This source file includes following definitions.
- print_err
- bio_bufferevent_new
- bio_bufferevent_free
- bio_bufferevent_read
- bio_bufferevent_write
- bio_bufferevent_ctrl
- bio_bufferevent_puts
- BIO_s_bufferevent
- BIO_new_bufferevent
- upcast
- put_error
- start_reading
- start_writing
- stop_reading
- stop_writing
- set_rbow
- set_wbor
- clear_rbow
- clear_wbor
- conn_closed
- init_bio_counts
- decrement_buckets
- do_read
- do_write
- bytes_to_read
- consider_reading
- consider_writing
- be_openssl_readcb
- be_openssl_writecb
- be_openssl_eventcb
- be_openssl_readeventcb
- be_openssl_writeeventcb
- set_open_callbacks
- do_handshake
- be_openssl_handshakecb
- be_openssl_handshakeeventcb
- set_handshake_callbacks
- bufferevent_ssl_renegotiate
- be_openssl_outbuf_cb
- be_openssl_enable
- be_openssl_disable
- be_openssl_destruct
- be_openssl_adj_timeouts
- be_openssl_flush
- be_openssl_ctrl
- bufferevent_openssl_get_ssl
- bufferevent_openssl_new_impl
- bufferevent_openssl_filter_new
- bufferevent_openssl_socket_new
- bufferevent_get_openssl_error
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27 #include <sys/types.h>
28
29 #include "event2/event-config.h"
30
31 #ifdef _EVENT_HAVE_SYS_TIME_H
32 #include <sys/time.h>
33 #endif
34
35 #include <errno.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #ifdef _EVENT_HAVE_STDARG_H
40 #include <stdarg.h>
41 #endif
42 #ifdef _EVENT_HAVE_UNISTD_H
43 #include <unistd.h>
44 #endif
45
46 #ifdef WIN32
47 #include <winsock2.h>
48 #endif
49
50 #include "event2/bufferevent.h"
51 #include "event2/bufferevent_struct.h"
52 #include "event2/bufferevent_ssl.h"
53 #include "event2/buffer.h"
54 #include "event2/event.h"
55
56 #include "mm-internal.h"
57 #include "bufferevent-internal.h"
58 #include "log-internal.h"
59
60 #include <openssl/bio.h>
61 #include <openssl/ssl.h>
62 #include <openssl/err.h>
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79 #define BIO_TYPE_LIBEVENT 57
80
81
82
83 #if 0
84 static void
85 print_err(int val)
86 {
87 int err;
88 printf("Error was %d\n", val);
89
90 while ((err = ERR_get_error())) {
91 const char *msg = (const char*)ERR_reason_error_string(err);
92 const char *lib = (const char*)ERR_lib_error_string(err);
93 const char *func = (const char*)ERR_func_error_string(err);
94
95 printf("%s in %s %s\n", msg, lib, func);
96 }
97 }
98 #else
99 #define print_err(v) ((void)0)
100 #endif
101
102
103 static int
104 bio_bufferevent_new(BIO *b)
105 {
106 b->init = 0;
107 b->num = -1;
108 b->ptr = NULL;
109 b->flags = 0;
110 return 1;
111 }
112
113
114 static int
115 bio_bufferevent_free(BIO *b)
116 {
117 if (!b)
118 return 0;
119 if (b->shutdown) {
120 if (b->init && b->ptr)
121 bufferevent_free(b->ptr);
122 b->init = 0;
123 b->flags = 0;
124 b->ptr = NULL;
125 }
126 return 1;
127 }
128
129
130 static int
131 bio_bufferevent_read(BIO *b, char *out, int outlen)
132 {
133 int r = 0;
134 struct evbuffer *input;
135
136 BIO_clear_retry_flags(b);
137
138 if (!out)
139 return 0;
140 if (!b->ptr)
141 return -1;
142
143 input = bufferevent_get_input(b->ptr);
144 if (evbuffer_get_length(input) == 0) {
145
146 BIO_set_retry_read(b);
147 return -1;
148 } else {
149 r = evbuffer_remove(input, out, outlen);
150 }
151
152 return r;
153 }
154
155
156 static int
157 bio_bufferevent_write(BIO *b, const char *in, int inlen)
158 {
159 struct bufferevent *bufev = b->ptr;
160 struct evbuffer *output;
161 size_t outlen;
162
163 BIO_clear_retry_flags(b);
164
165 if (!b->ptr)
166 return -1;
167
168 output = bufferevent_get_output(bufev);
169 outlen = evbuffer_get_length(output);
170
171
172
173 if (bufev->wm_write.high && bufev->wm_write.high <= (outlen+inlen)) {
174 if (bufev->wm_write.high <= outlen) {
175
176 BIO_set_retry_write(b);
177 return -1;
178 }
179 inlen = bufev->wm_write.high - outlen;
180 }
181
182 EVUTIL_ASSERT(inlen > 0);
183 evbuffer_add(output, in, inlen);
184 return inlen;
185 }
186
187
188 static long
189 bio_bufferevent_ctrl(BIO *b, int cmd, long num, void *ptr)
190 {
191 struct bufferevent *bufev = b->ptr;
192 long ret = 1;
193
194 switch (cmd) {
195 case BIO_CTRL_GET_CLOSE:
196 ret = b->shutdown;
197 break;
198 case BIO_CTRL_SET_CLOSE:
199 b->shutdown = (int)num;
200 break;
201 case BIO_CTRL_PENDING:
202 ret = evbuffer_get_length(bufferevent_get_input(bufev)) != 0;
203 break;
204 case BIO_CTRL_WPENDING:
205 ret = evbuffer_get_length(bufferevent_get_output(bufev)) != 0;
206 break;
207
208
209 case BIO_CTRL_DUP:
210 case BIO_CTRL_FLUSH:
211 ret = 1;
212 break;
213 default:
214 ret = 0;
215 break;
216 }
217 return ret;
218 }
219
220
221 static int
222 bio_bufferevent_puts(BIO *b, const char *s)
223 {
224 return bio_bufferevent_write(b, s, strlen(s));
225 }
226
227
228 static BIO_METHOD methods_bufferevent = {
229 BIO_TYPE_LIBEVENT, "bufferevent",
230 bio_bufferevent_write,
231 bio_bufferevent_read,
232 bio_bufferevent_puts,
233 NULL ,
234 bio_bufferevent_ctrl,
235 bio_bufferevent_new,
236 bio_bufferevent_free,
237 NULL ,
238 };
239
240
241 static BIO_METHOD *
242 BIO_s_bufferevent(void)
243 {
244 return &methods_bufferevent;
245 }
246
247
248
249 static BIO *
250 BIO_new_bufferevent(struct bufferevent *bufferevent, int close_flag)
251 {
252 BIO *result;
253 if (!bufferevent)
254 return NULL;
255 if (!(result = BIO_new(BIO_s_bufferevent())))
256 return NULL;
257 result->init = 1;
258 result->ptr = bufferevent;
259 result->shutdown = close_flag ? 1 : 0;
260 return result;
261 }
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276 struct bio_data_counts {
277 unsigned long n_written;
278 unsigned long n_read;
279 };
280
281 struct bufferevent_openssl {
282
283
284
285
286
287 struct bufferevent_private bev;
288
289
290 struct bufferevent *underlying;
291
292 SSL *ssl;
293
294
295
296 struct evbuffer_cb_entry *outbuf_cb;
297
298
299
300 struct bio_data_counts counts;
301
302
303
304 ev_ssize_t last_write;
305
306 #define NUM_ERRORS 3
307 ev_uint32_t errors[NUM_ERRORS];
308
309
310
311
312 unsigned read_blocked_on_write : 1;
313
314 unsigned write_blocked_on_read : 1;
315
316 unsigned allow_dirty_shutdown : 1;
317
318 unsigned fd_is_set : 1;
319
320 unsigned n_errors : 2;
321
322
323 unsigned state : 2;
324 };
325
326 static int be_openssl_enable(struct bufferevent *, short);
327 static int be_openssl_disable(struct bufferevent *, short);
328 static void be_openssl_destruct(struct bufferevent *);
329 static int be_openssl_adj_timeouts(struct bufferevent *);
330 static int be_openssl_flush(struct bufferevent *bufev,
331 short iotype, enum bufferevent_flush_mode mode);
332 static int be_openssl_ctrl(struct bufferevent *, enum bufferevent_ctrl_op, union bufferevent_ctrl_data *);
333
334 const struct bufferevent_ops bufferevent_ops_openssl = {
335 "ssl",
336 evutil_offsetof(struct bufferevent_openssl, bev.bev),
337 be_openssl_enable,
338 be_openssl_disable,
339 be_openssl_destruct,
340 be_openssl_adj_timeouts,
341 be_openssl_flush,
342 be_openssl_ctrl,
343 };
344
345
346
347 static inline struct bufferevent_openssl *
348 upcast(struct bufferevent *bev)
349 {
350 struct bufferevent_openssl *bev_o;
351 if (bev->be_ops != &bufferevent_ops_openssl)
352 return NULL;
353 bev_o = (void*)( ((char*)bev) -
354 evutil_offsetof(struct bufferevent_openssl, bev.bev));
355 EVUTIL_ASSERT(bev_o->bev.bev.be_ops == &bufferevent_ops_openssl);
356 return bev_o;
357 }
358
359 static inline void
360 put_error(struct bufferevent_openssl *bev_ssl, unsigned long err)
361 {
362 if (bev_ssl->n_errors == NUM_ERRORS)
363 return;
364
365
366
367
368
369 bev_ssl->errors[bev_ssl->n_errors++] = (ev_uint32_t) err;
370 }
371
372
373
374
375 static int
376 start_reading(struct bufferevent_openssl *bev_ssl)
377 {
378 if (bev_ssl->underlying) {
379 bufferevent_unsuspend_read(bev_ssl->underlying,
380 BEV_SUSPEND_FILT_READ);
381 return 0;
382 } else {
383 struct bufferevent *bev = &bev_ssl->bev.bev;
384 int r;
385 r = _bufferevent_add_event(&bev->ev_read, &bev->timeout_read);
386 if (r == 0 && bev_ssl->read_blocked_on_write)
387 r = _bufferevent_add_event(&bev->ev_write,
388 &bev->timeout_write);
389 return r;
390 }
391 }
392
393
394
395
396 static int
397 start_writing(struct bufferevent_openssl *bev_ssl)
398 {
399 int r = 0;
400 if (bev_ssl->underlying) {
401 ;
402 } else {
403 struct bufferevent *bev = &bev_ssl->bev.bev;
404 r = _bufferevent_add_event(&bev->ev_write, &bev->timeout_write);
405 if (!r && bev_ssl->write_blocked_on_read)
406 r = _bufferevent_add_event(&bev->ev_read,
407 &bev->timeout_read);
408 }
409 return r;
410 }
411
412 static void
413 stop_reading(struct bufferevent_openssl *bev_ssl)
414 {
415 if (bev_ssl->write_blocked_on_read)
416 return;
417 if (bev_ssl->underlying) {
418 bufferevent_suspend_read(bev_ssl->underlying,
419 BEV_SUSPEND_FILT_READ);
420 } else {
421 struct bufferevent *bev = &bev_ssl->bev.bev;
422 event_del(&bev->ev_read);
423 }
424 }
425
426 static void
427 stop_writing(struct bufferevent_openssl *bev_ssl)
428 {
429 if (bev_ssl->read_blocked_on_write)
430 return;
431 if (bev_ssl->underlying) {
432 ;
433 } else {
434 struct bufferevent *bev = &bev_ssl->bev.bev;
435 event_del(&bev->ev_write);
436 }
437 }
438
439 static int
440 set_rbow(struct bufferevent_openssl *bev_ssl)
441 {
442 if (!bev_ssl->underlying)
443 stop_reading(bev_ssl);
444 bev_ssl->read_blocked_on_write = 1;
445 return start_writing(bev_ssl);
446 }
447
448 static int
449 set_wbor(struct bufferevent_openssl *bev_ssl)
450 {
451 if (!bev_ssl->underlying)
452 stop_writing(bev_ssl);
453 bev_ssl->write_blocked_on_read = 1;
454 return start_reading(bev_ssl);
455 }
456
457 static int
458 clear_rbow(struct bufferevent_openssl *bev_ssl)
459 {
460 struct bufferevent *bev = &bev_ssl->bev.bev;
461 int r = 0;
462 bev_ssl->read_blocked_on_write = 0;
463 if (!(bev->enabled & EV_WRITE))
464 stop_writing(bev_ssl);
465 if (bev->enabled & EV_READ)
466 r = start_reading(bev_ssl);
467 return r;
468 }
469
470
471 static int
472 clear_wbor(struct bufferevent_openssl *bev_ssl)
473 {
474 struct bufferevent *bev = &bev_ssl->bev.bev;
475 int r = 0;
476 bev_ssl->write_blocked_on_read = 0;
477 if (!(bev->enabled & EV_READ))
478 stop_reading(bev_ssl);
479 if (bev->enabled & EV_WRITE)
480 r = start_writing(bev_ssl);
481 return r;
482 }
483
484 static void
485 conn_closed(struct bufferevent_openssl *bev_ssl, int errcode, int ret)
486 {
487 int event = BEV_EVENT_ERROR;
488 int dirty_shutdown = 0;
489 unsigned long err;
490
491 switch (errcode) {
492 case SSL_ERROR_ZERO_RETURN:
493
494 if (SSL_get_shutdown(bev_ssl->ssl) & SSL_RECEIVED_SHUTDOWN)
495 event = BEV_EVENT_EOF;
496 else
497 dirty_shutdown = 1;
498 break;
499 case SSL_ERROR_SYSCALL:
500
501 if (ret == 0 && ERR_peek_error() == 0)
502 dirty_shutdown = 1;
503 break;
504 case SSL_ERROR_SSL:
505
506 break;
507 case SSL_ERROR_WANT_X509_LOOKUP:
508
509 break;
510 case SSL_ERROR_NONE:
511 case SSL_ERROR_WANT_READ:
512 case SSL_ERROR_WANT_WRITE:
513 case SSL_ERROR_WANT_CONNECT:
514 case SSL_ERROR_WANT_ACCEPT:
515 default:
516
517 event_warnx("BUG: Unexpected OpenSSL error code %d", errcode);
518 break;
519 }
520
521 while ((err = ERR_get_error())) {
522 put_error(bev_ssl, err);
523 }
524
525 if (dirty_shutdown && bev_ssl->allow_dirty_shutdown)
526 event = BEV_EVENT_EOF;
527
528 stop_reading(bev_ssl);
529 stop_writing(bev_ssl);
530
531 _bufferevent_run_eventcb(&bev_ssl->bev.bev, event);
532 }
533
534 static void
535 init_bio_counts(struct bufferevent_openssl *bev_ssl)
536 {
537 bev_ssl->counts.n_written =
538 BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
539 bev_ssl->counts.n_read =
540 BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
541 }
542
543 static inline void
544 decrement_buckets(struct bufferevent_openssl *bev_ssl)
545 {
546 unsigned long num_w = BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
547 unsigned long num_r = BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
548
549 unsigned long w = num_w - bev_ssl->counts.n_written;
550 unsigned long r = num_r - bev_ssl->counts.n_read;
551 if (w)
552 _bufferevent_decrement_write_buckets(&bev_ssl->bev, w);
553 if (r)
554 _bufferevent_decrement_read_buckets(&bev_ssl->bev, r);
555 bev_ssl->counts.n_written = num_w;
556 bev_ssl->counts.n_read = num_r;
557 }
558
559 #define OP_MADE_PROGRESS 1
560 #define OP_BLOCKED 2
561 #define OP_ERR 4
562
563
564
565 static int
566 do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) {
567
568 struct bufferevent *bev = &bev_ssl->bev.bev;
569 struct evbuffer *input = bev->input;
570 int r, n, i, n_used = 0, atmost;
571 struct evbuffer_iovec space[2];
572 int result = 0;
573
574 if (bev_ssl->bev.read_suspended)
575 return 0;
576
577 atmost = _bufferevent_get_read_max(&bev_ssl->bev);
578 if (n_to_read > atmost)
579 n_to_read = atmost;
580
581 n = evbuffer_reserve_space(input, n_to_read, space, 2);
582 if (n < 0)
583 return OP_ERR;
584
585 for (i=0; i<n; ++i) {
586 if (bev_ssl->bev.read_suspended)
587 break;
588 r = SSL_read(bev_ssl->ssl, space[i].iov_base, space[i].iov_len);
589 if (r>0) {
590 result |= OP_MADE_PROGRESS;
591 if (bev_ssl->read_blocked_on_write)
592 if (clear_rbow(bev_ssl) < 0)
593 return OP_ERR | result;
594 ++n_used;
595 space[i].iov_len = r;
596 decrement_buckets(bev_ssl);
597 } else {
598 int err = SSL_get_error(bev_ssl->ssl, r);
599 print_err(err);
600 switch (err) {
601 case SSL_ERROR_WANT_READ:
602
603 if (bev_ssl->read_blocked_on_write)
604 if (clear_rbow(bev_ssl) < 0)
605 return OP_ERR | result;
606 break;
607 case SSL_ERROR_WANT_WRITE:
608
609
610 if (!bev_ssl->read_blocked_on_write)
611 if (set_rbow(bev_ssl) < 0)
612 return OP_ERR | result;
613 break;
614 default:
615 conn_closed(bev_ssl, err, r);
616 break;
617 }
618 result |= OP_BLOCKED;
619 break;
620 }
621 }
622
623 if (n_used) {
624 evbuffer_commit_space(input, space, n_used);
625 if (bev_ssl->underlying)
626 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
627 }
628
629 return result;
630 }
631
632
633
634 static int
635 do_write(struct bufferevent_openssl *bev_ssl, int atmost)
636 {
637 int i, r, n, n_written = 0;
638 struct bufferevent *bev = &bev_ssl->bev.bev;
639 struct evbuffer *output = bev->output;
640 struct evbuffer_iovec space[8];
641 int result = 0;
642
643 if (bev_ssl->last_write > 0)
644 atmost = bev_ssl->last_write;
645 else
646 atmost = _bufferevent_get_write_max(&bev_ssl->bev);
647
648 n = evbuffer_peek(output, atmost, NULL, space, 8);
649 if (n < 0)
650 return OP_ERR | result;
651
652 if (n > 8)
653 n = 8;
654 for (i=0; i < n; ++i) {
655 if (bev_ssl->bev.write_suspended)
656 break;
657
658
659
660
661 if (space[i].iov_len == 0)
662 continue;
663
664 r = SSL_write(bev_ssl->ssl, space[i].iov_base,
665 space[i].iov_len);
666 if (r > 0) {
667 result |= OP_MADE_PROGRESS;
668 if (bev_ssl->write_blocked_on_read)
669 if (clear_wbor(bev_ssl) < 0)
670 return OP_ERR | result;
671 n_written += r;
672 bev_ssl->last_write = -1;
673 decrement_buckets(bev_ssl);
674 } else {
675 int err = SSL_get_error(bev_ssl->ssl, r);
676 print_err(err);
677 switch (err) {
678 case SSL_ERROR_WANT_WRITE:
679
680 if (bev_ssl->write_blocked_on_read)
681 if (clear_wbor(bev_ssl) < 0)
682 return OP_ERR | result;
683 bev_ssl->last_write = space[i].iov_len;
684 break;
685 case SSL_ERROR_WANT_READ:
686
687
688 if (!bev_ssl->write_blocked_on_read)
689 if (set_wbor(bev_ssl) < 0)
690 return OP_ERR | result;
691 bev_ssl->last_write = space[i].iov_len;
692 break;
693 default:
694 conn_closed(bev_ssl, err, r);
695 bev_ssl->last_write = -1;
696 break;
697 }
698 result |= OP_BLOCKED;
699 break;
700 }
701 }
702 if (n_written) {
703 evbuffer_drain(output, n_written);
704 if (bev_ssl->underlying)
705 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
706
707 if (evbuffer_get_length(output) <= bev->wm_write.low)
708 _bufferevent_run_writecb(bev);
709 }
710 return result;
711 }
712
713 #define WRITE_FRAME 15000
714
715 #define READ_DEFAULT 4096
716
717
718
719 static int
720 bytes_to_read(struct bufferevent_openssl *bev)
721 {
722 struct evbuffer *input = bev->bev.bev.input;
723 struct event_watermark *wm = &bev->bev.bev.wm_read;
724 int result = READ_DEFAULT;
725 ev_ssize_t limit;
726
727
728
729 if (bev->write_blocked_on_read) {
730 return 0;
731 }
732
733 if (! (bev->bev.bev.enabled & EV_READ)) {
734 return 0;
735 }
736
737 if (bev->bev.read_suspended) {
738 return 0;
739 }
740
741 if (wm->high) {
742 if (evbuffer_get_length(input) >= wm->high) {
743 return 0;
744 }
745
746 result = wm->high - evbuffer_get_length(input);
747 } else {
748 result = READ_DEFAULT;
749 }
750
751
752 limit = _bufferevent_get_read_max(&bev->bev);
753 if (result > limit) {
754 result = limit;
755 }
756
757 return result;
758 }
759
760
761
762
763
764
765 static void
766 consider_reading(struct bufferevent_openssl *bev_ssl)
767 {
768 int r;
769 int n_to_read;
770 int all_result_flags = 0;
771
772 while (bev_ssl->write_blocked_on_read) {
773 r = do_write(bev_ssl, WRITE_FRAME);
774 if (r & (OP_BLOCKED|OP_ERR))
775 break;
776 }
777 if (bev_ssl->write_blocked_on_read)
778 return;
779
780 n_to_read = bytes_to_read(bev_ssl);
781
782 while (n_to_read) {
783 r = do_read(bev_ssl, n_to_read);
784 all_result_flags |= r;
785
786 if (r & (OP_BLOCKED|OP_ERR))
787 break;
788
789 if (bev_ssl->bev.read_suspended)
790 break;
791
792
793
794
795
796
797
798
799
800 n_to_read = SSL_pending(bev_ssl->ssl);
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816 if (!n_to_read && bev_ssl->underlying)
817 n_to_read = bytes_to_read(bev_ssl);
818 }
819
820 if (all_result_flags & OP_MADE_PROGRESS) {
821 struct bufferevent *bev = &bev_ssl->bev.bev;
822 struct evbuffer *input = bev->input;
823
824 if (evbuffer_get_length(input) >= bev->wm_read.low) {
825 _bufferevent_run_readcb(bev);
826 }
827 }
828
829 if (!bev_ssl->underlying) {
830
831 if (bev_ssl->bev.read_suspended ||
832 !(bev_ssl->bev.bev.enabled & EV_READ)) {
833 event_del(&bev_ssl->bev.bev.ev_read);
834 }
835 }
836 }
837
838 static void
839 consider_writing(struct bufferevent_openssl *bev_ssl)
840 {
841 int r;
842 struct evbuffer *output = bev_ssl->bev.bev.output;
843 struct evbuffer *target = NULL;
844 struct event_watermark *wm = NULL;
845
846 while (bev_ssl->read_blocked_on_write) {
847 r = do_read(bev_ssl, 1024);
848 if (r & OP_MADE_PROGRESS) {
849 struct bufferevent *bev = &bev_ssl->bev.bev;
850 struct evbuffer *input = bev->input;
851
852 if (evbuffer_get_length(input) >= bev->wm_read.low) {
853 _bufferevent_run_readcb(bev);
854 }
855 }
856 if (r & (OP_ERR|OP_BLOCKED))
857 break;
858 }
859 if (bev_ssl->read_blocked_on_write)
860 return;
861 if (bev_ssl->underlying) {
862 target = bev_ssl->underlying->output;
863 wm = &bev_ssl->underlying->wm_write;
864 }
865 while ((bev_ssl->bev.bev.enabled & EV_WRITE) &&
866 (! bev_ssl->bev.write_suspended) &&
867 evbuffer_get_length(output) &&
868 (!target || (! wm->high || evbuffer_get_length(target) < wm->high))) {
869 int n_to_write;
870 if (wm && wm->high)
871 n_to_write = wm->high - evbuffer_get_length(target);
872 else
873 n_to_write = WRITE_FRAME;
874 r = do_write(bev_ssl, n_to_write);
875 if (r & (OP_BLOCKED|OP_ERR))
876 break;
877 }
878
879 if (!bev_ssl->underlying) {
880 if (evbuffer_get_length(output) == 0) {
881 event_del(&bev_ssl->bev.bev.ev_write);
882 } else if (bev_ssl->bev.write_suspended ||
883 !(bev_ssl->bev.bev.enabled & EV_WRITE)) {
884
885 event_del(&bev_ssl->bev.bev.ev_write);
886 }
887 }
888 }
889
890 static void
891 be_openssl_readcb(struct bufferevent *bev_base, void *ctx)
892 {
893 struct bufferevent_openssl *bev_ssl = ctx;
894 consider_reading(bev_ssl);
895 }
896
897 static void
898 be_openssl_writecb(struct bufferevent *bev_base, void *ctx)
899 {
900 struct bufferevent_openssl *bev_ssl = ctx;
901 consider_writing(bev_ssl);
902 }
903
904 static void
905 be_openssl_eventcb(struct bufferevent *bev_base, short what, void *ctx)
906 {
907 struct bufferevent_openssl *bev_ssl = ctx;
908 int event = 0;
909
910 if (what & BEV_EVENT_EOF) {
911 if (bev_ssl->allow_dirty_shutdown)
912 event = BEV_EVENT_EOF;
913 else
914 event = BEV_EVENT_ERROR;
915 } else if (what & BEV_EVENT_TIMEOUT) {
916
917 event = what;
918 } else if (what & BEV_EVENT_ERROR) {
919
920 event = what;
921 } else if (what & BEV_EVENT_CONNECTED) {
922
923
924 }
925 if (event)
926 _bufferevent_run_eventcb(&bev_ssl->bev.bev, event);
927 }
928
929 static void
930 be_openssl_readeventcb(evutil_socket_t fd, short what, void *ptr)
931 {
932 struct bufferevent_openssl *bev_ssl = ptr;
933 _bufferevent_incref_and_lock(&bev_ssl->bev.bev);
934 if (what == EV_TIMEOUT) {
935 _bufferevent_run_eventcb(&bev_ssl->bev.bev,
936 BEV_EVENT_TIMEOUT|BEV_EVENT_READING);
937 } else {
938 consider_reading(bev_ssl);
939 }
940 _bufferevent_decref_and_unlock(&bev_ssl->bev.bev);
941 }
942
943 static void
944 be_openssl_writeeventcb(evutil_socket_t fd, short what, void *ptr)
945 {
946 struct bufferevent_openssl *bev_ssl = ptr;
947 _bufferevent_incref_and_lock(&bev_ssl->bev.bev);
948 if (what == EV_TIMEOUT) {
949 _bufferevent_run_eventcb(&bev_ssl->bev.bev,
950 BEV_EVENT_TIMEOUT|BEV_EVENT_WRITING);
951 } else {
952 consider_writing(bev_ssl);
953 }
954 _bufferevent_decref_and_unlock(&bev_ssl->bev.bev);
955 }
956
957 static int
958 set_open_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
959 {
960 if (bev_ssl->underlying) {
961 bufferevent_setcb(bev_ssl->underlying,
962 be_openssl_readcb, be_openssl_writecb, be_openssl_eventcb,
963 bev_ssl);
964 return 0;
965 } else {
966 struct bufferevent *bev = &bev_ssl->bev.bev;
967 int rpending=0, wpending=0, r1=0, r2=0;
968 if (fd < 0 && bev_ssl->fd_is_set)
969 fd = event_get_fd(&bev->ev_read);
970 if (bev_ssl->fd_is_set) {
971 rpending = event_pending(&bev->ev_read, EV_READ, NULL);
972 wpending = event_pending(&bev->ev_write, EV_WRITE, NULL);
973 event_del(&bev->ev_read);
974 event_del(&bev->ev_write);
975 }
976 event_assign(&bev->ev_read, bev->ev_base, fd,
977 EV_READ|EV_PERSIST, be_openssl_readeventcb, bev_ssl);
978 event_assign(&bev->ev_write, bev->ev_base, fd,
979 EV_WRITE|EV_PERSIST, be_openssl_writeeventcb, bev_ssl);
980 if (rpending)
981 r1 = _bufferevent_add_event(&bev->ev_read, &bev->timeout_read);
982 if (wpending)
983 r2 = _bufferevent_add_event(&bev->ev_write, &bev->timeout_write);
984 if (fd >= 0) {
985 bev_ssl->fd_is_set = 1;
986 }
987 return (r1<0 || r2<0) ? -1 : 0;
988 }
989 }
990
991 static int
992 do_handshake(struct bufferevent_openssl *bev_ssl)
993 {
994 int r;
995
996 switch (bev_ssl->state) {
997 default:
998 case BUFFEREVENT_SSL_OPEN:
999 EVUTIL_ASSERT(0);
1000 return -1;
1001 case BUFFEREVENT_SSL_CONNECTING:
1002 case BUFFEREVENT_SSL_ACCEPTING:
1003 r = SSL_do_handshake(bev_ssl->ssl);
1004 break;
1005 }
1006 decrement_buckets(bev_ssl);
1007
1008 if (r==1) {
1009
1010 bev_ssl->state = BUFFEREVENT_SSL_OPEN;
1011 set_open_callbacks(bev_ssl, -1);
1012
1013 bufferevent_enable(&bev_ssl->bev.bev, bev_ssl->bev.bev.enabled);
1014 _bufferevent_run_eventcb(&bev_ssl->bev.bev,
1015 BEV_EVENT_CONNECTED);
1016 return 1;
1017 } else {
1018 int err = SSL_get_error(bev_ssl->ssl, r);
1019 print_err(err);
1020 switch (err) {
1021 case SSL_ERROR_WANT_WRITE:
1022 if (!bev_ssl->underlying) {
1023 stop_reading(bev_ssl);
1024 return start_writing(bev_ssl);
1025 }
1026 return 0;
1027 case SSL_ERROR_WANT_READ:
1028 if (!bev_ssl->underlying) {
1029 stop_writing(bev_ssl);
1030 return start_reading(bev_ssl);
1031 }
1032 return 0;
1033 default:
1034 conn_closed(bev_ssl, err, r);
1035 return -1;
1036 }
1037 }
1038 }
1039
1040 static void
1041 be_openssl_handshakecb(struct bufferevent *bev_base, void *ctx)
1042 {
1043 struct bufferevent_openssl *bev_ssl = ctx;
1044 do_handshake(bev_ssl);
1045 }
1046
1047 static void
1048 be_openssl_handshakeeventcb(evutil_socket_t fd, short what, void *ptr)
1049 {
1050 struct bufferevent_openssl *bev_ssl = ptr;
1051
1052 _bufferevent_incref_and_lock(&bev_ssl->bev.bev);
1053 if (what & EV_TIMEOUT) {
1054 _bufferevent_run_eventcb(&bev_ssl->bev.bev, BEV_EVENT_TIMEOUT);
1055 } else
1056 do_handshake(bev_ssl);
1057 _bufferevent_decref_and_unlock(&bev_ssl->bev.bev);
1058 }
1059
1060 static int
1061 set_handshake_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
1062 {
1063 if (bev_ssl->underlying) {
1064 bufferevent_setcb(bev_ssl->underlying,
1065 be_openssl_handshakecb, be_openssl_handshakecb,
1066 be_openssl_eventcb,
1067 bev_ssl);
1068 return do_handshake(bev_ssl);
1069 } else {
1070 struct bufferevent *bev = &bev_ssl->bev.bev;
1071 int r1=0, r2=0;
1072 if (fd < 0 && bev_ssl->fd_is_set)
1073 fd = event_get_fd(&bev->ev_read);
1074 if (bev_ssl->fd_is_set) {
1075 event_del(&bev->ev_read);
1076 event_del(&bev->ev_write);
1077 }
1078 event_assign(&bev->ev_read, bev->ev_base, fd,
1079 EV_READ|EV_PERSIST, be_openssl_handshakeeventcb, bev_ssl);
1080 event_assign(&bev->ev_write, bev->ev_base, fd,
1081 EV_WRITE|EV_PERSIST, be_openssl_handshakeeventcb, bev_ssl);
1082 if (fd >= 0) {
1083 r1 = _bufferevent_add_event(&bev->ev_read, &bev->timeout_read);
1084 r2 = _bufferevent_add_event(&bev->ev_write, &bev->timeout_write);
1085 bev_ssl->fd_is_set = 1;
1086 }
1087 return (r1<0 || r2<0) ? -1 : 0;
1088 }
1089 }
1090
1091 int
1092 bufferevent_ssl_renegotiate(struct bufferevent *bev)
1093 {
1094 struct bufferevent_openssl *bev_ssl = upcast(bev);
1095 if (!bev_ssl)
1096 return -1;
1097 if (SSL_renegotiate(bev_ssl->ssl) < 0)
1098 return -1;
1099 bev_ssl->state = BUFFEREVENT_SSL_CONNECTING;
1100 if (set_handshake_callbacks(bev_ssl, -1) < 0)
1101 return -1;
1102 if (!bev_ssl->underlying)
1103 return do_handshake(bev_ssl);
1104 return 0;
1105 }
1106
1107 static void
1108 be_openssl_outbuf_cb(struct evbuffer *buf,
1109 const struct evbuffer_cb_info *cbinfo, void *arg)
1110 {
1111 struct bufferevent_openssl *bev_ssl = arg;
1112 int r = 0;
1113
1114
1115 if (cbinfo->n_added && bev_ssl->state == BUFFEREVENT_SSL_OPEN) {
1116 if (cbinfo->orig_size == 0)
1117 r = _bufferevent_add_event(&bev_ssl->bev.bev.ev_write,
1118 &bev_ssl->bev.bev.timeout_write);
1119 consider_writing(bev_ssl);
1120 }
1121
1122 (void)r;
1123 }
1124
1125
1126 static int
1127 be_openssl_enable(struct bufferevent *bev, short events)
1128 {
1129 struct bufferevent_openssl *bev_ssl = upcast(bev);
1130 int r1 = 0, r2 = 0;
1131
1132 if (bev_ssl->state != BUFFEREVENT_SSL_OPEN)
1133 return 0;
1134
1135 if (events & EV_READ)
1136 r1 = start_reading(bev_ssl);
1137 if (events & EV_WRITE)
1138 r2 = start_writing(bev_ssl);
1139
1140 if (bev_ssl->underlying) {
1141 if (events & EV_READ)
1142 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
1143 if (events & EV_WRITE)
1144 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
1145
1146 if (events & EV_READ)
1147 consider_reading(bev_ssl);
1148 if (events & EV_WRITE)
1149 consider_writing(bev_ssl);
1150 }
1151 return (r1 < 0 || r2 < 0) ? -1 : 0;
1152 }
1153
1154 static int
1155 be_openssl_disable(struct bufferevent *bev, short events)
1156 {
1157 struct bufferevent_openssl *bev_ssl = upcast(bev);
1158 if (bev_ssl->state != BUFFEREVENT_SSL_OPEN)
1159 return 0;
1160
1161 if (events & EV_READ)
1162 stop_reading(bev_ssl);
1163 if (events & EV_WRITE)
1164 stop_writing(bev_ssl);
1165
1166 if (bev_ssl->underlying) {
1167 if (events & EV_READ)
1168 BEV_DEL_GENERIC_READ_TIMEOUT(bev);
1169 if (events & EV_WRITE)
1170 BEV_DEL_GENERIC_WRITE_TIMEOUT(bev);
1171 }
1172 return 0;
1173 }
1174
1175 static void
1176 be_openssl_destruct(struct bufferevent *bev)
1177 {
1178 struct bufferevent_openssl *bev_ssl = upcast(bev);
1179
1180 if (bev_ssl->underlying) {
1181 _bufferevent_del_generic_timeout_cbs(bev);
1182 } else {
1183 event_del(&bev->ev_read);
1184 event_del(&bev->ev_write);
1185 }
1186
1187 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1188 if (bev_ssl->underlying) {
1189 if (BEV_UPCAST(bev_ssl->underlying)->refcnt < 2) {
1190 event_warnx("BEV_OPT_CLOSE_ON_FREE set on an "
1191 "bufferevent with too few references");
1192 } else {
1193 bufferevent_free(bev_ssl->underlying);
1194 bev_ssl->underlying = NULL;
1195 }
1196 } else {
1197 evutil_socket_t fd = -1;
1198 BIO *bio = SSL_get_wbio(bev_ssl->ssl);
1199 if (bio)
1200 fd = BIO_get_fd(bio, NULL);
1201 if (fd >= 0)
1202 evutil_closesocket(fd);
1203 }
1204 SSL_free(bev_ssl->ssl);
1205 } else {
1206 if (bev_ssl->underlying) {
1207 if (bev_ssl->underlying->errorcb == be_openssl_eventcb)
1208 bufferevent_setcb(bev_ssl->underlying,
1209 NULL,NULL,NULL,NULL);
1210 bufferevent_unsuspend_read(bev_ssl->underlying,
1211 BEV_SUSPEND_FILT_READ);
1212 }
1213 }
1214 }
1215
1216 static int
1217 be_openssl_adj_timeouts(struct bufferevent *bev)
1218 {
1219 struct bufferevent_openssl *bev_ssl = upcast(bev);
1220
1221 if (bev_ssl->underlying)
1222 return _bufferevent_generic_adj_timeouts(bev);
1223 else {
1224 int r1=0, r2=0;
1225 if (event_pending(&bev->ev_read, EV_READ, NULL))
1226 r1 = _bufferevent_add_event(&bev->ev_read, &bev->timeout_read);
1227 if (event_pending(&bev->ev_write, EV_WRITE, NULL))
1228 r2 = _bufferevent_add_event(&bev->ev_write, &bev->timeout_write);
1229 return (r1<0 || r2<0) ? -1 : 0;
1230 }
1231 }
1232
1233 static int
1234 be_openssl_flush(struct bufferevent *bufev,
1235 short iotype, enum bufferevent_flush_mode mode)
1236 {
1237
1238 return 0;
1239 }
1240
1241 static int
1242 be_openssl_ctrl(struct bufferevent *bev,
1243 enum bufferevent_ctrl_op op, union bufferevent_ctrl_data *data)
1244 {
1245 struct bufferevent_openssl *bev_ssl = upcast(bev);
1246 switch (op) {
1247 case BEV_CTRL_SET_FD:
1248 if (bev_ssl->underlying)
1249 return -1;
1250 {
1251 BIO *bio;
1252 bio = BIO_new_socket(data->fd, 0);
1253 SSL_set_bio(bev_ssl->ssl, bio, bio);
1254 bev_ssl->fd_is_set = 1;
1255 }
1256 if (bev_ssl->state == BUFFEREVENT_SSL_OPEN)
1257 return set_open_callbacks(bev_ssl, data->fd);
1258 else {
1259 return set_handshake_callbacks(bev_ssl, data->fd);
1260 }
1261 case BEV_CTRL_GET_FD:
1262 if (bev_ssl->underlying)
1263 return -1;
1264 if (!bev_ssl->fd_is_set)
1265 return -1;
1266 data->fd = event_get_fd(&bev->ev_read);
1267 return 0;
1268 case BEV_CTRL_GET_UNDERLYING:
1269 if (!bev_ssl->underlying)
1270 return -1;
1271 data->ptr = bev_ssl->underlying;
1272 return 0;
1273 case BEV_CTRL_CANCEL_ALL:
1274 default:
1275 return -1;
1276 }
1277 }
1278
1279 SSL *
1280 bufferevent_openssl_get_ssl(struct bufferevent *bufev)
1281 {
1282 struct bufferevent_openssl *bev_ssl = upcast(bufev);
1283 if (!bev_ssl)
1284 return NULL;
1285 return bev_ssl->ssl;
1286 }
1287
1288 static struct bufferevent *
1289 bufferevent_openssl_new_impl(struct event_base *base,
1290 struct bufferevent *underlying,
1291 evutil_socket_t fd,
1292 SSL *ssl,
1293 enum bufferevent_ssl_state state,
1294 int options)
1295 {
1296 struct bufferevent_openssl *bev_ssl = NULL;
1297 struct bufferevent_private *bev_p = NULL;
1298 int tmp_options = options & ~BEV_OPT_THREADSAFE;
1299
1300 if (underlying != NULL && fd >= 0)
1301 return NULL;
1302
1303 if (!(bev_ssl = mm_calloc(1, sizeof(struct bufferevent_openssl))))
1304 goto err;
1305
1306 bev_p = &bev_ssl->bev;
1307
1308 if (bufferevent_init_common(bev_p, base,
1309 &bufferevent_ops_openssl, tmp_options) < 0)
1310 goto err;
1311
1312
1313
1314 SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1315
1316 bev_ssl->underlying = underlying;
1317 bev_ssl->ssl = ssl;
1318
1319 bev_ssl->outbuf_cb = evbuffer_add_cb(bev_p->bev.output,
1320 be_openssl_outbuf_cb, bev_ssl);
1321
1322 if (options & BEV_OPT_THREADSAFE)
1323 bufferevent_enable_locking(&bev_ssl->bev.bev, NULL);
1324
1325 if (underlying) {
1326 _bufferevent_init_generic_timeout_cbs(&bev_ssl->bev.bev);
1327 bufferevent_incref(underlying);
1328 }
1329
1330 bev_ssl->state = state;
1331 bev_ssl->last_write = -1;
1332
1333 init_bio_counts(bev_ssl);
1334
1335 switch (state) {
1336 case BUFFEREVENT_SSL_ACCEPTING:
1337 SSL_set_accept_state(bev_ssl->ssl);
1338 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1339 goto err;
1340 break;
1341 case BUFFEREVENT_SSL_CONNECTING:
1342 SSL_set_connect_state(bev_ssl->ssl);
1343 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1344 goto err;
1345 break;
1346 case BUFFEREVENT_SSL_OPEN:
1347 if (set_open_callbacks(bev_ssl, fd) < 0)
1348 goto err;
1349 break;
1350 default:
1351 goto err;
1352 }
1353
1354 if (underlying) {
1355 bufferevent_setwatermark(underlying, EV_READ, 0, 0);
1356 bufferevent_enable(underlying, EV_READ|EV_WRITE);
1357 if (state == BUFFEREVENT_SSL_OPEN)
1358 bufferevent_suspend_read(underlying,
1359 BEV_SUSPEND_FILT_READ);
1360 } else {
1361 bev_ssl->bev.bev.enabled = EV_READ|EV_WRITE;
1362 if (bev_ssl->fd_is_set) {
1363 if (state != BUFFEREVENT_SSL_OPEN)
1364 if (event_add(&bev_ssl->bev.bev.ev_read, NULL) < 0)
1365 goto err;
1366 if (event_add(&bev_ssl->bev.bev.ev_write, NULL) < 0)
1367 goto err;
1368 }
1369 }
1370
1371 return &bev_ssl->bev.bev;
1372 err:
1373 if (bev_ssl)
1374 bufferevent_free(&bev_ssl->bev.bev);
1375 return NULL;
1376 }
1377
1378 struct bufferevent *
1379 bufferevent_openssl_filter_new(struct event_base *base,
1380 struct bufferevent *underlying,
1381 SSL *ssl,
1382 enum bufferevent_ssl_state state,
1383 int options)
1384 {
1385
1386
1387 int close_flag = 0;
1388 BIO *bio;
1389 if (!underlying)
1390 return NULL;
1391 if (!(bio = BIO_new_bufferevent(underlying, close_flag)))
1392 return NULL;
1393
1394 SSL_set_bio(ssl, bio, bio);
1395
1396 return bufferevent_openssl_new_impl(
1397 base, underlying, -1, ssl, state, options);
1398 }
1399
1400 struct bufferevent *
1401 bufferevent_openssl_socket_new(struct event_base *base,
1402 evutil_socket_t fd,
1403 SSL *ssl,
1404 enum bufferevent_ssl_state state,
1405 int options)
1406 {
1407
1408 BIO *bio = SSL_get_wbio(ssl);
1409 long have_fd = -1;
1410
1411 if (bio)
1412 have_fd = BIO_get_fd(bio, NULL);
1413
1414 if (have_fd >= 0) {
1415
1416 if (fd < 0) {
1417
1418 fd = (evutil_socket_t) have_fd;
1419 } else if (have_fd == (long)fd) {
1420
1421 } else {
1422
1423
1424 return NULL;
1425 }
1426 (void) BIO_set_close(bio, 0);
1427 } else {
1428
1429 if (fd >= 0) {
1430
1431 bio = BIO_new_socket(fd, 0);
1432 SSL_set_bio(ssl, bio, bio);
1433 } else {
1434
1435 }
1436 }
1437
1438 return bufferevent_openssl_new_impl(
1439 base, NULL, fd, ssl, state, options);
1440 }
1441
1442 unsigned long
1443 bufferevent_get_openssl_error(struct bufferevent *bev)
1444 {
1445 unsigned long err = 0;
1446 struct bufferevent_openssl *bev_ssl;
1447 BEV_LOCK(bev);
1448 bev_ssl = upcast(bev);
1449 if (bev_ssl && bev_ssl->n_errors) {
1450 err = bev_ssl->errors[--bev_ssl->n_errors];
1451 }
1452 BEV_UNLOCK(bev);
1453 return err;
1454 }