 BIO *result; 259 if (!bufferevent) 260 return NULL; 261 if (!(result = BIO_new(BIO_s_bufferevent()))) 262 return NULL; 263 BIO_set_init(result, 1); 264 BIO_set_data(result, bufferevent); 265 /* We don't tell the BIO to close the bufferevent; we do it ourselves on 266 * be_openssl_destruct() */ 267 BIO_set_shutdown(result, 0); 268 return result; 269 } 270 271 /* -------------------- 272 Now, here's the OpenSSL-based implementation of bufferevent. 273 274 The implementation comes in two flavors: one that connects its SSL object 275 to an underlying bufferevent using a BIO_bufferevent, and one that has the 276 SSL object connect to a socket directly. The latter should generally be 277 faster, except on Windows, where your best bet is using a 278 bufferevent_async. 279 280 (OpenSSL supports many other BIO types, too. But we can't use any unless 281 we have a good way to get notified when they become readable/writable.) 282 -------------------- */ 283 284 struct bio_data_counts { 285 unsigned long n_written; 286 unsigned long n_read; 287 }; 288 289 struct bufferevent_openssl { 290 /* Shared fields with common bufferevent implementation code. 291 If we were set up with an underlying bufferevent, we use the 292 events here as timers only. If we have an SSL, then we use 293 the events as socket events. 294 */ 295 struct bufferevent_private bev; 296 /* An underlying bufferevent that we're directing our output to. 297 If it's NULL, then we're connected to an fd, not an evbuffer. */ 298 struct bufferevent *underlying; 299 /* The SSL object doing our encryption. */ 300 SSL *ssl; 301 302 /* A callback that's invoked when data arrives on our outbuf so we 303 know to write data to the SSL. */ 304 struct evbuffer_cb_entry *outbuf_cb; 305 306 /* A count of how much data the bios have read/written total. Used 307 for rate-limiting. */ 308 struct bio_data_counts counts; 309 310 /* If this value is greater than 0, then the last SSL_write blocked, 311 * and we need to try it again with this many bytes. */ 312 ev_ssize_t last_write; 313 314 #define NUM_ERRORS 3 315 ev_uint32_t errors[NUM_ERRORS]; 316 317 /* When we next get available space, we should say "read" instead of 318 "write". This can happen if there's a renegotiation during a read 319 operation. */ 320 unsigned read_blocked_on_write : 1; 321 /* When we next get data, we should say "write" instead of "read". */ 322 unsigned write_blocked_on_read : 1; 323 /* Treat TCP close before SSL close on SSL >= v3 as clean EOF. */ 324 unsigned allow_dirty_shutdown : 1; 325 /* XXX */ 326 unsigned n_errors : 2; 327 328 /* Are we currently connecting, accepting, or doing IO? */ 329 unsigned state : 2; 330 /* If we reset fd, we sould reset state too */ 331 unsigned old_state : 2; 332 }; 333 334 static int be_openssl_enable(struct bufferevent *, short); 335 static int be_openssl_disable(struct bufferevent *, short); 336 static void be_openssl_unlink(struct bufferevent *); 337 static void be_openssl_destruct(struct bufferevent *); 338 static int be_openssl_adj_timeouts(struct bufferevent *); 339 static int be_openssl_flush(struct bufferevent *bufev, 340 short iotype, enum bufferevent_flush_mode mode); 341 static int be_openssl_ctrl(struct bufferevent *, enum bufferevent_ctrl_op, union bufferevent_ctrl_data *); 342 343 const struct bufferevent_ops bufferevent_ops_openssl = { 344 "ssl", 345 evutil_offsetof(struct bufferevent_openssl, bev.bev), 346 be_openssl_enable, 347 be_openssl_disable, 348 be_openssl_unlink, 349 be_openssl_destruct, 350 be_openssl_adj_timeouts, 351 be_openssl_flush, 352 be_openssl_ctrl, 353 }; 354 355 /* Given a bufferevent, return a pointer to the bufferevent_openssl that 356 * contains it, if any. */ 357 static inline struct bufferevent_openssl * 358 upcast(struct bufferevent *bev) 359 { 360 struct bufferevent_openssl *bev_o; 361 if (!BEV_IS_OPENSSL(bev)) 362 return NULL; 363 bev_o = (void*)( ((char*)bev) - 364 evutil_offsetof(struct bufferevent_openssl, bev.bev)); 365 EVUTIL_ASSERT(BEV_IS_OPENSSL(&bev_o->bev.bev)); 366 return bev_o; 367 } 368 369 static inline void 370 put_error(struct bufferevent_openssl *bev_ssl, unsigned long err) 371 { 372 if (bev_ssl->n_errors == NUM_ERRORS) 373 return; 374 /* The error type according to openssl is "unsigned long", but 375 openssl never uses more than 32 bits of it. It _can't_ use more 376 than 32 bits of it, since it needs to report errors on systems 377 where long is only 32 bits. 378 */ 379 bev_ssl->errors[bev_ssl->n_errors++] = (ev_uint32_t) err; 380 } 381 382 /* Have the base communications channel (either the underlying bufferevent or 383 * ev_read and ev_write) start reading. Take the read-blocked-on-write flag 384 * into account. */ 385 static int 386 start_reading(struct bufferevent_openssl *bev_ssl) 387 { 388 if (bev_ssl->underlying) { 389 bufferevent_unsuspend_read_(bev_ssl->underlying, 390 BEV_SUSPEND_FILT_READ); 391 return 0; 392 } else { 393 struct bufferevent *bev = &bev_ssl->bev.bev; 394 int r; 395 r = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read); 396 if (r == 0 && bev_ssl->read_blocked_on_write) 397 r = bufferevent_add_event_(&bev->ev_write, 398 &bev->timeout_write); 399 return r; 400 } 401 } 402 403 /* Have the base communications channel (either the underlying bufferevent or 404 * ev_read and ev_write) start writing. Take the write-blocked-on-read flag 405 * into account. */ 406 static int 407 start_writing(struct bufferevent_openssl *bev_ssl) 408 { 409 int r = 0; 410 if (bev_ssl->underlying) { 411 if (bev_ssl->write_blocked_on_read) { 412 bufferevent_unsuspend_read_(bev_ssl->underlying, 413 BEV_SUSPEND_FILT_READ); 414 } 415 } else { 416 struct bufferevent *bev = &bev_ssl->bev.bev; 417 r = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write); 418 if (!r && bev_ssl->write_blocked_on_read) 419 r = bufferevent_add_event_(&bev->ev_read, 420 &bev->timeout_read); 421 } 422 return r; 423 } 424 425 static void 426 stop_reading(struct bufferevent_openssl *bev_ssl) 427 { 428 if (bev_ssl->write_blocked_on_read) 429 return; 430 if (bev_ssl->underlying) { 431 bufferevent_suspend_read_(bev_ssl->underlying, 432 BEV_SUSPEND_FILT_READ); 433 } else { 434 struct bufferevent *bev = &bev_ssl->bev.bev; 435 event_del(&bev->ev_read); 436 } 437 } 438 439 static void 440 stop_writing(struct bufferevent_openssl *bev_ssl) 441 { 442 if (bev_ssl->read_blocked_on_write) 443 return; 444 if (bev_ssl->underlying) { 445 bufferevent_unsuspend_read_(bev_ssl->underlying, 446 BEV_SUSPEND_FILT_READ); 447 } else { 448 struct bufferevent *bev = &bev_ssl->bev.bev; 449 event_del(&bev->ev_write); 450 } 451 } 452 453 static int 454 set_rbow(struct bufferevent_openssl *bev_ssl) 455 { 456 if (!bev_ssl->underlying) 457 stop_reading(bev_ssl); 458 bev_ssl->read_blocked_on_write = 1; 459 return start_writing(bev_ssl); 460 } 461 462 static int 463 set_wbor(struct bufferevent_openssl *bev_ssl) 464 { 465 if (!bev_ssl->underlying) 466 stop_writing(bev_ssl); 467 bev_ssl->write_blocked_on_read = 1; 468 return start_reading(bev_ssl); 469 } 470 471 static int 472 clear_rbow(struct bufferevent_openssl *bev_ssl) 473 { 474 struct bufferevent *bev = &bev_ssl->bev.bev; 475 int r = 0; 476 bev_ssl->read_blocked_on_write = 0; 477 if (!(bev->enabled & EV_WRITE)) 478 stop_writing(bev_ssl); 479 if (bev->enabled & EV_READ) 480 r = start_reading(bev_ssl); 481 return r; 482 } 483 484 485 static int 486 clear_wbor(struct bufferevent_openssl *bev_ssl) 487 { 488 struct bufferevent *bev = &bev_ssl->bev.bev; 489 int r = 0; 490 bev_ssl->write_blocked_on_read = 0; 491 if (!(bev->enabled & EV_READ)) 492 stop_reading(bev_ssl); 493 if (bev->enabled & EV_WRITE) 494 r = start_writing(bev_ssl); 495 return r; 496 } 497 498 static void 499 conn_closed(struct bufferevent_openssl *bev_ssl, int when, int errcode, int ret) 500 { 501 int event = BEV_EVENT_ERROR; 502 int dirty_shutdown = 0; 503 unsigned long err; 504 505 switch (errcode) { 506 case SSL_ERROR_ZERO_RETURN: 507 /* Possibly a clean shutdown. */ 508 if (SSL_get_shutdown(bev_ssl->ssl) & SSL_RECEIVED_SHUTDOWN) 509 event = BEV_EVENT_EOF; 510 else 511 dirty_shutdown = 1; 512 break; 513 case SSL_ERROR_SYSCALL: 514 /* IO error; possibly a dirty shutdown. */ 515 if ((ret == 0 || ret == -1) && ERR_peek_error() == 0) 516 dirty_shutdown = 1; 517 put_error(bev_ssl, errcode); 518 break; 519 case SSL_ERROR_SSL: 520 /* Protocol error. */ 521 put_error(bev_ssl, errcode); 522 break; 523 case SSL_ERROR_WANT_X509_LOOKUP: 524 /* XXXX handle this. */ 525 put_error(bev_ssl, errcode); 526 break; 527 case SSL_ERROR_NONE: 528 case SSL_ERROR_WANT_READ: 529 case SSL_ERROR_WANT_WRITE: 530 case SSL_ERROR_WANT_CONNECT: 531 case SSL_ERROR_WANT_ACCEPT: 532 default: 533 /* should be impossible; treat as normal error. */ 534 event_warnx("BUG: Unexpected OpenSSL error code %d", errcode); 535 break; 536 } 537 538 while ((err = ERR_get_error())) { 539 put_error(bev_ssl, err); 540 } 541 542 if (dirty_shutdown && bev_ssl->allow_dirty_shutdown) 543 event = BEV_EVENT_EOF; 544 545 stop_reading(bev_ssl); 546 stop_writing(bev_ssl); 547 548 /* when is BEV_EVENT_{READING|WRITING} */ 549 event = when | event; 550 bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0); 551 } 552 553 static void 554 init_bio_counts(struct bufferevent_openssl *bev_ssl) 555 { 556 BIO *rbio, *wbio; 557 558 wbio = SSL_get_wbio(bev_ssl->ssl); 559 bev_ssl->counts.n_written = wbio ? BIO_number_written(wbio) : 0; 560 rbio = SSL_get_rbio(bev_ssl->ssl); 561 bev_ssl->counts.n_read = rbio ? BIO_number_read(rbio) : 0; 562 } 563 564 static inline void 565 decrement_buckets(struct bufferevent_openssl *bev_ssl) 566 { 567 unsigned long num_w = BIO_number_written(SSL_get_wbio(bev_ssl->ssl)); 568 unsigned long num_r = BIO_number_read(SSL_get_rbio(bev_ssl->ssl)); 569 /* These next two subtractions can wrap around. That's okay. */ 570 unsigned long w = num_w - bev_ssl->counts.n_written; 571 unsigned long r = num_r - bev_ssl->counts.n_read; 572 if (w) 573 bufferevent_decrement_write_buckets_(&bev_ssl->bev, w); 574 if (r) 575 bufferevent_decrement_read_buckets_(&bev_ssl->bev, r); 576 bev_ssl->counts.n_written = num_w; 577 bev_ssl->counts.n_read = num_r; 578 } 579 580 #define OP_MADE_PROGRESS 1 581 #define OP_BLOCKED 2 582 #define OP_ERR 4 583 584 /* Return a bitmask of OP_MADE_PROGRESS (if we read anything); OP_BLOCKED (if 585 we're now blocked); and OP_ERR (if an error occurred). */ 586 static int 587 do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) { 588 /* Requires lock */ 589 struct bufferevent *bev = &bev_ssl->bev.bev; 590 struct evbuffer *input = bev->input; 591 int r, n, i, n_used = 0, atmost; 592 struct evbuffer_iovec space[2]; 593 int result = 0; 594 595 if (bev_ssl->bev.read_suspended) 596 return 0; 597 598 atmost = bufferevent_get_read_max_(&bev_ssl->bev); 599 if (n_to_read > atmost) 600 n_to_read = atmost; 601 602 n = evbuffer_reserve_space(input, n_to_read, space, 2); 603 if (n < 0) 604 return OP_ERR; 605 606 for (i=0; i<n; ++i) { 607 if (bev_ssl->bev.read_suspended) 608 break; 609 ERR_clear_error(); 610 r = SSL_read(bev_ssl->ssl, space[i].iov_base, space[i].iov_len); 611 if (r>0) { 612 result |= OP_MADE_PROGRESS; 613 if (bev_ssl->read_blocked_on_write) 614 if (clear_rbow(bev_ssl) < 0) 615 return OP_ERR | result; 616 ++n_used; 617 space[i].iov_len = r; 618 decrement_buckets(bev_ssl); 619 } else { 620 int err = SSL_get_error(bev_ssl->ssl, r); 621 print_err(err); 622 switch (err) { 623 case SSL_ERROR_WANT_READ: 624 /* Can't read until underlying has more data. */ 625 if (bev_ssl->read_blocked_on_write) 626 if (clear_rbow(bev_ssl) < 0) 627 return OP_ERR | result; 628 break; 629 case SSL_ERROR_WANT_WRITE: 630 /* This read operation requires a write, and the 631 * underlying is full */ 632 if (!bev_ssl->read_blocked_on_write) 633 if (set_rbow(bev_ssl) < 0) 634 return OP_ERR | result; 635 break; 636 default: 637 conn_closed(bev_ssl, BEV_EVENT_READING, err, r); 638 break; 639 } 640 result |= OP_BLOCKED; 641 break; /* out of the loop */ 642 } 643 } 644 645 if (n_used) { 646 evbuffer_commit_space(input, space, n_used); 647 if (bev_ssl->underlying) 648 BEV_RESET_GENERIC_READ_TIMEOUT(bev); 649 } 650 651 return result; 652 } 653 654 /* Return a bitmask of OP_MADE_PROGRESS (if we wrote anything); OP_BLOCKED (if 655 we're now blocked); and OP_ERR (if an error occurred). */ 656 static int 657 do_write(struct bufferevent_openssl *bev_ssl, int atmost) 658 { 659 int i, r, n, n_written = 0; 660 struct bufferevent *bev = &bev_ssl->bev.bev; 661 struct evbuffer *output = bev->output; 662 struct evbuffer_iovec space[8]; 663 int result = 0; 664 665 if (bev_ssl->last_write > 0) 666 atmost = bev_ssl->last_write; 667 else 668 atmost = bufferevent_get_write_max_(&bev_ssl->bev); 669 670 n = evbuffer_peek(output, atmost, NULL, space, 8); 671 if (n < 0) 672 return OP_ERR | result; 673 674 if (n > 8) 675 n = 8; 676 for (i=0; i < n; ++i) { 677 if (bev_ssl->bev.write_suspended) 678 break; 679 680 /* SSL_write will (reasonably) return 0 if we tell it to 681 send 0 data. Skip this case so we don't interpret the 682 result as an error */ 683 if (space[i].iov_len == 0) 684 continue; 685 686 ERR_clear_error(); 687 r = SSL_write(bev_ssl->ssl, space[i].iov_base, 688 space[i].iov_len); 689 if (r > 0) { 690 result |= OP_MADE_PROGRESS; 691 if (bev_ssl->write_blocked_on_read) 692 if (clear_wbor(bev_ssl) < 0) 693 return OP_ERR | result; 694 n_written += r; 695 bev_ssl->last_write = -1; 696 decrement_buckets(bev_ssl); 697 } else { 698 int err = SSL_get_error(bev_ssl->ssl, r); 699 print_err(err); 700 switch (err) { 701 case SSL_ERROR_WANT_WRITE: 702 /* Can't read until underlying has more data. */ 703 if (bev_ssl->write_blocked_on_read) 704 if (clear_wbor(bev_ssl) < 0) 705 return OP_ERR | result; 706 bev_ssl->last_write = space[i].iov_len; 707 break; 708 case SSL_ERROR_WANT_READ: 709 /* This read operation requires a write, and the 710 * underlying is full */ 711 if (!bev_ssl->write_blocked_on_read) 712 if (set_wbor(bev_ssl) < 0) 713 return OP_ERR | result; 714 bev_ssl->last_write = space[i].iov_len; 715 break; 716 default: 717 conn_closed(bev_ssl, BEV_EVENT_WRITING, err, r); 718 bev_ssl->last_write = -1; 719 break; 720 } 721 result |= OP_BLOCKED; 722 break; 723 } 724 } 725 if (n_written) { 726 evbuffer_drain(output, n_written); 727 if (bev_ssl->underlying) 728 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev); 729 730 bufferevent_trigger_nolock_(bev, EV_WRITE, BEV_OPT_DEFER_CALLBACKS); 731 } 732 return result; 733 } 734 735 #define WRITE_FRAME 15000 736 737 #define READ_DEFAULT 4096 738 739 /* Try to figure out how many bytes to read; return 0 if we shouldn't be 740 * reading. */ 741 static int 742 bytes_to_read(struct bufferevent_openssl *bev) 743 { 744 struct evbuffer *input = bev->bev.bev.input; 745 struct event_watermark *wm = &bev->bev.bev.wm_read; 746 int result = READ_DEFAULT; 747 ev_ssize_t limit; 748 /* XXX 99% of this is generic code that nearly all bufferevents will 749 * want. */ 750 751 if (bev->write_blocked_on_read) { 752 return 0; 753 } 754 755 if (! (bev->bev.bev.enabled & EV_READ)) { 756 return 0; 757 } 758 759 if (bev->bev.read_suspended) { 760 return 0; 761 } 762 763 if (wm->high) { 764 if (evbuffer_get_length(input) >= wm->high) { 765 return 0; 766 } 767 768 result = wm->high - evbuffer_get_length(input); 769 } else { 770 result = READ_DEFAULT; 771 } 772 773 /* Respect the rate limit */ 774 limit = bufferevent_get_read_max_(&bev->bev); 775 if (result > limit) { 776 result = limit; 777 } 778 779 return result; 780 } 781 782 783 /* Things look readable. If write is blocked on read, write till it isn't. 784 * Read from the underlying buffer until we block or we hit our high-water 785 * mark. 786 */ 787 static void 788 consider_reading(struct bufferevent_openssl *bev_ssl) 789 { 790 int r; 791 int n_to_read; 792 int all_result_flags = 0; 793 794 while (bev_ssl->write_blocked_on_read) { 795 r = do_write(bev_ssl, WRITE_FRAME); 796 if (r & (OP_BLOCKED|OP_ERR)) 797 break; 798 } 799 if (bev_ssl->write_blocked_on_read) 800 return; 801 802 n_to_read = bytes_to_read(bev_ssl); 803 804 while (n_to_read) { 805 r = do_read(bev_ssl, n_to_read); 806 all_result_flags |= r; 807 808 if (r & (OP_BLOCKED|OP_ERR)) 809 break; 810 811 if (bev_ssl->bev.read_suspended) 812 break; 813 814 /* Read all pending data. This won't hit the network 815 * again, and will (most importantly) put us in a state 816 * where we don't need to read anything else until the 817 * socket is readable again. It'll potentially make us 818 * overrun our read high-watermark (somewhat 819 * regrettable). The damage to the rate-limit has 820 * already been done, since OpenSSL went and read a 821 * whole SSL record anyway. */ 822 n_to_read = SSL_pending(bev_ssl->ssl); 823 824 /* XXX This if statement is actually a bad bug, added to avoid 825 * XXX a worse bug. 826 * 827 * The bad bug: It can potentially cause resource unfairness 828 * by reading too much data from the underlying bufferevent; 829 * it can potentially cause read looping if the underlying 830 * bufferevent is a bufferevent_pair and deferred callbacks 831 * aren't used. 832 * 833 * The worse bug: If we didn't do this, then we would 834 * potentially not read any more from bev_ssl->underlying 835 * until more data arrived there, which could lead to us 836 * waiting forever. 837 */ 838 if (!n_to_read && bev_ssl->underlying) 839 n_to_read = bytes_to_read(bev_ssl); 840 } 841 842 if (all_result_flags & OP_MADE_PROGRESS) { 843 struct bufferevent *bev = &bev_ssl->bev.bev; 844 845 bufferevent_trigger_nolock_(bev, EV_READ, 0); 846 } 847 848 if (!bev_ssl->underlying) { 849 /* Should be redundant, but let's avoid busy-looping */ 850 if (bev_ssl->bev.read_suspended || 851 !(bev_ssl->bev.bev.enabled & EV_READ)) { 852 event_del(&bev_ssl->bev.bev.ev_read); 853 } 854 } 855 } 856 857 static void 858 consider_writing(struct bufferevent_openssl *bev_ssl) 859 { 860 int r; 861 struct evbuffer *output = bev_ssl->bev.bev.output; 862 struct evbuffer *target = NULL; 863 struct event_watermark *wm = NULL; 864 865 while (bev_ssl->read_blocked_on_write) { 866 r = do_read(bev_ssl, 1024); /* XXXX 1024 is a hack */ 867 if (r & OP_MADE_PROGRESS) { 868 struct bufferevent *bev = &bev_ssl->bev.bev; 869 870 bufferevent_trigger_nolock_(bev, EV_READ, 0); 871 } 872 if (r & (OP_ERR|OP_BLOCKED)) 873 break; 874 } 875 if (bev_ssl->read_blocked_on_write) 876 return; 877 if (bev_ssl->underlying) { 878 target = bev_ssl->underlying->output; 879 wm = &bev_ssl->underlying->wm_write; 880 } 881 while ((bev_ssl->bev.bev.enabled & EV_WRITE) && 882 (! bev_ssl->bev.write_suspended) && 883 evbuffer_get_length(output) && 884 (!target || (! wm->high || evbuffer_get_length(target) < wm->high))) { 885 int n_to_write; 886 if (wm && wm->high) 887 n_to_write = wm->high - evbuffer_get_length(target); 888 else 889 n_to_write = WRITE_FRAME; 890 r = do_write(bev_ssl, n_to_write); 891 if (r & (OP_BLOCKED|OP_ERR)) 892 break; 893 } 894 895 if (!bev_ssl->underlying) { 896 if (evbuffer_get_length(output) == 0) { 897 event_del(&bev_ssl->bev.bev.ev_write); 898 } else if (bev_ssl->bev.write_suspended || 899 !(bev_ssl->bev.bev.enabled & EV_WRITE)) { 900 /* Should be redundant, but let's avoid busy-looping */ 901 event_del(&bev_ssl->bev.bev.ev_write); 902 } 903 } 904 } 905 906 static void 907 be_openssl_readcb(struct bufferevent *bev_base, void *ctx) 908 { 909 struct bufferevent_openssl *bev_ssl = ctx; 910 consider_reading(bev_ssl); 911 } 912 913 static void 914 be_openssl_writecb(struct bufferevent *bev_base, void *ctx) 915 { 916 struct bufferevent_openssl *bev_ssl = ctx; 917 consider_writing(bev_ssl); 918 } 919 920 static void 921 be_openssl_eventcb(struct bufferevent *bev_base, short what, void *ctx) 922 { 923 struct bufferevent_openssl *bev_ssl = ctx; 924 int event = 0; 925 926 if (what & BEV_EVENT_EOF) { 927 if (bev_ssl->allow_dirty_shutdown) 928 event = BEV_EVENT_EOF; 929 else 930 event = BEV_EVENT_ERROR; 931 } else if (what & BEV_EVENT_TIMEOUT) { 932 /* We sure didn't set this. Propagate it to the user. */ 933 event = what; 934 } else if (what & BEV_EVENT_ERROR) { 935 /* An error occurred on the connection. Propagate it to the user. */ 936 event = what; 937 } else if (what & BEV_EVENT_CONNECTED) { 938 /* Ignore it. We're saying SSL_connect() already, which will 939 eat it. */ 940 } 941 if (event) 942 bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0); 943 } 944 945 static void 946 be_openssl_readeventcb(evutil_socket_t fd, short what, void *ptr) 947 { 948 struct bufferevent_openssl *bev_ssl = ptr; 949 bufferevent_incref_and_lock_(&bev_ssl->bev.bev); 950 if (what == EV_TIMEOUT) { 951 bufferevent_run_eventcb_(&bev_ssl->bev.bev, 952 BEV_EVENT_TIMEOUT|BEV_EVENT_READING, 0); 953 } else { 954 consider_reading(bev_ssl); 955 } 956 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev); 957 } 958 959 static void 960 be_openssl_writeeventcb(evutil_socket_t fd, short what, void *ptr) 961 { 962 struct bufferevent_openssl *bev_ssl = ptr; 963 bufferevent_incref_and_lock_(&bev_ssl->bev.bev); 964 if (what == EV_TIMEOUT) { 965 bufferevent_run_eventcb_(&bev_ssl->bev.bev, 966 BEV_EVENT_TIMEOUT|BEV_EVENT_WRITING, 0); 967 } else { 968 consider_writing(bev_ssl); 969 } 970 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev); 971 } 972 973 static evutil_socket_t 974 be_openssl_auto_fd(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd) 975 { 976 if (!bev_ssl->underlying) { 977 struct bufferevent *bev = &bev_ssl->bev.bev; 978 if (event_initialized(&bev->ev_read) && fd < 0) { 979 fd = event_get_fd(&bev->ev_read); 980 } 981 } 982 return fd; 983 } 984 985 static int 986 set_open_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd) 987 { 988 if (bev_ssl->underlying) { 989 bufferevent_setcb(bev_ssl->underlying, 990 be_openssl_readcb, be_openssl_writecb, be_openssl_eventcb, 991 bev_ssl); 992 return 0; 993 } else { 994 struct bufferevent *bev = &bev_ssl->bev.bev; 995 int rpending=0, wpending=0, r1=0, r2=0; 996 997 if (event_initialized(&bev->ev_read)) { 998 rpending = event_pending(&bev->ev_read, EV_READ, NULL); 999 wpending = event_pending(&bev->ev_write, EV_WRITE, NULL); 1000 1001 event_del(&bev->ev_read); 1002 event_del(&bev->ev_write); 1003 } 1004 1005 event_assign(&bev->ev_read, bev->ev_base, fd, 1006 EV_READ|EV_PERSIST|EV_FINALIZE, 1007 be_openssl_readeventcb, bev_ssl); 1008 event_assign(&bev->ev_write, bev->ev_base, fd, 1009 EV_WRITE|EV_PERSIST|EV_FINALIZE, 1010 be_openssl_writeeventcb, bev_ssl); 1011 1012 if (rpending) 1013 r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read); 1014 if (wpending) 1015 r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write); 1016 1017 return (r1<0 || r2<0) ? -1 : 0; 1018 } 1019 } 1020 1021 static int 1022 do_handshake(struct bufferevent_openssl *bev_ssl) 1023 { 1024 int r; 1025 1026 switch (bev_ssl->state) { 1027 default: 1028 case BUFFEREVENT_SSL_OPEN: 1029 EVUTIL_ASSERT(0); 1030 return -1; 1031 case BUFFEREVENT_SSL_CONNECTING: 1032 case BUFFEREVENT_SSL_ACCEPTING: 1033 ERR_clear_error(); 1034 r = SSL_do_handshake(bev_ssl->ssl); 1035 break; 1036 } 1037 decrement_buckets(bev_ssl); 1038 1039 if (r==1) { 1040 evutil_socket_t fd = event_get_fd(&bev_ssl->bev.bev.ev_read); 1041 /* We're done! */ 1042 bev_ssl->state = BUFFEREVENT_SSL_OPEN; 1043 set_open_callbacks(bev_ssl, fd); /* XXXX handle failure */ 1044 /* Call do_read and do_write as needed */ 1045 bufferevent_enable(&bev_ssl->bev.bev, bev_ssl->bev.bev.enabled); 1046 bufferevent_run_eventcb_(&bev_ssl->bev.bev, 1047 BEV_EVENT_CONNECTED, 0); 1048 return 1; 1049 } else { 1050 int err = SSL_get_error(bev_ssl->ssl, r); 1051 print_err(err); 1052 switch (err) { 1053 case SSL_ERROR_WANT_WRITE: 1054 stop_reading(bev_ssl); 1055 return start_writing(bev_ssl); 1056 case SSL_ERROR_WANT_READ: 1057 stop_writing(bev_ssl); 1058 return start_reading(bev_ssl); 1059 default: 1060 conn_closed(bev_ssl, BEV_EVENT_READING, err, r); 1061 return -1; 1062 } 1063 } 1064 } 1065 1066 static void 1067 be_openssl_handshakecb(struct bufferevent *bev_base, void *ctx) 1068 { 1069 struct bufferevent_openssl *bev_ssl = ctx; 1070 do_handshake(bev_ssl);/* XXX handle failure */ 1071 } 1072 1073 static void 1074 be_openssl_handshakeeventcb(evutil_socket_t fd, short what, void *ptr) 1075 { 1076 struct bufferevent_openssl *bev_ssl = ptr; 1077 1078 bufferevent_incref_and_lock_(&bev_ssl->bev.bev); 1079 if (what & EV_TIMEOUT) { 1080 bufferevent_run_eventcb_(&bev_ssl->bev.bev, BEV_EVENT_TIMEOUT, 0); 1081 } else 1082 do_handshake(bev_ssl);/* XXX handle failure */ 1083 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev); 1084 } 1085 1086 static int 1087 set_handshake_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd) 1088 { 1089 if (bev_ssl->underlying) { 1090 bufferevent_setcb(bev_ssl->underlying, 1091 be_openssl_handshakecb, be_openssl_handshakecb, 1092 be_openssl_eventcb, 1093 bev_ssl); 1094 1095 if (fd < 0) 1096 return 0; 1097 1098 if (bufferevent_setfd(bev_ssl->underlying, fd)) 1099 return 1; 1100 1101 return do_handshake(bev_ssl); 1102 } else { 1103 struct bufferevent *bev = &bev_ssl->bev.bev; 1104 1105 if (event_initialized(&bev->ev_read)) { 1106 event_del(&bev->ev_read); 1107 event_del(&bev->ev_write); 1108 } 1109 1110 event_assign(&bev->ev_read, bev->ev_base, fd, 1111 EV_READ|EV_PERSIST|EV_FINALIZE, 1112 be_openssl_handshakeeventcb, bev_ssl); 1113 event_assign(&bev->ev_write, bev->ev_base, fd, 1114 EV_WRITE|EV_PERSIST|EV_FINALIZE, 1115 be_openssl_handshakeeventcb, bev_ssl); 1116 if (fd >= 0) 1117 bufferevent_enable(bev, bev->enabled); 1118 return 0; 1119 } 1120 } 1121 1122 int 1123 bufferevent_ssl_renegotiate(struct bufferevent *bev) 1124 { 1125 struct bufferevent_openssl *bev_ssl = upcast(bev); 1126 if (!bev_ssl) 1127 return -1; 1128 if (SSL_renegotiate(bev_ssl->ssl) < 0) 1129 return -1; 1130 bev_ssl->state = BUFFEREVENT_SSL_CONNECTING; 1131 if (set_handshake_callbacks(bev_ssl, be_openssl_auto_fd(bev_ssl, -1)) < 0) 1132 return -1; 1133 if (!bev_ssl->underlying) 1134 return do_handshake(bev_ssl); 1135 return 0; 1136 } 1137 1138 static void 1139 be_openssl_outbuf_cb(struct evbuffer *buf, 1140 const struct evbuffer_cb_info *cbinfo, void *arg) 1141 { 1142 struct bufferevent_openssl *bev_ssl = arg; 1143 int r = 0; 1144 /* XXX need to hold a reference here. */ 1145 1146 if (cbinfo->n_added && bev_ssl->state == BUFFEREVENT_SSL_OPEN) { 1147 if (cbinfo->orig_size == 0) 1148 r = bufferevent_add_event_(&bev_ssl->bev.bev.ev_write, 1149 &bev_ssl->bev.bev.timeout_write); 1150 1151 if (bev_ssl->underlying) 1152 consider_writing(bev_ssl); 1153 } 1154 /* XXX Handle r < 0 */ 1155 (void)r; 1156 } 1157 1158 1159 static int 1160 be_openssl_enable(struct bufferevent *bev, short events) 1161 { 1162 struct bufferevent_openssl *bev_ssl = upcast(bev); 1163 int r1 = 0, r2 = 0; 1164 1165 if (events & EV_READ) 1166 r1 = start_reading(bev_ssl); 1167 if (events & EV_WRITE) 1168 r2 = start_writing(bev_ssl); 1169 1170 if (bev_ssl->underlying) { 1171 if (events & EV_READ) 1172 BEV_RESET_GENERIC_READ_TIMEOUT(bev); 1173 if (events & EV_WRITE) 1174 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev); 1175 1176 if (events & EV_READ) 1177 consider_reading(bev_ssl); 1178 if (events & EV_WRITE) 1179 consider_writing(bev_ssl); 1180 } 1181 return (r1 < 0 || r2 < 0) ? -1 : 0; 1182 } 1183 1184 static int 1185 be_openssl_disable(struct bufferevent *bev, short events) 1186 { 1187 struct bufferevent_openssl *bev_ssl = upcast(bev); 1188 1189 if (events & EV_READ) 1190 stop_reading(bev_ssl); 1191 if (events & EV_WRITE) 1192 stop_writing(bev_ssl); 1193 1194 if (bev_ssl->underlying) { 1195 if (events & EV_READ) 1196 BEV_DEL_GENERIC_READ_TIMEOUT(bev); 1197 if (events & EV_WRITE) 1198 BEV_DEL_GENERIC_WRITE_TIMEOUT(bev); 1199 } 1200 return 0; 1201 } 1202 1203 static void 1204 be_openssl_unlink(struct bufferevent *bev) 1205 { 1206 struct bufferevent_openssl *bev_ssl = upcast(bev); 1207 1208 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) { 1209 if (bev_ssl->underlying) { 1210 if (BEV_UPCAST(bev_ssl->underlying)->refcnt < 2) { 1211 event_warnx("BEV_OPT_CLOSE_ON_FREE set on an " 1212 "bufferevent with too few references"); 1213 } else { 1214 bufferevent_free(bev_ssl->underlying); 1215 /* We still have a reference to it, via our 1216 * BIO. So we don't drop this. */ 1217 // bev_ssl->underlying = NULL; 1218 } 1219 } 1220 } else { 1221 if (bev_ssl->underlying) { 1222 if (bev_ssl->underlying->errorcb == be_openssl_eventcb) 1223 bufferevent_setcb(bev_ssl->underlying, 1224 NULL,NULL,NULL,NULL); 1225 bufferevent_unsuspend_read_(bev_ssl->underlying, 1226 BEV_SUSPEND_FILT_READ); 1227 } 1228 } 1229 } 1230 1231 static void 1232 be_openssl_destruct(struct bufferevent *bev) 1233 { 1234 struct bufferevent_openssl *bev_ssl = upcast(bev); 1235 1236 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) { 1237 if (! bev_ssl->underlying) { 1238 evutil_socket_t fd = EVUTIL_INVALID_SOCKET; 1239 BIO *bio = SSL_get_wbio(bev_ssl->ssl); 1240 if (bio) 1241 fd = BIO_get_fd(bio, NULL); 1242 if (fd >= 0) 1243 evutil_closesocket(fd); 1244 } 1245 SSL_free(bev_ssl->ssl); 1246 } 1247 } 1248 1249 static int 1250 be_openssl_adj_timeouts(struct bufferevent *bev) 1251 { 1252 struct bufferevent_openssl *bev_ssl = upcast(bev); 1253 1254 if (bev_ssl->underlying) { 1255 return bufferevent_generic_adj_timeouts_(bev); 1256 } else { 1257 return bufferevent_generic_adj_existing_timeouts_(bev); 1258 } 1259 } 1260 1261 static int 1262 be_openssl_flush(struct bufferevent *bufev, 1263 short iotype, enum bufferevent_flush_mode mode) 1264 { 1265 /* XXXX Implement this. */ 1266 return 0; 1267 } 1268 1269 static int 1270 be_openssl_set_fd(struct bufferevent_openssl *bev_ssl, 1271 enum bufferevent_ssl_state state, evutil_socket_t fd) 1272 { 1273 bev_ssl->state = state; 1274 1275 switch (state) { 1276 case BUFFEREVENT_SSL_ACCEPTING: 1277 if (!SSL_clear(bev_ssl->ssl)) 1278 return -1; 1279 SSL_set_accept_state(bev_ssl->ssl); 1280 if (set_handshake_callbacks(bev_ssl, fd) < 0) 1281 return -1; 1282 break; 1283 case BUFFEREVENT_SSL_CONNECTING: 1284 if (!SSL_clear(bev_ssl->ssl)) 1285 return -1; 1286 SSL_set_connect_state(bev_ssl->ssl); 1287 if (set_handshake_callbacks(bev_ssl, fd) < 0) 1288 return -1; 1289 break; 1290 case BUFFEREVENT_SSL_OPEN: 1291 if (set_open_callbacks(bev_ssl, fd) < 0) 1292 return -1; 1293 break; 1294 default: 1295 return -1; 1296 } 1297 1298 return 0; 1299 } 1300 1301 static int 1302 be_openssl_ctrl(struct bufferevent *bev, 1303 enum bufferevent_ctrl_op op, union bufferevent_ctrl_data *data) 1304 { 1305 struct bufferevent_openssl *bev_ssl = upcast(bev); 1306 switch (op) { 1307 case BEV_CTRL_SET_FD: 1308 if (!bev_ssl->underlying) { 1309 BIO *bio; 1310 bio = BIO_new_socket((int)data->fd, 0); 1311 SSL_set_bio(bev_ssl->ssl, bio, bio); 1312 } else { 1313 BIO *bio; 1314 if (!(bio = BIO_new_bufferevent(bev_ssl->underlying))) 1315 return -1; 1316 SSL_set_bio(bev_ssl->ssl, bio, bio); 1317 } 1318 1319 return be_openssl_set_fd(bev_ssl, bev_ssl->old_state, data->fd); 1320 case BEV_CTRL_GET_FD: 1321 if (bev_ssl->underlying) { 1322 data->fd = event_get_fd(&bev_ssl->underlying->ev_read); 1323 } else { 1324 data->fd = event_get_fd(&bev->ev_read); 1325 } 1326 return 0; 1327 case BEV_CTRL_GET_UNDERLYING: 1328 data->ptr = bev_ssl->underlying; 1329 return 0; 1330 case BEV_CTRL_CANCEL_ALL: 1331 default: 1332 return -1; 1333 } 1334 } 1335 1336 SSL * 1337 bufferevent_openssl_get_ssl(struct bufferevent *bufev) 1338 { 1339 struct bufferevent_openssl *bev_ssl = upcast(bufev); 1340 if (!bev_ssl) 1341 return NULL; 1342 return bev_ssl->ssl; 1343 } 1344 1345 static struct bufferevent * 1346 bufferevent_openssl_new_impl(struct event_base *base, 1347 struct bufferevent *underlying, 1348 evutil_socket_t fd, 1349 SSL *ssl, 1350 enum bufferevent_ssl_state state, 1351 int options) 1352 { 1353 struct bufferevent_openssl *bev_ssl = NULL; 1354 struct bufferevent_private *bev_p = NULL; 1355 int tmp_options = options & ~BEV_OPT_THREADSAFE; 1356 1357 /* Only one can be set. */ 1358 if (underlying != NULL && fd >= 0) 1359 goto err; 1360 1361 if (!(bev_ssl = mm_calloc(1, sizeof(struct bufferevent_openssl)))) 1362 goto err; 1363 1364 bev_p = &bev_ssl->bev; 1365 1366 if (bufferevent_init_common_(bev_p, base, 1367 &bufferevent_ops_openssl, tmp_options) < 0) 1368 goto err; 1369 1370 /* Don't explode if we decide to realloc a chunk we're writing from in 1371 * the output buffer. */ 1372 SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); 1373 1374 bev_ssl->underlying = underlying; 1375 bev_ssl->ssl = ssl; 1376 1377 bev_ssl->outbuf_cb = evbuffer_add_cb(bev_p->bev.output, 1378 be_openssl_outbuf_cb, bev_ssl); 1379 1380 if (options & BEV_OPT_THREADSAFE) 1381 bufferevent_enable_locking_(&bev_ssl->bev.bev, NULL); 1382 1383 if (underlying) { 1384 bufferevent_init_generic_timeout_cbs_(&bev_ssl->bev.bev); 1385 bufferevent_incref_(underlying); 1386 } 1387 1388 bev_ssl->old_state = state; 1389 bev_ssl->last_write = -1; 1390 1391 init_bio_counts(bev_ssl); 1392 1393 fd = be_openssl_auto_fd(bev_ssl, fd); 1394 if (be_openssl_set_fd(bev_ssl, state, fd)) 1395 goto err; 1396 1397 if (underlying) { 1398 bufferevent_setwatermark(underlying, EV_READ, 0, 0); 1399 bufferevent_enable(underlying, EV_READ|EV_WRITE); 1400 if (state == BUFFEREVENT_SSL_OPEN) 1401 bufferevent_suspend_read_(underlying, 1402 BEV_SUSPEND_FILT_READ); 1403 } 1404 1405 return &bev_ssl->bev.bev; 1406 err: 1407 if (options & BEV_OPT_CLOSE_ON_FREE) 1408 SSL_free(ssl); 1409 if (bev_ssl) { 1410 bev_ssl->ssl = NULL; 1411 bufferevent_free(&bev_ssl->bev.bev); 1412 } 1413 return NULL; 1414 } 1415 1416 struct bufferevent * 1417 bufferevent_openssl_filter_new(struct event_base *base, 1418 struct bufferevent *underlying, 1419 SSL *ssl, 1420 enum bufferevent_ssl_state state, 1421 int options) 1422 { 1423 BIO *bio; 1424 struct bufferevent *bev; 1425 1426 if (!underlying) 1427 goto err; 1428 if (!(bio = BIO_new_bufferevent(underlying))) 1429 goto err; 1430 1431 SSL_set_bio(ssl, bio, bio); 1432 1433 bev = bufferevent_openssl_new_impl( 1434 base, underlying, -1, ssl, state, options); 1435 return bev; 1436 1437 err: 1438 if (options & BEV_OPT_CLOSE_ON_FREE) 1439 SSL_free(ssl); 1440 return NULL; 1441 } 1442 1443 struct bufferevent * 1444 bufferevent_openssl_socket_new(struct event_base *base, 1445 evutil_socket_t fd, 1446 SSL *ssl, 1447 enum bufferevent_ssl_state state, 1448 int options) 1449 { 1450 /* Does the SSL already have an fd? */ 1451 BIO *bio = SSL_get_wbio(ssl); 1452 long have_fd = -1; 1453 1454 if (bio) 1455 have_fd = BIO_get_fd(bio, NULL); 1456 1457 if (have_fd >= 0) { 1458 /* The SSL is already configured with an fd. */ 1459 if (fd < 0) { 1460 /* We should learn the fd from the SSL. */ 1461 fd = (evutil_socket_t) have_fd; 1462 } else if (have_fd == (long)fd) { 1463 /* We already know the fd from the SSL; do nothing */ 1464 } else { 1465 /* We specified an fd different from that of the SSL. 1466 This is probably an error on our part. Fail. */ 1467 goto err; 1468 } 1469 (void)BIO_set_close(bio, 0); 1470 } else { 1471 /* The SSL isn't configured with a BIO with an fd. */ 1472 if (fd >= 0) { 1473 /* ... and we have an fd we want to use. */ 1474 bio = BIO_new_socket((int)fd, 0); 1475 SSL_set_bio(ssl, bio, bio); 1476 } else { 1477 /* Leave the fd unset. */ 1478 } 1479 } 1480 1481 return bufferevent_openssl_new_impl( 1482 base, NULL, fd, ssl, state, options); 1483 1484 err: 1485 if (options & BEV_OPT_CLOSE_ON_FREE) 1486 SSL_free(ssl); 1487 return NULL; 1488 } 1489 1490 int 1491 bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev) 1492 { 1493 int allow_dirty_shutdown = -1; 1494 struct bufferevent_openssl *bev_ssl; 1495 BEV_LOCK(bev); 1496 bev_ssl = upcast(bev); 1497 if (bev_ssl) 1498 allow_dirty_shutdown = bev_ssl->allow_dirty_shutdown; 1499 BEV_UNLOCK(bev); 1500 return allow_dirty_shutdown; 1501 } 1502 1503 void 1504 bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev, 1505 int allow_dirty_shutdown) 1506 { 1507 struct bufferevent_openssl *bev_ssl; 1508 BEV_LOCK(bev); 1509 bev_ssl = upcast(bev); 1510 if (bev_ssl) 1511 bev_ssl->allow_dirty_shutdown = !!allow_dirty_shutdown; 1512 BEV_UNLOCK(bev); 1513 } 1514 1515 unsigned long 1516 bufferevent_get_openssl_error(struct bufferevent *bev) 1517 { 1518 unsigned long err = 0; 1519 struct bufferevent_openssl *bev_ssl; 1520 BEV_LOCK(bev); 1521 bev_ssl = upcast(bev); 1522 if (bev_ssl && bev_ssl->n_errors) { 1523 err = bev_ssl->errors[--bev_ssl->n_errors]; 1524 } 1525 BEV_UNLOCK(bev); 1526 return err; 1527 } 1528