2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
63 #include <openssl/crypto.h>
64 #include <openssl/bio.h>
65 #include <openssl/err.h>
66 #include <openssl/ssl.h>
68 static int ssl_write(BIO
*h
, const char *buf
, int num
);
69 static int ssl_read(BIO
*h
, char *buf
, int size
);
70 static int ssl_puts(BIO
*h
, const char *str
);
71 static long ssl_ctrl(BIO
*h
, int cmd
, long arg1
, void *arg2
);
72 static int ssl_new(BIO
*h
);
73 static int ssl_free(BIO
*data
);
74 static long ssl_callback_ctrl(BIO
*h
, int cmd
, bio_info_cb
*fp
);
75 typedef struct bio_ssl_st
77 SSL
*ssl
; /* The ssl handle :-) */
78 /* re-negotiate every time the total number of bytes is this size */
80 unsigned long renegotiate_count
;
81 unsigned long byte_count
;
82 unsigned long renegotiate_timeout
;
83 unsigned long last_time
;
86 static BIO_METHOD methods_sslp
=
99 BIO_METHOD
*BIO_f_ssl(void)
101 return(&methods_sslp
);
104 static int ssl_new(BIO
*bi
)
108 bs
=(BIO_SSL
*)OPENSSL_malloc(sizeof(BIO_SSL
));
111 BIOerr(BIO_F_SSL_NEW
,ERR_R_MALLOC_FAILURE
);
114 memset(bs
,0,sizeof(BIO_SSL
));
121 static int ssl_free(BIO
*a
)
125 if (a
== NULL
) return(0);
126 bs
=(BIO_SSL
*)a
->ptr
;
127 if (bs
->ssl
!= NULL
) SSL_shutdown(bs
->ssl
);
130 if (a
->init
&& (bs
->ssl
!= NULL
))
136 OPENSSL_free(a
->ptr
);
140 static int ssl_read(BIO
*b
, char *out
, int outl
)
148 if (out
== NULL
) return(0);
149 sb
=(BIO_SSL
*)b
->ptr
;
152 BIO_clear_retry_flags(b
);
155 if (!SSL_is_init_finished(ssl
))
157 /* ret=SSL_do_handshake(ssl); */
161 outflags
=(BIO_FLAGS_READ
|BIO_FLAGS_SHOULD_RETRY
);
168 ret
=SSL_read(ssl
,out
,outl
);
170 switch (SSL_get_error(ssl
,ret
))
174 if (sb
->renegotiate_count
> 0)
177 if (sb
->byte_count
> sb
->renegotiate_count
)
180 sb
->num_renegotiates
++;
181 SSL_renegotiate(ssl
);
185 if ((sb
->renegotiate_timeout
> 0) && (!r
))
189 tm
=(unsigned long)time(NULL
);
190 if (tm
> sb
->last_time
+sb
->renegotiate_timeout
)
193 sb
->num_renegotiates
++;
194 SSL_renegotiate(ssl
);
199 case SSL_ERROR_WANT_READ
:
200 BIO_set_retry_read(b
);
202 case SSL_ERROR_WANT_WRITE
:
203 BIO_set_retry_write(b
);
205 case SSL_ERROR_WANT_X509_LOOKUP
:
206 BIO_set_retry_special(b
);
207 retry_reason
=BIO_RR_SSL_X509_LOOKUP
;
209 case SSL_ERROR_WANT_ACCEPT
:
210 BIO_set_retry_special(b
);
211 retry_reason
=BIO_RR_ACCEPT
;
213 case SSL_ERROR_WANT_CONNECT
:
214 BIO_set_retry_special(b
);
215 retry_reason
=BIO_RR_CONNECT
;
217 case SSL_ERROR_SYSCALL
:
219 case SSL_ERROR_ZERO_RETURN
:
224 b
->retry_reason
=retry_reason
;
228 static int ssl_write(BIO
*b
, const char *out
, int outl
)
235 if (out
== NULL
) return(0);
236 bs
=(BIO_SSL
*)b
->ptr
;
239 BIO_clear_retry_flags(b
);
241 /* ret=SSL_do_handshake(ssl);
243 ret
=SSL_write(ssl
,out
,outl
);
245 switch (SSL_get_error(ssl
,ret
))
249 if (bs
->renegotiate_count
> 0)
252 if (bs
->byte_count
> bs
->renegotiate_count
)
255 bs
->num_renegotiates
++;
256 SSL_renegotiate(ssl
);
260 if ((bs
->renegotiate_timeout
> 0) && (!r
))
264 tm
=(unsigned long)time(NULL
);
265 if (tm
> bs
->last_time
+bs
->renegotiate_timeout
)
268 bs
->num_renegotiates
++;
269 SSL_renegotiate(ssl
);
273 case SSL_ERROR_WANT_WRITE
:
274 BIO_set_retry_write(b
);
276 case SSL_ERROR_WANT_READ
:
277 BIO_set_retry_read(b
);
279 case SSL_ERROR_WANT_X509_LOOKUP
:
280 BIO_set_retry_special(b
);
281 retry_reason
=BIO_RR_SSL_X509_LOOKUP
;
283 case SSL_ERROR_WANT_CONNECT
:
284 BIO_set_retry_special(b
);
285 retry_reason
=BIO_RR_CONNECT
;
286 case SSL_ERROR_SYSCALL
:
292 b
->retry_reason
=retry_reason
;
296 static long ssl_ctrl(BIO
*b
, int cmd
, long num
, void *ptr
)
303 bs
=(BIO_SSL
*)b
->ptr
;
305 if ((ssl
== NULL
) && (cmd
!= BIO_C_SET_SSL
))
312 if (ssl
->handshake_func
== ssl
->method
->ssl_connect
)
313 SSL_set_connect_state(ssl
);
314 else if (ssl
->handshake_func
== ssl
->method
->ssl_accept
)
315 SSL_set_accept_state(ssl
);
319 if (b
->next_bio
!= NULL
)
320 ret
=BIO_ctrl(b
->next_bio
,cmd
,num
,ptr
);
321 else if (ssl
->rbio
!= NULL
)
322 ret
=BIO_ctrl(ssl
->rbio
,cmd
,num
,ptr
);
330 if (num
) /* client mode */
331 SSL_set_connect_state(ssl
);
333 SSL_set_accept_state(ssl
);
335 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT
:
336 ret
=bs
->renegotiate_timeout
;
338 bs
->renegotiate_timeout
=(unsigned long)num
;
339 bs
->last_time
=(unsigned long)time(NULL
);
341 case BIO_C_SET_SSL_RENEGOTIATE_BYTES
:
342 ret
=bs
->renegotiate_count
;
344 bs
->renegotiate_count
=(unsigned long)num
;
346 case BIO_C_GET_SSL_NUM_RENEGOTIATES
:
347 ret
=bs
->num_renegotiates
;
356 b
->shutdown
=(int)num
;
358 ((BIO_SSL
*)b
->ptr
)->ssl
=ssl
;
359 bio
=SSL_get_rbio(ssl
);
362 if (b
->next_bio
!= NULL
)
363 BIO_push(bio
,b
->next_bio
);
365 CRYPTO_add(&bio
->references
,1,CRYPTO_LOCK_BIO
);
378 case BIO_CTRL_GET_CLOSE
:
381 case BIO_CTRL_SET_CLOSE
:
382 b
->shutdown
=(int)num
;
384 case BIO_CTRL_WPENDING
:
385 ret
=BIO_ctrl(ssl
->wbio
,cmd
,num
,ptr
);
387 case BIO_CTRL_PENDING
:
388 ret
=SSL_pending(ssl
);
390 ret
=BIO_pending(ssl
->rbio
);
393 BIO_clear_retry_flags(b
);
394 ret
=BIO_ctrl(ssl
->wbio
,cmd
,num
,ptr
);
395 BIO_copy_next_retry(b
);
398 if ((b
->next_bio
!= NULL
) && (b
->next_bio
!= ssl
->rbio
))
400 SSL_set_bio(ssl
,b
->next_bio
,b
->next_bio
);
401 CRYPTO_add(&b
->next_bio
->references
,1,CRYPTO_LOCK_BIO
);
405 /* Only detach if we are the BIO explicitly being popped */
408 /* Shouldn't happen in practice because the
409 * rbio and wbio are the same when pushed.
411 if (ssl
->rbio
!= ssl
->wbio
)
412 BIO_free_all(ssl
->wbio
);
413 if (b
->next_bio
!= NULL
)
414 CRYPTO_add(&b
->next_bio
->references
,-1,CRYPTO_LOCK_BIO
);
419 case BIO_C_DO_STATE_MACHINE
:
420 BIO_clear_retry_flags(b
);
423 ret
=(int)SSL_do_handshake(ssl
);
425 switch (SSL_get_error(ssl
,(int)ret
))
427 case SSL_ERROR_WANT_READ
:
429 BIO_FLAGS_READ
|BIO_FLAGS_SHOULD_RETRY
);
431 case SSL_ERROR_WANT_WRITE
:
433 BIO_FLAGS_WRITE
|BIO_FLAGS_SHOULD_RETRY
);
435 case SSL_ERROR_WANT_CONNECT
:
437 BIO_FLAGS_IO_SPECIAL
|BIO_FLAGS_SHOULD_RETRY
);
438 b
->retry_reason
=b
->next_bio
->retry_reason
;
446 if (((BIO_SSL
*)dbio
->ptr
)->ssl
!= NULL
)
447 SSL_free(((BIO_SSL
*)dbio
->ptr
)->ssl
);
448 ((BIO_SSL
*)dbio
->ptr
)->ssl
=SSL_dup(ssl
);
449 ((BIO_SSL
*)dbio
->ptr
)->renegotiate_count
=
450 ((BIO_SSL
*)b
->ptr
)->renegotiate_count
;
451 ((BIO_SSL
*)dbio
->ptr
)->byte_count
=
452 ((BIO_SSL
*)b
->ptr
)->byte_count
;
453 ((BIO_SSL
*)dbio
->ptr
)->renegotiate_timeout
=
454 ((BIO_SSL
*)b
->ptr
)->renegotiate_timeout
;
455 ((BIO_SSL
*)dbio
->ptr
)->last_time
=
456 ((BIO_SSL
*)b
->ptr
)->last_time
;
457 ret
=(((BIO_SSL
*)dbio
->ptr
)->ssl
!= NULL
);
460 ret
=BIO_ctrl(ssl
->rbio
,cmd
,num
,ptr
);
462 case BIO_CTRL_SET_CALLBACK
:
464 #if 0 /* FIXME: Should this be used? -- Richard Levitte */
465 SSLerr(SSL_F_SSL_CTRL
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
472 case BIO_CTRL_GET_CALLBACK
:
474 void (**fptr
)(const SSL
*xssl
,int type
,int val
);
476 fptr
=(void (**)(const SSL
*xssl
,int type
,int val
))ptr
;
477 *fptr
=SSL_get_info_callback(ssl
);
481 ret
=BIO_ctrl(ssl
->rbio
,cmd
,num
,ptr
);
487 static long ssl_callback_ctrl(BIO
*b
, int cmd
, bio_info_cb
*fp
)
493 bs
=(BIO_SSL
*)b
->ptr
;
497 case BIO_CTRL_SET_CALLBACK
:
499 /* FIXME: setting this via a completely different prototype
500 seems like a crap idea */
501 SSL_set_info_callback(ssl
,(void (*)(const SSL
*,int,int))fp
);
505 ret
=BIO_callback_ctrl(ssl
->rbio
,cmd
,fp
);
511 static int ssl_puts(BIO
*bp
, const char *str
)
516 ret
=BIO_write(bp
,str
,n
);
520 BIO
*BIO_new_buffer_ssl_connect(SSL_CTX
*ctx
)
522 #ifndef OPENSSL_NO_SOCK
523 BIO
*ret
=NULL
,*buf
=NULL
,*ssl
=NULL
;
525 if ((buf
=BIO_new(BIO_f_buffer())) == NULL
)
527 if ((ssl
=BIO_new_ssl_connect(ctx
)) == NULL
)
529 if ((ret
=BIO_push(buf
,ssl
)) == NULL
)
533 if (buf
!= NULL
) BIO_free(buf
);
534 if (ssl
!= NULL
) BIO_free(ssl
);
539 BIO
*BIO_new_ssl_connect(SSL_CTX
*ctx
)
541 #ifndef OPENSSL_NO_SOCK
542 BIO
*ret
=NULL
,*con
=NULL
,*ssl
=NULL
;
544 if ((con
=BIO_new(BIO_s_connect())) == NULL
)
546 if ((ssl
=BIO_new_ssl(ctx
,1)) == NULL
)
548 if ((ret
=BIO_push(ssl
,con
)) == NULL
)
552 if (con
!= NULL
) BIO_free(con
);
557 BIO
*BIO_new_ssl(SSL_CTX
*ctx
, int client
)
562 if ((ret
=BIO_new(BIO_f_ssl())) == NULL
)
564 if ((ssl
=SSL_new(ctx
)) == NULL
)
570 SSL_set_connect_state(ssl
);
572 SSL_set_accept_state(ssl
);
574 BIO_set_ssl(ret
,ssl
,BIO_CLOSE
);
578 int BIO_ssl_copy_session_id(BIO
*t
, BIO
*f
)
580 t
=BIO_find_type(t
,BIO_TYPE_SSL
);
581 f
=BIO_find_type(f
,BIO_TYPE_SSL
);
582 if ((t
== NULL
) || (f
== NULL
))
584 if ( (((BIO_SSL
*)t
->ptr
)->ssl
== NULL
) ||
585 (((BIO_SSL
*)f
->ptr
)->ssl
== NULL
))
587 SSL_copy_session_id(((BIO_SSL
*)t
->ptr
)->ssl
,((BIO_SSL
*)f
->ptr
)->ssl
);
591 void BIO_ssl_shutdown(BIO
*b
)
597 if (b
->method
->type
== BIO_TYPE_SSL
)
599 s
=((BIO_SSL
*)b
->ptr
)->ssl
;