2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 #include <openssl/crypto.h>
15 #include "internal/bio.h"
16 #include <openssl/err.h>
19 static int ssl_write(BIO
*h
, const char *buf
, size_t size
, size_t *written
);
20 static int ssl_read(BIO
*b
, char *buf
, size_t size
, size_t *readbytes
);
21 static int ssl_puts(BIO
*h
, const char *str
);
22 static long ssl_ctrl(BIO
*h
, int cmd
, long arg1
, void *arg2
);
23 static int ssl_new(BIO
*h
);
24 static int ssl_free(BIO
*data
);
25 static long ssl_callback_ctrl(BIO
*h
, int cmd
, bio_info_cb
*fp
);
26 typedef struct bio_ssl_st
{
27 SSL
*ssl
; /* The ssl handle :-) */
28 /* re-negotiate every time the total number of bytes is this size */
30 unsigned long renegotiate_count
;
32 unsigned long renegotiate_timeout
;
33 unsigned long last_time
;
36 static const BIO_METHOD methods_sslp
= {
50 const BIO_METHOD
*BIO_f_ssl(void)
52 return (&methods_sslp
);
55 static int ssl_new(BIO
*bi
)
57 BIO_SSL
*bs
= OPENSSL_zalloc(sizeof(*bs
));
60 BIOerr(BIO_F_SSL_NEW
, ERR_R_MALLOC_FAILURE
);
66 BIO_clear_flags(bi
, ~0);
71 static int ssl_free(BIO
*a
)
79 SSL_shutdown(bs
->ssl
);
80 if (BIO_get_shutdown(a
)) {
84 BIO_clear_flags(a
, ~0);
91 static int ssl_read(BIO
*b
, char *buf
, size_t size
, size_t *readbytes
)
101 sb
= BIO_get_data(b
);
104 BIO_clear_retry_flags(b
);
106 ret
= ssl_read_internal(ssl
, buf
, size
, readbytes
);
108 switch (SSL_get_error(ssl
, ret
)) {
110 if (sb
->renegotiate_count
> 0) {
111 sb
->byte_count
+= *readbytes
;
112 if (sb
->byte_count
> sb
->renegotiate_count
) {
114 sb
->num_renegotiates
++;
115 SSL_renegotiate(ssl
);
119 if ((sb
->renegotiate_timeout
> 0) && (!r
)) {
122 tm
= (unsigned long)time(NULL
);
123 if (tm
> sb
->last_time
+ sb
->renegotiate_timeout
) {
125 sb
->num_renegotiates
++;
126 SSL_renegotiate(ssl
);
131 case SSL_ERROR_WANT_READ
:
132 BIO_set_retry_read(b
);
134 case SSL_ERROR_WANT_WRITE
:
135 BIO_set_retry_write(b
);
137 case SSL_ERROR_WANT_X509_LOOKUP
:
138 BIO_set_retry_special(b
);
139 retry_reason
= BIO_RR_SSL_X509_LOOKUP
;
141 case SSL_ERROR_WANT_ACCEPT
:
142 BIO_set_retry_special(b
);
143 retry_reason
= BIO_RR_ACCEPT
;
145 case SSL_ERROR_WANT_CONNECT
:
146 BIO_set_retry_special(b
);
147 retry_reason
= BIO_RR_CONNECT
;
149 case SSL_ERROR_SYSCALL
:
151 case SSL_ERROR_ZERO_RETURN
:
156 BIO_set_retry_reason(b
, retry_reason
);
161 static int ssl_write(BIO
*b
, const char *buf
, size_t size
, size_t *written
)
164 int retry_reason
= 0;
170 bs
= BIO_get_data(b
);
173 BIO_clear_retry_flags(b
);
175 ret
= ssl_write_internal(ssl
, buf
, size
, written
);
177 switch (SSL_get_error(ssl
, ret
)) {
179 if (bs
->renegotiate_count
> 0) {
180 bs
->byte_count
+= *written
;
181 if (bs
->byte_count
> bs
->renegotiate_count
) {
183 bs
->num_renegotiates
++;
184 SSL_renegotiate(ssl
);
188 if ((bs
->renegotiate_timeout
> 0) && (!r
)) {
191 tm
= (unsigned long)time(NULL
);
192 if (tm
> bs
->last_time
+ bs
->renegotiate_timeout
) {
194 bs
->num_renegotiates
++;
195 SSL_renegotiate(ssl
);
199 case SSL_ERROR_WANT_WRITE
:
200 BIO_set_retry_write(b
);
202 case SSL_ERROR_WANT_READ
:
203 BIO_set_retry_read(b
);
205 case SSL_ERROR_WANT_X509_LOOKUP
:
206 BIO_set_retry_special(b
);
207 retry_reason
= BIO_RR_SSL_X509_LOOKUP
;
209 case SSL_ERROR_WANT_CONNECT
:
210 BIO_set_retry_special(b
);
211 retry_reason
= BIO_RR_CONNECT
;
212 case SSL_ERROR_SYSCALL
:
218 BIO_set_retry_reason(b
, retry_reason
);
223 static long ssl_ctrl(BIO
*b
, int cmd
, long num
, void *ptr
)
231 bs
= BIO_get_data(b
);
234 if ((ssl
== NULL
) && (cmd
!= BIO_C_SET_SSL
))
240 if (ssl
->handshake_func
== ssl
->method
->ssl_connect
)
241 SSL_set_connect_state(ssl
);
242 else if (ssl
->handshake_func
== ssl
->method
->ssl_accept
)
243 SSL_set_accept_state(ssl
);
245 if (!SSL_clear(ssl
)) {
251 ret
= BIO_ctrl(next
, cmd
, num
, ptr
);
252 else if (ssl
->rbio
!= NULL
)
253 ret
= BIO_ctrl(ssl
->rbio
, cmd
, num
, ptr
);
261 if (num
) /* client mode */
262 SSL_set_connect_state(ssl
);
264 SSL_set_accept_state(ssl
);
266 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT
:
267 ret
= bs
->renegotiate_timeout
;
270 bs
->renegotiate_timeout
= (unsigned long)num
;
271 bs
->last_time
= (unsigned long)time(NULL
);
273 case BIO_C_SET_SSL_RENEGOTIATE_BYTES
:
274 ret
= bs
->renegotiate_count
;
275 if ((long)num
>= 512)
276 bs
->renegotiate_count
= (unsigned long)num
;
278 case BIO_C_GET_SSL_NUM_RENEGOTIATES
:
279 ret
= bs
->num_renegotiates
;
287 BIO_set_shutdown(b
, num
);
290 bio
= SSL_get_rbio(ssl
);
294 BIO_set_next(b
, bio
);
306 case BIO_CTRL_GET_CLOSE
:
307 ret
= BIO_get_shutdown(b
);
309 case BIO_CTRL_SET_CLOSE
:
310 BIO_set_shutdown(b
, (int)num
);
312 case BIO_CTRL_WPENDING
:
313 ret
= BIO_ctrl(ssl
->wbio
, cmd
, num
, ptr
);
315 case BIO_CTRL_PENDING
:
316 ret
= SSL_pending(ssl
);
318 ret
= BIO_pending(ssl
->rbio
);
321 BIO_clear_retry_flags(b
);
322 ret
= BIO_ctrl(ssl
->wbio
, cmd
, num
, ptr
);
323 BIO_copy_next_retry(b
);
326 if ((next
!= NULL
) && (next
!= ssl
->rbio
)) {
328 * We are going to pass ownership of next to the SSL object...but
329 * we don't own a reference to pass yet - so up ref
332 SSL_set_bio(ssl
, next
, next
);
336 /* Only detach if we are the BIO explicitly being popped */
338 /* This will clear the reference we obtained during push */
339 SSL_set_bio(ssl
, NULL
, NULL
);
342 case BIO_C_DO_STATE_MACHINE
:
343 BIO_clear_retry_flags(b
);
345 BIO_set_retry_reason(b
, 0);
346 ret
= (int)SSL_do_handshake(ssl
);
348 switch (SSL_get_error(ssl
, (int)ret
)) {
349 case SSL_ERROR_WANT_READ
:
350 BIO_set_flags(b
, BIO_FLAGS_READ
| BIO_FLAGS_SHOULD_RETRY
);
352 case SSL_ERROR_WANT_WRITE
:
353 BIO_set_flags(b
, BIO_FLAGS_WRITE
| BIO_FLAGS_SHOULD_RETRY
);
355 case SSL_ERROR_WANT_CONNECT
:
356 BIO_set_flags(b
, BIO_FLAGS_IO_SPECIAL
| BIO_FLAGS_SHOULD_RETRY
);
357 BIO_set_retry_reason(b
, BIO_get_retry_reason(next
));
359 case SSL_ERROR_WANT_X509_LOOKUP
:
360 BIO_set_retry_special(b
);
361 BIO_set_retry_reason(b
, BIO_RR_SSL_X509_LOOKUP
);
369 dbs
= BIO_get_data(dbio
);
371 dbs
->ssl
= SSL_dup(ssl
);
372 dbs
->num_renegotiates
= bs
->num_renegotiates
;
373 dbs
->renegotiate_count
= bs
->renegotiate_count
;
374 dbs
->byte_count
= bs
->byte_count
;
375 dbs
->renegotiate_timeout
= bs
->renegotiate_timeout
;
376 dbs
->last_time
= bs
->last_time
;
377 ret
= (dbs
->ssl
!= NULL
);
380 ret
= BIO_ctrl(ssl
->rbio
, cmd
, num
, ptr
);
382 case BIO_CTRL_SET_CALLBACK
:
383 ret
= 0; /* use callback ctrl */
385 case BIO_CTRL_GET_CALLBACK
:
387 void (**fptr
) (const SSL
*xssl
, int type
, int val
);
389 fptr
= (void (**)(const SSL
*xssl
, int type
, int val
))ptr
;
390 *fptr
= SSL_get_info_callback(ssl
);
394 ret
= BIO_ctrl(ssl
->rbio
, cmd
, num
, ptr
);
400 static long ssl_callback_ctrl(BIO
*b
, int cmd
, bio_info_cb
*fp
)
406 bs
= BIO_get_data(b
);
409 case BIO_CTRL_SET_CALLBACK
:
412 * FIXME: setting this via a completely different prototype seems
415 SSL_set_info_callback(ssl
, (void (*)(const SSL
*, int, int))fp
);
419 ret
= BIO_callback_ctrl(ssl
->rbio
, cmd
, fp
);
425 static int ssl_puts(BIO
*bp
, const char *str
)
430 ret
= BIO_write(bp
, str
, n
);
434 BIO
*BIO_new_buffer_ssl_connect(SSL_CTX
*ctx
)
436 #ifndef OPENSSL_NO_SOCK
437 BIO
*ret
= NULL
, *buf
= NULL
, *ssl
= NULL
;
439 if ((buf
= BIO_new(BIO_f_buffer())) == NULL
)
441 if ((ssl
= BIO_new_ssl_connect(ctx
)) == NULL
)
443 if ((ret
= BIO_push(buf
, ssl
)) == NULL
)
453 BIO
*BIO_new_ssl_connect(SSL_CTX
*ctx
)
455 #ifndef OPENSSL_NO_SOCK
456 BIO
*ret
= NULL
, *con
= NULL
, *ssl
= NULL
;
458 if ((con
= BIO_new(BIO_s_connect())) == NULL
)
460 if ((ssl
= BIO_new_ssl(ctx
, 1)) == NULL
)
462 if ((ret
= BIO_push(ssl
, con
)) == NULL
)
471 BIO
*BIO_new_ssl(SSL_CTX
*ctx
, int client
)
476 if ((ret
= BIO_new(BIO_f_ssl())) == NULL
)
478 if ((ssl
= SSL_new(ctx
)) == NULL
) {
483 SSL_set_connect_state(ssl
);
485 SSL_set_accept_state(ssl
);
487 BIO_set_ssl(ret
, ssl
, BIO_CLOSE
);
491 int BIO_ssl_copy_session_id(BIO
*t
, BIO
*f
)
493 BIO_SSL
*tdata
, *fdata
;
494 t
= BIO_find_type(t
, BIO_TYPE_SSL
);
495 f
= BIO_find_type(f
, BIO_TYPE_SSL
);
496 if ((t
== NULL
) || (f
== NULL
))
498 tdata
= BIO_get_data(t
);
499 fdata
= BIO_get_data(f
);
500 if ((tdata
->ssl
== NULL
) || (fdata
->ssl
== NULL
))
502 if (!SSL_copy_session_id(tdata
->ssl
, (fdata
->ssl
)))
507 void BIO_ssl_shutdown(BIO
*b
)
511 for (; b
!= NULL
; b
= BIO_next(b
)) {
512 if (BIO_method_type(b
) != BIO_TYPE_SSL
)
514 bdata
= BIO_get_data(b
);
515 if (bdata
!= NULL
&& bdata
->ssl
!= NULL
)
516 SSL_shutdown(bdata
->ssl
);