1 /*
2 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. The name of the author may not be used to endorse or promote products
13 * derived from this software without specific prior written permission.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 // Get rid of OSX 10.7 and greater deprecation warnings.
28 #if defined(__APPLE__) && defined(__clang__)
29 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
30 #endif
31
32 #include "event2/event-config.h"
33 #include "evconfig-private.h"
34
35 #include <sys/types.h>
36
37 #ifdef EVENT__HAVE_SYS_TIME_H
38 #include <sys/time.h>
39 #endif
40
41 #include <errno.h>
42 #include <stdio.h>
43 #include <stdlib.h>
44 #include <string.h>
45 #ifdef EVENT__HAVE_STDARG_H
46 #include <stdarg.h>
47 #endif
48 #ifdef EVENT__HAVE_UNISTD_H
49 #include <unistd.h>
50 #endif
51
52 #ifdef _WIN32
53 #include <winsock2.h>
54 #endif
55
56 #include "event2/bufferevent.h"
57 #include "event2/bufferevent_struct.h"
58 #include "event2/bufferevent_ssl.h"
59 #include "event2/buffer.h"
60 #include "event2/event.h"
61
62 #include "mm-internal.h"
63 #include "bufferevent-internal.h"
64 #include "log-internal.h"
65
66 #include <openssl/bio.h>
67 #include <openssl/ssl.h>
68 #include <openssl/err.h>
69 #include "openssl-compat.h"
70
71 /*
72 * Define an OpenSSL bio that targets a bufferevent.
73 */
74
75 /* --------------------
76 A BIO is an OpenSSL abstraction that handles reading and writing data. The
77 library will happily speak SSL over anything that implements a BIO
78 interface.
79
80 Here we define a BIO implementation that directs its output to a
81 bufferevent. We'll want to use this only when none of OpenSSL's built-in
82 IO mechanisms work for us.
83 -------------------- */
84
85 /* every BIO type needs its own integer type value. */
86 #define BIO_TYPE_LIBEVENT 57
87 /* ???? Arguably, we should set BIO_TYPE_FILTER or BIO_TYPE_SOURCE_SINK on
88 * this. */
89
90 #if 0
91 static void
92 print_err(int val)
93 {
94 int err;
95 printf("Error was %d\n", val);
96
97 while ((err = ERR_get_error())) {
98 const char *msg = (const char*)ERR_reason_error_string(err);
99 const char *lib = (const char*)ERR_lib_error_string(err);
100 const char *func = (const char*)ERR_func_error_string(err);
101
102 printf("%s in %s %s\n", msg, lib, func);
103 }
104 }
105 #else
106 #define print_err(v) ((void)0)
107 #endif
108
109 /* Called to initialize a new BIO */
110 static int
bio_bufferevent_new(BIO * b)111 bio_bufferevent_new(BIO *b)
112 {
113 BIO_set_init(b, 0);
114 BIO_set_data(b, NULL); /* We'll be putting the bufferevent in this field.*/
115 return 1;
116 }
117
118 /* Called to uninitialize the BIO. */
119 static int
bio_bufferevent_free(BIO * b)120 bio_bufferevent_free(BIO *b)
121 {
122 if (!b)
123 return 0;
124 if (BIO_get_shutdown(b)) {
125 if (BIO_get_init(b) && BIO_get_data(b))
126 bufferevent_free(BIO_get_data(b));
127 BIO_free(b);
128 }
129 return 1;
130 }
131
132 /* Called to extract data from the BIO. */
133 static int
bio_bufferevent_read(BIO * b,char * out,int outlen)134 bio_bufferevent_read(BIO *b, char *out, int outlen)
135 {
136 int r = 0;
137 struct evbuffer *input;
138
139 BIO_clear_retry_flags(b);
140
141 if (!out)
142 return 0;
143 if (!BIO_get_data(b))
144 return -1;
145
146 input = bufferevent_get_input(BIO_get_data(b));
147 if (evbuffer_get_length(input) == 0) {
148 /* If there's no data to read, say so. */
149 BIO_set_retry_read(b);
150 return -1;
151 } else {
152 r = evbuffer_remove(input, out, outlen);
153 }
154
155 return r;
156 }
157
158 /* Called to write data info the BIO */
159 static int
bio_bufferevent_write(BIO * b,const char * in,int inlen)160 bio_bufferevent_write(BIO *b, const char *in, int inlen)
161 {
162 struct bufferevent *bufev = BIO_get_data(b);
163 struct evbuffer *output;
164 size_t outlen;
165
166 BIO_clear_retry_flags(b);
167
168 if (!BIO_get_data(b))
169 return -1;
170
171 output = bufferevent_get_output(bufev);
172 outlen = evbuffer_get_length(output);
173
174 /* Copy only as much data onto the output buffer as can fit under the
175 * high-water mark. */
176 if (bufev->wm_write.high && bufev->wm_write.high <= (outlen+inlen)) {
177 if (bufev->wm_write.high <= outlen) {
178 /* If no data can fit, we'll need to retry later. */
179 BIO_set_retry_write(b);
180 return -1;
181 }
182 inlen = bufev->wm_write.high - outlen;
183 }
184
185 EVUTIL_ASSERT(inlen > 0);
186 evbuffer_add(output, in, inlen);
187 return inlen;
188 }
189
190 /* Called to handle various requests */
191 static long
bio_bufferevent_ctrl(BIO * b,int cmd,long num,void * ptr)192 bio_bufferevent_ctrl(BIO *b, int cmd, long num, void *ptr)
193 {
194 struct bufferevent *bufev = BIO_get_data(b);
195 long ret = 1;
196
197 switch (cmd) {
198 case BIO_CTRL_GET_CLOSE:
199 ret = BIO_get_shutdown(b);
200 break;
201 case BIO_CTRL_SET_CLOSE:
202 BIO_set_shutdown(b, (int)num);
203 break;
204 case BIO_CTRL_PENDING:
205 ret = evbuffer_get_length(bufferevent_get_input(bufev)) != 0;
206 break;
207 case BIO_CTRL_WPENDING:
208 ret = evbuffer_get_length(bufferevent_get_output(bufev)) != 0;
209 break;
210 /* XXXX These two are given a special-case treatment because
211 * of cargo-cultism. I should come up with a better reason. */
212 case BIO_CTRL_DUP:
213 case BIO_CTRL_FLUSH:
214 ret = 1;
215 break;
216 default:
217 ret = 0;
218 break;
219 }
220 return ret;
221 }
222
223 /* Called to write a string to the BIO */
224 static int
bio_bufferevent_puts(BIO * b,const char * s)225 bio_bufferevent_puts(BIO *b, const char *s)
226 {
227 return bio_bufferevent_write(b, s, strlen(s));
228 }
229
230 /* Method table for the bufferevent BIO */
231 static BIO_METHOD *methods_bufferevent;
232
233 /* Return the method table for the bufferevents BIO */
234 static BIO_METHOD *
BIO_s_bufferevent(void)235 BIO_s_bufferevent(void)
236 {
237 if (methods_bufferevent == NULL) {
238 methods_bufferevent = BIO_meth_new(BIO_TYPE_LIBEVENT, "bufferevent");
239 if (methods_bufferevent == NULL)
240 return NULL;
241 BIO_meth_set_write(methods_bufferevent, bio_bufferevent_write);
242 BIO_meth_set_read(methods_bufferevent, bio_bufferevent_read);
243 BIO_meth_set_puts(methods_bufferevent, bio_bufferevent_puts);
244 BIO_meth_set_ctrl(methods_bufferevent, bio_bufferevent_ctrl);
245 BIO_meth_set_create(methods_bufferevent, bio_bufferevent_new);
246 BIO_meth_set_destroy(methods_bufferevent, bio_bufferevent_free);
247 }
248 return methods_bufferevent;
249 }
250
251 /* Create a new BIO to wrap communication around a bufferevent. If close_flag
252 * is true, the bufferevent will be freed when the BIO is closed. */
253 static BIO *
BIO_new_bufferevent(struct bufferevent * bufferevent,int close_flag)254 BIO_new_bufferevent(struct bufferevent *bufferevent, int close_flag)
255 {
256 BIO *result;
257 if (!bufferevent)
258 return NULL;
259 if (!(result = BIO_new(BIO_s_bufferevent())))
260 return NULL;
261 BIO_set_init(result, 1);
262 BIO_set_data(result, bufferevent);
263 BIO_set_shutdown(result, close_flag ? 1 : 0);
264 return result;
265 }
266
267 /* --------------------
268 Now, here's the OpenSSL-based implementation of bufferevent.
269
270 The implementation comes in two flavors: one that connects its SSL object
271 to an underlying bufferevent using a BIO_bufferevent, and one that has the
272 SSL object connect to a socket directly. The latter should generally be
273 faster, except on Windows, where your best bet is using a
274 bufferevent_async.
275
276 (OpenSSL supports many other BIO types, too. But we can't use any unless
277 we have a good way to get notified when they become readable/writable.)
278 -------------------- */
279
280 struct bio_data_counts {
281 unsigned long n_written;
282 unsigned long n_read;
283 };
284
285 struct bufferevent_openssl {
286 /* Shared fields with common bufferevent implementation code.
287 If we were set up with an underlying bufferevent, we use the
288 events here as timers only. If we have an SSL, then we use
289 the events as socket events.
290 */
291 struct bufferevent_private bev;
292 /* An underlying bufferevent that we're directing our output to.
293 If it's NULL, then we're connected to an fd, not an evbuffer. */
294 struct bufferevent *underlying;
295 /* The SSL object doing our encryption. */
296 SSL *ssl;
297
298 /* A callback that's invoked when data arrives on our outbuf so we
299 know to write data to the SSL. */
300 struct evbuffer_cb_entry *outbuf_cb;
301
302 /* A count of how much data the bios have read/written total. Used
303 for rate-limiting. */
304 struct bio_data_counts counts;
305
306 /* If this value is greater than 0, then the last SSL_write blocked,
307 * and we need to try it again with this many bytes. */
308 ev_ssize_t last_write;
309
310 #define NUM_ERRORS 3
311 ev_uint32_t errors[NUM_ERRORS];
312
313 /* When we next get available space, we should say "read" instead of
314 "write". This can happen if there's a renegotiation during a read
315 operation. */
316 unsigned read_blocked_on_write : 1;
317 /* When we next get data, we should say "write" instead of "read". */
318 unsigned write_blocked_on_read : 1;
319 /* Treat TCP close before SSL close on SSL >= v3 as clean EOF. */
320 unsigned allow_dirty_shutdown : 1;
321 /* XXX */
322 unsigned n_errors : 2;
323
324 /* Are we currently connecting, accepting, or doing IO? */
325 unsigned state : 2;
326 /* If we reset fd, we sould reset state too */
327 unsigned old_state : 2;
328 };
329
330 static int be_openssl_enable(struct bufferevent *, short);
331 static int be_openssl_disable(struct bufferevent *, short);
332 static void be_openssl_unlink(struct bufferevent *);
333 static void be_openssl_destruct(struct bufferevent *);
334 static int be_openssl_adj_timeouts(struct bufferevent *);
335 static int be_openssl_flush(struct bufferevent *bufev,
336 short iotype, enum bufferevent_flush_mode mode);
337 static int be_openssl_ctrl(struct bufferevent *, enum bufferevent_ctrl_op, union bufferevent_ctrl_data *);
338
339 const struct bufferevent_ops bufferevent_ops_openssl = {
340 "ssl",
341 evutil_offsetof(struct bufferevent_openssl, bev.bev),
342 be_openssl_enable,
343 be_openssl_disable,
344 be_openssl_unlink,
345 be_openssl_destruct,
346 be_openssl_adj_timeouts,
347 be_openssl_flush,
348 be_openssl_ctrl,
349 };
350
351 /* Given a bufferevent, return a pointer to the bufferevent_openssl that
352 * contains it, if any. */
353 static inline struct bufferevent_openssl *
upcast(struct bufferevent * bev)354 upcast(struct bufferevent *bev)
355 {
356 struct bufferevent_openssl *bev_o;
357 if (bev->be_ops != &bufferevent_ops_openssl)
358 return NULL;
359 bev_o = (void*)( ((char*)bev) -
360 evutil_offsetof(struct bufferevent_openssl, bev.bev));
361 EVUTIL_ASSERT(bev_o->bev.bev.be_ops == &bufferevent_ops_openssl);
362 return bev_o;
363 }
364
365 static inline void
put_error(struct bufferevent_openssl * bev_ssl,unsigned long err)366 put_error(struct bufferevent_openssl *bev_ssl, unsigned long err)
367 {
368 if (bev_ssl->n_errors == NUM_ERRORS)
369 return;
370 /* The error type according to openssl is "unsigned long", but
371 openssl never uses more than 32 bits of it. It _can't_ use more
372 than 32 bits of it, since it needs to report errors on systems
373 where long is only 32 bits.
374 */
375 bev_ssl->errors[bev_ssl->n_errors++] = (ev_uint32_t) err;
376 }
377
378 /* Have the base communications channel (either the underlying bufferevent or
379 * ev_read and ev_write) start reading. Take the read-blocked-on-write flag
380 * into account. */
381 static int
start_reading(struct bufferevent_openssl * bev_ssl)382 start_reading(struct bufferevent_openssl *bev_ssl)
383 {
384 if (bev_ssl->underlying) {
385 bufferevent_unsuspend_read_(bev_ssl->underlying,
386 BEV_SUSPEND_FILT_READ);
387 return 0;
388 } else {
389 struct bufferevent *bev = &bev_ssl->bev.bev;
390 int r;
391 r = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
392 if (r == 0 && bev_ssl->read_blocked_on_write)
393 r = bufferevent_add_event_(&bev->ev_write,
394 &bev->timeout_write);
395 return r;
396 }
397 }
398
399 /* Have the base communications channel (either the underlying bufferevent or
400 * ev_read and ev_write) start writing. Take the write-blocked-on-read flag
401 * into account. */
402 static int
start_writing(struct bufferevent_openssl * bev_ssl)403 start_writing(struct bufferevent_openssl *bev_ssl)
404 {
405 int r = 0;
406 if (bev_ssl->underlying) {
407 if (bev_ssl->write_blocked_on_read) {
408 bufferevent_unsuspend_read_(bev_ssl->underlying,
409 BEV_SUSPEND_FILT_READ);
410 }
411 } else {
412 struct bufferevent *bev = &bev_ssl->bev.bev;
413 r = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
414 if (!r && bev_ssl->write_blocked_on_read)
415 r = bufferevent_add_event_(&bev->ev_read,
416 &bev->timeout_read);
417 }
418 return r;
419 }
420
421 static void
stop_reading(struct bufferevent_openssl * bev_ssl)422 stop_reading(struct bufferevent_openssl *bev_ssl)
423 {
424 if (bev_ssl->write_blocked_on_read)
425 return;
426 if (bev_ssl->underlying) {
427 bufferevent_suspend_read_(bev_ssl->underlying,
428 BEV_SUSPEND_FILT_READ);
429 } else {
430 struct bufferevent *bev = &bev_ssl->bev.bev;
431 event_del(&bev->ev_read);
432 }
433 }
434
435 static void
stop_writing(struct bufferevent_openssl * bev_ssl)436 stop_writing(struct bufferevent_openssl *bev_ssl)
437 {
438 if (bev_ssl->read_blocked_on_write)
439 return;
440 if (bev_ssl->underlying) {
441 bufferevent_unsuspend_read_(bev_ssl->underlying,
442 BEV_SUSPEND_FILT_READ);
443 } else {
444 struct bufferevent *bev = &bev_ssl->bev.bev;
445 event_del(&bev->ev_write);
446 }
447 }
448
449 static int
set_rbow(struct bufferevent_openssl * bev_ssl)450 set_rbow(struct bufferevent_openssl *bev_ssl)
451 {
452 if (!bev_ssl->underlying)
453 stop_reading(bev_ssl);
454 bev_ssl->read_blocked_on_write = 1;
455 return start_writing(bev_ssl);
456 }
457
458 static int
set_wbor(struct bufferevent_openssl * bev_ssl)459 set_wbor(struct bufferevent_openssl *bev_ssl)
460 {
461 if (!bev_ssl->underlying)
462 stop_writing(bev_ssl);
463 bev_ssl->write_blocked_on_read = 1;
464 return start_reading(bev_ssl);
465 }
466
467 static int
clear_rbow(struct bufferevent_openssl * bev_ssl)468 clear_rbow(struct bufferevent_openssl *bev_ssl)
469 {
470 struct bufferevent *bev = &bev_ssl->bev.bev;
471 int r = 0;
472 bev_ssl->read_blocked_on_write = 0;
473 if (!(bev->enabled & EV_WRITE))
474 stop_writing(bev_ssl);
475 if (bev->enabled & EV_READ)
476 r = start_reading(bev_ssl);
477 return r;
478 }
479
480
481 static int
clear_wbor(struct bufferevent_openssl * bev_ssl)482 clear_wbor(struct bufferevent_openssl *bev_ssl)
483 {
484 struct bufferevent *bev = &bev_ssl->bev.bev;
485 int r = 0;
486 bev_ssl->write_blocked_on_read = 0;
487 if (!(bev->enabled & EV_READ))
488 stop_reading(bev_ssl);
489 if (bev->enabled & EV_WRITE)
490 r = start_writing(bev_ssl);
491 return r;
492 }
493
494 static void
conn_closed(struct bufferevent_openssl * bev_ssl,int when,int errcode,int ret)495 conn_closed(struct bufferevent_openssl *bev_ssl, int when, int errcode, int ret)
496 {
497 int event = BEV_EVENT_ERROR;
498 int dirty_shutdown = 0;
499 unsigned long err;
500
501 switch (errcode) {
502 case SSL_ERROR_ZERO_RETURN:
503 /* Possibly a clean shutdown. */
504 if (SSL_get_shutdown(bev_ssl->ssl) & SSL_RECEIVED_SHUTDOWN)
505 event = BEV_EVENT_EOF;
506 else
507 dirty_shutdown = 1;
508 break;
509 case SSL_ERROR_SYSCALL:
510 /* IO error; possibly a dirty shutdown. */
511 if ((ret == 0 || ret == -1) && ERR_peek_error() == 0)
512 dirty_shutdown = 1;
513 break;
514 case SSL_ERROR_SSL:
515 /* Protocol error. */
516 break;
517 case SSL_ERROR_WANT_X509_LOOKUP:
518 /* XXXX handle this. */
519 break;
520 case SSL_ERROR_NONE:
521 case SSL_ERROR_WANT_READ:
522 case SSL_ERROR_WANT_WRITE:
523 case SSL_ERROR_WANT_CONNECT:
524 case SSL_ERROR_WANT_ACCEPT:
525 default:
526 /* should be impossible; treat as normal error. */
527 event_warnx("BUG: Unexpected OpenSSL error code %d", errcode);
528 break;
529 }
530
531 while ((err = ERR_get_error())) {
532 put_error(bev_ssl, err);
533 }
534
535 if (dirty_shutdown && bev_ssl->allow_dirty_shutdown)
536 event = BEV_EVENT_EOF;
537
538 stop_reading(bev_ssl);
539 stop_writing(bev_ssl);
540
541 /* when is BEV_EVENT_{READING|WRITING} */
542 event = when | event;
543 bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
544 }
545
546 static void
init_bio_counts(struct bufferevent_openssl * bev_ssl)547 init_bio_counts(struct bufferevent_openssl *bev_ssl)
548 {
549 BIO *rbio, *wbio;
550
551 wbio = SSL_get_wbio(bev_ssl->ssl);
552 bev_ssl->counts.n_written = wbio ? BIO_number_written(wbio) : 0;
553 rbio = SSL_get_rbio(bev_ssl->ssl);
554 bev_ssl->counts.n_read = rbio ? BIO_number_read(rbio) : 0;
555 }
556
557 static inline void
decrement_buckets(struct bufferevent_openssl * bev_ssl)558 decrement_buckets(struct bufferevent_openssl *bev_ssl)
559 {
560 unsigned long num_w = BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
561 unsigned long num_r = BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
562 /* These next two subtractions can wrap around. That's okay. */
563 unsigned long w = num_w - bev_ssl->counts.n_written;
564 unsigned long r = num_r - bev_ssl->counts.n_read;
565 if (w)
566 bufferevent_decrement_write_buckets_(&bev_ssl->bev, w);
567 if (r)
568 bufferevent_decrement_read_buckets_(&bev_ssl->bev, r);
569 bev_ssl->counts.n_written = num_w;
570 bev_ssl->counts.n_read = num_r;
571 }
572
573 #define OP_MADE_PROGRESS 1
574 #define OP_BLOCKED 2
575 #define OP_ERR 4
576
577 /* Return a bitmask of OP_MADE_PROGRESS (if we read anything); OP_BLOCKED (if
578 we're now blocked); and OP_ERR (if an error occurred). */
579 static int
do_read(struct bufferevent_openssl * bev_ssl,int n_to_read)580 do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) {
581 /* Requires lock */
582 struct bufferevent *bev = &bev_ssl->bev.bev;
583 struct evbuffer *input = bev->input;
584 int r, n, i, n_used = 0, atmost;
585 struct evbuffer_iovec space[2];
586 int result = 0;
587
588 if (bev_ssl->bev.read_suspended)
589 return 0;
590
591 atmost = bufferevent_get_read_max_(&bev_ssl->bev);
592 if (n_to_read > atmost)
593 n_to_read = atmost;
594
595 n = evbuffer_reserve_space(input, n_to_read, space, 2);
596 if (n < 0)
597 return OP_ERR;
598
599 for (i=0; i<n; ++i) {
600 if (bev_ssl->bev.read_suspended)
601 break;
602 ERR_clear_error();
603 r = SSL_read(bev_ssl->ssl, space[i].iov_base, space[i].iov_len);
604 if (r>0) {
605 result |= OP_MADE_PROGRESS;
606 if (bev_ssl->read_blocked_on_write)
607 if (clear_rbow(bev_ssl) < 0)
608 return OP_ERR | result;
609 ++n_used;
610 space[i].iov_len = r;
611 decrement_buckets(bev_ssl);
612 } else {
613 int err = SSL_get_error(bev_ssl->ssl, r);
614 print_err(err);
615 switch (err) {
616 case SSL_ERROR_WANT_READ:
617 /* Can't read until underlying has more data. */
618 if (bev_ssl->read_blocked_on_write)
619 if (clear_rbow(bev_ssl) < 0)
620 return OP_ERR | result;
621 break;
622 case SSL_ERROR_WANT_WRITE:
623 /* This read operation requires a write, and the
624 * underlying is full */
625 if (!bev_ssl->read_blocked_on_write)
626 if (set_rbow(bev_ssl) < 0)
627 return OP_ERR | result;
628 break;
629 default:
630 conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
631 break;
632 }
633 result |= OP_BLOCKED;
634 break; /* out of the loop */
635 }
636 }
637
638 if (n_used) {
639 evbuffer_commit_space(input, space, n_used);
640 if (bev_ssl->underlying)
641 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
642 }
643
644 return result;
645 }
646
647 /* Return a bitmask of OP_MADE_PROGRESS (if we wrote anything); OP_BLOCKED (if
648 we're now blocked); and OP_ERR (if an error occurred). */
649 static int
do_write(struct bufferevent_openssl * bev_ssl,int atmost)650 do_write(struct bufferevent_openssl *bev_ssl, int atmost)
651 {
652 int i, r, n, n_written = 0;
653 struct bufferevent *bev = &bev_ssl->bev.bev;
654 struct evbuffer *output = bev->output;
655 struct evbuffer_iovec space[8];
656 int result = 0;
657
658 if (bev_ssl->last_write > 0)
659 atmost = bev_ssl->last_write;
660 else
661 atmost = bufferevent_get_write_max_(&bev_ssl->bev);
662
663 n = evbuffer_peek(output, atmost, NULL, space, 8);
664 if (n < 0)
665 return OP_ERR | result;
666
667 if (n > 8)
668 n = 8;
669 for (i=0; i < n; ++i) {
670 if (bev_ssl->bev.write_suspended)
671 break;
672
673 /* SSL_write will (reasonably) return 0 if we tell it to
674 send 0 data. Skip this case so we don't interpret the
675 result as an error */
676 if (space[i].iov_len == 0)
677 continue;
678
679 ERR_clear_error();
680 r = SSL_write(bev_ssl->ssl, space[i].iov_base,
681 space[i].iov_len);
682 if (r > 0) {
683 result |= OP_MADE_PROGRESS;
684 if (bev_ssl->write_blocked_on_read)
685 if (clear_wbor(bev_ssl) < 0)
686 return OP_ERR | result;
687 n_written += r;
688 bev_ssl->last_write = -1;
689 decrement_buckets(bev_ssl);
690 } else {
691 int err = SSL_get_error(bev_ssl->ssl, r);
692 print_err(err);
693 switch (err) {
694 case SSL_ERROR_WANT_WRITE:
695 /* Can't read until underlying has more data. */
696 if (bev_ssl->write_blocked_on_read)
697 if (clear_wbor(bev_ssl) < 0)
698 return OP_ERR | result;
699 bev_ssl->last_write = space[i].iov_len;
700 break;
701 case SSL_ERROR_WANT_READ:
702 /* This read operation requires a write, and the
703 * underlying is full */
704 if (!bev_ssl->write_blocked_on_read)
705 if (set_wbor(bev_ssl) < 0)
706 return OP_ERR | result;
707 bev_ssl->last_write = space[i].iov_len;
708 break;
709 default:
710 conn_closed(bev_ssl, BEV_EVENT_WRITING, err, r);
711 bev_ssl->last_write = -1;
712 break;
713 }
714 result |= OP_BLOCKED;
715 break;
716 }
717 }
718 if (n_written) {
719 evbuffer_drain(output, n_written);
720 if (bev_ssl->underlying)
721 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
722
723 bufferevent_trigger_nolock_(bev, EV_WRITE, BEV_OPT_DEFER_CALLBACKS);
724 }
725 return result;
726 }
727
728 #define WRITE_FRAME 15000
729
730 #define READ_DEFAULT 4096
731
732 /* Try to figure out how many bytes to read; return 0 if we shouldn't be
733 * reading. */
734 static int
bytes_to_read(struct bufferevent_openssl * bev)735 bytes_to_read(struct bufferevent_openssl *bev)
736 {
737 struct evbuffer *input = bev->bev.bev.input;
738 struct event_watermark *wm = &bev->bev.bev.wm_read;
739 int result = READ_DEFAULT;
740 ev_ssize_t limit;
741 /* XXX 99% of this is generic code that nearly all bufferevents will
742 * want. */
743
744 if (bev->write_blocked_on_read) {
745 return 0;
746 }
747
748 if (! (bev->bev.bev.enabled & EV_READ)) {
749 return 0;
750 }
751
752 if (bev->bev.read_suspended) {
753 return 0;
754 }
755
756 if (wm->high) {
757 if (evbuffer_get_length(input) >= wm->high) {
758 return 0;
759 }
760
761 result = wm->high - evbuffer_get_length(input);
762 } else {
763 result = READ_DEFAULT;
764 }
765
766 /* Respect the rate limit */
767 limit = bufferevent_get_read_max_(&bev->bev);
768 if (result > limit) {
769 result = limit;
770 }
771
772 return result;
773 }
774
775
776 /* Things look readable. If write is blocked on read, write till it isn't.
777 * Read from the underlying buffer until we block or we hit our high-water
778 * mark.
779 */
780 static void
consider_reading(struct bufferevent_openssl * bev_ssl)781 consider_reading(struct bufferevent_openssl *bev_ssl)
782 {
783 int r;
784 int n_to_read;
785 int all_result_flags = 0;
786
787 while (bev_ssl->write_blocked_on_read) {
788 r = do_write(bev_ssl, WRITE_FRAME);
789 if (r & (OP_BLOCKED|OP_ERR))
790 break;
791 }
792 if (bev_ssl->write_blocked_on_read)
793 return;
794
795 n_to_read = bytes_to_read(bev_ssl);
796
797 while (n_to_read) {
798 r = do_read(bev_ssl, n_to_read);
799 all_result_flags |= r;
800
801 if (r & (OP_BLOCKED|OP_ERR))
802 break;
803
804 if (bev_ssl->bev.read_suspended)
805 break;
806
807 /* Read all pending data. This won't hit the network
808 * again, and will (most importantly) put us in a state
809 * where we don't need to read anything else until the
810 * socket is readable again. It'll potentially make us
811 * overrun our read high-watermark (somewhat
812 * regrettable). The damage to the rate-limit has
813 * already been done, since OpenSSL went and read a
814 * whole SSL record anyway. */
815 n_to_read = SSL_pending(bev_ssl->ssl);
816
817 /* XXX This if statement is actually a bad bug, added to avoid
818 * XXX a worse bug.
819 *
820 * The bad bug: It can potentially cause resource unfairness
821 * by reading too much data from the underlying bufferevent;
822 * it can potentially cause read looping if the underlying
823 * bufferevent is a bufferevent_pair and deferred callbacks
824 * aren't used.
825 *
826 * The worse bug: If we didn't do this, then we would
827 * potentially not read any more from bev_ssl->underlying
828 * until more data arrived there, which could lead to us
829 * waiting forever.
830 */
831 if (!n_to_read && bev_ssl->underlying)
832 n_to_read = bytes_to_read(bev_ssl);
833 }
834
835 if (all_result_flags & OP_MADE_PROGRESS) {
836 struct bufferevent *bev = &bev_ssl->bev.bev;
837
838 bufferevent_trigger_nolock_(bev, EV_READ, 0);
839 }
840
841 if (!bev_ssl->underlying) {
842 /* Should be redundant, but let's avoid busy-looping */
843 if (bev_ssl->bev.read_suspended ||
844 !(bev_ssl->bev.bev.enabled & EV_READ)) {
845 event_del(&bev_ssl->bev.bev.ev_read);
846 }
847 }
848 }
849
850 static void
consider_writing(struct bufferevent_openssl * bev_ssl)851 consider_writing(struct bufferevent_openssl *bev_ssl)
852 {
853 int r;
854 struct evbuffer *output = bev_ssl->bev.bev.output;
855 struct evbuffer *target = NULL;
856 struct event_watermark *wm = NULL;
857
858 while (bev_ssl->read_blocked_on_write) {
859 r = do_read(bev_ssl, 1024); /* XXXX 1024 is a hack */
860 if (r & OP_MADE_PROGRESS) {
861 struct bufferevent *bev = &bev_ssl->bev.bev;
862
863 bufferevent_trigger_nolock_(bev, EV_READ, 0);
864 }
865 if (r & (OP_ERR|OP_BLOCKED))
866 break;
867 }
868 if (bev_ssl->read_blocked_on_write)
869 return;
870 if (bev_ssl->underlying) {
871 target = bev_ssl->underlying->output;
872 wm = &bev_ssl->underlying->wm_write;
873 }
874 while ((bev_ssl->bev.bev.enabled & EV_WRITE) &&
875 (! bev_ssl->bev.write_suspended) &&
876 evbuffer_get_length(output) &&
877 (!target || (! wm->high || evbuffer_get_length(target) < wm->high))) {
878 int n_to_write;
879 if (wm && wm->high)
880 n_to_write = wm->high - evbuffer_get_length(target);
881 else
882 n_to_write = WRITE_FRAME;
883 r = do_write(bev_ssl, n_to_write);
884 if (r & (OP_BLOCKED|OP_ERR))
885 break;
886 }
887
888 if (!bev_ssl->underlying) {
889 if (evbuffer_get_length(output) == 0) {
890 event_del(&bev_ssl->bev.bev.ev_write);
891 } else if (bev_ssl->bev.write_suspended ||
892 !(bev_ssl->bev.bev.enabled & EV_WRITE)) {
893 /* Should be redundant, but let's avoid busy-looping */
894 event_del(&bev_ssl->bev.bev.ev_write);
895 }
896 }
897 }
898
899 static void
be_openssl_readcb(struct bufferevent * bev_base,void * ctx)900 be_openssl_readcb(struct bufferevent *bev_base, void *ctx)
901 {
902 struct bufferevent_openssl *bev_ssl = ctx;
903 consider_reading(bev_ssl);
904 }
905
906 static void
be_openssl_writecb(struct bufferevent * bev_base,void * ctx)907 be_openssl_writecb(struct bufferevent *bev_base, void *ctx)
908 {
909 struct bufferevent_openssl *bev_ssl = ctx;
910 consider_writing(bev_ssl);
911 }
912
913 static void
be_openssl_eventcb(struct bufferevent * bev_base,short what,void * ctx)914 be_openssl_eventcb(struct bufferevent *bev_base, short what, void *ctx)
915 {
916 struct bufferevent_openssl *bev_ssl = ctx;
917 int event = 0;
918
919 if (what & BEV_EVENT_EOF) {
920 if (bev_ssl->allow_dirty_shutdown)
921 event = BEV_EVENT_EOF;
922 else
923 event = BEV_EVENT_ERROR;
924 } else if (what & BEV_EVENT_TIMEOUT) {
925 /* We sure didn't set this. Propagate it to the user. */
926 event = what;
927 } else if (what & BEV_EVENT_ERROR) {
928 /* An error occurred on the connection. Propagate it to the user. */
929 event = what;
930 } else if (what & BEV_EVENT_CONNECTED) {
931 /* Ignore it. We're saying SSL_connect() already, which will
932 eat it. */
933 }
934 if (event)
935 bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
936 }
937
938 static void
be_openssl_readeventcb(evutil_socket_t fd,short what,void * ptr)939 be_openssl_readeventcb(evutil_socket_t fd, short what, void *ptr)
940 {
941 struct bufferevent_openssl *bev_ssl = ptr;
942 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
943 if (what == EV_TIMEOUT) {
944 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
945 BEV_EVENT_TIMEOUT|BEV_EVENT_READING, 0);
946 } else {
947 consider_reading(bev_ssl);
948 }
949 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
950 }
951
952 static void
be_openssl_writeeventcb(evutil_socket_t fd,short what,void * ptr)953 be_openssl_writeeventcb(evutil_socket_t fd, short what, void *ptr)
954 {
955 struct bufferevent_openssl *bev_ssl = ptr;
956 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
957 if (what == EV_TIMEOUT) {
958 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
959 BEV_EVENT_TIMEOUT|BEV_EVENT_WRITING, 0);
960 } else {
961 consider_writing(bev_ssl);
962 }
963 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
964 }
965
966 static int
be_openssl_auto_fd(struct bufferevent_openssl * bev_ssl,int fd)967 be_openssl_auto_fd(struct bufferevent_openssl *bev_ssl, int fd)
968 {
969 if (!bev_ssl->underlying) {
970 struct bufferevent *bev = &bev_ssl->bev.bev;
971 if (event_initialized(&bev->ev_read) && fd < 0) {
972 fd = event_get_fd(&bev->ev_read);
973 }
974 }
975 return fd;
976 }
977
978 static int
set_open_callbacks(struct bufferevent_openssl * bev_ssl,evutil_socket_t fd)979 set_open_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
980 {
981 if (bev_ssl->underlying) {
982 bufferevent_setcb(bev_ssl->underlying,
983 be_openssl_readcb, be_openssl_writecb, be_openssl_eventcb,
984 bev_ssl);
985 return 0;
986 } else {
987 struct bufferevent *bev = &bev_ssl->bev.bev;
988 int rpending=0, wpending=0, r1=0, r2=0;
989
990 if (event_initialized(&bev->ev_read)) {
991 rpending = event_pending(&bev->ev_read, EV_READ, NULL);
992 wpending = event_pending(&bev->ev_write, EV_WRITE, NULL);
993
994 event_del(&bev->ev_read);
995 event_del(&bev->ev_write);
996 }
997
998 event_assign(&bev->ev_read, bev->ev_base, fd,
999 EV_READ|EV_PERSIST|EV_FINALIZE,
1000 be_openssl_readeventcb, bev_ssl);
1001 event_assign(&bev->ev_write, bev->ev_base, fd,
1002 EV_WRITE|EV_PERSIST|EV_FINALIZE,
1003 be_openssl_writeeventcb, bev_ssl);
1004
1005 if (rpending)
1006 r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
1007 if (wpending)
1008 r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
1009
1010 return (r1<0 || r2<0) ? -1 : 0;
1011 }
1012 }
1013
1014 static int
do_handshake(struct bufferevent_openssl * bev_ssl)1015 do_handshake(struct bufferevent_openssl *bev_ssl)
1016 {
1017 int r;
1018
1019 switch (bev_ssl->state) {
1020 default:
1021 case BUFFEREVENT_SSL_OPEN:
1022 EVUTIL_ASSERT(0);
1023 return -1;
1024 case BUFFEREVENT_SSL_CONNECTING:
1025 case BUFFEREVENT_SSL_ACCEPTING:
1026 ERR_clear_error();
1027 r = SSL_do_handshake(bev_ssl->ssl);
1028 break;
1029 }
1030 decrement_buckets(bev_ssl);
1031
1032 if (r==1) {
1033 int fd = event_get_fd(&bev_ssl->bev.bev.ev_read);
1034 /* We're done! */
1035 bev_ssl->state = BUFFEREVENT_SSL_OPEN;
1036 set_open_callbacks(bev_ssl, fd); /* XXXX handle failure */
1037 /* Call do_read and do_write as needed */
1038 bufferevent_enable(&bev_ssl->bev.bev, bev_ssl->bev.bev.enabled);
1039 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
1040 BEV_EVENT_CONNECTED, 0);
1041 return 1;
1042 } else {
1043 int err = SSL_get_error(bev_ssl->ssl, r);
1044 print_err(err);
1045 switch (err) {
1046 case SSL_ERROR_WANT_WRITE:
1047 stop_reading(bev_ssl);
1048 return start_writing(bev_ssl);
1049 case SSL_ERROR_WANT_READ:
1050 stop_writing(bev_ssl);
1051 return start_reading(bev_ssl);
1052 default:
1053 conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
1054 return -1;
1055 }
1056 }
1057 }
1058
1059 static void
be_openssl_handshakecb(struct bufferevent * bev_base,void * ctx)1060 be_openssl_handshakecb(struct bufferevent *bev_base, void *ctx)
1061 {
1062 struct bufferevent_openssl *bev_ssl = ctx;
1063 do_handshake(bev_ssl);/* XXX handle failure */
1064 }
1065
1066 static void
be_openssl_handshakeeventcb(evutil_socket_t fd,short what,void * ptr)1067 be_openssl_handshakeeventcb(evutil_socket_t fd, short what, void *ptr)
1068 {
1069 struct bufferevent_openssl *bev_ssl = ptr;
1070
1071 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
1072 if (what & EV_TIMEOUT) {
1073 bufferevent_run_eventcb_(&bev_ssl->bev.bev, BEV_EVENT_TIMEOUT, 0);
1074 } else
1075 do_handshake(bev_ssl);/* XXX handle failure */
1076 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
1077 }
1078
1079 static int
set_handshake_callbacks(struct bufferevent_openssl * bev_ssl,evutil_socket_t fd)1080 set_handshake_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
1081 {
1082 if (bev_ssl->underlying) {
1083 bufferevent_setcb(bev_ssl->underlying,
1084 be_openssl_handshakecb, be_openssl_handshakecb,
1085 be_openssl_eventcb,
1086 bev_ssl);
1087
1088 if (fd < 0)
1089 return 0;
1090
1091 if (bufferevent_setfd(bev_ssl->underlying, fd))
1092 return 1;
1093
1094 return do_handshake(bev_ssl);
1095 } else {
1096 struct bufferevent *bev = &bev_ssl->bev.bev;
1097
1098 if (event_initialized(&bev->ev_read)) {
1099 event_del(&bev->ev_read);
1100 event_del(&bev->ev_write);
1101 }
1102
1103 event_assign(&bev->ev_read, bev->ev_base, fd,
1104 EV_READ|EV_PERSIST|EV_FINALIZE,
1105 be_openssl_handshakeeventcb, bev_ssl);
1106 event_assign(&bev->ev_write, bev->ev_base, fd,
1107 EV_WRITE|EV_PERSIST|EV_FINALIZE,
1108 be_openssl_handshakeeventcb, bev_ssl);
1109 if (fd >= 0)
1110 bufferevent_enable(bev, bev->enabled);
1111 return 0;
1112 }
1113 }
1114
1115 int
bufferevent_ssl_renegotiate(struct bufferevent * bev)1116 bufferevent_ssl_renegotiate(struct bufferevent *bev)
1117 {
1118 struct bufferevent_openssl *bev_ssl = upcast(bev);
1119 if (!bev_ssl)
1120 return -1;
1121 if (SSL_renegotiate(bev_ssl->ssl) < 0)
1122 return -1;
1123 bev_ssl->state = BUFFEREVENT_SSL_CONNECTING;
1124 if (set_handshake_callbacks(bev_ssl, be_openssl_auto_fd(bev_ssl, -1)) < 0)
1125 return -1;
1126 if (!bev_ssl->underlying)
1127 return do_handshake(bev_ssl);
1128 return 0;
1129 }
1130
1131 static void
be_openssl_outbuf_cb(struct evbuffer * buf,const struct evbuffer_cb_info * cbinfo,void * arg)1132 be_openssl_outbuf_cb(struct evbuffer *buf,
1133 const struct evbuffer_cb_info *cbinfo, void *arg)
1134 {
1135 struct bufferevent_openssl *bev_ssl = arg;
1136 int r = 0;
1137 /* XXX need to hold a reference here. */
1138
1139 if (cbinfo->n_added && bev_ssl->state == BUFFEREVENT_SSL_OPEN) {
1140 if (cbinfo->orig_size == 0)
1141 r = bufferevent_add_event_(&bev_ssl->bev.bev.ev_write,
1142 &bev_ssl->bev.bev.timeout_write);
1143
1144 if (bev_ssl->underlying)
1145 consider_writing(bev_ssl);
1146 }
1147 /* XXX Handle r < 0 */
1148 (void)r;
1149 }
1150
1151
1152 static int
be_openssl_enable(struct bufferevent * bev,short events)1153 be_openssl_enable(struct bufferevent *bev, short events)
1154 {
1155 struct bufferevent_openssl *bev_ssl = upcast(bev);
1156 int r1 = 0, r2 = 0;
1157
1158 if (events & EV_READ)
1159 r1 = start_reading(bev_ssl);
1160 if (events & EV_WRITE)
1161 r2 = start_writing(bev_ssl);
1162
1163 if (bev_ssl->underlying) {
1164 if (events & EV_READ)
1165 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
1166 if (events & EV_WRITE)
1167 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
1168
1169 if (events & EV_READ)
1170 consider_reading(bev_ssl);
1171 if (events & EV_WRITE)
1172 consider_writing(bev_ssl);
1173 }
1174 return (r1 < 0 || r2 < 0) ? -1 : 0;
1175 }
1176
1177 static int
be_openssl_disable(struct bufferevent * bev,short events)1178 be_openssl_disable(struct bufferevent *bev, short events)
1179 {
1180 struct bufferevent_openssl *bev_ssl = upcast(bev);
1181
1182 if (events & EV_READ)
1183 stop_reading(bev_ssl);
1184 if (events & EV_WRITE)
1185 stop_writing(bev_ssl);
1186
1187 if (bev_ssl->underlying) {
1188 if (events & EV_READ)
1189 BEV_DEL_GENERIC_READ_TIMEOUT(bev);
1190 if (events & EV_WRITE)
1191 BEV_DEL_GENERIC_WRITE_TIMEOUT(bev);
1192 }
1193 return 0;
1194 }
1195
1196 static void
be_openssl_unlink(struct bufferevent * bev)1197 be_openssl_unlink(struct bufferevent *bev)
1198 {
1199 struct bufferevent_openssl *bev_ssl = upcast(bev);
1200
1201 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1202 if (bev_ssl->underlying) {
1203 if (BEV_UPCAST(bev_ssl->underlying)->refcnt < 2) {
1204 event_warnx("BEV_OPT_CLOSE_ON_FREE set on an "
1205 "bufferevent with too few references");
1206 } else {
1207 bufferevent_free(bev_ssl->underlying);
1208 /* We still have a reference to it, via our
1209 * BIO. So we don't drop this. */
1210 // bev_ssl->underlying = NULL;
1211 }
1212 }
1213 } else {
1214 if (bev_ssl->underlying) {
1215 if (bev_ssl->underlying->errorcb == be_openssl_eventcb)
1216 bufferevent_setcb(bev_ssl->underlying,
1217 NULL,NULL,NULL,NULL);
1218 bufferevent_unsuspend_read_(bev_ssl->underlying,
1219 BEV_SUSPEND_FILT_READ);
1220 }
1221 }
1222 }
1223
1224 static void
be_openssl_destruct(struct bufferevent * bev)1225 be_openssl_destruct(struct bufferevent *bev)
1226 {
1227 struct bufferevent_openssl *bev_ssl = upcast(bev);
1228
1229 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1230 if (! bev_ssl->underlying) {
1231 evutil_socket_t fd = -1;
1232 BIO *bio = SSL_get_wbio(bev_ssl->ssl);
1233 if (bio)
1234 fd = BIO_get_fd(bio, NULL);
1235 if (fd >= 0)
1236 evutil_closesocket(fd);
1237 }
1238 SSL_free(bev_ssl->ssl);
1239 }
1240 }
1241
1242 static int
be_openssl_adj_timeouts(struct bufferevent * bev)1243 be_openssl_adj_timeouts(struct bufferevent *bev)
1244 {
1245 struct bufferevent_openssl *bev_ssl = upcast(bev);
1246
1247 if (bev_ssl->underlying) {
1248 return bufferevent_generic_adj_timeouts_(bev);
1249 } else {
1250 return bufferevent_generic_adj_existing_timeouts_(bev);
1251 }
1252 }
1253
1254 static int
be_openssl_flush(struct bufferevent * bufev,short iotype,enum bufferevent_flush_mode mode)1255 be_openssl_flush(struct bufferevent *bufev,
1256 short iotype, enum bufferevent_flush_mode mode)
1257 {
1258 /* XXXX Implement this. */
1259 return 0;
1260 }
1261
1262 static int
be_openssl_set_fd(struct bufferevent_openssl * bev_ssl,enum bufferevent_ssl_state state,int fd)1263 be_openssl_set_fd(struct bufferevent_openssl *bev_ssl,
1264 enum bufferevent_ssl_state state, int fd)
1265 {
1266 bev_ssl->state = state;
1267
1268 switch (state) {
1269 case BUFFEREVENT_SSL_ACCEPTING:
1270 SSL_set_accept_state(bev_ssl->ssl);
1271 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1272 return -1;
1273 break;
1274 case BUFFEREVENT_SSL_CONNECTING:
1275 SSL_set_connect_state(bev_ssl->ssl);
1276 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1277 return -1;
1278 break;
1279 case BUFFEREVENT_SSL_OPEN:
1280 if (set_open_callbacks(bev_ssl, fd) < 0)
1281 return -1;
1282 break;
1283 default:
1284 return -1;
1285 }
1286
1287 return 0;
1288 }
1289
1290 static int
be_openssl_ctrl(struct bufferevent * bev,enum bufferevent_ctrl_op op,union bufferevent_ctrl_data * data)1291 be_openssl_ctrl(struct bufferevent *bev,
1292 enum bufferevent_ctrl_op op, union bufferevent_ctrl_data *data)
1293 {
1294 struct bufferevent_openssl *bev_ssl = upcast(bev);
1295 switch (op) {
1296 case BEV_CTRL_SET_FD:
1297 if (!bev_ssl->underlying) {
1298 BIO *bio;
1299 bio = BIO_new_socket(data->fd, 0);
1300 SSL_set_bio(bev_ssl->ssl, bio, bio);
1301 } else {
1302 BIO *bio;
1303 if (!(bio = BIO_new_bufferevent(bev_ssl->underlying, 0)))
1304 return -1;
1305 SSL_set_bio(bev_ssl->ssl, bio, bio);
1306 }
1307
1308 return be_openssl_set_fd(bev_ssl, bev_ssl->old_state, data->fd);
1309 case BEV_CTRL_GET_FD:
1310 if (bev_ssl->underlying) {
1311 data->fd = event_get_fd(&bev_ssl->underlying->ev_read);
1312 } else {
1313 data->fd = event_get_fd(&bev->ev_read);
1314 }
1315 return 0;
1316 case BEV_CTRL_GET_UNDERLYING:
1317 data->ptr = bev_ssl->underlying;
1318 return 0;
1319 case BEV_CTRL_CANCEL_ALL:
1320 default:
1321 return -1;
1322 }
1323 }
1324
1325 SSL *
bufferevent_openssl_get_ssl(struct bufferevent * bufev)1326 bufferevent_openssl_get_ssl(struct bufferevent *bufev)
1327 {
1328 struct bufferevent_openssl *bev_ssl = upcast(bufev);
1329 if (!bev_ssl)
1330 return NULL;
1331 return bev_ssl->ssl;
1332 }
1333
1334 static struct bufferevent *
bufferevent_openssl_new_impl(struct event_base * base,struct bufferevent * underlying,evutil_socket_t fd,SSL * ssl,enum bufferevent_ssl_state state,int options)1335 bufferevent_openssl_new_impl(struct event_base *base,
1336 struct bufferevent *underlying,
1337 evutil_socket_t fd,
1338 SSL *ssl,
1339 enum bufferevent_ssl_state state,
1340 int options)
1341 {
1342 struct bufferevent_openssl *bev_ssl = NULL;
1343 struct bufferevent_private *bev_p = NULL;
1344 int tmp_options = options & ~BEV_OPT_THREADSAFE;
1345
1346 if (underlying != NULL && fd >= 0)
1347 return NULL; /* Only one can be set. */
1348
1349 if (!(bev_ssl = mm_calloc(1, sizeof(struct bufferevent_openssl))))
1350 goto err;
1351
1352 bev_p = &bev_ssl->bev;
1353
1354 if (bufferevent_init_common_(bev_p, base,
1355 &bufferevent_ops_openssl, tmp_options) < 0)
1356 goto err;
1357
1358 /* Don't explode if we decide to realloc a chunk we're writing from in
1359 * the output buffer. */
1360 SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1361
1362 bev_ssl->underlying = underlying;
1363 bev_ssl->ssl = ssl;
1364
1365 bev_ssl->outbuf_cb = evbuffer_add_cb(bev_p->bev.output,
1366 be_openssl_outbuf_cb, bev_ssl);
1367
1368 if (options & BEV_OPT_THREADSAFE)
1369 bufferevent_enable_locking_(&bev_ssl->bev.bev, NULL);
1370
1371 if (underlying) {
1372 bufferevent_init_generic_timeout_cbs_(&bev_ssl->bev.bev);
1373 bufferevent_incref_(underlying);
1374 }
1375
1376 bev_ssl->old_state = state;
1377 bev_ssl->last_write = -1;
1378
1379 init_bio_counts(bev_ssl);
1380
1381 fd = be_openssl_auto_fd(bev_ssl, fd);
1382 if (be_openssl_set_fd(bev_ssl, state, fd))
1383 goto err;
1384
1385 if (underlying) {
1386 bufferevent_setwatermark(underlying, EV_READ, 0, 0);
1387 bufferevent_enable(underlying, EV_READ|EV_WRITE);
1388 if (state == BUFFEREVENT_SSL_OPEN)
1389 bufferevent_suspend_read_(underlying,
1390 BEV_SUSPEND_FILT_READ);
1391 }
1392
1393 return &bev_ssl->bev.bev;
1394 err:
1395 if (bev_ssl)
1396 bufferevent_free(&bev_ssl->bev.bev);
1397 return NULL;
1398 }
1399
1400 struct bufferevent *
bufferevent_openssl_filter_new(struct event_base * base,struct bufferevent * underlying,SSL * ssl,enum bufferevent_ssl_state state,int options)1401 bufferevent_openssl_filter_new(struct event_base *base,
1402 struct bufferevent *underlying,
1403 SSL *ssl,
1404 enum bufferevent_ssl_state state,
1405 int options)
1406 {
1407 /* We don't tell the BIO to close the bufferevent; we do it ourselves
1408 * on be_openssl_destruct */
1409 int close_flag = 0; /* options & BEV_OPT_CLOSE_ON_FREE; */
1410 BIO *bio;
1411 if (!underlying)
1412 return NULL;
1413 if (!(bio = BIO_new_bufferevent(underlying, close_flag)))
1414 return NULL;
1415
1416 SSL_set_bio(ssl, bio, bio);
1417
1418 return bufferevent_openssl_new_impl(
1419 base, underlying, -1, ssl, state, options);
1420 }
1421
1422 struct bufferevent *
bufferevent_openssl_socket_new(struct event_base * base,evutil_socket_t fd,SSL * ssl,enum bufferevent_ssl_state state,int options)1423 bufferevent_openssl_socket_new(struct event_base *base,
1424 evutil_socket_t fd,
1425 SSL *ssl,
1426 enum bufferevent_ssl_state state,
1427 int options)
1428 {
1429 /* Does the SSL already have an fd? */
1430 BIO *bio = SSL_get_wbio(ssl);
1431 long have_fd = -1;
1432
1433 if (bio)
1434 have_fd = BIO_get_fd(bio, NULL);
1435
1436 if (have_fd >= 0) {
1437 /* The SSL is already configured with an fd. */
1438 if (fd < 0) {
1439 /* We should learn the fd from the SSL. */
1440 fd = (evutil_socket_t) have_fd;
1441 } else if (have_fd == (long)fd) {
1442 /* We already know the fd from the SSL; do nothing */
1443 } else {
1444 /* We specified an fd different from that of the SSL.
1445 This is probably an error on our part. Fail. */
1446 return NULL;
1447 }
1448 (void) BIO_set_close(bio, 0);
1449 } else {
1450 /* The SSL isn't configured with a BIO with an fd. */
1451 if (fd >= 0) {
1452 /* ... and we have an fd we want to use. */
1453 bio = BIO_new_socket(fd, 0);
1454 SSL_set_bio(ssl, bio, bio);
1455 } else {
1456 /* Leave the fd unset. */
1457 }
1458 }
1459
1460 return bufferevent_openssl_new_impl(
1461 base, NULL, fd, ssl, state, options);
1462 }
1463
1464 int
bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent * bev)1465 bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev)
1466 {
1467 int allow_dirty_shutdown = -1;
1468 struct bufferevent_openssl *bev_ssl;
1469 BEV_LOCK(bev);
1470 bev_ssl = upcast(bev);
1471 if (bev_ssl)
1472 allow_dirty_shutdown = bev_ssl->allow_dirty_shutdown;
1473 BEV_UNLOCK(bev);
1474 return allow_dirty_shutdown;
1475 }
1476
1477 void
bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent * bev,int allow_dirty_shutdown)1478 bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev,
1479 int allow_dirty_shutdown)
1480 {
1481 struct bufferevent_openssl *bev_ssl;
1482 BEV_LOCK(bev);
1483 bev_ssl = upcast(bev);
1484 if (bev_ssl)
1485 bev_ssl->allow_dirty_shutdown = !!allow_dirty_shutdown;
1486 BEV_UNLOCK(bev);
1487 }
1488
1489 unsigned long
bufferevent_get_openssl_error(struct bufferevent * bev)1490 bufferevent_get_openssl_error(struct bufferevent *bev)
1491 {
1492 unsigned long err = 0;
1493 struct bufferevent_openssl *bev_ssl;
1494 BEV_LOCK(bev);
1495 bev_ssl = upcast(bev);
1496 if (bev_ssl && bev_ssl->n_errors) {
1497 err = bev_ssl->errors[--bev_ssl->n_errors];
1498 }
1499 BEV_UNLOCK(bev);
1500 return err;
1501 }
1502