xref: /openbsd-src/lib/libcrypto/man/BIO_s_bio.3 (revision 5158016f5db4e4cc2a3c2eac434efa81eb9e7031) 
1.\" $OpenBSD: BIO_s_bio.3,v 1.20 2024/05/19 07:12:50 jsg Exp $
2.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3.\"
4.\" This file was written by
5.\" Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>,
6.\" Dr. Stephen Henson <steve@openssl.org>,
7.\" Bodo Moeller <bodo@openssl.org>,
8.\" and Richard Levitte <levitte@openssl.org>.
9.\" Copyright (c) 2000, 2002, 2015, 2016 The OpenSSL Project.
10.\" All rights reserved.
11.\"
12.\" Redistribution and use in source and binary forms, with or without
13.\" modification, are permitted provided that the following conditions
14.\" are met:
15.\"
16.\" 1. Redistributions of source code must retain the above copyright
17.\"    notice, this list of conditions and the following disclaimer.
18.\"
19.\" 2. Redistributions in binary form must reproduce the above copyright
20.\"    notice, this list of conditions and the following disclaimer in
21.\"    the documentation and/or other materials provided with the
22.\"    distribution.
23.\"
24.\" 3. All advertising materials mentioning features or use of this
25.\"    software must display the following acknowledgment:
26.\"    "This product includes software developed by the OpenSSL Project
27.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
28.\"
29.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
30.\"    endorse or promote products derived from this software without
31.\"    prior written permission. For written permission, please contact
32.\"    openssl-core@openssl.org.
33.\"
34.\" 5. Products derived from this software may not be called "OpenSSL"
35.\"    nor may "OpenSSL" appear in their names without prior written
36.\"    permission of the OpenSSL Project.
37.\"
38.\" 6. Redistributions of any form whatsoever must retain the following
39.\"    acknowledgment:
40.\"    "This product includes software developed by the OpenSSL Project
41.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
42.\"
43.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
44.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
46.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
47.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
48.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
49.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
50.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
51.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
52.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
53.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
54.\" OF THE POSSIBILITY OF SUCH DAMAGE.
55.\"
56.Dd $Mdocdate: May 19 2024 $
57.Dt BIO_S_BIO 3
58.Os
59.Sh NAME
60.Nm BIO_s_bio ,
61.Nm BIO_make_bio_pair ,
62.Nm BIO_destroy_bio_pair ,
63.Nm BIO_shutdown_wr ,
64.Nm BIO_set_write_buf_size ,
65.Nm BIO_get_write_buf_size ,
66.Nm BIO_new_bio_pair ,
67.Nm BIO_get_write_guarantee ,
68.Nm BIO_ctrl_get_write_guarantee ,
69.Nm BIO_get_read_request ,
70.Nm BIO_ctrl_get_read_request ,
71.Nm BIO_ctrl_reset_read_request
72.Nd BIO pair BIO
73.Sh SYNOPSIS
74.In openssl/bio.h
75.Ft const BIO_METHOD *
76.Fo BIO_s_bio
77.Fa void
78.Fc
79.Ft int
80.Fo BIO_make_bio_pair
81.Fa "BIO *b1"
82.Fa "BIO *b2"
83.Fc
84.Ft int
85.Fo BIO_destroy_bio_pair
86.Fa "BIO *b"
87.Fc
88.Ft int
89.Fo BIO_shutdown_wr
90.Fa "BIO *b"
91.Fc
92.Ft int
93.Fo BIO_set_write_buf_size
94.Fa "BIO *b"
95.Fa "long size"
96.Fc
97.Ft size_t
98.Fo BIO_get_write_buf_size
99.Fa "BIO *b"
100.Fa "long size"
101.Fc
102.Ft int
103.Fo BIO_new_bio_pair
104.Fa "BIO **bio1"
105.Fa "size_t writebuf1"
106.Fa "BIO **bio2"
107.Fa "size_t writebuf2"
108.Fc
109.Ft int
110.Fo BIO_get_write_guarantee
111.Fa "BIO *b"
112.Fc
113.Ft size_t
114.Fo BIO_ctrl_get_write_guarantee
115.Fa "BIO *b"
116.Fc
117.Ft int
118.Fo BIO_get_read_request
119.Fa "BIO *b"
120.Fc
121.Ft size_t
122.Fo BIO_ctrl_get_read_request
123.Fa "BIO *b"
124.Fc
125.Ft int
126.Fo BIO_ctrl_reset_read_request
127.Fa "BIO *b"
128.Fc
129.Sh DESCRIPTION
130.Fn BIO_s_bio
131returns the method for a BIO pair.
132A BIO pair is a pair of source/sink BIOs where data written to either
133half of the pair is buffered and can be read from the other half.
134Both halves must usually be handled by the same application thread
135since no locking is done on the internal data structures.
136.Pp
137Since BIO chains typically end in a source/sink BIO,
138it is possible to make this one half of a BIO pair and
139have all the data processed by the chain under application control.
140.Pp
141One typical use of BIO pairs is
142to place TLS/SSL I/O under application control.
143This can be used when the application wishes to use a non-standard
144transport for TLS/SSL or the normal socket routines are inappropriate.
145.Pp
146Calls to
147.Xr BIO_read 3
148will read data from the buffer or request a retry if no data is available.
149.Pp
150Calls to
151.Xr BIO_write 3
152will place data in the buffer or request a retry if the buffer is full.
153.Pp
154The standard calls
155.Xr BIO_ctrl_pending 3
156and
157.Xr BIO_ctrl_wpending 3
158can be used to determine the amount of pending data
159in the read or write buffer.
160.Pp
161.Xr BIO_reset 3
162clears any data in the write buffer.
163.Pp
164.Fn BIO_make_bio_pair
165joins two separate BIOs into a connected pair.
166.Pp
167.Fn BIO_destroy_pair
168destroys the association between two connected BIOs.
169Freeing up any half of the pair will automatically destroy the association.
170.Pp
171.Fn BIO_shutdown_wr
172is used to close down a BIO
173.Fa b .
174After this call no further writes on BIO
175.Fa b
176are allowed; they will return an error.
177Reads on the other half of the pair will return any pending data
178or EOF when all pending data has been read.
179.Pp
180.Fn BIO_set_write_buf_size
181sets the write buffer size of BIO
182.Fa b
183to
184.Fa size .
185If the size is not initialized, a default value is used.
186This is currently 17K, sufficient for a maximum size TLS record.
187When a chain containing a BIO pair is copied with
188.Xr BIO_dup_chain 3 ,
189the write buffer size is automatically copied
190from the original BIO object to the new one.
191.Pp
192.Fn BIO_get_write_buf_size
193returns the size of the write buffer.
194.Pp
195.Fn BIO_new_bio_pair
196combines the calls to
197.Xr BIO_new 3 ,
198.Fn BIO_make_bio_pair
199and
200.Fn BIO_set_write_buf_size
201to create a connected pair of BIOs
202.Fa bio1
203and
204.Fa bio2
205with write buffer sizes
206.Fa writebuf1
207and
208.Fa writebuf2 .
209If either size is zero, then the default size is used.
210.Fn BIO_new_bio_pair
211does not check whether
212.Fa bio1
213or
214.Fa bio2
215point to some other BIO; the values are overwritten and
216.Xr BIO_free 3
217is not called.
218.Pp
219.Fn BIO_get_write_guarantee
220and
221.Fn BIO_ctrl_get_write_guarantee
222return the maximum length of data
223that can be currently written to the BIO.
224Writes larger than this value will return a value from
225.Xr BIO_write 3
226less than the amount requested or if the buffer is full request a retry.
227.Fn BIO_ctrl_get_write_guarantee
228is a function whereas
229.Fn BIO_get_write_guarantee
230is a macro.
231.Pp
232.Fn BIO_get_read_request
233and
234.Fn BIO_ctrl_get_read_request
235return the amount of data requested, or the buffer size if it is less,
236if the last read attempt at the other half of the BIO pair failed
237due to an empty buffer.
238This can be used to determine how much data should be
239written to the BIO so the next read will succeed:
240this is most useful in TLS/SSL applications where the amount of
241data read is usually meaningful rather than just a buffer size.
242After a successful read this call will return zero.
243It also will return zero once new data has been written
244satisfying the read request or part of it.
245Note that
246.Fn BIO_get_read_request
247never returns an amount larger than that returned by
248.Fn BIO_get_write_guarantee .
249.Pp
250.Fn BIO_ctrl_reset_read_request
251can also be used to reset the value returned by
252.Fn BIO_get_read_request
253to zero.
254.Pp
255Both halves of a BIO pair should be freed.
256Even if one half is implicitly freed due to a
257.Xr BIO_free_all 3
258or
259.Xr SSL_free 3
260call, the other half still needs to be freed.
261.Pp
262When used in bidirectional applications (such as TLS/SSL),
263care should be taken to flush any data in the write buffer.
264This can be done by calling
265.Xr BIO_pending 3
266on the other half of the pair and, if any data is pending,
267reading it and sending it to the underlying transport.
268This must be done before any normal processing (such as calling
269.Xr select 2 )
270due to a request and
271.Xr BIO_should_read 3
272being true.
273.Pp
274To see why this is important,
275consider a case where a request is sent using
276.Xr BIO_write 3
277and a response read with
278.Xr BIO_read 3 ,
279this can occur during a TLS/SSL handshake for example.
280.Xr BIO_write 3
281will succeed and place data in the write buffer.
282.Xr BIO_read 3
283will initially fail and
284.Xr BIO_should_read 3
285will be true.
286If the application then waits for data to become available
287on the underlying transport before flushing the write buffer,
288it will never succeed because the request was never sent.
289.Pp
290.Xr BIO_eof 3
291is true if no data is in the peer BIO and the peer BIO has been shutdown.
292.Pp
293.Xr BIO_ctrl 3
294.Fa cmd
295arguments correspond to macros as follows:
296.Bl -column BIO_C_GET_WRITE_GUARANTEE BIO_ctrl_reset_read_request() -offset 3n
297.It Fa cmd No constant           Ta corresponding macro
298.It Dv BIO_C_DESTROY_BIO_PAIR    Ta Fn BIO_destroy_bio_pair
299.It Dv BIO_C_GET_READ_REQUEST    Ta Fn BIO_get_read_request
300.It Dv BIO_C_GET_WRITE_BUF_SIZE  Ta Fn BIO_get_write_buf_size
301.It Dv BIO_C_GET_WRITE_GUARANTEE Ta Fn BIO_get_write_guarantee
302.It Dv BIO_C_MAKE_BIO_PAIR       Ta Fn BIO_make_bio_pair
303.It Dv BIO_C_RESET_READ_REQUEST  Ta Fn BIO_ctrl_reset_read_request
304.It Dv BIO_C_SET_WRITE_BUF_SIZE  Ta Fn BIO_set_write_buf_size
305.It Dv BIO_C_SHUTDOWN_WR         Ta Fn BIO_shutdown_wr
306.It Dv BIO_CTRL_EOF              Ta Xr BIO_eof 3
307.It Dv BIO_CTRL_GET_CLOSE        Ta Xr BIO_get_close 3
308.It Dv BIO_CTRL_PENDING          Ta Xr BIO_pending 3
309.It Dv BIO_CTRL_RESET            Ta Xr BIO_reset 3
310.It Dv BIO_CTRL_SET_CLOSE        Ta Xr BIO_set_close 3
311.It Dv BIO_CTRL_WPENDING         Ta Xr BIO_wpending 3
312.El
313.Sh RETURN VALUES
314.Fn BIO_new_bio_pair
315returns 1 on success, with the new BIOs available in
316.Fa bio1
317and
318.Fa bio2 ,
319or 0 on failure, with NULL pointers stored into the locations for
320.Fa bio1
321and
322.Fa bio2 .
323Check the error stack for more information.
324.Pp
325When called on a BIO pair BIO object,
326.Xr BIO_method_type 3
327returns the constant
328.Dv BIO_TYPE_BIO
329and
330.Xr BIO_method_name 3
331returns a pointer to the static string
332.Qq BIO pair .
333.\" XXX More return values need to be added here.
334.Sh EXAMPLES
335The BIO pair can be used to have full control
336over the network access of an application.
337The application can call
338.Xr select 2
339on the socket as required without having to go through the SSL interface.
340.Bd -literal -offset 2n
341BIO *internal_bio, *network_bio;
342\&...
343BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0);
344SSL_set_bio(ssl, internal_bio, internal_bio);
345SSL_operations();  /* e.g. SSL_read() and SSL_write() */
346\&...
347
348application |   TLS-engine
349   |        |
350   +----------> SSL_operations()
351            |     /\e    ||
352            |     ||    \e/
353            |   BIO-pair (internal_bio)
354            |   BIO-pair (network_bio)
355            |     ||     /\e
356            |     \e/     ||
357   +-----------< BIO_operations()
358   |        |
359 socket     |
360
361\&...
362SSL_free(ssl);		/* implicitly frees internal_bio */
363BIO_free(network_bio);
364\&...
365.Ed
366.Pp
367As the BIO pair will only buffer the data and never directly access
368the connection, it behaves non-blocking and will return as soon as
369the write buffer is full or the read buffer is drained.
370Then the application has to flush the write buffer
371and/or fill the read buffer.
372.Pp
373Use
374.Xr BIO_ctrl_pending 3
375to find out whether data is buffered in the BIO
376and must be transferred to the network.
377Use
378.Fn BIO_ctrl_get_read_request
379to find out how many bytes must be written into the buffer before the
380SSL operations can successfully be continued.
381.Sh SEE ALSO
382.Xr BIO_new 3 ,
383.Xr BIO_read 3 ,
384.Xr BIO_should_retry 3 ,
385.Xr ssl 3 ,
386.Xr SSL_set_bio 3
387.Sh HISTORY
388.Fn BIO_s_bio ,
389.Fn BIO_make_bio_pair ,
390.Fn BIO_destroy_bio_pair ,
391.Fn BIO_set_write_buf_size ,
392.Fn BIO_get_write_buf_size ,
393.Fn BIO_new_bio_pair ,
394.Fn BIO_get_write_guarantee ,
395.Fn BIO_ctrl_get_write_guarantee ,
396.Fn BIO_get_read_request ,
397and
398.Fn BIO_ctrl_reset_read_request
399first appeared in OpenSSL 0.9.4 and have been available since
400.Ox 2.6 .
401.Pp
402.Fn BIO_ctrl_reset_read_request
403first appeared in OpenSSL 0.9.5 and has been available since
404.Ox 2.7 .
405.Pp
406.Fn BIO_shutdown_wr
407first appeared in OpenSSL 0.9.6 and has been available since
408.Ox 2.9 .
409.Sh CAVEATS
410As the data is buffered, SSL operations may return with an
411.Dv ERROR_SSL_WANT_READ
412condition, but there is still data in the write buffer.
413An application must not rely on the error value of the SSL operation
414but must assure that the write buffer is always flushed first.
415Otherwise a deadlock may occur as the peer might be waiting
416for the data before being able to continue.
417