2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 #include <openssl/crypto.h>
15 #include "internal/bio.h"
16 #include <openssl/err.h>
19 static int ssl_write(BIO
*h
, const char *buf
, size_t size
, size_t *written
);
20 static int ssl_read(BIO
*b
, char *buf
, size_t size
, size_t *readbytes
);
21 static int ssl_puts(BIO
*h
, const char *str
);
22 static long ssl_ctrl(BIO
*h
, int cmd
, long arg1
, void *arg2
);
23 static int ssl_new(BIO
*h
);
24 static int ssl_free(BIO
*data
);
25 static long ssl_callback_ctrl(BIO
*h
, int cmd
, bio_info_cb
*fp
);
26 typedef struct bio_ssl_st
{
27 SSL
*ssl
; /* The ssl handle :-) */
28 /* re-negotiate every time the total number of bytes is this size */
30 unsigned long renegotiate_count
;
32 unsigned long renegotiate_timeout
;
33 unsigned long last_time
;
36 static const BIO_METHOD methods_sslp
= {
50 const BIO_METHOD
*BIO_f_ssl(void)
52 return (&methods_sslp
);
55 static int ssl_new(BIO
*bi
)
57 BIO_SSL
*bs
= OPENSSL_zalloc(sizeof(*bs
));
60 BIOerr(BIO_F_SSL_NEW
, ERR_R_MALLOC_FAILURE
);
66 BIO_clear_flags(bi
, ~0);
71 static int ssl_free(BIO
*a
)
79 SSL_shutdown(bs
->ssl
);
80 if (BIO_get_shutdown(a
)) {
84 BIO_clear_flags(a
, ~0);
91 static int ssl_read(BIO
*b
, char *buf
, size_t size
, size_t *readbytes
)
101 sb
= BIO_get_data(b
);
104 BIO_clear_retry_flags(b
);
106 ret
= SSL_read_ex(ssl
, buf
, size
, readbytes
);
108 switch (SSL_get_error(ssl
, ret
)) {
112 if (sb
->renegotiate_count
> 0) {
113 sb
->byte_count
+= *readbytes
;
114 if (sb
->byte_count
> sb
->renegotiate_count
) {
116 sb
->num_renegotiates
++;
117 SSL_renegotiate(ssl
);
121 if ((sb
->renegotiate_timeout
> 0) && (!r
)) {
124 tm
= (unsigned long)time(NULL
);
125 if (tm
> sb
->last_time
+ sb
->renegotiate_timeout
) {
127 sb
->num_renegotiates
++;
128 SSL_renegotiate(ssl
);
133 case SSL_ERROR_WANT_READ
:
134 BIO_set_retry_read(b
);
136 case SSL_ERROR_WANT_WRITE
:
137 BIO_set_retry_write(b
);
139 case SSL_ERROR_WANT_X509_LOOKUP
:
140 BIO_set_retry_special(b
);
141 retry_reason
= BIO_RR_SSL_X509_LOOKUP
;
143 case SSL_ERROR_WANT_ACCEPT
:
144 BIO_set_retry_special(b
);
145 retry_reason
= BIO_RR_ACCEPT
;
147 case SSL_ERROR_WANT_CONNECT
:
148 BIO_set_retry_special(b
);
149 retry_reason
= BIO_RR_CONNECT
;
151 case SSL_ERROR_SYSCALL
:
153 case SSL_ERROR_ZERO_RETURN
:
158 BIO_set_retry_reason(b
, retry_reason
);
163 static int ssl_write(BIO
*b
, const char *buf
, size_t size
, size_t *written
)
166 int retry_reason
= 0;
172 bs
= BIO_get_data(b
);
175 BIO_clear_retry_flags(b
);
177 ret
= SSL_write_ex(ssl
, buf
, size
, written
);
179 switch (SSL_get_error(ssl
, ret
)) {
183 if (bs
->renegotiate_count
> 0) {
184 bs
->byte_count
+= *written
;
185 if (bs
->byte_count
> bs
->renegotiate_count
) {
187 bs
->num_renegotiates
++;
188 SSL_renegotiate(ssl
);
192 if ((bs
->renegotiate_timeout
> 0) && (!r
)) {
195 tm
= (unsigned long)time(NULL
);
196 if (tm
> bs
->last_time
+ bs
->renegotiate_timeout
) {
198 bs
->num_renegotiates
++;
199 SSL_renegotiate(ssl
);
203 case SSL_ERROR_WANT_WRITE
:
204 BIO_set_retry_write(b
);
206 case SSL_ERROR_WANT_READ
:
207 BIO_set_retry_read(b
);
209 case SSL_ERROR_WANT_X509_LOOKUP
:
210 BIO_set_retry_special(b
);
211 retry_reason
= BIO_RR_SSL_X509_LOOKUP
;
213 case SSL_ERROR_WANT_CONNECT
:
214 BIO_set_retry_special(b
);
215 retry_reason
= BIO_RR_CONNECT
;
216 case SSL_ERROR_SYSCALL
:
222 BIO_set_retry_reason(b
, retry_reason
);
227 static long ssl_ctrl(BIO
*b
, int cmd
, long num
, void *ptr
)
235 bs
= BIO_get_data(b
);
238 if ((ssl
== NULL
) && (cmd
!= BIO_C_SET_SSL
))
244 if (ssl
->handshake_func
== ssl
->method
->ssl_connect
)
245 SSL_set_connect_state(ssl
);
246 else if (ssl
->handshake_func
== ssl
->method
->ssl_accept
)
247 SSL_set_accept_state(ssl
);
249 if (!SSL_clear(ssl
)) {
255 ret
= BIO_ctrl(next
, cmd
, num
, ptr
);
256 else if (ssl
->rbio
!= NULL
)
257 ret
= BIO_ctrl(ssl
->rbio
, cmd
, num
, ptr
);
265 if (num
) /* client mode */
266 SSL_set_connect_state(ssl
);
268 SSL_set_accept_state(ssl
);
270 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT
:
271 ret
= bs
->renegotiate_timeout
;
274 bs
->renegotiate_timeout
= (unsigned long)num
;
275 bs
->last_time
= (unsigned long)time(NULL
);
277 case BIO_C_SET_SSL_RENEGOTIATE_BYTES
:
278 ret
= bs
->renegotiate_count
;
279 if ((long)num
>= 512)
280 bs
->renegotiate_count
= (unsigned long)num
;
282 case BIO_C_GET_SSL_NUM_RENEGOTIATES
:
283 ret
= bs
->num_renegotiates
;
291 BIO_set_shutdown(b
, num
);
294 bio
= SSL_get_rbio(ssl
);
298 BIO_set_next(b
, bio
);
310 case BIO_CTRL_GET_CLOSE
:
311 ret
= BIO_get_shutdown(b
);
313 case BIO_CTRL_SET_CLOSE
:
314 BIO_set_shutdown(b
, (int)num
);
316 case BIO_CTRL_WPENDING
:
317 ret
= BIO_ctrl(ssl
->wbio
, cmd
, num
, ptr
);
319 case BIO_CTRL_PENDING
:
320 ret
= SSL_pending(ssl
);
322 ret
= BIO_pending(ssl
->rbio
);
325 BIO_clear_retry_flags(b
);
326 ret
= BIO_ctrl(ssl
->wbio
, cmd
, num
, ptr
);
327 BIO_copy_next_retry(b
);
330 if ((next
!= NULL
) && (next
!= ssl
->rbio
)) {
332 * We are going to pass ownership of next to the SSL object...but
333 * we don't own a reference to pass yet - so up ref
336 SSL_set_bio(ssl
, next
, next
);
340 /* Only detach if we are the BIO explicitly being popped */
342 /* This will clear the reference we obtained during push */
343 SSL_set_bio(ssl
, NULL
, NULL
);
346 case BIO_C_DO_STATE_MACHINE
:
347 BIO_clear_retry_flags(b
);
349 BIO_set_retry_reason(b
, 0);
350 ret
= (int)SSL_do_handshake(ssl
);
352 switch (SSL_get_error(ssl
, (int)ret
)) {
353 case SSL_ERROR_WANT_READ
:
354 BIO_set_flags(b
, BIO_FLAGS_READ
| BIO_FLAGS_SHOULD_RETRY
);
356 case SSL_ERROR_WANT_WRITE
:
357 BIO_set_flags(b
, BIO_FLAGS_WRITE
| BIO_FLAGS_SHOULD_RETRY
);
359 case SSL_ERROR_WANT_CONNECT
:
360 BIO_set_flags(b
, BIO_FLAGS_IO_SPECIAL
| BIO_FLAGS_SHOULD_RETRY
);
361 BIO_set_retry_reason(b
, BIO_get_retry_reason(next
));
363 case SSL_ERROR_WANT_X509_LOOKUP
:
364 BIO_set_retry_special(b
);
365 BIO_set_retry_reason(b
, BIO_RR_SSL_X509_LOOKUP
);
373 dbs
= BIO_get_data(dbio
);
375 dbs
->ssl
= SSL_dup(ssl
);
376 dbs
->num_renegotiates
= bs
->num_renegotiates
;
377 dbs
->renegotiate_count
= bs
->renegotiate_count
;
378 dbs
->byte_count
= bs
->byte_count
;
379 dbs
->renegotiate_timeout
= bs
->renegotiate_timeout
;
380 dbs
->last_time
= bs
->last_time
;
381 ret
= (dbs
->ssl
!= NULL
);
384 ret
= BIO_ctrl(ssl
->rbio
, cmd
, num
, ptr
);
386 case BIO_CTRL_SET_CALLBACK
:
388 #if 0 /* FIXME: Should this be used? -- Richard
390 SSLerr(SSL_F_SSL_CTRL
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
397 case BIO_CTRL_GET_CALLBACK
:
399 void (**fptr
) (const SSL
*xssl
, int type
, int val
);
401 fptr
= (void (**)(const SSL
*xssl
, int type
, int val
))ptr
;
402 *fptr
= SSL_get_info_callback(ssl
);
406 ret
= BIO_ctrl(ssl
->rbio
, cmd
, num
, ptr
);
412 static long ssl_callback_ctrl(BIO
*b
, int cmd
, bio_info_cb
*fp
)
418 bs
= BIO_get_data(b
);
421 case BIO_CTRL_SET_CALLBACK
:
424 * FIXME: setting this via a completely different prototype seems
427 SSL_set_info_callback(ssl
, (void (*)(const SSL
*, int, int))fp
);
431 ret
= BIO_callback_ctrl(ssl
->rbio
, cmd
, fp
);
437 static int ssl_puts(BIO
*bp
, const char *str
)
442 ret
= BIO_write(bp
, str
, n
);
446 BIO
*BIO_new_buffer_ssl_connect(SSL_CTX
*ctx
)
448 #ifndef OPENSSL_NO_SOCK
449 BIO
*ret
= NULL
, *buf
= NULL
, *ssl
= NULL
;
451 if ((buf
= BIO_new(BIO_f_buffer())) == NULL
)
453 if ((ssl
= BIO_new_ssl_connect(ctx
)) == NULL
)
455 if ((ret
= BIO_push(buf
, ssl
)) == NULL
)
465 BIO
*BIO_new_ssl_connect(SSL_CTX
*ctx
)
467 #ifndef OPENSSL_NO_SOCK
468 BIO
*ret
= NULL
, *con
= NULL
, *ssl
= NULL
;
470 if ((con
= BIO_new(BIO_s_connect())) == NULL
)
472 if ((ssl
= BIO_new_ssl(ctx
, 1)) == NULL
)
474 if ((ret
= BIO_push(ssl
, con
)) == NULL
)
483 BIO
*BIO_new_ssl(SSL_CTX
*ctx
, int client
)
488 if ((ret
= BIO_new(BIO_f_ssl())) == NULL
)
490 if ((ssl
= SSL_new(ctx
)) == NULL
) {
495 SSL_set_connect_state(ssl
);
497 SSL_set_accept_state(ssl
);
499 BIO_set_ssl(ret
, ssl
, BIO_CLOSE
);
503 int BIO_ssl_copy_session_id(BIO
*t
, BIO
*f
)
505 BIO_SSL
*tdata
, *fdata
;
506 t
= BIO_find_type(t
, BIO_TYPE_SSL
);
507 f
= BIO_find_type(f
, BIO_TYPE_SSL
);
508 if ((t
== NULL
) || (f
== NULL
))
510 tdata
= BIO_get_data(t
);
511 fdata
= BIO_get_data(f
);
512 if ((tdata
->ssl
== NULL
) || (fdata
->ssl
== NULL
))
514 if (!SSL_copy_session_id(tdata
->ssl
, (fdata
->ssl
)))
519 void BIO_ssl_shutdown(BIO
*b
)
523 b
= BIO_find_type(b
, BIO_TYPE_SSL
);