[thirdparty/openssl.git] / ssl / bio_ssl.c

/*
 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <openssl/crypto.h>
#include "internal/bio.h"
#include <openssl/err.h>
#include "ssl_locl.h"

static int ssl_write(BIO *h, const char *buf, size_t size, size_t *written);
static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes);
static int ssl_puts(BIO *h, const char *str);
static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int ssl_new(BIO *h);
static int ssl_free(BIO *data);
static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
typedef struct bio_ssl_st {
    SSL *ssl;                   /* The ssl handle :-) */
    /* re-negotiate every time the total number of bytes is this size */
    int num_renegotiates;
    unsigned long renegotiate_count;
    size_t byte_count;
    unsigned long renegotiate_timeout;
    unsigned long last_time;
} BIO_SSL;

static const BIO_METHOD methods_sslp = {
    BIO_TYPE_SSL, "ssl",
    ssl_write,
    NULL,
    ssl_read,
    NULL,
    ssl_puts,
    NULL,                       /* ssl_gets, */
    ssl_ctrl,
    ssl_new,
    ssl_free,
    ssl_callback_ctrl,
};

const BIO_METHOD *BIO_f_ssl(void)
{
    return (&methods_sslp);
}

static int ssl_new(BIO *bi)
{
    BIO_SSL *bs = OPENSSL_zalloc(sizeof(*bs));

    if (bs == NULL) {
        BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
        return (0);
    }
    BIO_set_init(bi, 0);
    BIO_set_data(bi, bs);
    /* Clear all flags */
    BIO_clear_flags(bi, ~0);

    return 1;
}

static int ssl_free(BIO *a)
{
    BIO_SSL *bs;

    if (a == NULL)
        return (0);
    bs = BIO_get_data(a);
    if (bs->ssl != NULL)
        SSL_shutdown(bs->ssl);
    if (BIO_get_shutdown(a)) {
        if (BIO_get_init(a))
            SSL_free(bs->ssl);
        /* Clear all flags */
        BIO_clear_flags(a, ~0);
        BIO_set_init(a, 0);
    }
    OPENSSL_free(bs);
    return 1;
}

static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes)
{
    int ret = 1;
    BIO_SSL *sb;
    SSL *ssl;
    int retry_reason = 0;
    int r = 0;

    if (buf == NULL)
        return 0;
    sb = BIO_get_data(b);
    ssl = sb->ssl;

    BIO_clear_retry_flags(b);

    if (size > INT_MAX)
        size = INT_MAX;

    ret = SSL_read(ssl, buf, size);
    if (ret > 0)
        *readbytes = ret;

    switch (SSL_get_error(ssl, ret)) {
    case SSL_ERROR_NONE:
        if (*readbytes == 0)
            break;
        if (sb->renegotiate_count > 0) {
            sb->byte_count += *readbytes;
            if (sb->byte_count > sb->renegotiate_count) {
                sb->byte_count = 0;
                sb->num_renegotiates++;
                SSL_renegotiate(ssl);
                r = 1;
            }
        }
        if ((sb->renegotiate_timeout > 0) && (!r)) {
            unsigned long tm;

            tm = (unsigned long)time(NULL);
            if (tm > sb->last_time + sb->renegotiate_timeout) {
                sb->last_time = tm;
                sb->num_renegotiates++;
                SSL_renegotiate(ssl);
            }
        }

        break;
    case SSL_ERROR_WANT_READ:
        BIO_set_retry_read(b);
        break;
    case SSL_ERROR_WANT_WRITE:
        BIO_set_retry_write(b);
        break;
    case SSL_ERROR_WANT_X509_LOOKUP:
        BIO_set_retry_special(b);
        retry_reason = BIO_RR_SSL_X509_LOOKUP;
        break;
    case SSL_ERROR_WANT_ACCEPT:
        BIO_set_retry_special(b);
        retry_reason = BIO_RR_ACCEPT;
        break;
    case SSL_ERROR_WANT_CONNECT:
        BIO_set_retry_special(b);
        retry_reason = BIO_RR_CONNECT;
        break;
    case SSL_ERROR_SYSCALL:
    case SSL_ERROR_SSL:
    case SSL_ERROR_ZERO_RETURN:
    default:
        break;
    }

    BIO_set_retry_reason(b, retry_reason);

    return ret;
}

static int ssl_write(BIO *b, const char *buf, size_t size, size_t *written)
{
    int ret, r = 0;
    int retry_reason = 0;
    SSL *ssl;
    BIO_SSL *bs;

    if (buf == NULL)
        return 0;
    bs = BIO_get_data(b);
    ssl = bs->ssl;

    BIO_clear_retry_flags(b);

    ret = SSL_write_ex(ssl, buf, size, written);

    switch (SSL_get_error(ssl, ret)) {
    case SSL_ERROR_NONE:
        if (*written == 0)
            break;
        if (bs->renegotiate_count > 0) {
            bs->byte_count += *written;
            if (bs->byte_count > bs->renegotiate_count) {
                bs->byte_count = 0;
                bs->num_renegotiates++;
                SSL_renegotiate(ssl);
                r = 1;
            }
        }
        if ((bs->renegotiate_timeout > 0) && (!r)) {
            unsigned long tm;

            tm = (unsigned long)time(NULL);
            if (tm > bs->last_time + bs->renegotiate_timeout) {
                bs->last_time = tm;
                bs->num_renegotiates++;
                SSL_renegotiate(ssl);
            }
        }
        break;
    case SSL_ERROR_WANT_WRITE:
        BIO_set_retry_write(b);
        break;
    case SSL_ERROR_WANT_READ:
        BIO_set_retry_read(b);
        break;
    case SSL_ERROR_WANT_X509_LOOKUP:
        BIO_set_retry_special(b);
        retry_reason = BIO_RR_SSL_X509_LOOKUP;
        break;
    case SSL_ERROR_WANT_CONNECT:
        BIO_set_retry_special(b);
        retry_reason = BIO_RR_CONNECT;
    case SSL_ERROR_SYSCALL:
    case SSL_ERROR_SSL:
    default:
        break;
    }

    BIO_set_retry_reason(b, retry_reason);

    return ret;
}

static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
{
    SSL **sslp, *ssl;
    BIO_SSL *bs, *dbs;
    BIO *dbio, *bio;
    long ret = 1;
    BIO *next;

    bs = BIO_get_data(b);
    next = BIO_next(b);
    ssl = bs->ssl;
    if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
        return (0);
    switch (cmd) {
    case BIO_CTRL_RESET:
        SSL_shutdown(ssl);

        if (ssl->handshake_func == ssl->method->ssl_connect)
            SSL_set_connect_state(ssl);
        else if (ssl->handshake_func == ssl->method->ssl_accept)
            SSL_set_accept_state(ssl);

        if (!SSL_clear(ssl)) {
            ret = 0;
            break;
        }

        if (next != NULL)
            ret = BIO_ctrl(next, cmd, num, ptr);
        else if (ssl->rbio != NULL)
            ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
        else
            ret = 1;
        break;
    case BIO_CTRL_INFO:
        ret = 0;
        break;
    case BIO_C_SSL_MODE:
        if (num)                /* client mode */
            SSL_set_connect_state(ssl);
        else
            SSL_set_accept_state(ssl);
        break;
    case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
        ret = bs->renegotiate_timeout;
        if (num < 60)
            num = 5;
        bs->renegotiate_timeout = (unsigned long)num;
        bs->last_time = (unsigned long)time(NULL);
        break;
    case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
        ret = bs->renegotiate_count;
        if ((long)num >= 512)
            bs->renegotiate_count = (unsigned long)num;
        break;
    case BIO_C_GET_SSL_NUM_RENEGOTIATES:
        ret = bs->num_renegotiates;
        break;
    case BIO_C_SET_SSL:
        if (ssl != NULL) {
            ssl_free(b);
            if (!ssl_new(b))
                return 0;
        }
        BIO_set_shutdown(b, num);
        ssl = (SSL *)ptr;
        bs->ssl = ssl;
        bio = SSL_get_rbio(ssl);
        if (bio != NULL) {
            if (next != NULL)
                BIO_push(bio, next);
            BIO_set_next(b, bio);
            BIO_up_ref(bio);
        }
        BIO_set_init(b, 1);
        break;
    case BIO_C_GET_SSL:
        if (ptr != NULL) {
            sslp = (SSL **)ptr;
            *sslp = ssl;
        } else
            ret = 0;
        break;
    case BIO_CTRL_GET_CLOSE:
        ret = BIO_get_shutdown(b);
        break;
    case BIO_CTRL_SET_CLOSE:
        BIO_set_shutdown(b, (int)num);
        break;
    case BIO_CTRL_WPENDING:
        ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
        break;
    case BIO_CTRL_PENDING:
        ret = SSL_pending(ssl);
        if (ret == 0)
            ret = BIO_pending(ssl->rbio);
        break;
    case BIO_CTRL_FLUSH:
        BIO_clear_retry_flags(b);
        ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
        BIO_copy_next_retry(b);
        break;
    case BIO_CTRL_PUSH:
        if ((next != NULL) && (next != ssl->rbio)) {
            /*
             * We are going to pass ownership of next to the SSL object...but
             * we don't own a reference to pass yet - so up ref
             */
            BIO_up_ref(next);
            SSL_set_bio(ssl, next, next);
        }
        break;
    case BIO_CTRL_POP:
        /* Only detach if we are the BIO explicitly being popped */
        if (b == ptr) {
            /* This will clear the reference we obtained during push */
            SSL_set_bio(ssl, NULL, NULL);
        }
        break;
    case BIO_C_DO_STATE_MACHINE:
        BIO_clear_retry_flags(b);

        BIO_set_retry_reason(b, 0);
        ret = (int)SSL_do_handshake(ssl);

        switch (SSL_get_error(ssl, (int)ret)) {
        case SSL_ERROR_WANT_READ:
            BIO_set_flags(b, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
            break;
        case SSL_ERROR_WANT_WRITE:
            BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
            break;
        case SSL_ERROR_WANT_CONNECT:
            BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
            BIO_set_retry_reason(b, BIO_get_retry_reason(next));
            break;
        case SSL_ERROR_WANT_X509_LOOKUP:
            BIO_set_retry_special(b);
            BIO_set_retry_reason(b, BIO_RR_SSL_X509_LOOKUP);
            break;
        default:
            break;
        }
        break;
    case BIO_CTRL_DUP:
        dbio = (BIO *)ptr;
        dbs = BIO_get_data(dbio);
        SSL_free(dbs->ssl);
        dbs->ssl = SSL_dup(ssl);
        dbs->num_renegotiates = bs->num_renegotiates;
        dbs->renegotiate_count = bs->renegotiate_count;
        dbs->byte_count = bs->byte_count;
        dbs->renegotiate_timeout = bs->renegotiate_timeout;
        dbs->last_time = bs->last_time;
        ret = (dbs->ssl != NULL);
        break;
    case BIO_C_GET_FD:
        ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
        break;
    case BIO_CTRL_SET_CALLBACK:
        {
#if 0                           /* FIXME: Should this be used? -- Richard
                                 * Levitte */
            SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
            ret = -1;
#else
            ret = 0;
#endif
        }
        break;
    case BIO_CTRL_GET_CALLBACK:
        {
            void (**fptr) (const SSL *xssl, int type, int val);

            fptr = (void (**)(const SSL *xssl, int type, int val))ptr;
            *fptr = SSL_get_info_callback(ssl);
        }
        break;
    default:
        ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
        break;
    }
    return (ret);
}

static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
{
    SSL *ssl;
    BIO_SSL *bs;
    long ret = 1;

    bs = BIO_get_data(b);
    ssl = bs->ssl;
    switch (cmd) {
    case BIO_CTRL_SET_CALLBACK:
        {
            /*
             * FIXME: setting this via a completely different prototype seems
             * like a crap idea
             */
            SSL_set_info_callback(ssl, (void (*)(const SSL *, int, int))fp);
        }
        break;
    default:
        ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
        break;
    }
    return (ret);
}

static int ssl_puts(BIO *bp, const char *str)
{
    int n, ret;

    n = strlen(str);
    ret = BIO_write(bp, str, n);
    return (ret);
}

BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
{
#ifndef OPENSSL_NO_SOCK
    BIO *ret = NULL, *buf = NULL, *ssl = NULL;

    if ((buf = BIO_new(BIO_f_buffer())) == NULL)
        return (NULL);
    if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
        goto err;
    if ((ret = BIO_push(buf, ssl)) == NULL)
        goto err;
    return (ret);
 err:
    BIO_free(buf);
    BIO_free(ssl);
#endif
    return (NULL);
}

BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
{
#ifndef OPENSSL_NO_SOCK
    BIO *ret = NULL, *con = NULL, *ssl = NULL;

    if ((con = BIO_new(BIO_s_connect())) == NULL)
        return (NULL);
    if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
        goto err;
    if ((ret = BIO_push(ssl, con)) == NULL)
        goto err;
    return (ret);
 err:
    BIO_free(con);
#endif
    return (NULL);
}

BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
{
    BIO *ret;
    SSL *ssl;

    if ((ret = BIO_new(BIO_f_ssl())) == NULL)
        return (NULL);
    if ((ssl = SSL_new(ctx)) == NULL) {
        BIO_free(ret);
        return (NULL);
    }
    if (client)
        SSL_set_connect_state(ssl);
    else
        SSL_set_accept_state(ssl);

    BIO_set_ssl(ret, ssl, BIO_CLOSE);
    return (ret);
}

int BIO_ssl_copy_session_id(BIO *t, BIO *f)
{
    BIO_SSL *tdata, *fdata;
    t = BIO_find_type(t, BIO_TYPE_SSL);
    f = BIO_find_type(f, BIO_TYPE_SSL);
    if ((t == NULL) || (f == NULL))
        return 0;
    tdata = BIO_get_data(t);
    fdata = BIO_get_data(f);
    if ((tdata->ssl == NULL) || (fdata->ssl == NULL))
        return (0);
    if (!SSL_copy_session_id(tdata->ssl, (fdata->ssl)))
        return 0;
    return (1);
}

void BIO_ssl_shutdown(BIO *b)
{
    SSL *s;

    b = BIO_find_type(b, BIO_TYPE_SSL);
    if (b == NULL)
        return;

    s = BIO_get_data(b);
    SSL_shutdown(s);
}
Commit	Line	Data
846e33c7 RS	1	/*
846e33c7 RS	2	* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6	3	*
846e33c7 RS	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
d02b48c6 RE	8	*/
	9
	10	#include <stdio.h>
58964a49	11	#include <stdlib.h>
d02b48c6 RE	12	#include <string.h>
d02b48c6 RE	13	#include <errno.h>
ec577822	14	#include <openssl/crypto.h>
a146ae55	15	#include "internal/bio.h"
ec577822	16	#include <openssl/err.h>
b6ba4014	17	#include "ssl_locl.h"
d02b48c6	18
f42fd819 MC	19	static int ssl_write(BIO h, const char buf, size_t size, size_t *written);
f42fd819 MC	20	static int ssl_read(BIO b, char buf, size_t size, size_t *readbytes);
0e1c0612 UM	21	static int ssl_puts(BIO h, const char str);
0e1c0612 UM	22	static long ssl_ctrl(BIO h, int cmd, long arg1, void arg2);
d02b48c6 RE	23	static int ssl_new(BIO *h);
d02b48c6 RE	24	static int ssl_free(BIO *data);
13083215	25	static long ssl_callback_ctrl(BIO h, int cmd, bio_info_cb fp);
0f113f3e MC	26	typedef struct bio_ssl_st {
	27	SSL ssl; / The ssl handle :-) */
	28	/* re-negotiate every time the total number of bytes is this size */
	29	int num_renegotiates;
	30	unsigned long renegotiate_count;
8051ab2b	31	size_t byte_count;
0f113f3e MC	32	unsigned long renegotiate_timeout;
	33	unsigned long last_time;
	34	} BIO_SSL;
	35
04f6b0fd	36	static const BIO_METHOD methods_sslp = {
0f113f3e MC	37	BIO_TYPE_SSL, "ssl",
0f113f3e MC	38	ssl_write,
3befffa3	39	NULL,
0f113f3e	40	ssl_read,
d07aee2c	41	NULL,
0f113f3e MC	42	ssl_puts,
	43	NULL, /* ssl_gets, */
	44	ssl_ctrl,
	45	ssl_new,
	46	ssl_free,
	47	ssl_callback_ctrl,
	48	};
a9188d4e	49
04f6b0fd	50	const BIO_METHOD *BIO_f_ssl(void)
0f113f3e MC	51	{
	52	return (&methods_sslp);
	53	}
d02b48c6	54
6b691a5c	55	static int ssl_new(BIO *bi)
0f113f3e	56	{
b51bce94	57	BIO_SSL bs = OPENSSL_zalloc(sizeof(bs));
0f113f3e	58
0f113f3e MC	59	if (bs == NULL) {
	60	BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
	61	return (0);
	62	}
a146ae55 MC	63	BIO_set_init(bi, 0);
	64	BIO_set_data(bi, bs);
	65	/* Clear all flags */
	66	BIO_clear_flags(bi, ~0);
	67
	68	return 1;
0f113f3e	69	}
d02b48c6	70
6b691a5c	71	static int ssl_free(BIO *a)
0f113f3e MC	72	{
	73	BIO_SSL *bs;
	74
	75	if (a == NULL)
	76	return (0);
a146ae55	77	bs = BIO_get_data(a);
0f113f3e MC	78	if (bs->ssl != NULL)
0f113f3e MC	79	SSL_shutdown(bs->ssl);
a146ae55 MC	80	if (BIO_get_shutdown(a)) {
a146ae55 MC	81	if (BIO_get_init(a))
0f113f3e	82	SSL_free(bs->ssl);
a146ae55 MC	83	/* Clear all flags */
	84	BIO_clear_flags(a, ~0);
	85	BIO_set_init(a, 0);
0f113f3e	86	}
a146ae55 MC	87	OPENSSL_free(bs);
a146ae55 MC	88	return 1;
0f113f3e MC	89	}
0f113f3e MC	90
f42fd819	91	static int ssl_read(BIO b, char buf, size_t size, size_t *readbytes)
0f113f3e MC	92	{
	93	int ret = 1;
	94	BIO_SSL *sb;
	95	SSL *ssl;
	96	int retry_reason = 0;
	97	int r = 0;
d02b48c6	98
f42fd819 MC	99	if (buf == NULL)
f42fd819 MC	100	return 0;
a146ae55	101	sb = BIO_get_data(b);
0f113f3e	102	ssl = sb->ssl;
d02b48c6	103
0f113f3e	104	BIO_clear_retry_flags(b);
d02b48c6	105
f42fd819 MC	106	if (size > INT_MAX)
f42fd819 MC	107	size = INT_MAX;
d07aee2c	108
f42fd819	109	ret = SSL_read(ssl, buf, size);
3befffa3	110	if (ret > 0)
ac0edec1	111	*readbytes = ret;
0f113f3e MC	112
	113	switch (SSL_get_error(ssl, ret)) {
	114	case SSL_ERROR_NONE:
8051ab2b	115	if (*readbytes == 0)
0f113f3e MC	116	break;
0f113f3e MC	117	if (sb->renegotiate_count > 0) {
ac0edec1	118	sb->byte_count += *readbytes;
0f113f3e MC	119	if (sb->byte_count > sb->renegotiate_count) {
	120	sb->byte_count = 0;
	121	sb->num_renegotiates++;
	122	SSL_renegotiate(ssl);
	123	r = 1;
	124	}
	125	}
	126	if ((sb->renegotiate_timeout > 0) && (!r)) {
	127	unsigned long tm;
	128
	129	tm = (unsigned long)time(NULL);
	130	if (tm > sb->last_time + sb->renegotiate_timeout) {
	131	sb->last_time = tm;
	132	sb->num_renegotiates++;
	133	SSL_renegotiate(ssl);
	134	}
	135	}
	136
	137	break;
	138	case SSL_ERROR_WANT_READ:
	139	BIO_set_retry_read(b);
	140	break;
	141	case SSL_ERROR_WANT_WRITE:
	142	BIO_set_retry_write(b);
	143	break;
	144	case SSL_ERROR_WANT_X509_LOOKUP:
	145	BIO_set_retry_special(b);
	146	retry_reason = BIO_RR_SSL_X509_LOOKUP;
	147	break;
	148	case SSL_ERROR_WANT_ACCEPT:
	149	BIO_set_retry_special(b);
	150	retry_reason = BIO_RR_ACCEPT;
	151	break;
	152	case SSL_ERROR_WANT_CONNECT:
	153	BIO_set_retry_special(b);
	154	retry_reason = BIO_RR_CONNECT;
	155	break;
	156	case SSL_ERROR_SYSCALL:
	157	case SSL_ERROR_SSL:
	158	case SSL_ERROR_ZERO_RETURN:
	159	default:
	160	break;
	161	}
	162
a146ae55	163	BIO_set_retry_reason(b, retry_reason);
d07aee2c	164
3befffa3	165	return ret;
0f113f3e	166	}
d02b48c6	167
f42fd819	168	static int ssl_write(BIO b, const char buf, size_t size, size_t *written)
0f113f3e MC	169	{
	170	int ret, r = 0;
	171	int retry_reason = 0;
	172	SSL *ssl;
	173	BIO_SSL *bs;
	174
f42fd819 MC	175	if (buf == NULL)
f42fd819 MC	176	return 0;
a146ae55	177	bs = BIO_get_data(b);
0f113f3e MC	178	ssl = bs->ssl;
	179
	180	BIO_clear_retry_flags(b);
	181
8051ab2b	182	ret = SSL_write_ex(ssl, buf, size, written);
0f113f3e MC	183
	184	switch (SSL_get_error(ssl, ret)) {
	185	case SSL_ERROR_NONE:
8051ab2b	186	if (*written == 0)
0f113f3e MC	187	break;
0f113f3e MC	188	if (bs->renegotiate_count > 0) {
8051ab2b	189	bs->byte_count += *written;
0f113f3e MC	190	if (bs->byte_count > bs->renegotiate_count) {
	191	bs->byte_count = 0;
	192	bs->num_renegotiates++;
	193	SSL_renegotiate(ssl);
	194	r = 1;
	195	}
	196	}
	197	if ((bs->renegotiate_timeout > 0) && (!r)) {
	198	unsigned long tm;
	199
	200	tm = (unsigned long)time(NULL);
	201	if (tm > bs->last_time + bs->renegotiate_timeout) {
	202	bs->last_time = tm;
	203	bs->num_renegotiates++;
	204	SSL_renegotiate(ssl);
	205	}
	206	}
	207	break;
	208	case SSL_ERROR_WANT_WRITE:
	209	BIO_set_retry_write(b);
	210	break;
	211	case SSL_ERROR_WANT_READ:
	212	BIO_set_retry_read(b);
	213	break;
	214	case SSL_ERROR_WANT_X509_LOOKUP:
	215	BIO_set_retry_special(b);
	216	retry_reason = BIO_RR_SSL_X509_LOOKUP;
	217	break;
	218	case SSL_ERROR_WANT_CONNECT:
	219	BIO_set_retry_special(b);
	220	retry_reason = BIO_RR_CONNECT;
	221	case SSL_ERROR_SYSCALL:
	222	case SSL_ERROR_SSL:
	223	default:
	224	break;
	225	}
	226
a146ae55	227	BIO_set_retry_reason(b, retry_reason);
3befffa3	228
a146ae55	229	return ret;
0f113f3e	230	}
d02b48c6	231
0e1c0612	232	static long ssl_ctrl(BIO b, int cmd, long num, void ptr)
0f113f3e MC	233	{
0f113f3e MC	234	SSL *sslp, ssl;
a146ae55	235	BIO_SSL bs, dbs;
0f113f3e MC	236	BIO dbio, bio;
0f113f3e MC	237	long ret = 1;
a146ae55	238	BIO *next;
0f113f3e	239
a146ae55 MC	240	bs = BIO_get_data(b);
a146ae55 MC	241	next = BIO_next(b);
0f113f3e MC	242	ssl = bs->ssl;
	243	if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
	244	return (0);
	245	switch (cmd) {
	246	case BIO_CTRL_RESET:
	247	SSL_shutdown(ssl);
	248
	249	if (ssl->handshake_func == ssl->method->ssl_connect)
	250	SSL_set_connect_state(ssl);
	251	else if (ssl->handshake_func == ssl->method->ssl_accept)
	252	SSL_set_accept_state(ssl);
	253
61986d32	254	if (!SSL_clear(ssl)) {
69f68237 MC	255	ret = 0;
	256	break;
	257	}
0f113f3e	258
a146ae55 MC	259	if (next != NULL)
a146ae55 MC	260	ret = BIO_ctrl(next, cmd, num, ptr);
0f113f3e MC	261	else if (ssl->rbio != NULL)
	262	ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
	263	else
	264	ret = 1;
	265	break;
	266	case BIO_CTRL_INFO:
	267	ret = 0;
	268	break;
	269	case BIO_C_SSL_MODE:
	270	if (num) /* client mode */
	271	SSL_set_connect_state(ssl);
	272	else
	273	SSL_set_accept_state(ssl);
	274	break;
	275	case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
	276	ret = bs->renegotiate_timeout;
	277	if (num < 60)
	278	num = 5;
	279	bs->renegotiate_timeout = (unsigned long)num;
	280	bs->last_time = (unsigned long)time(NULL);
	281	break;
	282	case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
	283	ret = bs->renegotiate_count;
	284	if ((long)num >= 512)
	285	bs->renegotiate_count = (unsigned long)num;
	286	break;
	287	case BIO_C_GET_SSL_NUM_RENEGOTIATES:
	288	ret = bs->num_renegotiates;
	289	break;
	290	case BIO_C_SET_SSL:
	291	if (ssl != NULL) {
	292	ssl_free(b);
	293	if (!ssl_new(b))
	294	return 0;
	295	}
a146ae55	296	BIO_set_shutdown(b, num);
0f113f3e	297	ssl = (SSL *)ptr;
a146ae55	298	bs->ssl = ssl;
0f113f3e MC	299	bio = SSL_get_rbio(ssl);
0f113f3e MC	300	if (bio != NULL) {
a146ae55 MC	301	if (next != NULL)
	302	BIO_push(bio, next);
	303	BIO_set_next(b, bio);
fb46be03	304	BIO_up_ref(bio);
0f113f3e	305	}
a146ae55	306	BIO_set_init(b, 1);
0f113f3e MC	307	break;
	308	case BIO_C_GET_SSL:
	309	if (ptr != NULL) {
	310	sslp = (SSL **)ptr;
	311	*sslp = ssl;
	312	} else
	313	ret = 0;
	314	break;
	315	case BIO_CTRL_GET_CLOSE:
a146ae55	316	ret = BIO_get_shutdown(b);
0f113f3e MC	317	break;
0f113f3e MC	318	case BIO_CTRL_SET_CLOSE:
a146ae55	319	BIO_set_shutdown(b, (int)num);
0f113f3e MC	320	break;
	321	case BIO_CTRL_WPENDING:
	322	ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
	323	break;
	324	case BIO_CTRL_PENDING:
	325	ret = SSL_pending(ssl);
	326	if (ret == 0)
	327	ret = BIO_pending(ssl->rbio);
	328	break;
	329	case BIO_CTRL_FLUSH:
	330	BIO_clear_retry_flags(b);
	331	ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
	332	BIO_copy_next_retry(b);
	333	break;
	334	case BIO_CTRL_PUSH:
a146ae55	335	if ((next != NULL) && (next != ssl->rbio)) {
eddef305 MC	336	/*
	337	* We are going to pass ownership of next to the SSL object...but
	338	* we don't own a reference to pass yet - so up ref
	339	*/
	340	BIO_up_ref(next);
a146ae55	341	SSL_set_bio(ssl, next, next);
0f113f3e MC	342	}
	343	break;
	344	case BIO_CTRL_POP:
	345	/* Only detach if we are the BIO explicitly being popped */
	346	if (b == ptr) {
b46fe860 MC	347	/* This will clear the reference we obtained during push */
b46fe860 MC	348	SSL_set_bio(ssl, NULL, NULL);
0f113f3e MC	349	}
	350	break;
	351	case BIO_C_DO_STATE_MACHINE:
	352	BIO_clear_retry_flags(b);
	353
a146ae55	354	BIO_set_retry_reason(b, 0);
0f113f3e MC	355	ret = (int)SSL_do_handshake(ssl);
	356
	357	switch (SSL_get_error(ssl, (int)ret)) {
	358	case SSL_ERROR_WANT_READ:
	359	BIO_set_flags(b, BIO_FLAGS_READ \| BIO_FLAGS_SHOULD_RETRY);
	360	break;
	361	case SSL_ERROR_WANT_WRITE:
	362	BIO_set_flags(b, BIO_FLAGS_WRITE \| BIO_FLAGS_SHOULD_RETRY);
	363	break;
	364	case SSL_ERROR_WANT_CONNECT:
	365	BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL \| BIO_FLAGS_SHOULD_RETRY);
a146ae55	366	BIO_set_retry_reason(b, BIO_get_retry_reason(next));
0f113f3e	367	break;
f1c412c9 DSH	368	case SSL_ERROR_WANT_X509_LOOKUP:
f1c412c9 DSH	369	BIO_set_retry_special(b);
a146ae55	370	BIO_set_retry_reason(b, BIO_RR_SSL_X509_LOOKUP);
f1c412c9	371	break;
0f113f3e MC	372	default:
	373	break;
	374	}
	375	break;
	376	case BIO_CTRL_DUP:
	377	dbio = (BIO *)ptr;
a146ae55 MC	378	dbs = BIO_get_data(dbio);
	379	SSL_free(dbs->ssl);
	380	dbs->ssl = SSL_dup(ssl);
dbd5c34f MC	381	dbs->num_renegotiates = bs->num_renegotiates;
	382	dbs->renegotiate_count = bs->renegotiate_count;
	383	dbs->byte_count = bs->byte_count;
	384	dbs->renegotiate_timeout = bs->renegotiate_timeout;
	385	dbs->last_time = bs->last_time;
a146ae55	386	ret = (dbs->ssl != NULL);
0f113f3e MC	387	break;
	388	case BIO_C_GET_FD:
	389	ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
	390	break;
	391	case BIO_CTRL_SET_CALLBACK:
	392	{
	393	#if 0 /* FIXME: Should this be used? -- Richard
	394	* Levitte */
	395	SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
	396	ret = -1;
d3442bc7	397	#else
0f113f3e	398	ret = 0;
d3442bc7	399	#endif
0f113f3e MC	400	}
	401	break;
	402	case BIO_CTRL_GET_CALLBACK:
	403	{
	404	void (*fptr) (const SSL xssl, int type, int val);
	405
	406	fptr = (void (*)(const SSL xssl, int type, int val))ptr;
	407	*fptr = SSL_get_info_callback(ssl);
	408	}
	409	break;
	410	default:
	411	ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
	412	break;
	413	}
	414	return (ret);
	415	}
d02b48c6	416
13083215	417	static long ssl_callback_ctrl(BIO b, int cmd, bio_info_cb fp)
0f113f3e MC	418	{
	419	SSL *ssl;
	420	BIO_SSL *bs;
	421	long ret = 1;
	422
a146ae55	423	bs = BIO_get_data(b);
0f113f3e MC	424	ssl = bs->ssl;
	425	switch (cmd) {
	426	case BIO_CTRL_SET_CALLBACK:
	427	{
	428	/*
	429	* FIXME: setting this via a completely different prototype seems
	430	* like a crap idea
	431	*/
	432	SSL_set_info_callback(ssl, (void ()(const SSL , int, int))fp);
	433	}
	434	break;
	435	default:
	436	ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
	437	break;
	438	}
	439	return (ret);
	440	}
d3442bc7	441
0e1c0612	442	static int ssl_puts(BIO bp, const char str)
0f113f3e MC	443	{
0f113f3e MC	444	int n, ret;
d02b48c6	445
0f113f3e MC	446	n = strlen(str);
	447	ret = BIO_write(bp, str, n);
	448	return (ret);
	449	}
d02b48c6	450
6b691a5c	451	BIO BIO_new_buffer_ssl_connect(SSL_CTX ctx)
0f113f3e	452	{
85d686e7	453	#ifndef OPENSSL_NO_SOCK
0f113f3e MC	454	BIO ret = NULL, buf = NULL, *ssl = NULL;
	455
	456	if ((buf = BIO_new(BIO_f_buffer())) == NULL)
	457	return (NULL);
	458	if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
	459	goto err;
	460	if ((ret = BIO_push(buf, ssl)) == NULL)
	461	goto err;
	462	return (ret);
	463	err:
ca3a82c3 RS	464	BIO_free(buf);
ca3a82c3 RS	465	BIO_free(ssl);
85d686e7	466	#endif
0f113f3e MC	467	return (NULL);
0f113f3e MC	468	}
58964a49	469
6b691a5c	470	BIO BIO_new_ssl_connect(SSL_CTX ctx)
0f113f3e	471	{
4a1fbd13	472	#ifndef OPENSSL_NO_SOCK
0f113f3e MC	473	BIO ret = NULL, con = NULL, *ssl = NULL;
	474
	475	if ((con = BIO_new(BIO_s_connect())) == NULL)
	476	return (NULL);
	477	if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
	478	goto err;
	479	if ((ret = BIO_push(ssl, con)) == NULL)
	480	goto err;
	481	return (ret);
	482	err:
ca3a82c3	483	BIO_free(con);
4a1fbd13	484	#endif
0f113f3e MC	485	return (NULL);
0f113f3e MC	486	}
58964a49	487
6b691a5c	488	BIO BIO_new_ssl(SSL_CTX ctx, int client)
0f113f3e MC	489	{
	490	BIO *ret;
	491	SSL *ssl;
	492
	493	if ((ret = BIO_new(BIO_f_ssl())) == NULL)
	494	return (NULL);
	495	if ((ssl = SSL_new(ctx)) == NULL) {
	496	BIO_free(ret);
	497	return (NULL);
	498	}
	499	if (client)
	500	SSL_set_connect_state(ssl);
	501	else
	502	SSL_set_accept_state(ssl);
	503
	504	BIO_set_ssl(ret, ssl, BIO_CLOSE);
	505	return (ret);
	506	}
d02b48c6	507
6b691a5c	508	int BIO_ssl_copy_session_id(BIO t, BIO f)
0f113f3e	509	{
a146ae55	510	BIO_SSL tdata, fdata;
0f113f3e MC	511	t = BIO_find_type(t, BIO_TYPE_SSL);
	512	f = BIO_find_type(f, BIO_TYPE_SSL);
	513	if ((t == NULL) \|\| (f == NULL))
a146ae55 MC	514	return 0;
	515	tdata = BIO_get_data(t);
	516	fdata = BIO_get_data(f);
	517	if ((tdata->ssl == NULL) \|\| (fdata->ssl == NULL))
0f113f3e	518	return (0);
a146ae55	519	if (!SSL_copy_session_id(tdata->ssl, (fdata->ssl)))
17dd65e6	520	return 0;
0f113f3e MC	521	return (1);
0f113f3e MC	522	}
d02b48c6	523
6b691a5c	524	void BIO_ssl_shutdown(BIO *b)
0f113f3e MC	525	{
	526	SSL *s;
	527
a146ae55 MC	528	b = BIO_find_type(b, BIO_TYPE_SSL);
	529	if (b == NULL)
	530	return;
	531
	532	s = BIO_get_data(b);
	533	SSL_shutdown(s);
0f113f3e	534	}