2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 #include <openssl/crypto.h>
15 #include "internal/bio.h"
16 #include <openssl/err.h>
17 #include "ssl_local.h"
19 static int ssl_write(BIO
*h
, const char *buf
, size_t size
, size_t *written
);
20 static int ssl_read(BIO
*b
, char *buf
, size_t size
, size_t *readbytes
);
21 static int ssl_puts(BIO
*h
, const char *str
);
22 static long ssl_ctrl(BIO
*h
, int cmd
, long arg1
, void *arg2
);
23 static int ssl_new(BIO
*h
);
24 static int ssl_free(BIO
*data
);
25 static long ssl_callback_ctrl(BIO
*h
, int cmd
, BIO_info_cb
*fp
);
26 typedef struct bio_ssl_st
{
27 SSL
*ssl
; /* The ssl handle :-) */
28 /* re-negotiate every time the total number of bytes is this size */
30 unsigned long renegotiate_count
;
32 unsigned long renegotiate_timeout
;
33 unsigned long last_time
;
36 static const BIO_METHOD methods_sslp
= {
40 NULL
, /* ssl_write_old, */
42 NULL
, /* ssl_read_old, */
51 const BIO_METHOD
*BIO_f_ssl(void)
56 static int ssl_new(BIO
*bi
)
58 BIO_SSL
*bs
= OPENSSL_zalloc(sizeof(*bs
));
61 ERR_raise(ERR_LIB_BIO
, ERR_R_MALLOC_FAILURE
);
67 BIO_clear_flags(bi
, ~0);
72 static int ssl_free(BIO
*a
)
80 SSL_shutdown(bs
->ssl
);
81 if (BIO_get_shutdown(a
)) {
85 BIO_clear_flags(a
, ~0);
92 static int ssl_read(BIO
*b
, char *buf
, size_t size
, size_t *readbytes
)
102 sb
= BIO_get_data(b
);
105 BIO_clear_retry_flags(b
);
107 ret
= ssl_read_internal(ssl
, buf
, size
, readbytes
);
109 switch (SSL_get_error(ssl
, ret
)) {
111 if (sb
->renegotiate_count
> 0) {
112 sb
->byte_count
+= *readbytes
;
113 if (sb
->byte_count
> sb
->renegotiate_count
) {
115 sb
->num_renegotiates
++;
116 SSL_renegotiate(ssl
);
120 if ((sb
->renegotiate_timeout
> 0) && (!r
)) {
123 tm
= (unsigned long)time(NULL
);
124 if (tm
> sb
->last_time
+ sb
->renegotiate_timeout
) {
126 sb
->num_renegotiates
++;
127 SSL_renegotiate(ssl
);
132 case SSL_ERROR_WANT_READ
:
133 BIO_set_retry_read(b
);
135 case SSL_ERROR_WANT_WRITE
:
136 BIO_set_retry_write(b
);
138 case SSL_ERROR_WANT_X509_LOOKUP
:
139 BIO_set_retry_special(b
);
140 retry_reason
= BIO_RR_SSL_X509_LOOKUP
;
142 case SSL_ERROR_WANT_ACCEPT
:
143 BIO_set_retry_special(b
);
144 retry_reason
= BIO_RR_ACCEPT
;
146 case SSL_ERROR_WANT_CONNECT
:
147 BIO_set_retry_special(b
);
148 retry_reason
= BIO_RR_CONNECT
;
150 case SSL_ERROR_SYSCALL
:
152 case SSL_ERROR_ZERO_RETURN
:
157 BIO_set_retry_reason(b
, retry_reason
);
162 static int ssl_write(BIO
*b
, const char *buf
, size_t size
, size_t *written
)
165 int retry_reason
= 0;
171 bs
= BIO_get_data(b
);
174 BIO_clear_retry_flags(b
);
176 ret
= ssl_write_internal(ssl
, buf
, size
, written
);
178 switch (SSL_get_error(ssl
, ret
)) {
180 if (bs
->renegotiate_count
> 0) {
181 bs
->byte_count
+= *written
;
182 if (bs
->byte_count
> bs
->renegotiate_count
) {
184 bs
->num_renegotiates
++;
185 SSL_renegotiate(ssl
);
189 if ((bs
->renegotiate_timeout
> 0) && (!r
)) {
192 tm
= (unsigned long)time(NULL
);
193 if (tm
> bs
->last_time
+ bs
->renegotiate_timeout
) {
195 bs
->num_renegotiates
++;
196 SSL_renegotiate(ssl
);
200 case SSL_ERROR_WANT_WRITE
:
201 BIO_set_retry_write(b
);
203 case SSL_ERROR_WANT_READ
:
204 BIO_set_retry_read(b
);
206 case SSL_ERROR_WANT_X509_LOOKUP
:
207 BIO_set_retry_special(b
);
208 retry_reason
= BIO_RR_SSL_X509_LOOKUP
;
210 case SSL_ERROR_WANT_CONNECT
:
211 BIO_set_retry_special(b
);
212 retry_reason
= BIO_RR_CONNECT
;
213 case SSL_ERROR_SYSCALL
:
219 BIO_set_retry_reason(b
, retry_reason
);
224 static long ssl_ctrl(BIO
*b
, int cmd
, long num
, void *ptr
)
232 bs
= BIO_get_data(b
);
235 if ((ssl
== NULL
) && (cmd
!= BIO_C_SET_SSL
))
241 if (ssl
->handshake_func
== ssl
->method
->ssl_connect
)
242 SSL_set_connect_state(ssl
);
243 else if (ssl
->handshake_func
== ssl
->method
->ssl_accept
)
244 SSL_set_accept_state(ssl
);
246 if (!SSL_clear(ssl
)) {
252 ret
= BIO_ctrl(next
, cmd
, num
, ptr
);
253 else if (ssl
->rbio
!= NULL
)
254 ret
= BIO_ctrl(ssl
->rbio
, cmd
, num
, ptr
);
262 if (num
) /* client mode */
263 SSL_set_connect_state(ssl
);
265 SSL_set_accept_state(ssl
);
267 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT
:
268 ret
= bs
->renegotiate_timeout
;
271 bs
->renegotiate_timeout
= (unsigned long)num
;
272 bs
->last_time
= (unsigned long)time(NULL
);
274 case BIO_C_SET_SSL_RENEGOTIATE_BYTES
:
275 ret
= bs
->renegotiate_count
;
276 if ((long)num
>= 512)
277 bs
->renegotiate_count
= (unsigned long)num
;
279 case BIO_C_GET_SSL_NUM_RENEGOTIATES
:
280 ret
= bs
->num_renegotiates
;
287 bs
= BIO_get_data(b
);
289 BIO_set_shutdown(b
, num
);
292 bio
= SSL_get_rbio(ssl
);
296 BIO_set_next(b
, bio
);
308 case BIO_CTRL_GET_CLOSE
:
309 ret
= BIO_get_shutdown(b
);
311 case BIO_CTRL_SET_CLOSE
:
312 BIO_set_shutdown(b
, (int)num
);
314 case BIO_CTRL_WPENDING
:
315 ret
= BIO_ctrl(ssl
->wbio
, cmd
, num
, ptr
);
317 case BIO_CTRL_PENDING
:
318 ret
= SSL_pending(ssl
);
320 ret
= BIO_pending(ssl
->rbio
);
323 BIO_clear_retry_flags(b
);
324 ret
= BIO_ctrl(ssl
->wbio
, cmd
, num
, ptr
);
325 BIO_copy_next_retry(b
);
328 if ((next
!= NULL
) && (next
!= ssl
->rbio
)) {
330 * We are going to pass ownership of next to the SSL object...but
331 * we don't own a reference to pass yet - so up ref
334 SSL_set_bio(ssl
, next
, next
);
338 /* Only detach if we are the BIO explicitly being popped */
340 /* This will clear the reference we obtained during push */
341 SSL_set_bio(ssl
, NULL
, NULL
);
344 case BIO_C_DO_STATE_MACHINE
:
345 BIO_clear_retry_flags(b
);
347 BIO_set_retry_reason(b
, 0);
348 ret
= (int)SSL_do_handshake(ssl
);
350 switch (SSL_get_error(ssl
, (int)ret
)) {
351 case SSL_ERROR_WANT_READ
:
352 BIO_set_flags(b
, BIO_FLAGS_READ
| BIO_FLAGS_SHOULD_RETRY
);
354 case SSL_ERROR_WANT_WRITE
:
355 BIO_set_flags(b
, BIO_FLAGS_WRITE
| BIO_FLAGS_SHOULD_RETRY
);
357 case SSL_ERROR_WANT_CONNECT
:
358 BIO_set_flags(b
, BIO_FLAGS_IO_SPECIAL
| BIO_FLAGS_SHOULD_RETRY
);
359 BIO_set_retry_reason(b
, BIO_get_retry_reason(next
));
361 case SSL_ERROR_WANT_X509_LOOKUP
:
362 BIO_set_retry_special(b
);
363 BIO_set_retry_reason(b
, BIO_RR_SSL_X509_LOOKUP
);
371 dbs
= BIO_get_data(dbio
);
373 dbs
->ssl
= SSL_dup(ssl
);
374 dbs
->num_renegotiates
= bs
->num_renegotiates
;
375 dbs
->renegotiate_count
= bs
->renegotiate_count
;
376 dbs
->byte_count
= bs
->byte_count
;
377 dbs
->renegotiate_timeout
= bs
->renegotiate_timeout
;
378 dbs
->last_time
= bs
->last_time
;
379 ret
= (dbs
->ssl
!= NULL
);
382 ret
= BIO_ctrl(ssl
->rbio
, cmd
, num
, ptr
);
384 case BIO_CTRL_SET_CALLBACK
:
385 ret
= 0; /* use callback ctrl */
388 ret
= BIO_ctrl(ssl
->rbio
, cmd
, num
, ptr
);
394 static long ssl_callback_ctrl(BIO
*b
, int cmd
, BIO_info_cb
*fp
)
400 bs
= BIO_get_data(b
);
403 case BIO_CTRL_SET_CALLBACK
:
404 ret
= BIO_callback_ctrl(ssl
->rbio
, cmd
, fp
);
413 static int ssl_puts(BIO
*bp
, const char *str
)
418 ret
= BIO_write(bp
, str
, n
);
422 BIO
*BIO_new_buffer_ssl_connect(SSL_CTX
*ctx
)
424 #ifndef OPENSSL_NO_SOCK
425 BIO
*ret
= NULL
, *buf
= NULL
, *ssl
= NULL
;
427 if ((buf
= BIO_new(BIO_f_buffer())) == NULL
)
429 if ((ssl
= BIO_new_ssl_connect(ctx
)) == NULL
)
431 if ((ret
= BIO_push(buf
, ssl
)) == NULL
)
441 BIO
*BIO_new_ssl_connect(SSL_CTX
*ctx
)
443 #ifndef OPENSSL_NO_SOCK
444 BIO
*ret
= NULL
, *con
= NULL
, *ssl
= NULL
;
446 if ((con
= BIO_new(BIO_s_connect())) == NULL
)
448 if ((ssl
= BIO_new_ssl(ctx
, 1)) == NULL
)
450 if ((ret
= BIO_push(ssl
, con
)) == NULL
)
459 BIO
*BIO_new_ssl(SSL_CTX
*ctx
, int client
)
464 if ((ret
= BIO_new(BIO_f_ssl())) == NULL
)
466 if ((ssl
= SSL_new(ctx
)) == NULL
) {
471 SSL_set_connect_state(ssl
);
473 SSL_set_accept_state(ssl
);
475 BIO_set_ssl(ret
, ssl
, BIO_CLOSE
);
479 int BIO_ssl_copy_session_id(BIO
*t
, BIO
*f
)
481 BIO_SSL
*tdata
, *fdata
;
482 t
= BIO_find_type(t
, BIO_TYPE_SSL
);
483 f
= BIO_find_type(f
, BIO_TYPE_SSL
);
484 if ((t
== NULL
) || (f
== NULL
))
486 tdata
= BIO_get_data(t
);
487 fdata
= BIO_get_data(f
);
488 if ((tdata
->ssl
== NULL
) || (fdata
->ssl
== NULL
))
490 if (!SSL_copy_session_id(tdata
->ssl
, (fdata
->ssl
)))
495 void BIO_ssl_shutdown(BIO
*b
)
499 for (; b
!= NULL
; b
= BIO_next(b
)) {
500 if (BIO_method_type(b
) != BIO_TYPE_SSL
)
502 bdata
= BIO_get_data(b
);
503 if (bdata
!= NULL
&& bdata
->ssl
!= NULL
)
504 SSL_shutdown(bdata
->ssl
);