1 /* $NetBSD: bufferevent_openssl.c,v 1.1.1.1 2013/04/11 16:43:25 christos Exp $ */
3 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include <sys/types.h>
30 #include "event2/event-config.h"
31 #include <sys/cdefs.h>
32 __RCSID("$NetBSD: bufferevent_openssl.c,v 1.1.1.1 2013/04/11 16:43:25 christos Exp $");
34 #ifdef _EVENT_HAVE_SYS_TIME_H
42 #ifdef _EVENT_HAVE_STDARG_H
45 #ifdef _EVENT_HAVE_UNISTD_H
53 #include "event2/bufferevent.h"
54 #include "event2/bufferevent_struct.h"
55 #include "event2/bufferevent_ssl.h"
56 #include "event2/buffer.h"
57 #include "event2/event.h"
59 #include "mm-internal.h"
60 #include "bufferevent-internal.h"
61 #include "log-internal.h"
63 #include <openssl/bio.h>
64 #include <openssl/ssl.h>
65 #include <openssl/err.h>
68 * Define an OpenSSL bio that targets a bufferevent.
71 /* --------------------
72 A BIO is an OpenSSL abstraction that handles reading and writing data. The
73 library will happily speak SSL over anything that implements a BIO
76 Here we define a BIO implementation that directs its output to a
77 bufferevent. We'll want to use this only when none of OpenSSL's built-in
78 IO mechanisms work for us.
79 -------------------- */
81 /* every BIO type needs its own integer type value. */
82 #define BIO_TYPE_LIBEVENT 57
83 /* ???? Arguably, we should set BIO_TYPE_FILTER or BIO_TYPE_SOURCE_SINK on
91 printf("Error was %d\n", val
);
93 while ((err
= ERR_get_error())) {
94 const char *msg
= (const char*)ERR_reason_error_string(err
);
95 const char *lib
= (const char*)ERR_lib_error_string(err
);
96 const char *func
= (const char*)ERR_func_error_string(err
);
98 printf("%s in %s %s\n", msg
, lib
, func
);
102 #define print_err(v) ((void)0)
105 /* Called to initialize a new BIO */
107 bio_bufferevent_new(BIO
*b
)
111 b
->ptr
= NULL
; /* We'll be putting the bufferevent in this field.*/
116 /* Called to uninitialize the BIO. */
118 bio_bufferevent_free(BIO
*b
)
123 if (b
->init
&& b
->ptr
)
124 bufferevent_free(b
->ptr
);
132 /* Called to extract data from the BIO. */
134 bio_bufferevent_read(BIO
*b
, char *out
, int outlen
)
137 struct evbuffer
*input
;
139 BIO_clear_retry_flags(b
);
146 input
= bufferevent_get_input(b
->ptr
);
147 if (evbuffer_get_length(input
) == 0) {
148 /* If there's no data to read, say so. */
149 BIO_set_retry_read(b
);
152 r
= evbuffer_remove(input
, out
, outlen
);
158 /* Called to write data info the BIO */
160 bio_bufferevent_write(BIO
*b
, const char *in
, int inlen
)
162 struct bufferevent
*bufev
= b
->ptr
;
163 struct evbuffer
*output
;
166 BIO_clear_retry_flags(b
);
171 output
= bufferevent_get_output(bufev
);
172 outlen
= evbuffer_get_length(output
);
174 /* Copy only as much data onto the output buffer as can fit under the
175 * high-water mark. */
176 if (bufev
->wm_write
.high
&& bufev
->wm_write
.high
<= (outlen
+inlen
)) {
177 if (bufev
->wm_write
.high
<= outlen
) {
178 /* If no data can fit, we'll need to retry later. */
179 BIO_set_retry_write(b
);
182 inlen
= bufev
->wm_write
.high
- outlen
;
185 EVUTIL_ASSERT(inlen
> 0);
186 evbuffer_add(output
, in
, inlen
);
190 /* Called to handle various requests */
192 bio_bufferevent_ctrl(BIO
*b
, int cmd
, long num
, void *ptr
)
194 struct bufferevent
*bufev
= b
->ptr
;
198 case BIO_CTRL_GET_CLOSE
:
201 case BIO_CTRL_SET_CLOSE
:
202 b
->shutdown
= (int)num
;
204 case BIO_CTRL_PENDING
:
205 ret
= evbuffer_get_length(bufferevent_get_input(bufev
)) != 0;
207 case BIO_CTRL_WPENDING
:
208 ret
= evbuffer_get_length(bufferevent_get_output(bufev
)) != 0;
210 /* XXXX These two are given a special-case treatment because
211 * of cargo-cultism. I should come up with a better reason. */
223 /* Called to write a string to the BIO */
225 bio_bufferevent_puts(BIO
*b
, const char *s
)
227 return bio_bufferevent_write(b
, s
, strlen(s
));
230 /* Method table for the bufferevent BIO */
231 static BIO_METHOD methods_bufferevent
= {
232 BIO_TYPE_LIBEVENT
, "bufferevent",
233 bio_bufferevent_write
,
234 bio_bufferevent_read
,
235 bio_bufferevent_puts
,
236 NULL
/* bio_bufferevent_gets */,
237 bio_bufferevent_ctrl
,
239 bio_bufferevent_free
,
240 NULL
/* callback_ctrl */,
243 /* Return the method table for the bufferevents BIO */
245 BIO_s_bufferevent(void)
247 return &methods_bufferevent
;
250 /* Create a new BIO to wrap communication around a bufferevent. If close_flag
251 * is true, the bufferevent will be freed when the BIO is closed. */
253 BIO_new_bufferevent(struct bufferevent
*bufferevent
, int close_flag
)
258 if (!(result
= BIO_new(BIO_s_bufferevent())))
261 result
->ptr
= bufferevent
;
262 result
->shutdown
= close_flag
? 1 : 0;
266 /* --------------------
267 Now, here's the OpenSSL-based implementation of bufferevent.
269 The implementation comes in two flavors: one that connects its SSL object
270 to an underlying bufferevent using a BIO_bufferevent, and one that has the
271 SSL object connect to a socket directly. The latter should generally be
272 faster, except on Windows, where your best bet is using a
275 (OpenSSL supports many other BIO types, too. But we can't use any unless
276 we have a good way to get notified when they become readable/writable.)
277 -------------------- */
279 struct bio_data_counts
{
280 unsigned long n_written
;
281 unsigned long n_read
;
284 struct bufferevent_openssl
{
285 /* Shared fields with common bufferevent implementation code.
286 If we were set up with an underlying bufferevent, we use the
287 events here as timers only. If we have an SSL, then we use
288 the events as socket events.
290 struct bufferevent_private bev
;
291 /* An underlying bufferevent that we're directing our output to.
292 If it's NULL, then we're connected to an fd, not an evbuffer. */
293 struct bufferevent
*underlying
;
294 /* The SSL object doing our encryption. */
297 /* A callback that's invoked when data arrives on our outbuf so we
298 know to write data to the SSL. */
299 struct evbuffer_cb_entry
*outbuf_cb
;
301 /* A count of how much data the bios have read/written total. Used
302 for rate-limiting. */
303 struct bio_data_counts counts
;
305 /* If this value is greater than 0, then the last SSL_write blocked,
306 * and we need to try it again with this many bytes. */
307 ev_ssize_t last_write
;
310 ev_uint32_t errors
[NUM_ERRORS
];
312 /* When we next get available space, we should say "read" instead of
313 "write". This can happen if there's a renegotiation during a read
315 unsigned read_blocked_on_write
: 1;
316 /* When we next get data, we should say "write" instead of "read". */
317 unsigned write_blocked_on_read
: 1;
319 unsigned allow_dirty_shutdown
: 1;
321 unsigned fd_is_set
: 1;
323 unsigned n_errors
: 2;
325 /* Are we currently connecting, accepting, or doing IO? */
329 static int be_openssl_enable(struct bufferevent
*, short);
330 static int be_openssl_disable(struct bufferevent
*, short);
331 static void be_openssl_destruct(struct bufferevent
*);
332 static int be_openssl_adj_timeouts(struct bufferevent
*);
333 static int be_openssl_flush(struct bufferevent
*bufev
,
334 short iotype
, enum bufferevent_flush_mode mode
);
335 static int be_openssl_ctrl(struct bufferevent
*, enum bufferevent_ctrl_op
, union bufferevent_ctrl_data
*);
337 const struct bufferevent_ops bufferevent_ops_openssl
= {
339 evutil_offsetof(struct bufferevent_openssl
, bev
.bev
),
343 be_openssl_adj_timeouts
,
348 /* Given a bufferevent, return a pointer to the bufferevent_openssl that
349 * contains it, if any. */
350 static inline struct bufferevent_openssl
*
351 upcast(struct bufferevent
*bev
)
353 struct bufferevent_openssl
*bev_o
;
354 if (bev
->be_ops
!= &bufferevent_ops_openssl
)
356 bev_o
= (void*)( ((char*)bev
) -
357 evutil_offsetof(struct bufferevent_openssl
, bev
.bev
));
358 EVUTIL_ASSERT(bev_o
->bev
.bev
.be_ops
== &bufferevent_ops_openssl
);
363 put_error(struct bufferevent_openssl
*bev_ssl
, unsigned long err
)
365 if (bev_ssl
->n_errors
== NUM_ERRORS
)
367 /* The error type according to openssl is "unsigned long", but
368 openssl never uses more than 32 bits of it. It _can't_ use more
369 than 32 bits of it, since it needs to report errors on systems
370 where long is only 32 bits.
372 bev_ssl
->errors
[bev_ssl
->n_errors
++] = (ev_uint32_t
) err
;
375 /* Have the base communications channel (either the underlying bufferevent or
376 * ev_read and ev_write) start reading. Take the read-blocked-on-write flag
379 start_reading(struct bufferevent_openssl
*bev_ssl
)
381 if (bev_ssl
->underlying
) {
382 bufferevent_unsuspend_read(bev_ssl
->underlying
,
383 BEV_SUSPEND_FILT_READ
);
386 struct bufferevent
*bev
= &bev_ssl
->bev
.bev
;
388 r
= _bufferevent_add_event(&bev
->ev_read
, &bev
->timeout_read
);
389 if (r
== 0 && bev_ssl
->read_blocked_on_write
)
390 r
= _bufferevent_add_event(&bev
->ev_write
,
391 &bev
->timeout_write
);
396 /* Have the base communications channel (either the underlying bufferevent or
397 * ev_read and ev_write) start writing. Take the write-blocked-on-read flag
400 start_writing(struct bufferevent_openssl
*bev_ssl
)
403 if (bev_ssl
->underlying
) {
406 struct bufferevent
*bev
= &bev_ssl
->bev
.bev
;
407 r
= _bufferevent_add_event(&bev
->ev_write
, &bev
->timeout_write
);
408 if (!r
&& bev_ssl
->write_blocked_on_read
)
409 r
= _bufferevent_add_event(&bev
->ev_read
,
416 stop_reading(struct bufferevent_openssl
*bev_ssl
)
418 if (bev_ssl
->write_blocked_on_read
)
420 if (bev_ssl
->underlying
) {
421 bufferevent_suspend_read(bev_ssl
->underlying
,
422 BEV_SUSPEND_FILT_READ
);
424 struct bufferevent
*bev
= &bev_ssl
->bev
.bev
;
425 event_del(&bev
->ev_read
);
430 stop_writing(struct bufferevent_openssl
*bev_ssl
)
432 if (bev_ssl
->read_blocked_on_write
)
434 if (bev_ssl
->underlying
) {
437 struct bufferevent
*bev
= &bev_ssl
->bev
.bev
;
438 event_del(&bev
->ev_write
);
443 set_rbow(struct bufferevent_openssl
*bev_ssl
)
445 if (!bev_ssl
->underlying
)
446 stop_reading(bev_ssl
);
447 bev_ssl
->read_blocked_on_write
= 1;
448 return start_writing(bev_ssl
);
452 set_wbor(struct bufferevent_openssl
*bev_ssl
)
454 if (!bev_ssl
->underlying
)
455 stop_writing(bev_ssl
);
456 bev_ssl
->write_blocked_on_read
= 1;
457 return start_reading(bev_ssl
);
461 clear_rbow(struct bufferevent_openssl
*bev_ssl
)
463 struct bufferevent
*bev
= &bev_ssl
->bev
.bev
;
465 bev_ssl
->read_blocked_on_write
= 0;
466 if (!(bev
->enabled
& EV_WRITE
))
467 stop_writing(bev_ssl
);
468 if (bev
->enabled
& EV_READ
)
469 r
= start_reading(bev_ssl
);
475 clear_wbor(struct bufferevent_openssl
*bev_ssl
)
477 struct bufferevent
*bev
= &bev_ssl
->bev
.bev
;
479 bev_ssl
->write_blocked_on_read
= 0;
480 if (!(bev
->enabled
& EV_READ
))
481 stop_reading(bev_ssl
);
482 if (bev
->enabled
& EV_WRITE
)
483 r
= start_writing(bev_ssl
);
488 conn_closed(struct bufferevent_openssl
*bev_ssl
, int errcode
, int ret
)
490 int event
= BEV_EVENT_ERROR
;
491 int dirty_shutdown
= 0;
495 case SSL_ERROR_ZERO_RETURN
:
496 /* Possibly a clean shutdown. */
497 if (SSL_get_shutdown(bev_ssl
->ssl
) & SSL_RECEIVED_SHUTDOWN
)
498 event
= BEV_EVENT_EOF
;
502 case SSL_ERROR_SYSCALL
:
503 /* IO error; possibly a dirty shutdown. */
504 if (ret
== 0 && ERR_peek_error() == 0)
508 /* Protocol error. */
510 case SSL_ERROR_WANT_X509_LOOKUP
:
511 /* XXXX handle this. */
514 case SSL_ERROR_WANT_READ
:
515 case SSL_ERROR_WANT_WRITE
:
516 case SSL_ERROR_WANT_CONNECT
:
517 case SSL_ERROR_WANT_ACCEPT
:
519 /* should be impossible; treat as normal error. */
520 event_warnx("BUG: Unexpected OpenSSL error code %d", errcode
);
524 while ((err
= ERR_get_error())) {
525 put_error(bev_ssl
, err
);
528 if (dirty_shutdown
&& bev_ssl
->allow_dirty_shutdown
)
529 event
= BEV_EVENT_EOF
;
531 stop_reading(bev_ssl
);
532 stop_writing(bev_ssl
);
534 _bufferevent_run_eventcb(&bev_ssl
->bev
.bev
, event
);
538 init_bio_counts(struct bufferevent_openssl
*bev_ssl
)
540 bev_ssl
->counts
.n_written
=
541 BIO_number_written(SSL_get_wbio(bev_ssl
->ssl
));
542 bev_ssl
->counts
.n_read
=
543 BIO_number_read(SSL_get_rbio(bev_ssl
->ssl
));
547 decrement_buckets(struct bufferevent_openssl
*bev_ssl
)
549 unsigned long num_w
= BIO_number_written(SSL_get_wbio(bev_ssl
->ssl
));
550 unsigned long num_r
= BIO_number_read(SSL_get_rbio(bev_ssl
->ssl
));
551 /* These next two subtractions can wrap around. That's okay. */
552 unsigned long w
= num_w
- bev_ssl
->counts
.n_written
;
553 unsigned long r
= num_r
- bev_ssl
->counts
.n_read
;
555 _bufferevent_decrement_write_buckets(&bev_ssl
->bev
, w
);
557 _bufferevent_decrement_read_buckets(&bev_ssl
->bev
, r
);
558 bev_ssl
->counts
.n_written
= num_w
;
559 bev_ssl
->counts
.n_read
= num_r
;
562 #define OP_MADE_PROGRESS 1
566 /* Return a bitmask of OP_MADE_PROGRESS (if we read anything); OP_BLOCKED (if
567 we're now blocked); and OP_ERR (if an error occurred). */
569 do_read(struct bufferevent_openssl
*bev_ssl
, int n_to_read
) {
571 struct bufferevent
*bev
= &bev_ssl
->bev
.bev
;
572 struct evbuffer
*input
= bev
->input
;
573 int r
, n
, i
, n_used
= 0, atmost
;
574 struct evbuffer_iovec space
[2];
577 if (bev_ssl
->bev
.read_suspended
)
580 atmost
= _bufferevent_get_read_max(&bev_ssl
->bev
);
581 if (n_to_read
> atmost
)
584 n
= evbuffer_reserve_space(input
, n_to_read
, space
, 2);
588 for (i
=0; i
<n
; ++i
) {
589 if (bev_ssl
->bev
.read_suspended
)
591 r
= SSL_read(bev_ssl
->ssl
, space
[i
].iov_base
, space
[i
].iov_len
);
593 result
|= OP_MADE_PROGRESS
;
594 if (bev_ssl
->read_blocked_on_write
)
595 if (clear_rbow(bev_ssl
) < 0)
596 return OP_ERR
| result
;
598 space
[i
].iov_len
= r
;
599 decrement_buckets(bev_ssl
);
601 int err
= SSL_get_error(bev_ssl
->ssl
, r
);
604 case SSL_ERROR_WANT_READ
:
605 /* Can't read until underlying has more data. */
606 if (bev_ssl
->read_blocked_on_write
)
607 if (clear_rbow(bev_ssl
) < 0)
608 return OP_ERR
| result
;
610 case SSL_ERROR_WANT_WRITE
:
611 /* This read operation requires a write, and the
612 * underlying is full */
613 if (!bev_ssl
->read_blocked_on_write
)
614 if (set_rbow(bev_ssl
) < 0)
615 return OP_ERR
| result
;
618 conn_closed(bev_ssl
, err
, r
);
621 result
|= OP_BLOCKED
;
622 break; /* out of the loop */
627 evbuffer_commit_space(input
, space
, n_used
);
628 if (bev_ssl
->underlying
)
629 BEV_RESET_GENERIC_READ_TIMEOUT(bev
);
635 /* Return a bitmask of OP_MADE_PROGRESS (if we wrote anything); OP_BLOCKED (if
636 we're now blocked); and OP_ERR (if an error occurred). */
638 do_write(struct bufferevent_openssl
*bev_ssl
, int atmost
)
640 int i
, r
, n
, n_written
= 0;
641 struct bufferevent
*bev
= &bev_ssl
->bev
.bev
;
642 struct evbuffer
*output
= bev
->output
;
643 struct evbuffer_iovec space
[8];
646 if (bev_ssl
->last_write
> 0)
647 atmost
= bev_ssl
->last_write
;
649 atmost
= _bufferevent_get_write_max(&bev_ssl
->bev
);
651 n
= evbuffer_peek(output
, atmost
, NULL
, space
, 8);
653 return OP_ERR
| result
;
657 for (i
=0; i
< n
; ++i
) {
658 if (bev_ssl
->bev
.write_suspended
)
661 /* SSL_write will (reasonably) return 0 if we tell it to
662 send 0 data. Skip this case so we don't interpret the
663 result as an error */
664 if (space
[i
].iov_len
== 0)
667 r
= SSL_write(bev_ssl
->ssl
, space
[i
].iov_base
,
670 result
|= OP_MADE_PROGRESS
;
671 if (bev_ssl
->write_blocked_on_read
)
672 if (clear_wbor(bev_ssl
) < 0)
673 return OP_ERR
| result
;
675 bev_ssl
->last_write
= -1;
676 decrement_buckets(bev_ssl
);
678 int err
= SSL_get_error(bev_ssl
->ssl
, r
);
681 case SSL_ERROR_WANT_WRITE
:
682 /* Can't read until underlying has more data. */
683 if (bev_ssl
->write_blocked_on_read
)
684 if (clear_wbor(bev_ssl
) < 0)
685 return OP_ERR
| result
;
686 bev_ssl
->last_write
= space
[i
].iov_len
;
688 case SSL_ERROR_WANT_READ
:
689 /* This read operation requires a write, and the
690 * underlying is full */
691 if (!bev_ssl
->write_blocked_on_read
)
692 if (set_wbor(bev_ssl
) < 0)
693 return OP_ERR
| result
;
694 bev_ssl
->last_write
= space
[i
].iov_len
;
697 conn_closed(bev_ssl
, err
, r
);
698 bev_ssl
->last_write
= -1;
701 result
|= OP_BLOCKED
;
706 evbuffer_drain(output
, n_written
);
707 if (bev_ssl
->underlying
)
708 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev
);
710 if (evbuffer_get_length(output
) <= bev
->wm_write
.low
)
711 _bufferevent_run_writecb(bev
);
716 #define WRITE_FRAME 15000
718 #define READ_DEFAULT 4096
720 /* Try to figure out how many bytes to read; return 0 if we shouldn't be
723 bytes_to_read(struct bufferevent_openssl
*bev
)
725 struct evbuffer
*input
= bev
->bev
.bev
.input
;
726 struct event_watermark
*wm
= &bev
->bev
.bev
.wm_read
;
727 int result
= READ_DEFAULT
;
729 /* XXX 99% of this is generic code that nearly all bufferevents will
732 if (bev
->write_blocked_on_read
) {
736 if (! (bev
->bev
.bev
.enabled
& EV_READ
)) {
740 if (bev
->bev
.read_suspended
) {
745 if (evbuffer_get_length(input
) >= wm
->high
) {
749 result
= wm
->high
- evbuffer_get_length(input
);
751 result
= READ_DEFAULT
;
754 /* Respect the rate limit */
755 limit
= _bufferevent_get_read_max(&bev
->bev
);
756 if (result
> limit
) {
764 /* Things look readable. If write is blocked on read, write till it isn't.
765 * Read from the underlying buffer until we block or we hit our high-water
769 consider_reading(struct bufferevent_openssl
*bev_ssl
)
773 int all_result_flags
= 0;
775 while (bev_ssl
->write_blocked_on_read
) {
776 r
= do_write(bev_ssl
, WRITE_FRAME
);
777 if (r
& (OP_BLOCKED
|OP_ERR
))
780 if (bev_ssl
->write_blocked_on_read
)
783 n_to_read
= bytes_to_read(bev_ssl
);
786 r
= do_read(bev_ssl
, n_to_read
);
787 all_result_flags
|= r
;
789 if (r
& (OP_BLOCKED
|OP_ERR
))
792 if (bev_ssl
->bev
.read_suspended
)
795 /* Read all pending data. This won't hit the network
796 * again, and will (most importantly) put us in a state
797 * where we don't need to read anything else until the
798 * socket is readable again. It'll potentially make us
799 * overrun our read high-watermark (somewhat
800 * regrettable). The damage to the rate-limit has
801 * already been done, since OpenSSL went and read a
802 * whole SSL record anyway. */
803 n_to_read
= SSL_pending(bev_ssl
->ssl
);
805 /* XXX This if statement is actually a bad bug, added to avoid
808 * The bad bug: It can potentially cause resource unfairness
809 * by reading too much data from the underlying bufferevent;
810 * it can potentially cause read looping if the underlying
811 * bufferevent is a bufferevent_pair and deferred callbacks
814 * The worse bug: If we didn't do this, then we would
815 * potentially not read any more from bev_ssl->underlying
816 * until more data arrived there, which could lead to us
819 if (!n_to_read
&& bev_ssl
->underlying
)
820 n_to_read
= bytes_to_read(bev_ssl
);
823 if (all_result_flags
& OP_MADE_PROGRESS
) {
824 struct bufferevent
*bev
= &bev_ssl
->bev
.bev
;
825 struct evbuffer
*input
= bev
->input
;
827 if (evbuffer_get_length(input
) >= bev
->wm_read
.low
) {
828 _bufferevent_run_readcb(bev
);
832 if (!bev_ssl
->underlying
) {
833 /* Should be redundant, but let's avoid busy-looping */
834 if (bev_ssl
->bev
.read_suspended
||
835 !(bev_ssl
->bev
.bev
.enabled
& EV_READ
)) {
836 event_del(&bev_ssl
->bev
.bev
.ev_read
);
842 consider_writing(struct bufferevent_openssl
*bev_ssl
)
845 struct evbuffer
*output
= bev_ssl
->bev
.bev
.output
;
846 struct evbuffer
*target
= NULL
;
847 struct event_watermark
*wm
= NULL
;
849 while (bev_ssl
->read_blocked_on_write
) {
850 r
= do_read(bev_ssl
, 1024); /* XXXX 1024 is a hack */
851 if (r
& OP_MADE_PROGRESS
) {
852 struct bufferevent
*bev
= &bev_ssl
->bev
.bev
;
853 struct evbuffer
*input
= bev
->input
;
855 if (evbuffer_get_length(input
) >= bev
->wm_read
.low
) {
856 _bufferevent_run_readcb(bev
);
859 if (r
& (OP_ERR
|OP_BLOCKED
))
862 if (bev_ssl
->read_blocked_on_write
)
864 if (bev_ssl
->underlying
) {
865 target
= bev_ssl
->underlying
->output
;
866 wm
= &bev_ssl
->underlying
->wm_write
;
868 while ((bev_ssl
->bev
.bev
.enabled
& EV_WRITE
) &&
869 (! bev_ssl
->bev
.write_suspended
) &&
870 evbuffer_get_length(output
) &&
871 (!target
|| (! wm
->high
|| evbuffer_get_length(target
) < wm
->high
))) {
874 n_to_write
= wm
->high
- evbuffer_get_length(target
);
876 n_to_write
= WRITE_FRAME
;
877 r
= do_write(bev_ssl
, n_to_write
);
878 if (r
& (OP_BLOCKED
|OP_ERR
))
882 if (!bev_ssl
->underlying
) {
883 if (evbuffer_get_length(output
) == 0) {
884 event_del(&bev_ssl
->bev
.bev
.ev_write
);
885 } else if (bev_ssl
->bev
.write_suspended
||
886 !(bev_ssl
->bev
.bev
.enabled
& EV_WRITE
)) {
887 /* Should be redundant, but let's avoid busy-looping */
888 event_del(&bev_ssl
->bev
.bev
.ev_write
);
894 be_openssl_readcb(struct bufferevent
*bev_base
, void *ctx
)
896 struct bufferevent_openssl
*bev_ssl
= ctx
;
897 consider_reading(bev_ssl
);
901 be_openssl_writecb(struct bufferevent
*bev_base
, void *ctx
)
903 struct bufferevent_openssl
*bev_ssl
= ctx
;
904 consider_writing(bev_ssl
);
908 be_openssl_eventcb(struct bufferevent
*bev_base
, short what
, void *ctx
)
910 struct bufferevent_openssl
*bev_ssl
= ctx
;
913 if (what
& BEV_EVENT_EOF
) {
914 if (bev_ssl
->allow_dirty_shutdown
)
915 event
= BEV_EVENT_EOF
;
917 event
= BEV_EVENT_ERROR
;
918 } else if (what
& BEV_EVENT_TIMEOUT
) {
919 /* We sure didn't set this. Propagate it to the user. */
921 } else if (what
& BEV_EVENT_ERROR
) {
922 /* An error occurred on the connection. Propagate it to the user. */
924 } else if (what
& BEV_EVENT_CONNECTED
) {
925 /* Ignore it. We're saying SSL_connect() already, which will
929 _bufferevent_run_eventcb(&bev_ssl
->bev
.bev
, event
);
933 be_openssl_readeventcb(evutil_socket_t fd
, short what
, void *ptr
)
935 struct bufferevent_openssl
*bev_ssl
= ptr
;
936 _bufferevent_incref_and_lock(&bev_ssl
->bev
.bev
);
937 if (what
== EV_TIMEOUT
) {
938 _bufferevent_run_eventcb(&bev_ssl
->bev
.bev
,
939 BEV_EVENT_TIMEOUT
|BEV_EVENT_READING
);
941 consider_reading(bev_ssl
);
943 _bufferevent_decref_and_unlock(&bev_ssl
->bev
.bev
);
947 be_openssl_writeeventcb(evutil_socket_t fd
, short what
, void *ptr
)
949 struct bufferevent_openssl
*bev_ssl
= ptr
;
950 _bufferevent_incref_and_lock(&bev_ssl
->bev
.bev
);
951 if (what
== EV_TIMEOUT
) {
952 _bufferevent_run_eventcb(&bev_ssl
->bev
.bev
,
953 BEV_EVENT_TIMEOUT
|BEV_EVENT_WRITING
);
955 consider_writing(bev_ssl
);
957 _bufferevent_decref_and_unlock(&bev_ssl
->bev
.bev
);
961 set_open_callbacks(struct bufferevent_openssl
*bev_ssl
, evutil_socket_t fd
)
963 if (bev_ssl
->underlying
) {
964 bufferevent_setcb(bev_ssl
->underlying
,
965 be_openssl_readcb
, be_openssl_writecb
, be_openssl_eventcb
,
969 struct bufferevent
*bev
= &bev_ssl
->bev
.bev
;
970 int rpending
=0, wpending
=0, r1
=0, r2
=0;
971 if (fd
< 0 && bev_ssl
->fd_is_set
)
972 fd
= event_get_fd(&bev
->ev_read
);
973 if (bev_ssl
->fd_is_set
) {
974 rpending
= event_pending(&bev
->ev_read
, EV_READ
, NULL
);
975 wpending
= event_pending(&bev
->ev_write
, EV_WRITE
, NULL
);
976 event_del(&bev
->ev_read
);
977 event_del(&bev
->ev_write
);
979 event_assign(&bev
->ev_read
, bev
->ev_base
, fd
,
980 EV_READ
|EV_PERSIST
, be_openssl_readeventcb
, bev_ssl
);
981 event_assign(&bev
->ev_write
, bev
->ev_base
, fd
,
982 EV_WRITE
|EV_PERSIST
, be_openssl_writeeventcb
, bev_ssl
);
984 r1
= _bufferevent_add_event(&bev
->ev_read
, &bev
->timeout_read
);
986 r2
= _bufferevent_add_event(&bev
->ev_write
, &bev
->timeout_write
);
988 bev_ssl
->fd_is_set
= 1;
990 return (r1
<0 || r2
<0) ? -1 : 0;
995 do_handshake(struct bufferevent_openssl
*bev_ssl
)
999 switch (bev_ssl
->state
) {
1001 case BUFFEREVENT_SSL_OPEN
:
1004 case BUFFEREVENT_SSL_CONNECTING
:
1005 case BUFFEREVENT_SSL_ACCEPTING
:
1006 r
= SSL_do_handshake(bev_ssl
->ssl
);
1009 decrement_buckets(bev_ssl
);
1013 bev_ssl
->state
= BUFFEREVENT_SSL_OPEN
;
1014 set_open_callbacks(bev_ssl
, -1); /* XXXX handle failure */
1015 /* Call do_read and do_write as needed */
1016 bufferevent_enable(&bev_ssl
->bev
.bev
, bev_ssl
->bev
.bev
.enabled
);
1017 _bufferevent_run_eventcb(&bev_ssl
->bev
.bev
,
1018 BEV_EVENT_CONNECTED
);
1021 int err
= SSL_get_error(bev_ssl
->ssl
, r
);
1024 case SSL_ERROR_WANT_WRITE
:
1025 if (!bev_ssl
->underlying
) {
1026 stop_reading(bev_ssl
);
1027 return start_writing(bev_ssl
);
1030 case SSL_ERROR_WANT_READ
:
1031 if (!bev_ssl
->underlying
) {
1032 stop_writing(bev_ssl
);
1033 return start_reading(bev_ssl
);
1037 conn_closed(bev_ssl
, err
, r
);
1044 be_openssl_handshakecb(struct bufferevent
*bev_base
, void *ctx
)
1046 struct bufferevent_openssl
*bev_ssl
= ctx
;
1047 do_handshake(bev_ssl
);/* XXX handle failure */
1051 be_openssl_handshakeeventcb(evutil_socket_t fd
, short what
, void *ptr
)
1053 struct bufferevent_openssl
*bev_ssl
= ptr
;
1055 _bufferevent_incref_and_lock(&bev_ssl
->bev
.bev
);
1056 if (what
& EV_TIMEOUT
) {
1057 _bufferevent_run_eventcb(&bev_ssl
->bev
.bev
, BEV_EVENT_TIMEOUT
);
1059 do_handshake(bev_ssl
);/* XXX handle failure */
1060 _bufferevent_decref_and_unlock(&bev_ssl
->bev
.bev
);
1064 set_handshake_callbacks(struct bufferevent_openssl
*bev_ssl
, evutil_socket_t fd
)
1066 if (bev_ssl
->underlying
) {
1067 bufferevent_setcb(bev_ssl
->underlying
,
1068 be_openssl_handshakecb
, be_openssl_handshakecb
,
1071 return do_handshake(bev_ssl
);
1073 struct bufferevent
*bev
= &bev_ssl
->bev
.bev
;
1075 if (fd
< 0 && bev_ssl
->fd_is_set
)
1076 fd
= event_get_fd(&bev
->ev_read
);
1077 if (bev_ssl
->fd_is_set
) {
1078 event_del(&bev
->ev_read
);
1079 event_del(&bev
->ev_write
);
1081 event_assign(&bev
->ev_read
, bev
->ev_base
, fd
,
1082 EV_READ
|EV_PERSIST
, be_openssl_handshakeeventcb
, bev_ssl
);
1083 event_assign(&bev
->ev_write
, bev
->ev_base
, fd
,
1084 EV_WRITE
|EV_PERSIST
, be_openssl_handshakeeventcb
, bev_ssl
);
1086 r1
= _bufferevent_add_event(&bev
->ev_read
, &bev
->timeout_read
);
1087 r2
= _bufferevent_add_event(&bev
->ev_write
, &bev
->timeout_write
);
1088 bev_ssl
->fd_is_set
= 1;
1090 return (r1
<0 || r2
<0) ? -1 : 0;
1095 bufferevent_ssl_renegotiate(struct bufferevent
*bev
)
1097 struct bufferevent_openssl
*bev_ssl
= upcast(bev
);
1100 if (SSL_renegotiate(bev_ssl
->ssl
) < 0)
1102 bev_ssl
->state
= BUFFEREVENT_SSL_CONNECTING
;
1103 if (set_handshake_callbacks(bev_ssl
, -1) < 0)
1105 if (!bev_ssl
->underlying
)
1106 return do_handshake(bev_ssl
);
1111 be_openssl_outbuf_cb(struct evbuffer
*buf
,
1112 const struct evbuffer_cb_info
*cbinfo
, void *arg
)
1114 struct bufferevent_openssl
*bev_ssl
= arg
;
1116 /* XXX need to hold a reference here. */
1118 if (cbinfo
->n_added
&& bev_ssl
->state
== BUFFEREVENT_SSL_OPEN
) {
1119 if (cbinfo
->orig_size
== 0)
1120 r
= _bufferevent_add_event(&bev_ssl
->bev
.bev
.ev_write
,
1121 &bev_ssl
->bev
.bev
.timeout_write
);
1122 consider_writing(bev_ssl
);
1124 /* XXX Handle r < 0 */
1130 be_openssl_enable(struct bufferevent
*bev
, short events
)
1132 struct bufferevent_openssl
*bev_ssl
= upcast(bev
);
1135 if (bev_ssl
->state
!= BUFFEREVENT_SSL_OPEN
)
1138 if (events
& EV_READ
)
1139 r1
= start_reading(bev_ssl
);
1140 if (events
& EV_WRITE
)
1141 r2
= start_writing(bev_ssl
);
1143 if (bev_ssl
->underlying
) {
1144 if (events
& EV_READ
)
1145 BEV_RESET_GENERIC_READ_TIMEOUT(bev
);
1146 if (events
& EV_WRITE
)
1147 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev
);
1149 if (events
& EV_READ
)
1150 consider_reading(bev_ssl
);
1151 if (events
& EV_WRITE
)
1152 consider_writing(bev_ssl
);
1154 return (r1
< 0 || r2
< 0) ? -1 : 0;
1158 be_openssl_disable(struct bufferevent
*bev
, short events
)
1160 struct bufferevent_openssl
*bev_ssl
= upcast(bev
);
1161 if (bev_ssl
->state
!= BUFFEREVENT_SSL_OPEN
)
1164 if (events
& EV_READ
)
1165 stop_reading(bev_ssl
);
1166 if (events
& EV_WRITE
)
1167 stop_writing(bev_ssl
);
1169 if (bev_ssl
->underlying
) {
1170 if (events
& EV_READ
)
1171 BEV_DEL_GENERIC_READ_TIMEOUT(bev
);
1172 if (events
& EV_WRITE
)
1173 BEV_DEL_GENERIC_WRITE_TIMEOUT(bev
);
1179 be_openssl_destruct(struct bufferevent
*bev
)
1181 struct bufferevent_openssl
*bev_ssl
= upcast(bev
);
1183 if (bev_ssl
->underlying
) {
1184 _bufferevent_del_generic_timeout_cbs(bev
);
1186 event_del(&bev
->ev_read
);
1187 event_del(&bev
->ev_write
);
1190 if (bev_ssl
->bev
.options
& BEV_OPT_CLOSE_ON_FREE
) {
1191 if (bev_ssl
->underlying
) {
1192 if (BEV_UPCAST(bev_ssl
->underlying
)->refcnt
< 2) {
1193 event_warnx("BEV_OPT_CLOSE_ON_FREE set on an "
1194 "bufferevent with too few references");
1196 bufferevent_free(bev_ssl
->underlying
);
1197 bev_ssl
->underlying
= NULL
;
1200 evutil_socket_t fd
= -1;
1201 BIO
*bio
= SSL_get_wbio(bev_ssl
->ssl
);
1203 fd
= BIO_get_fd(bio
, NULL
);
1205 evutil_closesocket(fd
);
1207 SSL_free(bev_ssl
->ssl
);
1209 if (bev_ssl
->underlying
) {
1210 if (bev_ssl
->underlying
->errorcb
== be_openssl_eventcb
)
1211 bufferevent_setcb(bev_ssl
->underlying
,
1212 NULL
,NULL
,NULL
,NULL
);
1213 bufferevent_unsuspend_read(bev_ssl
->underlying
,
1214 BEV_SUSPEND_FILT_READ
);
1220 be_openssl_adj_timeouts(struct bufferevent
*bev
)
1222 struct bufferevent_openssl
*bev_ssl
= upcast(bev
);
1224 if (bev_ssl
->underlying
)
1225 return _bufferevent_generic_adj_timeouts(bev
);
1228 if (event_pending(&bev
->ev_read
, EV_READ
, NULL
))
1229 r1
= _bufferevent_add_event(&bev
->ev_read
, &bev
->timeout_read
);
1230 if (event_pending(&bev
->ev_write
, EV_WRITE
, NULL
))
1231 r2
= _bufferevent_add_event(&bev
->ev_write
, &bev
->timeout_write
);
1232 return (r1
<0 || r2
<0) ? -1 : 0;
1237 be_openssl_flush(struct bufferevent
*bufev
,
1238 short iotype
, enum bufferevent_flush_mode mode
)
1240 /* XXXX Implement this. */
1245 be_openssl_ctrl(struct bufferevent
*bev
,
1246 enum bufferevent_ctrl_op op
, union bufferevent_ctrl_data
*data
)
1248 struct bufferevent_openssl
*bev_ssl
= upcast(bev
);
1250 case BEV_CTRL_SET_FD
:
1251 if (bev_ssl
->underlying
)
1255 bio
= BIO_new_socket(data
->fd
, 0);
1256 SSL_set_bio(bev_ssl
->ssl
, bio
, bio
);
1257 bev_ssl
->fd_is_set
= 1;
1259 if (bev_ssl
->state
== BUFFEREVENT_SSL_OPEN
)
1260 return set_open_callbacks(bev_ssl
, data
->fd
);
1262 return set_handshake_callbacks(bev_ssl
, data
->fd
);
1264 case BEV_CTRL_GET_FD
:
1265 if (bev_ssl
->underlying
)
1267 if (!bev_ssl
->fd_is_set
)
1269 data
->fd
= event_get_fd(&bev
->ev_read
);
1271 case BEV_CTRL_GET_UNDERLYING
:
1272 if (!bev_ssl
->underlying
)
1274 data
->ptr
= bev_ssl
->underlying
;
1276 case BEV_CTRL_CANCEL_ALL
:
1283 bufferevent_openssl_get_ssl(struct bufferevent
*bufev
)
1285 struct bufferevent_openssl
*bev_ssl
= upcast(bufev
);
1288 return bev_ssl
->ssl
;
1291 static struct bufferevent
*
1292 bufferevent_openssl_new_impl(struct event_base
*base
,
1293 struct bufferevent
*underlying
,
1296 enum bufferevent_ssl_state state
,
1299 struct bufferevent_openssl
*bev_ssl
= NULL
;
1300 struct bufferevent_private
*bev_p
= NULL
;
1301 int tmp_options
= options
& ~BEV_OPT_THREADSAFE
;
1303 if (underlying
!= NULL
&& fd
>= 0)
1304 return NULL
; /* Only one can be set. */
1306 if (!(bev_ssl
= mm_calloc(1, sizeof(struct bufferevent_openssl
))))
1309 bev_p
= &bev_ssl
->bev
;
1311 if (bufferevent_init_common(bev_p
, base
,
1312 &bufferevent_ops_openssl
, tmp_options
) < 0)
1315 /* Don't explode if we decide to realloc a chunk we're writing from in
1316 * the output buffer. */
1317 SSL_set_mode(ssl
, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
);
1319 bev_ssl
->underlying
= underlying
;
1322 bev_ssl
->outbuf_cb
= evbuffer_add_cb(bev_p
->bev
.output
,
1323 be_openssl_outbuf_cb
, bev_ssl
);
1325 if (options
& BEV_OPT_THREADSAFE
)
1326 bufferevent_enable_locking(&bev_ssl
->bev
.bev
, NULL
);
1329 _bufferevent_init_generic_timeout_cbs(&bev_ssl
->bev
.bev
);
1330 bufferevent_incref(underlying
);
1333 bev_ssl
->state
= state
;
1334 bev_ssl
->last_write
= -1;
1336 init_bio_counts(bev_ssl
);
1339 case BUFFEREVENT_SSL_ACCEPTING
:
1340 SSL_set_accept_state(bev_ssl
->ssl
);
1341 if (set_handshake_callbacks(bev_ssl
, fd
) < 0)
1344 case BUFFEREVENT_SSL_CONNECTING
:
1345 SSL_set_connect_state(bev_ssl
->ssl
);
1346 if (set_handshake_callbacks(bev_ssl
, fd
) < 0)
1349 case BUFFEREVENT_SSL_OPEN
:
1350 if (set_open_callbacks(bev_ssl
, fd
) < 0)
1358 bufferevent_setwatermark(underlying
, EV_READ
, 0, 0);
1359 bufferevent_enable(underlying
, EV_READ
|EV_WRITE
);
1360 if (state
== BUFFEREVENT_SSL_OPEN
)
1361 bufferevent_suspend_read(underlying
,
1362 BEV_SUSPEND_FILT_READ
);
1364 bev_ssl
->bev
.bev
.enabled
= EV_READ
|EV_WRITE
;
1365 if (bev_ssl
->fd_is_set
) {
1366 if (state
!= BUFFEREVENT_SSL_OPEN
)
1367 if (event_add(&bev_ssl
->bev
.bev
.ev_read
, NULL
) < 0)
1369 if (event_add(&bev_ssl
->bev
.bev
.ev_write
, NULL
) < 0)
1374 return &bev_ssl
->bev
.bev
;
1377 bufferevent_free(&bev_ssl
->bev
.bev
);
1381 struct bufferevent
*
1382 bufferevent_openssl_filter_new(struct event_base
*base
,
1383 struct bufferevent
*underlying
,
1385 enum bufferevent_ssl_state state
,
1388 /* We don't tell the BIO to close the bufferevent; we do it ourselves
1389 * on be_openssl_destruct */
1390 int close_flag
= 0; /* options & BEV_OPT_CLOSE_ON_FREE; */
1394 if (!(bio
= BIO_new_bufferevent(underlying
, close_flag
)))
1397 SSL_set_bio(ssl
, bio
, bio
);
1399 return bufferevent_openssl_new_impl(
1400 base
, underlying
, -1, ssl
, state
, options
);
1403 struct bufferevent
*
1404 bufferevent_openssl_socket_new(struct event_base
*base
,
1407 enum bufferevent_ssl_state state
,
1410 /* Does the SSL already have an fd? */
1411 BIO
*bio
= SSL_get_wbio(ssl
);
1415 have_fd
= BIO_get_fd(bio
, NULL
);
1418 /* The SSL is already configured with an fd. */
1420 /* We should learn the fd from the SSL. */
1421 fd
= (evutil_socket_t
) have_fd
;
1422 } else if (have_fd
== (long)fd
) {
1423 /* We already know the fd from the SSL; do nothing */
1425 /* We specified an fd different from that of the SSL.
1426 This is probably an error on our part. Fail. */
1429 (void) BIO_set_close(bio
, 0);
1431 /* The SSL isn't configured with a BIO with an fd. */
1433 /* ... and we have an fd we want to use. */
1434 bio
= BIO_new_socket(fd
, 0);
1435 SSL_set_bio(ssl
, bio
, bio
);
1437 /* Leave the fd unset. */
1441 return bufferevent_openssl_new_impl(
1442 base
, NULL
, fd
, ssl
, state
, options
);
1446 bufferevent_get_openssl_error(struct bufferevent
*bev
)
1448 unsigned long err
= 0;
1449 struct bufferevent_openssl
*bev_ssl
;
1451 bev_ssl
= upcast(bev
);
1452 if (bev_ssl
&& bev_ssl
->n_errors
) {
1453 err
= bev_ssl
->errors
[--bev_ssl
->n_errors
];