2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
63 #include <openssl/crypto.h>
64 #include <openssl/bio.h>
65 #include <openssl/err.h>
66 #include <openssl/ssl.h>
69 static int ssl_write(BIO
*h
,char *buf
,int num
);
70 static int ssl_read(BIO
*h
,char *buf
,int size
);
71 static int ssl_puts(BIO
*h
,char *str
);
72 static long ssl_ctrl(BIO
*h
,int cmd
,long arg1
,char *arg2
);
73 static int ssl_new(BIO
*h
);
74 static int ssl_free(BIO
*data
);
76 static int ssl_write();
77 static int ssl_read();
78 static int ssl_puts();
79 static long ssl_ctrl();
81 static int ssl_free();
84 typedef struct bio_ssl_st
86 SSL
*ssl
; /* The ssl handle :-) */
87 /* re-negotiate every time the total number of bytes is this size */
89 unsigned long renegotiate_count
;
90 unsigned long byte_count
;
91 unsigned long renegotiate_timeout
;
92 unsigned long last_time
;
95 static BIO_METHOD methods_sslp
=
101 NULL
, /* ssl_gets, */
107 BIO_METHOD
*BIO_f_ssl(void)
109 return(&methods_sslp
);
112 static int ssl_new(BIO
*bi
)
116 bs
=(BIO_SSL
*)Malloc(sizeof(BIO_SSL
));
119 BIOerr(BIO_F_SSL_NEW
,ERR_R_MALLOC_FAILURE
);
122 memset(bs
,0,sizeof(BIO_SSL
));
129 static int ssl_free(BIO
*a
)
133 if (a
== NULL
) return(0);
134 bs
=(BIO_SSL
*)a
->ptr
;
135 if (bs
->ssl
!= NULL
) SSL_shutdown(bs
->ssl
);
138 if (a
->init
&& (bs
->ssl
!= NULL
))
148 static int ssl_read(BIO
*b
, char *out
, int outl
)
156 if (out
== NULL
) return(0);
157 sb
=(BIO_SSL
*)b
->ptr
;
160 BIO_clear_retry_flags(b
);
163 if (!SSL_is_init_finished(ssl
))
165 /* ret=SSL_do_handshake(ssl); */
169 outflags
=(BIO_FLAGS_READ
|BIO_FLAGS_SHOULD_RETRY
);
176 ret
=SSL_read(ssl
,out
,outl
);
178 switch (SSL_get_error(ssl
,ret
))
182 if (sb
->renegotiate_count
> 0)
185 if (sb
->byte_count
> sb
->renegotiate_count
)
188 sb
->num_renegotiates
++;
189 SSL_renegotiate(ssl
);
193 if ((sb
->renegotiate_timeout
> 0) && (!r
))
197 tm
=(unsigned long)time(NULL
);
198 if (tm
> sb
->last_time
+sb
->renegotiate_timeout
)
201 sb
->num_renegotiates
++;
202 SSL_renegotiate(ssl
);
207 case SSL_ERROR_WANT_READ
:
208 BIO_set_retry_read(b
);
210 case SSL_ERROR_WANT_WRITE
:
211 BIO_set_retry_write(b
);
213 case SSL_ERROR_WANT_X509_LOOKUP
:
214 BIO_set_retry_special(b
);
215 retry_reason
=BIO_RR_SSL_X509_LOOKUP
;
217 case SSL_ERROR_WANT_CONNECT
:
218 BIO_set_retry_special(b
);
219 retry_reason
=BIO_RR_CONNECT
;
221 case SSL_ERROR_SYSCALL
:
223 case SSL_ERROR_ZERO_RETURN
:
228 b
->retry_reason
=retry_reason
;
232 static int ssl_write(BIO
*b
, char *out
, int outl
)
239 if (out
== NULL
) return(0);
240 bs
=(BIO_SSL
*)b
->ptr
;
243 BIO_clear_retry_flags(b
);
245 /* ret=SSL_do_handshake(ssl);
247 ret
=SSL_write(ssl
,out
,outl
);
249 switch (SSL_get_error(ssl
,ret
))
253 if (bs
->renegotiate_count
> 0)
256 if (bs
->byte_count
> bs
->renegotiate_count
)
259 bs
->num_renegotiates
++;
260 SSL_renegotiate(ssl
);
264 if ((bs
->renegotiate_timeout
> 0) && (!r
))
268 tm
=(unsigned long)time(NULL
);
269 if (tm
> bs
->last_time
+bs
->renegotiate_timeout
)
272 bs
->num_renegotiates
++;
273 SSL_renegotiate(ssl
);
277 case SSL_ERROR_WANT_WRITE
:
278 BIO_set_retry_write(b
);
280 case SSL_ERROR_WANT_READ
:
281 BIO_set_retry_read(b
);
283 case SSL_ERROR_WANT_X509_LOOKUP
:
284 BIO_set_retry_special(b
);
285 retry_reason
=BIO_RR_SSL_X509_LOOKUP
;
287 case SSL_ERROR_WANT_CONNECT
:
288 BIO_set_retry_special(b
);
289 retry_reason
=BIO_RR_CONNECT
;
290 case SSL_ERROR_SYSCALL
:
296 b
->retry_reason
=retry_reason
;
300 static long ssl_ctrl(BIO
*b
, int cmd
, long num
, char *ptr
)
307 bs
=(BIO_SSL
*)b
->ptr
;
309 if ((ssl
== NULL
) && (cmd
!= BIO_C_SET_SSL
))
316 if (ssl
->handshake_func
== ssl
->method
->ssl_connect
)
317 SSL_set_connect_state(ssl
);
318 else if (ssl
->handshake_func
== ssl
->method
->ssl_accept
)
319 SSL_set_accept_state(ssl
);
323 if (b
->next_bio
!= NULL
)
324 ret
=BIO_ctrl(b
->next_bio
,cmd
,num
,ptr
);
325 else if (ssl
->rbio
!= NULL
)
326 ret
=BIO_ctrl(ssl
->rbio
,cmd
,num
,ptr
);
334 if (num
) /* client mode */
335 SSL_set_connect_state(ssl
);
337 SSL_set_accept_state(ssl
);
339 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT
:
340 ret
=bs
->renegotiate_timeout
;
342 bs
->renegotiate_timeout
=(unsigned long)num
;
343 bs
->last_time
=(unsigned long)time(NULL
);
345 case BIO_C_SET_SSL_RENEGOTIATE_BYTES
:
346 ret
=bs
->renegotiate_count
;
348 bs
->renegotiate_count
=(unsigned long)num
;
350 case BIO_C_GET_SSL_NUM_RENEGOTIATES
:
351 ret
=bs
->num_renegotiates
;
356 b
->shutdown
=(int)num
;
358 ((BIO_SSL
*)b
->ptr
)->ssl
=ssl
;
359 bio
=SSL_get_rbio(ssl
);
362 if (b
->next_bio
!= NULL
)
363 BIO_push(bio
,b
->next_bio
);
365 CRYPTO_add(&bio
->references
,1,CRYPTO_LOCK_BIO
);
378 case BIO_CTRL_GET_CLOSE
:
381 case BIO_CTRL_SET_CLOSE
:
382 b
->shutdown
=(int)num
;
384 case BIO_CTRL_WPENDING
:
385 ret
=BIO_ctrl(ssl
->wbio
,cmd
,num
,ptr
);
387 case BIO_CTRL_PENDING
:
388 ret
=SSL_pending(ssl
);
390 ret
=BIO_pending(ssl
->rbio
);
393 BIO_clear_retry_flags(b
);
394 ret
=BIO_ctrl(ssl
->wbio
,cmd
,num
,ptr
);
395 BIO_copy_next_retry(b
);
398 if ((b
->next_bio
!= NULL
) && (b
->next_bio
!= ssl
->rbio
))
400 SSL_set_bio(ssl
,b
->next_bio
,b
->next_bio
);
401 CRYPTO_add(&b
->next_bio
->references
,1,CRYPTO_LOCK_BIO
);
405 /* ugly bit of a hack */
406 if (ssl
->rbio
!= ssl
->wbio
) /* we are in trouble :-( */
408 BIO_free_all(ssl
->wbio
);
413 case BIO_C_DO_STATE_MACHINE
:
414 BIO_clear_retry_flags(b
);
417 ret
=(int)SSL_do_handshake(ssl
);
419 switch (SSL_get_error(ssl
,(int)ret
))
421 case SSL_ERROR_WANT_READ
:
423 BIO_FLAGS_READ
|BIO_FLAGS_SHOULD_RETRY
);
425 case SSL_ERROR_WANT_WRITE
:
427 BIO_FLAGS_WRITE
|BIO_FLAGS_SHOULD_RETRY
);
429 case SSL_ERROR_WANT_CONNECT
:
431 BIO_FLAGS_IO_SPECIAL
|BIO_FLAGS_SHOULD_RETRY
);
432 b
->retry_reason
=b
->next_bio
->retry_reason
;
440 if (((BIO_SSL
*)dbio
->ptr
)->ssl
!= NULL
)
441 SSL_free(((BIO_SSL
*)dbio
->ptr
)->ssl
);
442 ((BIO_SSL
*)dbio
->ptr
)->ssl
=SSL_dup(ssl
);
443 ((BIO_SSL
*)dbio
->ptr
)->renegotiate_count
=
444 ((BIO_SSL
*)b
->ptr
)->renegotiate_count
;
445 ((BIO_SSL
*)dbio
->ptr
)->byte_count
=
446 ((BIO_SSL
*)b
->ptr
)->byte_count
;
447 ((BIO_SSL
*)dbio
->ptr
)->renegotiate_timeout
=
448 ((BIO_SSL
*)b
->ptr
)->renegotiate_timeout
;
449 ((BIO_SSL
*)dbio
->ptr
)->last_time
=
450 ((BIO_SSL
*)b
->ptr
)->last_time
;
451 ret
=(((BIO_SSL
*)dbio
->ptr
)->ssl
!= NULL
);
454 ret
=BIO_ctrl(ssl
->rbio
,cmd
,num
,ptr
);
456 case BIO_CTRL_SET_CALLBACK
:
457 SSL_set_info_callback(ssl
,(void (*)())ptr
);
459 case BIO_CTRL_GET_CALLBACK
:
463 fptr
=(void (**)())ptr
;
464 *fptr
=SSL_get_info_callback(ssl
);
468 ret
=BIO_ctrl(ssl
->rbio
,cmd
,num
,ptr
);
474 static int ssl_puts(BIO
*bp
, char *str
)
479 ret
=BIO_write(bp
,str
,n
);
483 BIO
*BIO_new_buffer_ssl_connect(SSL_CTX
*ctx
)
485 BIO
*ret
=NULL
,*buf
=NULL
,*ssl
=NULL
;
487 if ((buf
=BIO_new(BIO_f_buffer())) == NULL
)
489 if ((ssl
=BIO_new_ssl_connect(ctx
)) == NULL
)
491 if ((ret
=BIO_push(buf
,ssl
)) == NULL
)
495 if (buf
!= NULL
) BIO_free(buf
);
496 if (ssl
!= NULL
) BIO_free(ssl
);
500 BIO
*BIO_new_ssl_connect(SSL_CTX
*ctx
)
502 BIO
*ret
=NULL
,*con
=NULL
,*ssl
=NULL
;
504 if ((con
=BIO_new(BIO_s_connect())) == NULL
)
506 if ((ssl
=BIO_new_ssl(ctx
,1)) == NULL
)
508 if ((ret
=BIO_push(ssl
,con
)) == NULL
)
512 if (con
!= NULL
) BIO_free(con
);
513 if (ret
!= NULL
) BIO_free(ret
);
517 BIO
*BIO_new_ssl(SSL_CTX
*ctx
, int client
)
522 if ((ret
=BIO_new(BIO_f_ssl())) == NULL
)
524 if ((ssl
=SSL_new(ctx
)) == NULL
)
530 SSL_set_connect_state(ssl
);
532 SSL_set_accept_state(ssl
);
534 BIO_set_ssl(ret
,ssl
,BIO_CLOSE
);
538 int BIO_ssl_copy_session_id(BIO
*t
, BIO
*f
)
540 t
=BIO_find_type(t
,BIO_TYPE_SSL
);
541 f
=BIO_find_type(f
,BIO_TYPE_SSL
);
542 if ((t
== NULL
) || (f
== NULL
))
544 if ( (((BIO_SSL
*)t
->ptr
)->ssl
== NULL
) ||
545 (((BIO_SSL
*)f
->ptr
)->ssl
== NULL
))
547 SSL_copy_session_id(((BIO_SSL
*)t
->ptr
)->ssl
,((BIO_SSL
*)f
->ptr
)->ssl
);
551 void BIO_ssl_shutdown(BIO
*b
)
557 if (b
->method
->type
== BIO_TYPE_SSL
)
559 s
=((BIO_SSL
*)b
->ptr
)->ssl
;