1 /*
2 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. The name of the author may not be used to endorse or promote products
13 * derived from this software without specific prior written permission.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 #include <sys/types.h>
28
29 #include "event2/event-config.h"
30
31 #ifdef _EVENT_HAVE_SYS_TIME_H
32 #include <sys/time.h>
33 #endif
34
35 #include <errno.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #ifdef _EVENT_HAVE_STDARG_H
40 #include <stdarg.h>
41 #endif
42 #ifdef _EVENT_HAVE_UNISTD_H
43 #include <unistd.h>
44 #endif
45
46 #ifdef WIN32
47 #include <winsock2.h>
48 #endif
49
50 #include "event2/bufferevent.h"
51 #include "event2/bufferevent_struct.h"
52 #include "event2/bufferevent_ssl.h"
53 #include "event2/buffer.h"
54 #include "event2/event.h"
55
56 #include "mm-internal.h"
57 #include "bufferevent-internal.h"
58 #include "log-internal.h"
59
60 #include <openssl/bio.h>
61 #include <openssl/ssl.h>
62 #include <openssl/err.h>
63
64 /*
65 * Define an OpenSSL bio that targets a bufferevent.
66 */
67
68 /* --------------------
69 A BIO is an OpenSSL abstraction that handles reading and writing data. The
70 library will happily speak SSL over anything that implements a BIO
71 interface.
72
73 Here we define a BIO implementation that directs its output to a
74 bufferevent. We'll want to use this only when none of OpenSSL's built-in
75 IO mechanisms work for us.
76 -------------------- */
77
78 /* every BIO type needs its own integer type value. */
79 #define BIO_TYPE_LIBEVENT 57
80 /* ???? Arguably, we should set BIO_TYPE_FILTER or BIO_TYPE_SOURCE_SINK on
81 * this. */
82
83 #if 0
84 static void
85 print_err(int val)
86 {
87 int err;
88 printf("Error was %d\n", val);
89
90 while ((err = ERR_get_error())) {
91 const char *msg = (const char*)ERR_reason_error_string(err);
92 const char *lib = (const char*)ERR_lib_error_string(err);
93 const char *func = (const char*)ERR_func_error_string(err);
94
95 printf("%s in %s %s\n", msg, lib, func);
96 }
97 }
98 #else
99 #define print_err(v) ((void)0)
100 #endif
101
102 /* Called to initialize a new BIO */
103 static int
bio_bufferevent_new(BIO * b)104 bio_bufferevent_new(BIO *b)
105 {
106 b->init = 0;
107 b->num = -1;
108 b->ptr = NULL; /* We'll be putting the bufferevent in this field.*/
109 b->flags = 0;
110 return 1;
111 }
112
113 /* Called to uninitialize the BIO. */
114 static int
bio_bufferevent_free(BIO * b)115 bio_bufferevent_free(BIO *b)
116 {
117 if (!b)
118 return 0;
119 if (b->shutdown) {
120 if (b->init && b->ptr)
121 bufferevent_free(b->ptr);
122 b->init = 0;
123 b->flags = 0;
124 b->ptr = NULL;
125 }
126 return 1;
127 }
128
129 /* Called to extract data from the BIO. */
130 static int
bio_bufferevent_read(BIO * b,char * out,int outlen)131 bio_bufferevent_read(BIO *b, char *out, int outlen)
132 {
133 int r = 0;
134 struct evbuffer *input;
135
136 BIO_clear_retry_flags(b);
137
138 if (!out)
139 return 0;
140 if (!b->ptr)
141 return -1;
142
143 input = bufferevent_get_input(b->ptr);
144 if (evbuffer_get_length(input) == 0) {
145 /* If there's no data to read, say so. */
146 BIO_set_retry_read(b);
147 return -1;
148 } else {
149 r = evbuffer_remove(input, out, outlen);
150 }
151
152 return r;
153 }
154
155 /* Called to write data info the BIO */
156 static int
bio_bufferevent_write(BIO * b,const char * in,int inlen)157 bio_bufferevent_write(BIO *b, const char *in, int inlen)
158 {
159 struct bufferevent *bufev = b->ptr;
160 struct evbuffer *output;
161 size_t outlen;
162
163 BIO_clear_retry_flags(b);
164
165 if (!b->ptr)
166 return -1;
167
168 output = bufferevent_get_output(bufev);
169 outlen = evbuffer_get_length(output);
170
171 /* Copy only as much data onto the output buffer as can fit under the
172 * high-water mark. */
173 if (bufev->wm_write.high && bufev->wm_write.high <= (outlen+inlen)) {
174 if (bufev->wm_write.high <= outlen) {
175 /* If no data can fit, we'll need to retry later. */
176 BIO_set_retry_write(b);
177 return -1;
178 }
179 inlen = bufev->wm_write.high - outlen;
180 }
181
182 EVUTIL_ASSERT(inlen > 0);
183 evbuffer_add(output, in, inlen);
184 return inlen;
185 }
186
187 /* Called to handle various requests */
188 static long
bio_bufferevent_ctrl(BIO * b,int cmd,long num,void * ptr)189 bio_bufferevent_ctrl(BIO *b, int cmd, long num, void *ptr)
190 {
191 struct bufferevent *bufev = b->ptr;
192 long ret = 1;
193
194 switch (cmd) {
195 case BIO_CTRL_GET_CLOSE:
196 ret = b->shutdown;
197 break;
198 case BIO_CTRL_SET_CLOSE:
199 b->shutdown = (int)num;
200 break;
201 case BIO_CTRL_PENDING:
202 ret = evbuffer_get_length(bufferevent_get_input(bufev)) != 0;
203 break;
204 case BIO_CTRL_WPENDING:
205 ret = evbuffer_get_length(bufferevent_get_output(bufev)) != 0;
206 break;
207 /* XXXX These two are given a special-case treatment because
208 * of cargo-cultism. I should come up with a better reason. */
209 case BIO_CTRL_DUP:
210 case BIO_CTRL_FLUSH:
211 ret = 1;
212 break;
213 default:
214 ret = 0;
215 break;
216 }
217 return ret;
218 }
219
220 /* Called to write a string to the BIO */
221 static int
bio_bufferevent_puts(BIO * b,const char * s)222 bio_bufferevent_puts(BIO *b, const char *s)
223 {
224 return bio_bufferevent_write(b, s, strlen(s));
225 }
226
227 /* Method table for the bufferevent BIO */
228 static BIO_METHOD methods_bufferevent = {
229 BIO_TYPE_LIBEVENT, "bufferevent",
230 bio_bufferevent_write,
231 bio_bufferevent_read,
232 bio_bufferevent_puts,
233 NULL /* bio_bufferevent_gets */,
234 bio_bufferevent_ctrl,
235 bio_bufferevent_new,
236 bio_bufferevent_free,
237 NULL /* callback_ctrl */,
238 };
239
240 /* Return the method table for the bufferevents BIO */
241 static BIO_METHOD *
BIO_s_bufferevent(void)242 BIO_s_bufferevent(void)
243 {
244 return &methods_bufferevent;
245 }
246
247 /* Create a new BIO to wrap communication around a bufferevent. If close_flag
248 * is true, the bufferevent will be freed when the BIO is closed. */
249 static BIO *
BIO_new_bufferevent(struct bufferevent * bufferevent,int close_flag)250 BIO_new_bufferevent(struct bufferevent *bufferevent, int close_flag)
251 {
252 BIO *result;
253 if (!bufferevent)
254 return NULL;
255 if (!(result = BIO_new(BIO_s_bufferevent())))
256 return NULL;
257 result->init = 1;
258 result->ptr = bufferevent;
259 result->shutdown = close_flag ? 1 : 0;
260 return result;
261 }
262
263 /* --------------------
264 Now, here's the OpenSSL-based implementation of bufferevent.
265
266 The implementation comes in two flavors: one that connects its SSL object
267 to an underlying bufferevent using a BIO_bufferevent, and one that has the
268 SSL object connect to a socket directly. The latter should generally be
269 faster, except on Windows, where your best bet is using a
270 bufferevent_async.
271
272 (OpenSSL supports many other BIO types, too. But we can't use any unless
273 we have a good way to get notified when they become readable/writable.)
274 -------------------- */
275
276 struct bio_data_counts {
277 unsigned long n_written;
278 unsigned long n_read;
279 };
280
281 struct bufferevent_openssl {
282 /* Shared fields with common bufferevent implementation code.
283 If we were set up with an underlying bufferevent, we use the
284 events here as timers only. If we have an SSL, then we use
285 the events as socket events.
286 */
287 struct bufferevent_private bev;
288 /* An underlying bufferevent that we're directing our output to.
289 If it's NULL, then we're connected to an fd, not an evbuffer. */
290 struct bufferevent *underlying;
291 /* The SSL object doing our encryption. */
292 SSL *ssl;
293
294 /* A callback that's invoked when data arrives on our outbuf so we
295 know to write data to the SSL. */
296 struct evbuffer_cb_entry *outbuf_cb;
297
298 /* A count of how much data the bios have read/written total. Used
299 for rate-limiting. */
300 struct bio_data_counts counts;
301
302 /* If this value is greater than 0, then the last SSL_write blocked,
303 * and we need to try it again with this many bytes. */
304 ev_ssize_t last_write;
305
306 #define NUM_ERRORS 3
307 ev_uint32_t errors[NUM_ERRORS];
308
309 /* When we next get available space, we should say "read" instead of
310 "write". This can happen if there's a renegotiation during a read
311 operation. */
312 unsigned read_blocked_on_write : 1;
313 /* When we next get data, we should say "write" instead of "read". */
314 unsigned write_blocked_on_read : 1;
315 /* XXX */
316 unsigned allow_dirty_shutdown : 1;
317 /* XXXX */
318 unsigned fd_is_set : 1;
319 /* XXX */
320 unsigned n_errors : 2;
321
322 /* Are we currently connecting, accepting, or doing IO? */
323 unsigned state : 2;
324 };
325
326 static int be_openssl_enable(struct bufferevent *, short);
327 static int be_openssl_disable(struct bufferevent *, short);
328 static void be_openssl_destruct(struct bufferevent *);
329 static int be_openssl_adj_timeouts(struct bufferevent *);
330 static int be_openssl_flush(struct bufferevent *bufev,
331 short iotype, enum bufferevent_flush_mode mode);
332 static int be_openssl_ctrl(struct bufferevent *, enum bufferevent_ctrl_op, union bufferevent_ctrl_data *);
333
334 const struct bufferevent_ops bufferevent_ops_openssl = {
335 "ssl",
336 evutil_offsetof(struct bufferevent_openssl, bev.bev),
337 be_openssl_enable,
338 be_openssl_disable,
339 be_openssl_destruct,
340 be_openssl_adj_timeouts,
341 be_openssl_flush,
342 be_openssl_ctrl,
343 };
344
345 /* Given a bufferevent, return a pointer to the bufferevent_openssl that
346 * contains it, if any. */
347 static inline struct bufferevent_openssl *
upcast(struct bufferevent * bev)348 upcast(struct bufferevent *bev)
349 {
350 struct bufferevent_openssl *bev_o;
351 if (bev->be_ops != &bufferevent_ops_openssl)
352 return NULL;
353 bev_o = (void*)( ((char*)bev) -
354 evutil_offsetof(struct bufferevent_openssl, bev.bev));
355 EVUTIL_ASSERT(bev_o->bev.bev.be_ops == &bufferevent_ops_openssl);
356 return bev_o;
357 }
358
359 static inline void
put_error(struct bufferevent_openssl * bev_ssl,unsigned long err)360 put_error(struct bufferevent_openssl *bev_ssl, unsigned long err)
361 {
362 if (bev_ssl->n_errors == NUM_ERRORS)
363 return;
364 /* The error type according to openssl is "unsigned long", but
365 openssl never uses more than 32 bits of it. It _can't_ use more
366 than 32 bits of it, since it needs to report errors on systems
367 where long is only 32 bits.
368 */
369 bev_ssl->errors[bev_ssl->n_errors++] = (ev_uint32_t) err;
370 }
371
372 /* Have the base communications channel (either the underlying bufferevent or
373 * ev_read and ev_write) start reading. Take the read-blocked-on-write flag
374 * into account. */
375 static int
start_reading(struct bufferevent_openssl * bev_ssl)376 start_reading(struct bufferevent_openssl *bev_ssl)
377 {
378 if (bev_ssl->underlying) {
379 bufferevent_unsuspend_read(bev_ssl->underlying,
380 BEV_SUSPEND_FILT_READ);
381 return 0;
382 } else {
383 struct bufferevent *bev = &bev_ssl->bev.bev;
384 int r;
385 r = _bufferevent_add_event(&bev->ev_read, &bev->timeout_read);
386 if (r == 0 && bev_ssl->read_blocked_on_write)
387 r = _bufferevent_add_event(&bev->ev_write,
388 &bev->timeout_write);
389 return r;
390 }
391 }
392
393 /* Have the base communications channel (either the underlying bufferevent or
394 * ev_read and ev_write) start writing. Take the write-blocked-on-read flag
395 * into account. */
396 static int
start_writing(struct bufferevent_openssl * bev_ssl)397 start_writing(struct bufferevent_openssl *bev_ssl)
398 {
399 int r = 0;
400 if (bev_ssl->underlying) {
401 ;
402 } else {
403 struct bufferevent *bev = &bev_ssl->bev.bev;
404 r = _bufferevent_add_event(&bev->ev_write, &bev->timeout_write);
405 if (!r && bev_ssl->write_blocked_on_read)
406 r = _bufferevent_add_event(&bev->ev_read,
407 &bev->timeout_read);
408 }
409 return r;
410 }
411
412 static void
stop_reading(struct bufferevent_openssl * bev_ssl)413 stop_reading(struct bufferevent_openssl *bev_ssl)
414 {
415 if (bev_ssl->write_blocked_on_read)
416 return;
417 if (bev_ssl->underlying) {
418 bufferevent_suspend_read(bev_ssl->underlying,
419 BEV_SUSPEND_FILT_READ);
420 } else {
421 struct bufferevent *bev = &bev_ssl->bev.bev;
422 event_del(&bev->ev_read);
423 }
424 }
425
426 static void
stop_writing(struct bufferevent_openssl * bev_ssl)427 stop_writing(struct bufferevent_openssl *bev_ssl)
428 {
429 if (bev_ssl->read_blocked_on_write)
430 return;
431 if (bev_ssl->underlying) {
432 ;
433 } else {
434 struct bufferevent *bev = &bev_ssl->bev.bev;
435 event_del(&bev->ev_write);
436 }
437 }
438
439 static int
set_rbow(struct bufferevent_openssl * bev_ssl)440 set_rbow(struct bufferevent_openssl *bev_ssl)
441 {
442 if (!bev_ssl->underlying)
443 stop_reading(bev_ssl);
444 bev_ssl->read_blocked_on_write = 1;
445 return start_writing(bev_ssl);
446 }
447
448 static int
set_wbor(struct bufferevent_openssl * bev_ssl)449 set_wbor(struct bufferevent_openssl *bev_ssl)
450 {
451 if (!bev_ssl->underlying)
452 stop_writing(bev_ssl);
453 bev_ssl->write_blocked_on_read = 1;
454 return start_reading(bev_ssl);
455 }
456
457 static int
clear_rbow(struct bufferevent_openssl * bev_ssl)458 clear_rbow(struct bufferevent_openssl *bev_ssl)
459 {
460 struct bufferevent *bev = &bev_ssl->bev.bev;
461 int r = 0;
462 bev_ssl->read_blocked_on_write = 0;
463 if (!(bev->enabled & EV_WRITE))
464 stop_writing(bev_ssl);
465 if (bev->enabled & EV_READ)
466 r = start_reading(bev_ssl);
467 return r;
468 }
469
470
471 static int
clear_wbor(struct bufferevent_openssl * bev_ssl)472 clear_wbor(struct bufferevent_openssl *bev_ssl)
473 {
474 struct bufferevent *bev = &bev_ssl->bev.bev;
475 int r = 0;
476 bev_ssl->write_blocked_on_read = 0;
477 if (!(bev->enabled & EV_READ))
478 stop_reading(bev_ssl);
479 if (bev->enabled & EV_WRITE)
480 r = start_writing(bev_ssl);
481 return r;
482 }
483
484 static void
conn_closed(struct bufferevent_openssl * bev_ssl,int errcode,int ret)485 conn_closed(struct bufferevent_openssl *bev_ssl, int errcode, int ret)
486 {
487 int event = BEV_EVENT_ERROR;
488 int dirty_shutdown = 0;
489 unsigned long err;
490
491 switch (errcode) {
492 case SSL_ERROR_ZERO_RETURN:
493 /* Possibly a clean shutdown. */
494 if (SSL_get_shutdown(bev_ssl->ssl) & SSL_RECEIVED_SHUTDOWN)
495 event = BEV_EVENT_EOF;
496 else
497 dirty_shutdown = 1;
498 break;
499 case SSL_ERROR_SYSCALL:
500 /* IO error; possibly a dirty shutdown. */
501 if (ret == 0 && ERR_peek_error() == 0)
502 dirty_shutdown = 1;
503 break;
504 case SSL_ERROR_SSL:
505 /* Protocol error. */
506 break;
507 case SSL_ERROR_WANT_X509_LOOKUP:
508 /* XXXX handle this. */
509 break;
510 case SSL_ERROR_NONE:
511 case SSL_ERROR_WANT_READ:
512 case SSL_ERROR_WANT_WRITE:
513 case SSL_ERROR_WANT_CONNECT:
514 case SSL_ERROR_WANT_ACCEPT:
515 default:
516 /* should be impossible; treat as normal error. */
517 event_warnx("BUG: Unexpected OpenSSL error code %d", errcode);
518 break;
519 }
520
521 while ((err = ERR_get_error())) {
522 put_error(bev_ssl, err);
523 }
524
525 if (dirty_shutdown && bev_ssl->allow_dirty_shutdown)
526 event = BEV_EVENT_EOF;
527
528 stop_reading(bev_ssl);
529 stop_writing(bev_ssl);
530
531 _bufferevent_run_eventcb(&bev_ssl->bev.bev, event);
532 }
533
534 static void
init_bio_counts(struct bufferevent_openssl * bev_ssl)535 init_bio_counts(struct bufferevent_openssl *bev_ssl)
536 {
537 bev_ssl->counts.n_written =
538 BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
539 bev_ssl->counts.n_read =
540 BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
541 }
542
543 static inline void
decrement_buckets(struct bufferevent_openssl * bev_ssl)544 decrement_buckets(struct bufferevent_openssl *bev_ssl)
545 {
546 unsigned long num_w = BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
547 unsigned long num_r = BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
548 /* These next two subtractions can wrap around. That's okay. */
549 unsigned long w = num_w - bev_ssl->counts.n_written;
550 unsigned long r = num_r - bev_ssl->counts.n_read;
551 if (w)
552 _bufferevent_decrement_write_buckets(&bev_ssl->bev, w);
553 if (r)
554 _bufferevent_decrement_read_buckets(&bev_ssl->bev, r);
555 bev_ssl->counts.n_written = num_w;
556 bev_ssl->counts.n_read = num_r;
557 }
558
559 #define OP_MADE_PROGRESS 1
560 #define OP_BLOCKED 2
561 #define OP_ERR 4
562
563 /* Return a bitmask of OP_MADE_PROGRESS (if we read anything); OP_BLOCKED (if
564 we're now blocked); and OP_ERR (if an error occurred). */
565 static int
do_read(struct bufferevent_openssl * bev_ssl,int n_to_read)566 do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) {
567 /* Requires lock */
568 struct bufferevent *bev = &bev_ssl->bev.bev;
569 struct evbuffer *input = bev->input;
570 int r, n, i, n_used = 0, atmost;
571 struct evbuffer_iovec space[2];
572 int result = 0;
573
574 if (bev_ssl->bev.read_suspended)
575 return 0;
576
577 atmost = _bufferevent_get_read_max(&bev_ssl->bev);
578 if (n_to_read > atmost)
579 n_to_read = atmost;
580
581 n = evbuffer_reserve_space(input, n_to_read, space, 2);
582 if (n < 0)
583 return OP_ERR;
584
585 for (i=0; i<n; ++i) {
586 if (bev_ssl->bev.read_suspended)
587 break;
588 r = SSL_read(bev_ssl->ssl, space[i].iov_base, space[i].iov_len);
589 if (r>0) {
590 result |= OP_MADE_PROGRESS;
591 if (bev_ssl->read_blocked_on_write)
592 if (clear_rbow(bev_ssl) < 0)
593 return OP_ERR | result;
594 ++n_used;
595 space[i].iov_len = r;
596 decrement_buckets(bev_ssl);
597 } else {
598 int err = SSL_get_error(bev_ssl->ssl, r);
599 print_err(err);
600 switch (err) {
601 case SSL_ERROR_WANT_READ:
602 /* Can't read until underlying has more data. */
603 if (bev_ssl->read_blocked_on_write)
604 if (clear_rbow(bev_ssl) < 0)
605 return OP_ERR | result;
606 break;
607 case SSL_ERROR_WANT_WRITE:
608 /* This read operation requires a write, and the
609 * underlying is full */
610 if (!bev_ssl->read_blocked_on_write)
611 if (set_rbow(bev_ssl) < 0)
612 return OP_ERR | result;
613 break;
614 default:
615 conn_closed(bev_ssl, err, r);
616 break;
617 }
618 result |= OP_BLOCKED;
619 break; /* out of the loop */
620 }
621 }
622
623 if (n_used) {
624 evbuffer_commit_space(input, space, n_used);
625 if (bev_ssl->underlying)
626 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
627 }
628
629 return result;
630 }
631
632 /* Return a bitmask of OP_MADE_PROGRESS (if we wrote anything); OP_BLOCKED (if
633 we're now blocked); and OP_ERR (if an error occurred). */
634 static int
do_write(struct bufferevent_openssl * bev_ssl,int atmost)635 do_write(struct bufferevent_openssl *bev_ssl, int atmost)
636 {
637 int i, r, n, n_written = 0;
638 struct bufferevent *bev = &bev_ssl->bev.bev;
639 struct evbuffer *output = bev->output;
640 struct evbuffer_iovec space[8];
641 int result = 0;
642
643 if (bev_ssl->last_write > 0)
644 atmost = bev_ssl->last_write;
645 else
646 atmost = _bufferevent_get_write_max(&bev_ssl->bev);
647
648 n = evbuffer_peek(output, atmost, NULL, space, 8);
649 if (n < 0)
650 return OP_ERR | result;
651
652 if (n > 8)
653 n = 8;
654 for (i=0; i < n; ++i) {
655 if (bev_ssl->bev.write_suspended)
656 break;
657
658 /* SSL_write will (reasonably) return 0 if we tell it to
659 send 0 data. Skip this case so we don't interpret the
660 result as an error */
661 if (space[i].iov_len == 0)
662 continue;
663
664 r = SSL_write(bev_ssl->ssl, space[i].iov_base,
665 space[i].iov_len);
666 if (r > 0) {
667 result |= OP_MADE_PROGRESS;
668 if (bev_ssl->write_blocked_on_read)
669 if (clear_wbor(bev_ssl) < 0)
670 return OP_ERR | result;
671 n_written += r;
672 bev_ssl->last_write = -1;
673 decrement_buckets(bev_ssl);
674 } else {
675 int err = SSL_get_error(bev_ssl->ssl, r);
676 print_err(err);
677 switch (err) {
678 case SSL_ERROR_WANT_WRITE:
679 /* Can't read until underlying has more data. */
680 if (bev_ssl->write_blocked_on_read)
681 if (clear_wbor(bev_ssl) < 0)
682 return OP_ERR | result;
683 bev_ssl->last_write = space[i].iov_len;
684 break;
685 case SSL_ERROR_WANT_READ:
686 /* This read operation requires a write, and the
687 * underlying is full */
688 if (!bev_ssl->write_blocked_on_read)
689 if (set_wbor(bev_ssl) < 0)
690 return OP_ERR | result;
691 bev_ssl->last_write = space[i].iov_len;
692 break;
693 default:
694 conn_closed(bev_ssl, err, r);
695 bev_ssl->last_write = -1;
696 break;
697 }
698 result |= OP_BLOCKED;
699 break;
700 }
701 }
702 if (n_written) {
703 evbuffer_drain(output, n_written);
704 if (bev_ssl->underlying)
705 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
706
707 if (evbuffer_get_length(output) <= bev->wm_write.low)
708 _bufferevent_run_writecb(bev);
709 }
710 return result;
711 }
712
713 #define WRITE_FRAME 15000
714
715 #define READ_DEFAULT 4096
716
717 /* Try to figure out how many bytes to read; return 0 if we shouldn't be
718 * reading. */
719 static int
bytes_to_read(struct bufferevent_openssl * bev)720 bytes_to_read(struct bufferevent_openssl *bev)
721 {
722 struct evbuffer *input = bev->bev.bev.input;
723 struct event_watermark *wm = &bev->bev.bev.wm_read;
724 int result = READ_DEFAULT;
725 ev_ssize_t limit;
726 /* XXX 99% of this is generic code that nearly all bufferevents will
727 * want. */
728
729 if (bev->write_blocked_on_read) {
730 return 0;
731 }
732
733 if (! (bev->bev.bev.enabled & EV_READ)) {
734 return 0;
735 }
736
737 if (bev->bev.read_suspended) {
738 return 0;
739 }
740
741 if (wm->high) {
742 if (evbuffer_get_length(input) >= wm->high) {
743 return 0;
744 }
745
746 result = wm->high - evbuffer_get_length(input);
747 } else {
748 result = READ_DEFAULT;
749 }
750
751 /* Respect the rate limit */
752 limit = _bufferevent_get_read_max(&bev->bev);
753 if (result > limit) {
754 result = limit;
755 }
756
757 return result;
758 }
759
760
761 /* Things look readable. If write is blocked on read, write till it isn't.
762 * Read from the underlying buffer until we block or we hit our high-water
763 * mark.
764 */
765 static void
consider_reading(struct bufferevent_openssl * bev_ssl)766 consider_reading(struct bufferevent_openssl *bev_ssl)
767 {
768 int r;
769 int n_to_read;
770 int all_result_flags = 0;
771
772 while (bev_ssl->write_blocked_on_read) {
773 r = do_write(bev_ssl, WRITE_FRAME);
774 if (r & (OP_BLOCKED|OP_ERR))
775 break;
776 }
777 if (bev_ssl->write_blocked_on_read)
778 return;
779
780 n_to_read = bytes_to_read(bev_ssl);
781
782 while (n_to_read) {
783 r = do_read(bev_ssl, n_to_read);
784 all_result_flags |= r;
785
786 if (r & (OP_BLOCKED|OP_ERR))
787 break;
788
789 if (bev_ssl->bev.read_suspended)
790 break;
791
792 /* Read all pending data. This won't hit the network
793 * again, and will (most importantly) put us in a state
794 * where we don't need to read anything else until the
795 * socket is readable again. It'll potentially make us
796 * overrun our read high-watermark (somewhat
797 * regrettable). The damage to the rate-limit has
798 * already been done, since OpenSSL went and read a
799 * whole SSL record anyway. */
800 n_to_read = SSL_pending(bev_ssl->ssl);
801
802 /* XXX This if statement is actually a bad bug, added to avoid
803 * XXX a worse bug.
804 *
805 * The bad bug: It can potentially cause resource unfairness
806 * by reading too much data from the underlying bufferevent;
807 * it can potentially cause read looping if the underlying
808 * bufferevent is a bufferevent_pair and deferred callbacks
809 * aren't used.
810 *
811 * The worse bug: If we didn't do this, then we would
812 * potentially not read any more from bev_ssl->underlying
813 * until more data arrived there, which could lead to us
814 * waiting forever.
815 */
816 if (!n_to_read && bev_ssl->underlying)
817 n_to_read = bytes_to_read(bev_ssl);
818 }
819
820 if (all_result_flags & OP_MADE_PROGRESS) {
821 struct bufferevent *bev = &bev_ssl->bev.bev;
822 struct evbuffer *input = bev->input;
823
824 if (evbuffer_get_length(input) >= bev->wm_read.low) {
825 _bufferevent_run_readcb(bev);
826 }
827 }
828
829 if (!bev_ssl->underlying) {
830 /* Should be redundant, but let's avoid busy-looping */
831 if (bev_ssl->bev.read_suspended ||
832 !(bev_ssl->bev.bev.enabled & EV_READ)) {
833 event_del(&bev_ssl->bev.bev.ev_read);
834 }
835 }
836 }
837
838 static void
consider_writing(struct bufferevent_openssl * bev_ssl)839 consider_writing(struct bufferevent_openssl *bev_ssl)
840 {
841 int r;
842 struct evbuffer *output = bev_ssl->bev.bev.output;
843 struct evbuffer *target = NULL;
844 struct event_watermark *wm = NULL;
845
846 while (bev_ssl->read_blocked_on_write) {
847 r = do_read(bev_ssl, 1024); /* XXXX 1024 is a hack */
848 if (r & OP_MADE_PROGRESS) {
849 struct bufferevent *bev = &bev_ssl->bev.bev;
850 struct evbuffer *input = bev->input;
851
852 if (evbuffer_get_length(input) >= bev->wm_read.low) {
853 _bufferevent_run_readcb(bev);
854 }
855 }
856 if (r & (OP_ERR|OP_BLOCKED))
857 break;
858 }
859 if (bev_ssl->read_blocked_on_write)
860 return;
861 if (bev_ssl->underlying) {
862 target = bev_ssl->underlying->output;
863 wm = &bev_ssl->underlying->wm_write;
864 }
865 while ((bev_ssl->bev.bev.enabled & EV_WRITE) &&
866 (! bev_ssl->bev.write_suspended) &&
867 evbuffer_get_length(output) &&
868 (!target || (! wm->high || evbuffer_get_length(target) < wm->high))) {
869 int n_to_write;
870 if (wm && wm->high)
871 n_to_write = wm->high - evbuffer_get_length(target);
872 else
873 n_to_write = WRITE_FRAME;
874 r = do_write(bev_ssl, n_to_write);
875 if (r & (OP_BLOCKED|OP_ERR))
876 break;
877 }
878
879 if (!bev_ssl->underlying) {
880 if (evbuffer_get_length(output) == 0) {
881 event_del(&bev_ssl->bev.bev.ev_write);
882 } else if (bev_ssl->bev.write_suspended ||
883 !(bev_ssl->bev.bev.enabled & EV_WRITE)) {
884 /* Should be redundant, but let's avoid busy-looping */
885 event_del(&bev_ssl->bev.bev.ev_write);
886 }
887 }
888 }
889
890 static void
be_openssl_readcb(struct bufferevent * bev_base,void * ctx)891 be_openssl_readcb(struct bufferevent *bev_base, void *ctx)
892 {
893 struct bufferevent_openssl *bev_ssl = ctx;
894 consider_reading(bev_ssl);
895 }
896
897 static void
be_openssl_writecb(struct bufferevent * bev_base,void * ctx)898 be_openssl_writecb(struct bufferevent *bev_base, void *ctx)
899 {
900 struct bufferevent_openssl *bev_ssl = ctx;
901 consider_writing(bev_ssl);
902 }
903
904 static void
be_openssl_eventcb(struct bufferevent * bev_base,short what,void * ctx)905 be_openssl_eventcb(struct bufferevent *bev_base, short what, void *ctx)
906 {
907 struct bufferevent_openssl *bev_ssl = ctx;
908 int event = 0;
909
910 if (what & BEV_EVENT_EOF) {
911 if (bev_ssl->allow_dirty_shutdown)
912 event = BEV_EVENT_EOF;
913 else
914 event = BEV_EVENT_ERROR;
915 } else if (what & BEV_EVENT_TIMEOUT) {
916 /* We sure didn't set this. Propagate it to the user. */
917 event = what;
918 } else if (what & BEV_EVENT_ERROR) {
919 /* An error occurred on the connection. Propagate it to the user. */
920 event = what;
921 } else if (what & BEV_EVENT_CONNECTED) {
922 /* Ignore it. We're saying SSL_connect() already, which will
923 eat it. */
924 }
925 if (event)
926 _bufferevent_run_eventcb(&bev_ssl->bev.bev, event);
927 }
928
929 static void
be_openssl_readeventcb(evutil_socket_t fd,short what,void * ptr)930 be_openssl_readeventcb(evutil_socket_t fd, short what, void *ptr)
931 {
932 struct bufferevent_openssl *bev_ssl = ptr;
933 _bufferevent_incref_and_lock(&bev_ssl->bev.bev);
934 if (what == EV_TIMEOUT) {
935 _bufferevent_run_eventcb(&bev_ssl->bev.bev,
936 BEV_EVENT_TIMEOUT|BEV_EVENT_READING);
937 } else {
938 consider_reading(bev_ssl);
939 }
940 _bufferevent_decref_and_unlock(&bev_ssl->bev.bev);
941 }
942
943 static void
be_openssl_writeeventcb(evutil_socket_t fd,short what,void * ptr)944 be_openssl_writeeventcb(evutil_socket_t fd, short what, void *ptr)
945 {
946 struct bufferevent_openssl *bev_ssl = ptr;
947 _bufferevent_incref_and_lock(&bev_ssl->bev.bev);
948 if (what == EV_TIMEOUT) {
949 _bufferevent_run_eventcb(&bev_ssl->bev.bev,
950 BEV_EVENT_TIMEOUT|BEV_EVENT_WRITING);
951 } else {
952 consider_writing(bev_ssl);
953 }
954 _bufferevent_decref_and_unlock(&bev_ssl->bev.bev);
955 }
956
957 static int
set_open_callbacks(struct bufferevent_openssl * bev_ssl,evutil_socket_t fd)958 set_open_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
959 {
960 if (bev_ssl->underlying) {
961 bufferevent_setcb(bev_ssl->underlying,
962 be_openssl_readcb, be_openssl_writecb, be_openssl_eventcb,
963 bev_ssl);
964 return 0;
965 } else {
966 struct bufferevent *bev = &bev_ssl->bev.bev;
967 int rpending=0, wpending=0, r1=0, r2=0;
968 if (fd < 0 && bev_ssl->fd_is_set)
969 fd = event_get_fd(&bev->ev_read);
970 if (bev_ssl->fd_is_set) {
971 rpending = event_pending(&bev->ev_read, EV_READ, NULL);
972 wpending = event_pending(&bev->ev_write, EV_WRITE, NULL);
973 event_del(&bev->ev_read);
974 event_del(&bev->ev_write);
975 }
976 event_assign(&bev->ev_read, bev->ev_base, fd,
977 EV_READ|EV_PERSIST, be_openssl_readeventcb, bev_ssl);
978 event_assign(&bev->ev_write, bev->ev_base, fd,
979 EV_WRITE|EV_PERSIST, be_openssl_writeeventcb, bev_ssl);
980 if (rpending)
981 r1 = _bufferevent_add_event(&bev->ev_read, &bev->timeout_read);
982 if (wpending)
983 r2 = _bufferevent_add_event(&bev->ev_write, &bev->timeout_write);
984 if (fd >= 0) {
985 bev_ssl->fd_is_set = 1;
986 }
987 return (r1<0 || r2<0) ? -1 : 0;
988 }
989 }
990
991 static int
do_handshake(struct bufferevent_openssl * bev_ssl)992 do_handshake(struct bufferevent_openssl *bev_ssl)
993 {
994 int r;
995
996 switch (bev_ssl->state) {
997 default:
998 case BUFFEREVENT_SSL_OPEN:
999 EVUTIL_ASSERT(0);
1000 return -1;
1001 case BUFFEREVENT_SSL_CONNECTING:
1002 case BUFFEREVENT_SSL_ACCEPTING:
1003 r = SSL_do_handshake(bev_ssl->ssl);
1004 break;
1005 }
1006 decrement_buckets(bev_ssl);
1007
1008 if (r==1) {
1009 /* We're done! */
1010 bev_ssl->state = BUFFEREVENT_SSL_OPEN;
1011 set_open_callbacks(bev_ssl, -1); /* XXXX handle failure */
1012 /* Call do_read and do_write as needed */
1013 bufferevent_enable(&bev_ssl->bev.bev, bev_ssl->bev.bev.enabled);
1014 _bufferevent_run_eventcb(&bev_ssl->bev.bev,
1015 BEV_EVENT_CONNECTED);
1016 return 1;
1017 } else {
1018 int err = SSL_get_error(bev_ssl->ssl, r);
1019 print_err(err);
1020 switch (err) {
1021 case SSL_ERROR_WANT_WRITE:
1022 if (!bev_ssl->underlying) {
1023 stop_reading(bev_ssl);
1024 return start_writing(bev_ssl);
1025 }
1026 return 0;
1027 case SSL_ERROR_WANT_READ:
1028 if (!bev_ssl->underlying) {
1029 stop_writing(bev_ssl);
1030 return start_reading(bev_ssl);
1031 }
1032 return 0;
1033 default:
1034 conn_closed(bev_ssl, err, r);
1035 return -1;
1036 }
1037 }
1038 }
1039
1040 static void
be_openssl_handshakecb(struct bufferevent * bev_base,void * ctx)1041 be_openssl_handshakecb(struct bufferevent *bev_base, void *ctx)
1042 {
1043 struct bufferevent_openssl *bev_ssl = ctx;
1044 do_handshake(bev_ssl);/* XXX handle failure */
1045 }
1046
1047 static void
be_openssl_handshakeeventcb(evutil_socket_t fd,short what,void * ptr)1048 be_openssl_handshakeeventcb(evutil_socket_t fd, short what, void *ptr)
1049 {
1050 struct bufferevent_openssl *bev_ssl = ptr;
1051
1052 _bufferevent_incref_and_lock(&bev_ssl->bev.bev);
1053 if (what & EV_TIMEOUT) {
1054 _bufferevent_run_eventcb(&bev_ssl->bev.bev, BEV_EVENT_TIMEOUT);
1055 } else
1056 do_handshake(bev_ssl);/* XXX handle failure */
1057 _bufferevent_decref_and_unlock(&bev_ssl->bev.bev);
1058 }
1059
1060 static int
set_handshake_callbacks(struct bufferevent_openssl * bev_ssl,evutil_socket_t fd)1061 set_handshake_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
1062 {
1063 if (bev_ssl->underlying) {
1064 bufferevent_setcb(bev_ssl->underlying,
1065 be_openssl_handshakecb, be_openssl_handshakecb,
1066 be_openssl_eventcb,
1067 bev_ssl);
1068 return do_handshake(bev_ssl);
1069 } else {
1070 struct bufferevent *bev = &bev_ssl->bev.bev;
1071 int r1=0, r2=0;
1072 if (fd < 0 && bev_ssl->fd_is_set)
1073 fd = event_get_fd(&bev->ev_read);
1074 if (bev_ssl->fd_is_set) {
1075 event_del(&bev->ev_read);
1076 event_del(&bev->ev_write);
1077 }
1078 event_assign(&bev->ev_read, bev->ev_base, fd,
1079 EV_READ|EV_PERSIST, be_openssl_handshakeeventcb, bev_ssl);
1080 event_assign(&bev->ev_write, bev->ev_base, fd,
1081 EV_WRITE|EV_PERSIST, be_openssl_handshakeeventcb, bev_ssl);
1082 if (fd >= 0) {
1083 r1 = _bufferevent_add_event(&bev->ev_read, &bev->timeout_read);
1084 r2 = _bufferevent_add_event(&bev->ev_write, &bev->timeout_write);
1085 bev_ssl->fd_is_set = 1;
1086 }
1087 return (r1<0 || r2<0) ? -1 : 0;
1088 }
1089 }
1090
1091 int
bufferevent_ssl_renegotiate(struct bufferevent * bev)1092 bufferevent_ssl_renegotiate(struct bufferevent *bev)
1093 {
1094 struct bufferevent_openssl *bev_ssl = upcast(bev);
1095 if (!bev_ssl)
1096 return -1;
1097 if (SSL_renegotiate(bev_ssl->ssl) < 0)
1098 return -1;
1099 bev_ssl->state = BUFFEREVENT_SSL_CONNECTING;
1100 if (set_handshake_callbacks(bev_ssl, -1) < 0)
1101 return -1;
1102 if (!bev_ssl->underlying)
1103 return do_handshake(bev_ssl);
1104 return 0;
1105 }
1106
1107 static void
be_openssl_outbuf_cb(struct evbuffer * buf,const struct evbuffer_cb_info * cbinfo,void * arg)1108 be_openssl_outbuf_cb(struct evbuffer *buf,
1109 const struct evbuffer_cb_info *cbinfo, void *arg)
1110 {
1111 struct bufferevent_openssl *bev_ssl = arg;
1112 int r = 0;
1113 /* XXX need to hold a reference here. */
1114
1115 if (cbinfo->n_added && bev_ssl->state == BUFFEREVENT_SSL_OPEN) {
1116 if (cbinfo->orig_size == 0)
1117 r = _bufferevent_add_event(&bev_ssl->bev.bev.ev_write,
1118 &bev_ssl->bev.bev.timeout_write);
1119 consider_writing(bev_ssl);
1120 }
1121 /* XXX Handle r < 0 */
1122 (void)r;
1123 }
1124
1125
1126 static int
be_openssl_enable(struct bufferevent * bev,short events)1127 be_openssl_enable(struct bufferevent *bev, short events)
1128 {
1129 struct bufferevent_openssl *bev_ssl = upcast(bev);
1130 int r1 = 0, r2 = 0;
1131
1132 if (bev_ssl->state != BUFFEREVENT_SSL_OPEN)
1133 return 0;
1134
1135 if (events & EV_READ)
1136 r1 = start_reading(bev_ssl);
1137 if (events & EV_WRITE)
1138 r2 = start_writing(bev_ssl);
1139
1140 if (bev_ssl->underlying) {
1141 if (events & EV_READ)
1142 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
1143 if (events & EV_WRITE)
1144 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
1145
1146 if (events & EV_READ)
1147 consider_reading(bev_ssl);
1148 if (events & EV_WRITE)
1149 consider_writing(bev_ssl);
1150 }
1151 return (r1 < 0 || r2 < 0) ? -1 : 0;
1152 }
1153
1154 static int
be_openssl_disable(struct bufferevent * bev,short events)1155 be_openssl_disable(struct bufferevent *bev, short events)
1156 {
1157 struct bufferevent_openssl *bev_ssl = upcast(bev);
1158 if (bev_ssl->state != BUFFEREVENT_SSL_OPEN)
1159 return 0;
1160
1161 if (events & EV_READ)
1162 stop_reading(bev_ssl);
1163 if (events & EV_WRITE)
1164 stop_writing(bev_ssl);
1165
1166 if (bev_ssl->underlying) {
1167 if (events & EV_READ)
1168 BEV_DEL_GENERIC_READ_TIMEOUT(bev);
1169 if (events & EV_WRITE)
1170 BEV_DEL_GENERIC_WRITE_TIMEOUT(bev);
1171 }
1172 return 0;
1173 }
1174
1175 static void
be_openssl_destruct(struct bufferevent * bev)1176 be_openssl_destruct(struct bufferevent *bev)
1177 {
1178 struct bufferevent_openssl *bev_ssl = upcast(bev);
1179
1180 if (bev_ssl->underlying) {
1181 _bufferevent_del_generic_timeout_cbs(bev);
1182 } else {
1183 event_del(&bev->ev_read);
1184 event_del(&bev->ev_write);
1185 }
1186
1187 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1188 if (bev_ssl->underlying) {
1189 if (BEV_UPCAST(bev_ssl->underlying)->refcnt < 2) {
1190 event_warnx("BEV_OPT_CLOSE_ON_FREE set on an "
1191 "bufferevent with too few references");
1192 } else {
1193 bufferevent_free(bev_ssl->underlying);
1194 bev_ssl->underlying = NULL;
1195 }
1196 } else {
1197 evutil_socket_t fd = -1;
1198 BIO *bio = SSL_get_wbio(bev_ssl->ssl);
1199 if (bio)
1200 fd = BIO_get_fd(bio, NULL);
1201 if (fd >= 0)
1202 evutil_closesocket(fd);
1203 }
1204 SSL_free(bev_ssl->ssl);
1205 } else {
1206 if (bev_ssl->underlying) {
1207 if (bev_ssl->underlying->errorcb == be_openssl_eventcb)
1208 bufferevent_setcb(bev_ssl->underlying,
1209 NULL,NULL,NULL,NULL);
1210 bufferevent_unsuspend_read(bev_ssl->underlying,
1211 BEV_SUSPEND_FILT_READ);
1212 }
1213 }
1214 }
1215
1216 static int
be_openssl_adj_timeouts(struct bufferevent * bev)1217 be_openssl_adj_timeouts(struct bufferevent *bev)
1218 {
1219 struct bufferevent_openssl *bev_ssl = upcast(bev);
1220
1221 if (bev_ssl->underlying)
1222 return _bufferevent_generic_adj_timeouts(bev);
1223 else {
1224 int r1=0, r2=0;
1225 if (event_pending(&bev->ev_read, EV_READ, NULL))
1226 r1 = _bufferevent_add_event(&bev->ev_read, &bev->timeout_read);
1227 if (event_pending(&bev->ev_write, EV_WRITE, NULL))
1228 r2 = _bufferevent_add_event(&bev->ev_write, &bev->timeout_write);
1229 return (r1<0 || r2<0) ? -1 : 0;
1230 }
1231 }
1232
1233 static int
be_openssl_flush(struct bufferevent * bufev,short iotype,enum bufferevent_flush_mode mode)1234 be_openssl_flush(struct bufferevent *bufev,
1235 short iotype, enum bufferevent_flush_mode mode)
1236 {
1237 /* XXXX Implement this. */
1238 return 0;
1239 }
1240
1241 static int
be_openssl_ctrl(struct bufferevent * bev,enum bufferevent_ctrl_op op,union bufferevent_ctrl_data * data)1242 be_openssl_ctrl(struct bufferevent *bev,
1243 enum bufferevent_ctrl_op op, union bufferevent_ctrl_data *data)
1244 {
1245 struct bufferevent_openssl *bev_ssl = upcast(bev);
1246 switch (op) {
1247 case BEV_CTRL_SET_FD:
1248 if (bev_ssl->underlying)
1249 return -1;
1250 {
1251 BIO *bio;
1252 bio = BIO_new_socket(data->fd, 0);
1253 SSL_set_bio(bev_ssl->ssl, bio, bio);
1254 bev_ssl->fd_is_set = 1;
1255 }
1256 if (bev_ssl->state == BUFFEREVENT_SSL_OPEN)
1257 return set_open_callbacks(bev_ssl, data->fd);
1258 else {
1259 return set_handshake_callbacks(bev_ssl, data->fd);
1260 }
1261 case BEV_CTRL_GET_FD:
1262 if (bev_ssl->underlying)
1263 return -1;
1264 if (!bev_ssl->fd_is_set)
1265 return -1;
1266 data->fd = event_get_fd(&bev->ev_read);
1267 return 0;
1268 case BEV_CTRL_GET_UNDERLYING:
1269 if (!bev_ssl->underlying)
1270 return -1;
1271 data->ptr = bev_ssl->underlying;
1272 return 0;
1273 case BEV_CTRL_CANCEL_ALL:
1274 default:
1275 return -1;
1276 }
1277 }
1278
1279 SSL *
bufferevent_openssl_get_ssl(struct bufferevent * bufev)1280 bufferevent_openssl_get_ssl(struct bufferevent *bufev)
1281 {
1282 struct bufferevent_openssl *bev_ssl = upcast(bufev);
1283 if (!bev_ssl)
1284 return NULL;
1285 return bev_ssl->ssl;
1286 }
1287
1288 static struct bufferevent *
bufferevent_openssl_new_impl(struct event_base * base,struct bufferevent * underlying,evutil_socket_t fd,SSL * ssl,enum bufferevent_ssl_state state,int options)1289 bufferevent_openssl_new_impl(struct event_base *base,
1290 struct bufferevent *underlying,
1291 evutil_socket_t fd,
1292 SSL *ssl,
1293 enum bufferevent_ssl_state state,
1294 int options)
1295 {
1296 struct bufferevent_openssl *bev_ssl = NULL;
1297 struct bufferevent_private *bev_p = NULL;
1298 int tmp_options = options & ~BEV_OPT_THREADSAFE;
1299
1300 if (underlying != NULL && fd >= 0)
1301 return NULL; /* Only one can be set. */
1302
1303 if (!(bev_ssl = mm_calloc(1, sizeof(struct bufferevent_openssl))))
1304 goto err;
1305
1306 bev_p = &bev_ssl->bev;
1307
1308 if (bufferevent_init_common(bev_p, base,
1309 &bufferevent_ops_openssl, tmp_options) < 0)
1310 goto err;
1311
1312 /* Don't explode if we decide to realloc a chunk we're writing from in
1313 * the output buffer. */
1314 SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1315
1316 bev_ssl->underlying = underlying;
1317 bev_ssl->ssl = ssl;
1318
1319 bev_ssl->outbuf_cb = evbuffer_add_cb(bev_p->bev.output,
1320 be_openssl_outbuf_cb, bev_ssl);
1321
1322 if (options & BEV_OPT_THREADSAFE)
1323 bufferevent_enable_locking(&bev_ssl->bev.bev, NULL);
1324
1325 if (underlying) {
1326 _bufferevent_init_generic_timeout_cbs(&bev_ssl->bev.bev);
1327 bufferevent_incref(underlying);
1328 }
1329
1330 bev_ssl->state = state;
1331 bev_ssl->last_write = -1;
1332
1333 init_bio_counts(bev_ssl);
1334
1335 switch (state) {
1336 case BUFFEREVENT_SSL_ACCEPTING:
1337 SSL_set_accept_state(bev_ssl->ssl);
1338 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1339 goto err;
1340 break;
1341 case BUFFEREVENT_SSL_CONNECTING:
1342 SSL_set_connect_state(bev_ssl->ssl);
1343 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1344 goto err;
1345 break;
1346 case BUFFEREVENT_SSL_OPEN:
1347 if (set_open_callbacks(bev_ssl, fd) < 0)
1348 goto err;
1349 break;
1350 default:
1351 goto err;
1352 }
1353
1354 if (underlying) {
1355 bufferevent_setwatermark(underlying, EV_READ, 0, 0);
1356 bufferevent_enable(underlying, EV_READ|EV_WRITE);
1357 if (state == BUFFEREVENT_SSL_OPEN)
1358 bufferevent_suspend_read(underlying,
1359 BEV_SUSPEND_FILT_READ);
1360 } else {
1361 bev_ssl->bev.bev.enabled = EV_READ|EV_WRITE;
1362 if (bev_ssl->fd_is_set) {
1363 if (state != BUFFEREVENT_SSL_OPEN)
1364 if (event_add(&bev_ssl->bev.bev.ev_read, NULL) < 0)
1365 goto err;
1366 if (event_add(&bev_ssl->bev.bev.ev_write, NULL) < 0)
1367 goto err;
1368 }
1369 }
1370
1371 return &bev_ssl->bev.bev;
1372 err:
1373 if (bev_ssl)
1374 bufferevent_free(&bev_ssl->bev.bev);
1375 return NULL;
1376 }
1377
1378 struct bufferevent *
bufferevent_openssl_filter_new(struct event_base * base,struct bufferevent * underlying,SSL * ssl,enum bufferevent_ssl_state state,int options)1379 bufferevent_openssl_filter_new(struct event_base *base,
1380 struct bufferevent *underlying,
1381 SSL *ssl,
1382 enum bufferevent_ssl_state state,
1383 int options)
1384 {
1385 /* We don't tell the BIO to close the bufferevent; we do it ourselves
1386 * on be_openssl_destruct */
1387 int close_flag = 0; /* options & BEV_OPT_CLOSE_ON_FREE; */
1388 BIO *bio;
1389 if (!underlying)
1390 return NULL;
1391 if (!(bio = BIO_new_bufferevent(underlying, close_flag)))
1392 return NULL;
1393
1394 SSL_set_bio(ssl, bio, bio);
1395
1396 return bufferevent_openssl_new_impl(
1397 base, underlying, -1, ssl, state, options);
1398 }
1399
1400 struct bufferevent *
bufferevent_openssl_socket_new(struct event_base * base,evutil_socket_t fd,SSL * ssl,enum bufferevent_ssl_state state,int options)1401 bufferevent_openssl_socket_new(struct event_base *base,
1402 evutil_socket_t fd,
1403 SSL *ssl,
1404 enum bufferevent_ssl_state state,
1405 int options)
1406 {
1407 /* Does the SSL already have an fd? */
1408 BIO *bio = SSL_get_wbio(ssl);
1409 long have_fd = -1;
1410
1411 if (bio)
1412 have_fd = BIO_get_fd(bio, NULL);
1413
1414 if (have_fd >= 0) {
1415 /* The SSL is already configured with an fd. */
1416 if (fd < 0) {
1417 /* We should learn the fd from the SSL. */
1418 fd = (evutil_socket_t) have_fd;
1419 } else if (have_fd == (long)fd) {
1420 /* We already know the fd from the SSL; do nothing */
1421 } else {
1422 /* We specified an fd different from that of the SSL.
1423 This is probably an error on our part. Fail. */
1424 return NULL;
1425 }
1426 (void) BIO_set_close(bio, 0);
1427 } else {
1428 /* The SSL isn't configured with a BIO with an fd. */
1429 if (fd >= 0) {
1430 /* ... and we have an fd we want to use. */
1431 bio = BIO_new_socket(fd, 0);
1432 SSL_set_bio(ssl, bio, bio);
1433 } else {
1434 /* Leave the fd unset. */
1435 }
1436 }
1437
1438 return bufferevent_openssl_new_impl(
1439 base, NULL, fd, ssl, state, options);
1440 }
1441
1442 unsigned long
bufferevent_get_openssl_error(struct bufferevent * bev)1443 bufferevent_get_openssl_error(struct bufferevent *bev)
1444 {
1445 unsigned long err = 0;
1446 struct bufferevent_openssl *bev_ssl;
1447 BEV_LOCK(bev);
1448 bev_ssl = upcast(bev);
1449 if (bev_ssl && bev_ssl->n_errors) {
1450 err = bev_ssl->errors[--bev_ssl->n_errors];
1451 }
1452 BEV_UNLOCK(bev);
1453 return err;
1454 }
1455