]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/bio_ssl.c
projects / thirdparty / openssl.git / blob
? search:


596df240d3ddf2b8cc3246ac079182a270ba711b
[thirdparty/openssl.git] / ssl / bio_ssl.c
1 /*
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include <errno.h>
14 #include <openssl/crypto.h>
15 #include "internal/bio.h"
16 #include <openssl/err.h>
17 #include "ssl_locl.h"
18
19 static int ssl_write(BIO *h, const char *buf, size_t size, size_t *written);
20 static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes);
21 static int ssl_puts(BIO *h, const char *str);
22 static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
23 static int ssl_new(BIO *h);
24 static int ssl_free(BIO *data);
25 static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
26 typedef struct bio_ssl_st {
27 SSL *ssl; /* The ssl handle :-) */
28 /* re-negotiate every time the total number of bytes is this size */
29 int num_renegotiates;
30 unsigned long renegotiate_count;
31 size_t byte_count;
32 unsigned long renegotiate_timeout;
33 unsigned long last_time;
34 } BIO_SSL;
35
36 static const BIO_METHOD methods_sslp = {
37 BIO_TYPE_SSL, "ssl",
38 ssl_write,
39 NULL,
40 ssl_read,
41 NULL,
42 ssl_puts,
43 NULL, /* ssl_gets, */
44 ssl_ctrl,
45 ssl_new,
46 ssl_free,
47 ssl_callback_ctrl,
48 };
49
50 const BIO_METHOD *BIO_f_ssl(void)
51 {
52 return (&methods_sslp);
53 }
54
55 static int ssl_new(BIO *bi)
56 {
57 BIO_SSL *bs = OPENSSL_zalloc(sizeof(*bs));
58
59 if (bs == NULL) {
60 BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
61 return (0);
62 }
63 BIO_set_init(bi, 0);
64 BIO_set_data(bi, bs);
65 /* Clear all flags */
66 BIO_clear_flags(bi, ~0);
67
68 return 1;
69 }
70
71 static int ssl_free(BIO *a)
72 {
73 BIO_SSL *bs;
74
75 if (a == NULL)
76 return (0);
77 bs = BIO_get_data(a);
78 if (bs->ssl != NULL)
79 SSL_shutdown(bs->ssl);
80 if (BIO_get_shutdown(a)) {
81 if (BIO_get_init(a))
82 SSL_free(bs->ssl);
83 /* Clear all flags */
84 BIO_clear_flags(a, ~0);
85 BIO_set_init(a, 0);
86 }
87 OPENSSL_free(bs);
88 return 1;
89 }
90
91 static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes)
92 {
93 int ret = 1;
94 BIO_SSL *sb;
95 SSL *ssl;
96 int retry_reason = 0;
97 int r = 0;
98
99 if (buf == NULL)
100 return 0;
101 sb = BIO_get_data(b);
102 ssl = sb->ssl;
103
104 BIO_clear_retry_flags(b);
105
106 ret = SSL_read_ex(ssl, buf, size, readbytes);
107
108 switch (SSL_get_error(ssl, ret)) {
109 case SSL_ERROR_NONE:
110 if (*readbytes == 0)
111 break;
112 if (sb->renegotiate_count > 0) {
113 sb->byte_count += *readbytes;
114 if (sb->byte_count > sb->renegotiate_count) {
115 sb->byte_count = 0;
116 sb->num_renegotiates++;
117 SSL_renegotiate(ssl);
118 r = 1;
119 }
120 }
121 if ((sb->renegotiate_timeout > 0) && (!r)) {
122 unsigned long tm;
123
124 tm = (unsigned long)time(NULL);
125 if (tm > sb->last_time + sb->renegotiate_timeout) {
126 sb->last_time = tm;
127 sb->num_renegotiates++;
128 SSL_renegotiate(ssl);
129 }
130 }
131
132 break;
133 case SSL_ERROR_WANT_READ:
134 BIO_set_retry_read(b);
135 break;
136 case SSL_ERROR_WANT_WRITE:
137 BIO_set_retry_write(b);
138 break;
139 case SSL_ERROR_WANT_X509_LOOKUP:
140 BIO_set_retry_special(b);
141 retry_reason = BIO_RR_SSL_X509_LOOKUP;
142 break;
143 case SSL_ERROR_WANT_ACCEPT:
144 BIO_set_retry_special(b);
145 retry_reason = BIO_RR_ACCEPT;
146 break;
147 case SSL_ERROR_WANT_CONNECT:
148 BIO_set_retry_special(b);
149 retry_reason = BIO_RR_CONNECT;
150 break;
151 case SSL_ERROR_SYSCALL:
152 case SSL_ERROR_SSL:
153 case SSL_ERROR_ZERO_RETURN:
154 default:
155 break;
156 }
157
158 BIO_set_retry_reason(b, retry_reason);
159
160 return ret;
161 }
162
163 static int ssl_write(BIO *b, const char *buf, size_t size, size_t *written)
164 {
165 int ret, r = 0;
166 int retry_reason = 0;
167 SSL *ssl;
168 BIO_SSL *bs;
169
170 if (buf == NULL)
171 return 0;
172 bs = BIO_get_data(b);
173 ssl = bs->ssl;
174
175 BIO_clear_retry_flags(b);
176
177 ret = SSL_write_ex(ssl, buf, size, written);
178
179 switch (SSL_get_error(ssl, ret)) {
180 case SSL_ERROR_NONE:
181 if (*written == 0)
182 break;
183 if (bs->renegotiate_count > 0) {
184 bs->byte_count += *written;
185 if (bs->byte_count > bs->renegotiate_count) {
186 bs->byte_count = 0;
187 bs->num_renegotiates++;
188 SSL_renegotiate(ssl);
189 r = 1;
190 }
191 }
192 if ((bs->renegotiate_timeout > 0) && (!r)) {
193 unsigned long tm;
194
195 tm = (unsigned long)time(NULL);
196 if (tm > bs->last_time + bs->renegotiate_timeout) {
197 bs->last_time = tm;
198 bs->num_renegotiates++;
199 SSL_renegotiate(ssl);
200 }
201 }
202 break;
203 case SSL_ERROR_WANT_WRITE:
204 BIO_set_retry_write(b);
205 break;
206 case SSL_ERROR_WANT_READ:
207 BIO_set_retry_read(b);
208 break;
209 case SSL_ERROR_WANT_X509_LOOKUP:
210 BIO_set_retry_special(b);
211 retry_reason = BIO_RR_SSL_X509_LOOKUP;
212 break;
213 case SSL_ERROR_WANT_CONNECT:
214 BIO_set_retry_special(b);
215 retry_reason = BIO_RR_CONNECT;
216 case SSL_ERROR_SYSCALL:
217 case SSL_ERROR_SSL:
218 default:
219 break;
220 }
221
222 BIO_set_retry_reason(b, retry_reason);
223
224 return ret;
225 }
226
227 static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
228 {
229 SSL **sslp, *ssl;
230 BIO_SSL *bs, *dbs;
231 BIO *dbio, *bio;
232 long ret = 1;
233 BIO *next;
234
235 bs = BIO_get_data(b);
236 next = BIO_next(b);
237 ssl = bs->ssl;
238 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
239 return (0);
240 switch (cmd) {
241 case BIO_CTRL_RESET:
242 SSL_shutdown(ssl);
243
244 if (ssl->handshake_func == ssl->method->ssl_connect)
245 SSL_set_connect_state(ssl);
246 else if (ssl->handshake_func == ssl->method->ssl_accept)
247 SSL_set_accept_state(ssl);
248
249 if (!SSL_clear(ssl)) {
250 ret = 0;
251 break;
252 }
253
254 if (next != NULL)
255 ret = BIO_ctrl(next, cmd, num, ptr);
256 else if (ssl->rbio != NULL)
257 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
258 else
259 ret = 1;
260 break;
261 case BIO_CTRL_INFO:
262 ret = 0;
263 break;
264 case BIO_C_SSL_MODE:
265 if (num) /* client mode */
266 SSL_set_connect_state(ssl);
267 else
268 SSL_set_accept_state(ssl);
269 break;
270 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
271 ret = bs->renegotiate_timeout;
272 if (num < 60)
273 num = 5;
274 bs->renegotiate_timeout = (unsigned long)num;
275 bs->last_time = (unsigned long)time(NULL);
276 break;
277 case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
278 ret = bs->renegotiate_count;
279 if ((long)num >= 512)
280 bs->renegotiate_count = (unsigned long)num;
281 break;
282 case BIO_C_GET_SSL_NUM_RENEGOTIATES:
283 ret = bs->num_renegotiates;
284 break;
285 case BIO_C_SET_SSL:
286 if (ssl != NULL) {
287 ssl_free(b);
288 if (!ssl_new(b))
289 return 0;
290 }
291 BIO_set_shutdown(b, num);
292 ssl = (SSL *)ptr;
293 bs->ssl = ssl;
294 bio = SSL_get_rbio(ssl);
295 if (bio != NULL) {
296 if (next != NULL)
297 BIO_push(bio, next);
298 BIO_set_next(b, bio);
299 BIO_up_ref(bio);
300 }
301 BIO_set_init(b, 1);
302 break;
303 case BIO_C_GET_SSL:
304 if (ptr != NULL) {
305 sslp = (SSL **)ptr;
306 *sslp = ssl;
307 } else
308 ret = 0;
309 break;
310 case BIO_CTRL_GET_CLOSE:
311 ret = BIO_get_shutdown(b);
312 break;
313 case BIO_CTRL_SET_CLOSE:
314 BIO_set_shutdown(b, (int)num);
315 break;
316 case BIO_CTRL_WPENDING:
317 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
318 break;
319 case BIO_CTRL_PENDING:
320 ret = SSL_pending(ssl);
321 if (ret == 0)
322 ret = BIO_pending(ssl->rbio);
323 break;
324 case BIO_CTRL_FLUSH:
325 BIO_clear_retry_flags(b);
326 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
327 BIO_copy_next_retry(b);
328 break;
329 case BIO_CTRL_PUSH:
330 if ((next != NULL) && (next != ssl->rbio)) {
331 /*
332 * We are going to pass ownership of next to the SSL object...but
333 * we don't own a reference to pass yet - so up ref
334 */
335 BIO_up_ref(next);
336 SSL_set_bio(ssl, next, next);
337 }
338 break;
339 case BIO_CTRL_POP:
340 /* Only detach if we are the BIO explicitly being popped */
341 if (b == ptr) {
342 /* This will clear the reference we obtained during push */
343 SSL_set_bio(ssl, NULL, NULL);
344 }
345 break;
346 case BIO_C_DO_STATE_MACHINE:
347 BIO_clear_retry_flags(b);
348
349 BIO_set_retry_reason(b, 0);
350 ret = (int)SSL_do_handshake(ssl);
351
352 switch (SSL_get_error(ssl, (int)ret)) {
353 case SSL_ERROR_WANT_READ:
354 BIO_set_flags(b, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
355 break;
356 case SSL_ERROR_WANT_WRITE:
357 BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
358 break;
359 case SSL_ERROR_WANT_CONNECT:
360 BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
361 BIO_set_retry_reason(b, BIO_get_retry_reason(next));
362 break;
363 case SSL_ERROR_WANT_X509_LOOKUP:
364 BIO_set_retry_special(b);
365 BIO_set_retry_reason(b, BIO_RR_SSL_X509_LOOKUP);
366 break;
367 default:
368 break;
369 }
370 break;
371 case BIO_CTRL_DUP:
372 dbio = (BIO *)ptr;
373 dbs = BIO_get_data(dbio);
374 SSL_free(dbs->ssl);
375 dbs->ssl = SSL_dup(ssl);
376 dbs->num_renegotiates = bs->num_renegotiates;
377 dbs->renegotiate_count = bs->renegotiate_count;
378 dbs->byte_count = bs->byte_count;
379 dbs->renegotiate_timeout = bs->renegotiate_timeout;
380 dbs->last_time = bs->last_time;
381 ret = (dbs->ssl != NULL);
382 break;
383 case BIO_C_GET_FD:
384 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
385 break;
386 case BIO_CTRL_SET_CALLBACK:
387 {
388 #if 0 /* FIXME: Should this be used? -- Richard
389 * Levitte */
390 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
391 ret = -1;
392 #else
393 ret = 0;
394 #endif
395 }
396 break;
397 case BIO_CTRL_GET_CALLBACK:
398 {
399 void (**fptr) (const SSL *xssl, int type, int val);
400
401 fptr = (void (**)(const SSL *xssl, int type, int val))ptr;
402 *fptr = SSL_get_info_callback(ssl);
403 }
404 break;
405 default:
406 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
407 break;
408 }
409 return (ret);
410 }
411
412 static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
413 {
414 SSL *ssl;
415 BIO_SSL *bs;
416 long ret = 1;
417
418 bs = BIO_get_data(b);
419 ssl = bs->ssl;
420 switch (cmd) {
421 case BIO_CTRL_SET_CALLBACK:
422 {
423 /*
424 * FIXME: setting this via a completely different prototype seems
425 * like a crap idea
426 */
427 SSL_set_info_callback(ssl, (void (*)(const SSL *, int, int))fp);
428 }
429 break;
430 default:
431 ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
432 break;
433 }
434 return (ret);
435 }
436
437 static int ssl_puts(BIO *bp, const char *str)
438 {
439 int n, ret;
440
441 n = strlen(str);
442 ret = BIO_write(bp, str, n);
443 return (ret);
444 }
445
446 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
447 {
448 #ifndef OPENSSL_NO_SOCK
449 BIO *ret = NULL, *buf = NULL, *ssl = NULL;
450
451 if ((buf = BIO_new(BIO_f_buffer())) == NULL)
452 return (NULL);
453 if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
454 goto err;
455 if ((ret = BIO_push(buf, ssl)) == NULL)
456 goto err;
457 return (ret);
458 err:
459 BIO_free(buf);
460 BIO_free(ssl);
461 #endif
462 return (NULL);
463 }
464
465 BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
466 {
467 #ifndef OPENSSL_NO_SOCK
468 BIO *ret = NULL, *con = NULL, *ssl = NULL;
469
470 if ((con = BIO_new(BIO_s_connect())) == NULL)
471 return (NULL);
472 if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
473 goto err;
474 if ((ret = BIO_push(ssl, con)) == NULL)
475 goto err;
476 return (ret);
477 err:
478 BIO_free(con);
479 #endif
480 return (NULL);
481 }
482
483 BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
484 {
485 BIO *ret;
486 SSL *ssl;
487
488 if ((ret = BIO_new(BIO_f_ssl())) == NULL)
489 return (NULL);
490 if ((ssl = SSL_new(ctx)) == NULL) {
491 BIO_free(ret);
492 return (NULL);
493 }
494 if (client)
495 SSL_set_connect_state(ssl);
496 else
497 SSL_set_accept_state(ssl);
498
499 BIO_set_ssl(ret, ssl, BIO_CLOSE);
500 return (ret);
501 }
502
503 int BIO_ssl_copy_session_id(BIO *t, BIO *f)
504 {
505 BIO_SSL *tdata, *fdata;
506 t = BIO_find_type(t, BIO_TYPE_SSL);
507 f = BIO_find_type(f, BIO_TYPE_SSL);
508 if ((t == NULL) || (f == NULL))
509 return 0;
510 tdata = BIO_get_data(t);
511 fdata = BIO_get_data(f);
512 if ((tdata->ssl == NULL) || (fdata->ssl == NULL))
513 return (0);
514 if (!SSL_copy_session_id(tdata->ssl, (fdata->ssl)))
515 return 0;
516 return (1);
517 }
518
519 void BIO_ssl_shutdown(BIO *b)
520 {
521 SSL *s;
522
523 b = BIO_find_type(b, BIO_TYPE_SSL);
524 if (b == NULL)
525 return;
526
527 s = BIO_get_data(b);
528 SSL_shutdown(s);
529 }
A mirror of the official openssl repository