2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 #include <openssl/crypto.h>
15 #include "internal/bio.h"
16 #include <openssl/err.h>
19 static int ssl_write(BIO
*h
, const char *buf
, int num
);
20 static int ssl_read(BIO
*h
, char *buf
, int size
);
21 static int ssl_puts(BIO
*h
, const char *str
);
22 static long ssl_ctrl(BIO
*h
, int cmd
, long arg1
, void *arg2
);
23 static int ssl_new(BIO
*h
);
24 static int ssl_free(BIO
*data
);
25 static long ssl_callback_ctrl(BIO
*h
, int cmd
, bio_info_cb
*fp
);
26 typedef struct bio_ssl_st
{
27 SSL
*ssl
; /* The ssl handle :-) */
28 /* re-negotiate every time the total number of bytes is this size */
30 unsigned long renegotiate_count
;
31 unsigned long byte_count
;
32 unsigned long renegotiate_timeout
;
33 unsigned long last_time
;
36 static const BIO_METHOD methods_sslp
= {
48 const BIO_METHOD
*BIO_f_ssl(void)
50 return (&methods_sslp
);
53 static int ssl_new(BIO
*bi
)
55 BIO_SSL
*bs
= OPENSSL_zalloc(sizeof(*bs
));
58 BIOerr(BIO_F_SSL_NEW
, ERR_R_MALLOC_FAILURE
);
64 BIO_clear_flags(bi
, ~0);
69 static int ssl_free(BIO
*a
)
77 SSL_shutdown(bs
->ssl
);
78 if (BIO_get_shutdown(a
)) {
82 BIO_clear_flags(a
, ~0);
89 static int ssl_read(BIO
*b
, char *out
, int outl
)
102 BIO_clear_retry_flags(b
);
104 ret
= SSL_read(ssl
, out
, outl
);
106 switch (SSL_get_error(ssl
, ret
)) {
110 if (sb
->renegotiate_count
> 0) {
111 sb
->byte_count
+= ret
;
112 if (sb
->byte_count
> sb
->renegotiate_count
) {
114 sb
->num_renegotiates
++;
115 SSL_renegotiate(ssl
);
119 if ((sb
->renegotiate_timeout
> 0) && (!r
)) {
122 tm
= (unsigned long)time(NULL
);
123 if (tm
> sb
->last_time
+ sb
->renegotiate_timeout
) {
125 sb
->num_renegotiates
++;
126 SSL_renegotiate(ssl
);
131 case SSL_ERROR_WANT_READ
:
132 BIO_set_retry_read(b
);
134 case SSL_ERROR_WANT_WRITE
:
135 BIO_set_retry_write(b
);
137 case SSL_ERROR_WANT_X509_LOOKUP
:
138 BIO_set_retry_special(b
);
139 retry_reason
= BIO_RR_SSL_X509_LOOKUP
;
141 case SSL_ERROR_WANT_ACCEPT
:
142 BIO_set_retry_special(b
);
143 retry_reason
= BIO_RR_ACCEPT
;
145 case SSL_ERROR_WANT_CONNECT
:
146 BIO_set_retry_special(b
);
147 retry_reason
= BIO_RR_CONNECT
;
149 case SSL_ERROR_SYSCALL
:
151 case SSL_ERROR_ZERO_RETURN
:
156 BIO_set_retry_reason(b
, retry_reason
);
160 static int ssl_write(BIO
*b
, const char *out
, int outl
)
163 int retry_reason
= 0;
169 bs
= BIO_get_data(b
);
172 BIO_clear_retry_flags(b
);
175 * ret=SSL_do_handshake(ssl); if (ret > 0)
177 ret
= SSL_write(ssl
, out
, outl
);
179 switch (SSL_get_error(ssl
, ret
)) {
183 if (bs
->renegotiate_count
> 0) {
184 bs
->byte_count
+= ret
;
185 if (bs
->byte_count
> bs
->renegotiate_count
) {
187 bs
->num_renegotiates
++;
188 SSL_renegotiate(ssl
);
192 if ((bs
->renegotiate_timeout
> 0) && (!r
)) {
195 tm
= (unsigned long)time(NULL
);
196 if (tm
> bs
->last_time
+ bs
->renegotiate_timeout
) {
198 bs
->num_renegotiates
++;
199 SSL_renegotiate(ssl
);
203 case SSL_ERROR_WANT_WRITE
:
204 BIO_set_retry_write(b
);
206 case SSL_ERROR_WANT_READ
:
207 BIO_set_retry_read(b
);
209 case SSL_ERROR_WANT_X509_LOOKUP
:
210 BIO_set_retry_special(b
);
211 retry_reason
= BIO_RR_SSL_X509_LOOKUP
;
213 case SSL_ERROR_WANT_CONNECT
:
214 BIO_set_retry_special(b
);
215 retry_reason
= BIO_RR_CONNECT
;
216 case SSL_ERROR_SYSCALL
:
222 BIO_set_retry_reason(b
, retry_reason
);
226 static long ssl_ctrl(BIO
*b
, int cmd
, long num
, void *ptr
)
234 bs
= BIO_get_data(b
);
237 if ((ssl
== NULL
) && (cmd
!= BIO_C_SET_SSL
))
243 if (ssl
->handshake_func
== ssl
->method
->ssl_connect
)
244 SSL_set_connect_state(ssl
);
245 else if (ssl
->handshake_func
== ssl
->method
->ssl_accept
)
246 SSL_set_accept_state(ssl
);
248 if (!SSL_clear(ssl
)) {
254 ret
= BIO_ctrl(next
, cmd
, num
, ptr
);
255 else if (ssl
->rbio
!= NULL
)
256 ret
= BIO_ctrl(ssl
->rbio
, cmd
, num
, ptr
);
264 if (num
) /* client mode */
265 SSL_set_connect_state(ssl
);
267 SSL_set_accept_state(ssl
);
269 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT
:
270 ret
= bs
->renegotiate_timeout
;
273 bs
->renegotiate_timeout
= (unsigned long)num
;
274 bs
->last_time
= (unsigned long)time(NULL
);
276 case BIO_C_SET_SSL_RENEGOTIATE_BYTES
:
277 ret
= bs
->renegotiate_count
;
278 if ((long)num
>= 512)
279 bs
->renegotiate_count
= (unsigned long)num
;
281 case BIO_C_GET_SSL_NUM_RENEGOTIATES
:
282 ret
= bs
->num_renegotiates
;
290 BIO_set_shutdown(b
, num
);
293 bio
= SSL_get_rbio(ssl
);
297 BIO_set_next(b
, bio
);
309 case BIO_CTRL_GET_CLOSE
:
310 ret
= BIO_get_shutdown(b
);
312 case BIO_CTRL_SET_CLOSE
:
313 BIO_set_shutdown(b
, (int)num
);
315 case BIO_CTRL_WPENDING
:
316 ret
= BIO_ctrl(ssl
->wbio
, cmd
, num
, ptr
);
318 case BIO_CTRL_PENDING
:
319 ret
= SSL_pending(ssl
);
321 ret
= BIO_pending(ssl
->rbio
);
324 BIO_clear_retry_flags(b
);
325 ret
= BIO_ctrl(ssl
->wbio
, cmd
, num
, ptr
);
326 BIO_copy_next_retry(b
);
329 if ((next
!= NULL
) && (next
!= ssl
->rbio
)) {
331 * We are going to pass ownership of next to the SSL object...but
332 * we don't own a reference to pass yet - so up ref
335 SSL_set_bio(ssl
, next
, next
);
339 /* Only detach if we are the BIO explicitly being popped */
341 /* This will clear the reference we obtained during push */
342 SSL_set_bio(ssl
, NULL
, NULL
);
345 case BIO_C_DO_STATE_MACHINE
:
346 BIO_clear_retry_flags(b
);
348 BIO_set_retry_reason(b
, 0);
349 ret
= (int)SSL_do_handshake(ssl
);
351 switch (SSL_get_error(ssl
, (int)ret
)) {
352 case SSL_ERROR_WANT_READ
:
353 BIO_set_flags(b
, BIO_FLAGS_READ
| BIO_FLAGS_SHOULD_RETRY
);
355 case SSL_ERROR_WANT_WRITE
:
356 BIO_set_flags(b
, BIO_FLAGS_WRITE
| BIO_FLAGS_SHOULD_RETRY
);
358 case SSL_ERROR_WANT_CONNECT
:
359 BIO_set_flags(b
, BIO_FLAGS_IO_SPECIAL
| BIO_FLAGS_SHOULD_RETRY
);
360 BIO_set_retry_reason(b
, BIO_get_retry_reason(next
));
362 case SSL_ERROR_WANT_X509_LOOKUP
:
363 BIO_set_retry_special(b
);
364 BIO_set_retry_reason(b
, BIO_RR_SSL_X509_LOOKUP
);
372 dbs
= BIO_get_data(dbio
);
374 dbs
->ssl
= SSL_dup(ssl
);
375 dbs
->num_renegotiates
= bs
->num_renegotiates
;
376 dbs
->renegotiate_count
= bs
->renegotiate_count
;
377 dbs
->byte_count
= bs
->byte_count
;
378 dbs
->renegotiate_timeout
= bs
->renegotiate_timeout
;
379 dbs
->last_time
= bs
->last_time
;
380 ret
= (dbs
->ssl
!= NULL
);
383 ret
= BIO_ctrl(ssl
->rbio
, cmd
, num
, ptr
);
385 case BIO_CTRL_SET_CALLBACK
:
387 #if 0 /* FIXME: Should this be used? -- Richard
389 SSLerr(SSL_F_SSL_CTRL
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
396 case BIO_CTRL_GET_CALLBACK
:
398 void (**fptr
) (const SSL
*xssl
, int type
, int val
);
400 fptr
= (void (**)(const SSL
*xssl
, int type
, int val
))ptr
;
401 *fptr
= SSL_get_info_callback(ssl
);
405 ret
= BIO_ctrl(ssl
->rbio
, cmd
, num
, ptr
);
411 static long ssl_callback_ctrl(BIO
*b
, int cmd
, bio_info_cb
*fp
)
417 bs
= BIO_get_data(b
);
420 case BIO_CTRL_SET_CALLBACK
:
423 * FIXME: setting this via a completely different prototype seems
426 SSL_set_info_callback(ssl
, (void (*)(const SSL
*, int, int))fp
);
430 ret
= BIO_callback_ctrl(ssl
->rbio
, cmd
, fp
);
436 static int ssl_puts(BIO
*bp
, const char *str
)
441 ret
= BIO_write(bp
, str
, n
);
445 BIO
*BIO_new_buffer_ssl_connect(SSL_CTX
*ctx
)
447 #ifndef OPENSSL_NO_SOCK
448 BIO
*ret
= NULL
, *buf
= NULL
, *ssl
= NULL
;
450 if ((buf
= BIO_new(BIO_f_buffer())) == NULL
)
452 if ((ssl
= BIO_new_ssl_connect(ctx
)) == NULL
)
454 if ((ret
= BIO_push(buf
, ssl
)) == NULL
)
464 BIO
*BIO_new_ssl_connect(SSL_CTX
*ctx
)
466 #ifndef OPENSSL_NO_SOCK
467 BIO
*ret
= NULL
, *con
= NULL
, *ssl
= NULL
;
469 if ((con
= BIO_new(BIO_s_connect())) == NULL
)
471 if ((ssl
= BIO_new_ssl(ctx
, 1)) == NULL
)
473 if ((ret
= BIO_push(ssl
, con
)) == NULL
)
482 BIO
*BIO_new_ssl(SSL_CTX
*ctx
, int client
)
487 if ((ret
= BIO_new(BIO_f_ssl())) == NULL
)
489 if ((ssl
= SSL_new(ctx
)) == NULL
) {
494 SSL_set_connect_state(ssl
);
496 SSL_set_accept_state(ssl
);
498 BIO_set_ssl(ret
, ssl
, BIO_CLOSE
);
502 int BIO_ssl_copy_session_id(BIO
*t
, BIO
*f
)
504 BIO_SSL
*tdata
, *fdata
;
505 t
= BIO_find_type(t
, BIO_TYPE_SSL
);
506 f
= BIO_find_type(f
, BIO_TYPE_SSL
);
507 if ((t
== NULL
) || (f
== NULL
))
509 tdata
= BIO_get_data(t
);
510 fdata
= BIO_get_data(f
);
511 if ((tdata
->ssl
== NULL
) || (fdata
->ssl
== NULL
))
513 if (!SSL_copy_session_id(tdata
->ssl
, (fdata
->ssl
)))
518 void BIO_ssl_shutdown(BIO
*b
)
522 b
= BIO_find_type(b
, BIO_TYPE_SSL
);