2 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. The name of the author may not be used to endorse or promote products
13 * derived from this software without specific prior written permission.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 // Get rid of OSX 10.7 and greater deprecation warnings.
28 #if defined(__APPLE__) && defined(__clang__)
29 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
32 #include "event2/event-config.h"
33 #include "evconfig-private.h"
35 #include <sys/types.h>
37 #ifdef EVENT__HAVE_SYS_TIME_H
45 #ifdef EVENT__HAVE_STDARG_H
48 #ifdef EVENT__HAVE_UNISTD_H
56 #include "event2/bufferevent.h"
57 #include "event2/bufferevent_struct.h"
58 #include "event2/bufferevent_ssl.h"
59 #include "event2/buffer.h"
60 #include "event2/event.h"
62 #include "mm-internal.h"
63 #include "bufferevent-internal.h"
64 #include "log-internal.h"
66 #include <openssl/bio.h>
67 #include <openssl/ssl.h>
68 #include <openssl/err.h>
69 #include "openssl-compat.h"
72 * Define an OpenSSL bio that targets a bufferevent.
75 /* --------------------
76 A BIO is an OpenSSL abstraction that handles reading and writing data. The
77 library will happily speak SSL over anything that implements a BIO
80 Here we define a BIO implementation that directs its output to a
81 bufferevent. We'll want to use this only when none of OpenSSL's built-in
82 IO mechanisms work for us.
83 -------------------- */
85 /* every BIO type needs its own integer type value. */
86 #define BIO_TYPE_LIBEVENT 57
87 /* ???? Arguably, we should set BIO_TYPE_FILTER or BIO_TYPE_SOURCE_SINK on
95 printf("Error was %d\n", val);
97 while ((err = ERR_get_error())) {
98 const char *msg = (const char*)ERR_reason_error_string(err);
99 const char *lib = (const char*)ERR_lib_error_string(err);
100 const char *func = (const char*)ERR_func_error_string(err);
102 printf("%s in %s %s\n", msg, lib, func);
106 #define print_err(v) ((void)0)
109 /* Called to initialize a new BIO */
111 bio_bufferevent_new(BIO *b)
114 BIO_set_data(b, NULL); /* We'll be putting the bufferevent in this field.*/
118 /* Called to uninitialize the BIO. */
120 bio_bufferevent_free(BIO *b)
124 if (BIO_get_shutdown(b)) {
125 if (BIO_get_init(b) && BIO_get_data(b))
126 bufferevent_free(BIO_get_data(b));
132 /* Called to extract data from the BIO. */
134 bio_bufferevent_read(BIO *b, char *out, int outlen)
137 struct evbuffer *input;
139 BIO_clear_retry_flags(b);
143 if (!BIO_get_data(b))
146 input = bufferevent_get_input(BIO_get_data(b));
147 if (evbuffer_get_length(input) == 0) {
148 /* If there's no data to read, say so. */
149 BIO_set_retry_read(b);
152 r = evbuffer_remove(input, out, outlen);
158 /* Called to write data info the BIO */
160 bio_bufferevent_write(BIO *b, const char *in, int inlen)
162 struct bufferevent *bufev = BIO_get_data(b);
163 struct evbuffer *output;
166 BIO_clear_retry_flags(b);
168 if (!BIO_get_data(b))
171 output = bufferevent_get_output(bufev);
172 outlen = evbuffer_get_length(output);
174 /* Copy only as much data onto the output buffer as can fit under the
175 * high-water mark. */
176 if (bufev->wm_write.high && bufev->wm_write.high <= (outlen+inlen)) {
177 if (bufev->wm_write.high <= outlen) {
178 /* If no data can fit, we'll need to retry later. */
179 BIO_set_retry_write(b);
182 inlen = bufev->wm_write.high - outlen;
185 EVUTIL_ASSERT(inlen > 0);
186 evbuffer_add(output, in, inlen);
190 /* Called to handle various requests */
192 bio_bufferevent_ctrl(BIO *b, int cmd, long num, void *ptr)
194 struct bufferevent *bufev = BIO_get_data(b);
198 case BIO_CTRL_GET_CLOSE:
199 ret = BIO_get_shutdown(b);
201 case BIO_CTRL_SET_CLOSE:
202 BIO_set_shutdown(b, (int)num);
204 case BIO_CTRL_PENDING:
205 ret = evbuffer_get_length(bufferevent_get_input(bufev)) != 0;
207 case BIO_CTRL_WPENDING:
208 ret = evbuffer_get_length(bufferevent_get_output(bufev)) != 0;
210 /* XXXX These two are given a special-case treatment because
211 * of cargo-cultism. I should come up with a better reason. */
223 /* Called to write a string to the BIO */
225 bio_bufferevent_puts(BIO *b, const char *s)
227 return bio_bufferevent_write(b, s, strlen(s));
230 /* Method table for the bufferevent BIO */
231 static BIO_METHOD *methods_bufferevent;
233 /* Return the method table for the bufferevents BIO */
235 BIO_s_bufferevent(void)
237 if (methods_bufferevent == NULL) {
238 methods_bufferevent = BIO_meth_new(BIO_TYPE_LIBEVENT, "bufferevent");
239 if (methods_bufferevent == NULL)
241 BIO_meth_set_write(methods_bufferevent, bio_bufferevent_write);
242 BIO_meth_set_read(methods_bufferevent, bio_bufferevent_read);
243 BIO_meth_set_puts(methods_bufferevent, bio_bufferevent_puts);
244 BIO_meth_set_ctrl(methods_bufferevent, bio_bufferevent_ctrl);
245 BIO_meth_set_create(methods_bufferevent, bio_bufferevent_new);
246 BIO_meth_set_destroy(methods_bufferevent, bio_bufferevent_free);
248 return methods_bufferevent;
251 /* Create a new BIO to wrap communication around a bufferevent. If close_flag
252 * is true, the bufferevent will be freed when the BIO is closed. */
254 BIO_new_bufferevent(struct bufferevent *bufferevent, int close_flag)
259 if (!(result = BIO_new(BIO_s_bufferevent())))
261 BIO_set_init(result, 1);
262 BIO_set_data(result, bufferevent);
263 BIO_set_shutdown(result, close_flag ? 1 : 0);
267 /* --------------------
268 Now, here's the OpenSSL-based implementation of bufferevent.
270 The implementation comes in two flavors: one that connects its SSL object
271 to an underlying bufferevent using a BIO_bufferevent, and one that has the
272 SSL object connect to a socket directly. The latter should generally be
273 faster, except on Windows, where your best bet is using a
276 (OpenSSL supports many other BIO types, too. But we can't use any unless
277 we have a good way to get notified when they become readable/writable.)
278 -------------------- */
280 struct bio_data_counts {
281 unsigned long n_written;
282 unsigned long n_read;
285 struct bufferevent_openssl {
286 /* Shared fields with common bufferevent implementation code.
287 If we were set up with an underlying bufferevent, we use the
288 events here as timers only. If we have an SSL, then we use
289 the events as socket events.
291 struct bufferevent_private bev;
292 /* An underlying bufferevent that we're directing our output to.
293 If it's NULL, then we're connected to an fd, not an evbuffer. */
294 struct bufferevent *underlying;
295 /* The SSL object doing our encryption. */
298 /* A callback that's invoked when data arrives on our outbuf so we
299 know to write data to the SSL. */
300 struct evbuffer_cb_entry *outbuf_cb;
302 /* A count of how much data the bios have read/written total. Used
303 for rate-limiting. */
304 struct bio_data_counts counts;
306 /* If this value is greater than 0, then the last SSL_write blocked,
307 * and we need to try it again with this many bytes. */
308 ev_ssize_t last_write;
311 ev_uint32_t errors[NUM_ERRORS];
313 /* When we next get available space, we should say "read" instead of
314 "write". This can happen if there's a renegotiation during a read
316 unsigned read_blocked_on_write : 1;
317 /* When we next get data, we should say "write" instead of "read". */
318 unsigned write_blocked_on_read : 1;
319 /* Treat TCP close before SSL close on SSL >= v3 as clean EOF. */
320 unsigned allow_dirty_shutdown : 1;
322 unsigned n_errors : 2;
324 /* Are we currently connecting, accepting, or doing IO? */
326 /* If we reset fd, we sould reset state too */
327 unsigned old_state : 2;
330 static int be_openssl_enable(struct bufferevent *, short);
331 static int be_openssl_disable(struct bufferevent *, short);
332 static void be_openssl_unlink(struct bufferevent *);
333 static void be_openssl_destruct(struct bufferevent *);
334 static int be_openssl_adj_timeouts(struct bufferevent *);
335 static int be_openssl_flush(struct bufferevent *bufev,
336 short iotype, enum bufferevent_flush_mode mode);
337 static int be_openssl_ctrl(struct bufferevent *, enum bufferevent_ctrl_op, union bufferevent_ctrl_data *);
339 const struct bufferevent_ops bufferevent_ops_openssl = {
341 evutil_offsetof(struct bufferevent_openssl, bev.bev),
346 be_openssl_adj_timeouts,
351 /* Given a bufferevent, return a pointer to the bufferevent_openssl that
352 * contains it, if any. */
353 static inline struct bufferevent_openssl *
354 upcast(struct bufferevent *bev)
356 struct bufferevent_openssl *bev_o;
357 if (bev->be_ops != &bufferevent_ops_openssl)
359 bev_o = (void*)( ((char*)bev) -
360 evutil_offsetof(struct bufferevent_openssl, bev.bev));
361 EVUTIL_ASSERT(bev_o->bev.bev.be_ops == &bufferevent_ops_openssl);
366 put_error(struct bufferevent_openssl *bev_ssl, unsigned long err)
368 if (bev_ssl->n_errors == NUM_ERRORS)
370 /* The error type according to openssl is "unsigned long", but
371 openssl never uses more than 32 bits of it. It _can't_ use more
372 than 32 bits of it, since it needs to report errors on systems
373 where long is only 32 bits.
375 bev_ssl->errors[bev_ssl->n_errors++] = (ev_uint32_t) err;
378 /* Have the base communications channel (either the underlying bufferevent or
379 * ev_read and ev_write) start reading. Take the read-blocked-on-write flag
382 start_reading(struct bufferevent_openssl *bev_ssl)
384 if (bev_ssl->underlying) {
385 bufferevent_unsuspend_read_(bev_ssl->underlying,
386 BEV_SUSPEND_FILT_READ);
389 struct bufferevent *bev = &bev_ssl->bev.bev;
391 r = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
392 if (r == 0 && bev_ssl->read_blocked_on_write)
393 r = bufferevent_add_event_(&bev->ev_write,
394 &bev->timeout_write);
399 /* Have the base communications channel (either the underlying bufferevent or
400 * ev_read and ev_write) start writing. Take the write-blocked-on-read flag
403 start_writing(struct bufferevent_openssl *bev_ssl)
406 if (bev_ssl->underlying) {
407 if (bev_ssl->write_blocked_on_read) {
408 bufferevent_unsuspend_read_(bev_ssl->underlying,
409 BEV_SUSPEND_FILT_READ);
412 struct bufferevent *bev = &bev_ssl->bev.bev;
413 r = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
414 if (!r && bev_ssl->write_blocked_on_read)
415 r = bufferevent_add_event_(&bev->ev_read,
422 stop_reading(struct bufferevent_openssl *bev_ssl)
424 if (bev_ssl->write_blocked_on_read)
426 if (bev_ssl->underlying) {
427 bufferevent_suspend_read_(bev_ssl->underlying,
428 BEV_SUSPEND_FILT_READ);
430 struct bufferevent *bev = &bev_ssl->bev.bev;
431 event_del(&bev->ev_read);
436 stop_writing(struct bufferevent_openssl *bev_ssl)
438 if (bev_ssl->read_blocked_on_write)
440 if (bev_ssl->underlying) {
441 bufferevent_unsuspend_read_(bev_ssl->underlying,
442 BEV_SUSPEND_FILT_READ);
444 struct bufferevent *bev = &bev_ssl->bev.bev;
445 event_del(&bev->ev_write);
450 set_rbow(struct bufferevent_openssl *bev_ssl)
452 if (!bev_ssl->underlying)
453 stop_reading(bev_ssl);
454 bev_ssl->read_blocked_on_write = 1;
455 return start_writing(bev_ssl);
459 set_wbor(struct bufferevent_openssl *bev_ssl)
461 if (!bev_ssl->underlying)
462 stop_writing(bev_ssl);
463 bev_ssl->write_blocked_on_read = 1;
464 return start_reading(bev_ssl);
468 clear_rbow(struct bufferevent_openssl *bev_ssl)
470 struct bufferevent *bev = &bev_ssl->bev.bev;
472 bev_ssl->read_blocked_on_write = 0;
473 if (!(bev->enabled & EV_WRITE))
474 stop_writing(bev_ssl);
475 if (bev->enabled & EV_READ)
476 r = start_reading(bev_ssl);
482 clear_wbor(struct bufferevent_openssl *bev_ssl)
484 struct bufferevent *bev = &bev_ssl->bev.bev;
486 bev_ssl->write_blocked_on_read = 0;
487 if (!(bev->enabled & EV_READ))
488 stop_reading(bev_ssl);
489 if (bev->enabled & EV_WRITE)
490 r = start_writing(bev_ssl);
495 conn_closed(struct bufferevent_openssl *bev_ssl, int when, int errcode, int ret)
497 int event = BEV_EVENT_ERROR;
498 int dirty_shutdown = 0;
502 case SSL_ERROR_ZERO_RETURN:
503 /* Possibly a clean shutdown. */
504 if (SSL_get_shutdown(bev_ssl->ssl) & SSL_RECEIVED_SHUTDOWN)
505 event = BEV_EVENT_EOF;
509 case SSL_ERROR_SYSCALL:
510 /* IO error; possibly a dirty shutdown. */
511 if ((ret == 0 || ret == -1) && ERR_peek_error() == 0)
515 /* Protocol error. */
517 case SSL_ERROR_WANT_X509_LOOKUP:
518 /* XXXX handle this. */
521 case SSL_ERROR_WANT_READ:
522 case SSL_ERROR_WANT_WRITE:
523 case SSL_ERROR_WANT_CONNECT:
524 case SSL_ERROR_WANT_ACCEPT:
526 /* should be impossible; treat as normal error. */
527 event_warnx("BUG: Unexpected OpenSSL error code %d", errcode);
531 while ((err = ERR_get_error())) {
532 put_error(bev_ssl, err);
535 if (dirty_shutdown && bev_ssl->allow_dirty_shutdown)
536 event = BEV_EVENT_EOF;
538 stop_reading(bev_ssl);
539 stop_writing(bev_ssl);
541 /* when is BEV_EVENT_{READING|WRITING} */
542 event = when | event;
543 bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
547 init_bio_counts(struct bufferevent_openssl *bev_ssl)
551 wbio = SSL_get_wbio(bev_ssl->ssl);
552 bev_ssl->counts.n_written = wbio ? BIO_number_written(wbio) : 0;
553 rbio = SSL_get_rbio(bev_ssl->ssl);
554 bev_ssl->counts.n_read = rbio ? BIO_number_read(rbio) : 0;
558 decrement_buckets(struct bufferevent_openssl *bev_ssl)
560 unsigned long num_w = BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
561 unsigned long num_r = BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
562 /* These next two subtractions can wrap around. That's okay. */
563 unsigned long w = num_w - bev_ssl->counts.n_written;
564 unsigned long r = num_r - bev_ssl->counts.n_read;
566 bufferevent_decrement_write_buckets_(&bev_ssl->bev, w);
568 bufferevent_decrement_read_buckets_(&bev_ssl->bev, r);
569 bev_ssl->counts.n_written = num_w;
570 bev_ssl->counts.n_read = num_r;
573 #define OP_MADE_PROGRESS 1
577 /* Return a bitmask of OP_MADE_PROGRESS (if we read anything); OP_BLOCKED (if
578 we're now blocked); and OP_ERR (if an error occurred). */
580 do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) {
582 struct bufferevent *bev = &bev_ssl->bev.bev;
583 struct evbuffer *input = bev->input;
584 int r, n, i, n_used = 0, atmost;
585 struct evbuffer_iovec space[2];
588 if (bev_ssl->bev.read_suspended)
591 atmost = bufferevent_get_read_max_(&bev_ssl->bev);
592 if (n_to_read > atmost)
595 n = evbuffer_reserve_space(input, n_to_read, space, 2);
599 for (i=0; i<n; ++i) {
600 if (bev_ssl->bev.read_suspended)
603 r = SSL_read(bev_ssl->ssl, space[i].iov_base, space[i].iov_len);
605 result |= OP_MADE_PROGRESS;
606 if (bev_ssl->read_blocked_on_write)
607 if (clear_rbow(bev_ssl) < 0)
608 return OP_ERR | result;
610 space[i].iov_len = r;
611 decrement_buckets(bev_ssl);
613 int err = SSL_get_error(bev_ssl->ssl, r);
616 case SSL_ERROR_WANT_READ:
617 /* Can't read until underlying has more data. */
618 if (bev_ssl->read_blocked_on_write)
619 if (clear_rbow(bev_ssl) < 0)
620 return OP_ERR | result;
622 case SSL_ERROR_WANT_WRITE:
623 /* This read operation requires a write, and the
624 * underlying is full */
625 if (!bev_ssl->read_blocked_on_write)
626 if (set_rbow(bev_ssl) < 0)
627 return OP_ERR | result;
630 conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
633 result |= OP_BLOCKED;
634 break; /* out of the loop */
639 evbuffer_commit_space(input, space, n_used);
640 if (bev_ssl->underlying)
641 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
647 /* Return a bitmask of OP_MADE_PROGRESS (if we wrote anything); OP_BLOCKED (if
648 we're now blocked); and OP_ERR (if an error occurred). */
650 do_write(struct bufferevent_openssl *bev_ssl, int atmost)
652 int i, r, n, n_written = 0;
653 struct bufferevent *bev = &bev_ssl->bev.bev;
654 struct evbuffer *output = bev->output;
655 struct evbuffer_iovec space[8];
658 if (bev_ssl->last_write > 0)
659 atmost = bev_ssl->last_write;
661 atmost = bufferevent_get_write_max_(&bev_ssl->bev);
663 n = evbuffer_peek(output, atmost, NULL, space, 8);
665 return OP_ERR | result;
669 for (i=0; i < n; ++i) {
670 if (bev_ssl->bev.write_suspended)
673 /* SSL_write will (reasonably) return 0 if we tell it to
674 send 0 data. Skip this case so we don't interpret the
675 result as an error */
676 if (space[i].iov_len == 0)
680 r = SSL_write(bev_ssl->ssl, space[i].iov_base,
683 result |= OP_MADE_PROGRESS;
684 if (bev_ssl->write_blocked_on_read)
685 if (clear_wbor(bev_ssl) < 0)
686 return OP_ERR | result;
688 bev_ssl->last_write = -1;
689 decrement_buckets(bev_ssl);
691 int err = SSL_get_error(bev_ssl->ssl, r);
694 case SSL_ERROR_WANT_WRITE:
695 /* Can't read until underlying has more data. */
696 if (bev_ssl->write_blocked_on_read)
697 if (clear_wbor(bev_ssl) < 0)
698 return OP_ERR | result;
699 bev_ssl->last_write = space[i].iov_len;
701 case SSL_ERROR_WANT_READ:
702 /* This read operation requires a write, and the
703 * underlying is full */
704 if (!bev_ssl->write_blocked_on_read)
705 if (set_wbor(bev_ssl) < 0)
706 return OP_ERR | result;
707 bev_ssl->last_write = space[i].iov_len;
710 conn_closed(bev_ssl, BEV_EVENT_WRITING, err, r);
711 bev_ssl->last_write = -1;
714 result |= OP_BLOCKED;
719 evbuffer_drain(output, n_written);
720 if (bev_ssl->underlying)
721 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
723 bufferevent_trigger_nolock_(bev, EV_WRITE, BEV_OPT_DEFER_CALLBACKS);
728 #define WRITE_FRAME 15000
730 #define READ_DEFAULT 4096
732 /* Try to figure out how many bytes to read; return 0 if we shouldn't be
735 bytes_to_read(struct bufferevent_openssl *bev)
737 struct evbuffer *input = bev->bev.bev.input;
738 struct event_watermark *wm = &bev->bev.bev.wm_read;
739 int result = READ_DEFAULT;
741 /* XXX 99% of this is generic code that nearly all bufferevents will
744 if (bev->write_blocked_on_read) {
748 if (! (bev->bev.bev.enabled & EV_READ)) {
752 if (bev->bev.read_suspended) {
757 if (evbuffer_get_length(input) >= wm->high) {
761 result = wm->high - evbuffer_get_length(input);
763 result = READ_DEFAULT;
766 /* Respect the rate limit */
767 limit = bufferevent_get_read_max_(&bev->bev);
768 if (result > limit) {
776 /* Things look readable. If write is blocked on read, write till it isn't.
777 * Read from the underlying buffer until we block or we hit our high-water
781 consider_reading(struct bufferevent_openssl *bev_ssl)
785 int all_result_flags = 0;
787 while (bev_ssl->write_blocked_on_read) {
788 r = do_write(bev_ssl, WRITE_FRAME);
789 if (r & (OP_BLOCKED|OP_ERR))
792 if (bev_ssl->write_blocked_on_read)
795 n_to_read = bytes_to_read(bev_ssl);
798 r = do_read(bev_ssl, n_to_read);
799 all_result_flags |= r;
801 if (r & (OP_BLOCKED|OP_ERR))
804 if (bev_ssl->bev.read_suspended)
807 /* Read all pending data. This won't hit the network
808 * again, and will (most importantly) put us in a state
809 * where we don't need to read anything else until the
810 * socket is readable again. It'll potentially make us
811 * overrun our read high-watermark (somewhat
812 * regrettable). The damage to the rate-limit has
813 * already been done, since OpenSSL went and read a
814 * whole SSL record anyway. */
815 n_to_read = SSL_pending(bev_ssl->ssl);
817 /* XXX This if statement is actually a bad bug, added to avoid
820 * The bad bug: It can potentially cause resource unfairness
821 * by reading too much data from the underlying bufferevent;
822 * it can potentially cause read looping if the underlying
823 * bufferevent is a bufferevent_pair and deferred callbacks
826 * The worse bug: If we didn't do this, then we would
827 * potentially not read any more from bev_ssl->underlying
828 * until more data arrived there, which could lead to us
831 if (!n_to_read && bev_ssl->underlying)
832 n_to_read = bytes_to_read(bev_ssl);
835 if (all_result_flags & OP_MADE_PROGRESS) {
836 struct bufferevent *bev = &bev_ssl->bev.bev;
838 bufferevent_trigger_nolock_(bev, EV_READ, 0);
841 if (!bev_ssl->underlying) {
842 /* Should be redundant, but let's avoid busy-looping */
843 if (bev_ssl->bev.read_suspended ||
844 !(bev_ssl->bev.bev.enabled & EV_READ)) {
845 event_del(&bev_ssl->bev.bev.ev_read);
851 consider_writing(struct bufferevent_openssl *bev_ssl)
854 struct evbuffer *output = bev_ssl->bev.bev.output;
855 struct evbuffer *target = NULL;
856 struct event_watermark *wm = NULL;
858 while (bev_ssl->read_blocked_on_write) {
859 r = do_read(bev_ssl, 1024); /* XXXX 1024 is a hack */
860 if (r & OP_MADE_PROGRESS) {
861 struct bufferevent *bev = &bev_ssl->bev.bev;
863 bufferevent_trigger_nolock_(bev, EV_READ, 0);
865 if (r & (OP_ERR|OP_BLOCKED))
868 if (bev_ssl->read_blocked_on_write)
870 if (bev_ssl->underlying) {
871 target = bev_ssl->underlying->output;
872 wm = &bev_ssl->underlying->wm_write;
874 while ((bev_ssl->bev.bev.enabled & EV_WRITE) &&
875 (! bev_ssl->bev.write_suspended) &&
876 evbuffer_get_length(output) &&
877 (!target || (! wm->high || evbuffer_get_length(target) < wm->high))) {
880 n_to_write = wm->high - evbuffer_get_length(target);
882 n_to_write = WRITE_FRAME;
883 r = do_write(bev_ssl, n_to_write);
884 if (r & (OP_BLOCKED|OP_ERR))
888 if (!bev_ssl->underlying) {
889 if (evbuffer_get_length(output) == 0) {
890 event_del(&bev_ssl->bev.bev.ev_write);
891 } else if (bev_ssl->bev.write_suspended ||
892 !(bev_ssl->bev.bev.enabled & EV_WRITE)) {
893 /* Should be redundant, but let's avoid busy-looping */
894 event_del(&bev_ssl->bev.bev.ev_write);
900 be_openssl_readcb(struct bufferevent *bev_base, void *ctx)
902 struct bufferevent_openssl *bev_ssl = ctx;
903 consider_reading(bev_ssl);
907 be_openssl_writecb(struct bufferevent *bev_base, void *ctx)
909 struct bufferevent_openssl *bev_ssl = ctx;
910 consider_writing(bev_ssl);
914 be_openssl_eventcb(struct bufferevent *bev_base, short what, void *ctx)
916 struct bufferevent_openssl *bev_ssl = ctx;
919 if (what & BEV_EVENT_EOF) {
920 if (bev_ssl->allow_dirty_shutdown)
921 event = BEV_EVENT_EOF;
923 event = BEV_EVENT_ERROR;
924 } else if (what & BEV_EVENT_TIMEOUT) {
925 /* We sure didn't set this. Propagate it to the user. */
927 } else if (what & BEV_EVENT_ERROR) {
928 /* An error occurred on the connection. Propagate it to the user. */
930 } else if (what & BEV_EVENT_CONNECTED) {
931 /* Ignore it. We're saying SSL_connect() already, which will
935 bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
939 be_openssl_readeventcb(evutil_socket_t fd, short what, void *ptr)
941 struct bufferevent_openssl *bev_ssl = ptr;
942 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
943 if (what == EV_TIMEOUT) {
944 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
945 BEV_EVENT_TIMEOUT|BEV_EVENT_READING, 0);
947 consider_reading(bev_ssl);
949 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
953 be_openssl_writeeventcb(evutil_socket_t fd, short what, void *ptr)
955 struct bufferevent_openssl *bev_ssl = ptr;
956 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
957 if (what == EV_TIMEOUT) {
958 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
959 BEV_EVENT_TIMEOUT|BEV_EVENT_WRITING, 0);
961 consider_writing(bev_ssl);
963 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
967 be_openssl_auto_fd(struct bufferevent_openssl *bev_ssl, int fd)
969 if (!bev_ssl->underlying) {
970 struct bufferevent *bev = &bev_ssl->bev.bev;
971 if (event_initialized(&bev->ev_read) && fd < 0) {
972 fd = event_get_fd(&bev->ev_read);
979 set_open_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
981 if (bev_ssl->underlying) {
982 bufferevent_setcb(bev_ssl->underlying,
983 be_openssl_readcb, be_openssl_writecb, be_openssl_eventcb,
987 struct bufferevent *bev = &bev_ssl->bev.bev;
988 int rpending=0, wpending=0, r1=0, r2=0;
990 if (event_initialized(&bev->ev_read)) {
991 rpending = event_pending(&bev->ev_read, EV_READ, NULL);
992 wpending = event_pending(&bev->ev_write, EV_WRITE, NULL);
994 event_del(&bev->ev_read);
995 event_del(&bev->ev_write);
998 event_assign(&bev->ev_read, bev->ev_base, fd,
999 EV_READ|EV_PERSIST|EV_FINALIZE,
1000 be_openssl_readeventcb, bev_ssl);
1001 event_assign(&bev->ev_write, bev->ev_base, fd,
1002 EV_WRITE|EV_PERSIST|EV_FINALIZE,
1003 be_openssl_writeeventcb, bev_ssl);
1006 r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
1008 r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
1010 return (r1<0 || r2<0) ? -1 : 0;
1015 do_handshake(struct bufferevent_openssl *bev_ssl)
1019 switch (bev_ssl->state) {
1021 case BUFFEREVENT_SSL_OPEN:
1024 case BUFFEREVENT_SSL_CONNECTING:
1025 case BUFFEREVENT_SSL_ACCEPTING:
1027 r = SSL_do_handshake(bev_ssl->ssl);
1030 decrement_buckets(bev_ssl);
1033 int fd = event_get_fd(&bev_ssl->bev.bev.ev_read);
1035 bev_ssl->state = BUFFEREVENT_SSL_OPEN;
1036 set_open_callbacks(bev_ssl, fd); /* XXXX handle failure */
1037 /* Call do_read and do_write as needed */
1038 bufferevent_enable(&bev_ssl->bev.bev, bev_ssl->bev.bev.enabled);
1039 bufferevent_run_eventcb_(&bev_ssl->bev.bev,
1040 BEV_EVENT_CONNECTED, 0);
1043 int err = SSL_get_error(bev_ssl->ssl, r);
1046 case SSL_ERROR_WANT_WRITE:
1047 stop_reading(bev_ssl);
1048 return start_writing(bev_ssl);
1049 case SSL_ERROR_WANT_READ:
1050 stop_writing(bev_ssl);
1051 return start_reading(bev_ssl);
1053 conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
1060 be_openssl_handshakecb(struct bufferevent *bev_base, void *ctx)
1062 struct bufferevent_openssl *bev_ssl = ctx;
1063 do_handshake(bev_ssl);/* XXX handle failure */
1067 be_openssl_handshakeeventcb(evutil_socket_t fd, short what, void *ptr)
1069 struct bufferevent_openssl *bev_ssl = ptr;
1071 bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
1072 if (what & EV_TIMEOUT) {
1073 bufferevent_run_eventcb_(&bev_ssl->bev.bev, BEV_EVENT_TIMEOUT, 0);
1075 do_handshake(bev_ssl);/* XXX handle failure */
1076 bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
1080 set_handshake_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
1082 if (bev_ssl->underlying) {
1083 bufferevent_setcb(bev_ssl->underlying,
1084 be_openssl_handshakecb, be_openssl_handshakecb,
1091 if (bufferevent_setfd(bev_ssl->underlying, fd))
1094 return do_handshake(bev_ssl);
1096 struct bufferevent *bev = &bev_ssl->bev.bev;
1098 if (event_initialized(&bev->ev_read)) {
1099 event_del(&bev->ev_read);
1100 event_del(&bev->ev_write);
1103 event_assign(&bev->ev_read, bev->ev_base, fd,
1104 EV_READ|EV_PERSIST|EV_FINALIZE,
1105 be_openssl_handshakeeventcb, bev_ssl);
1106 event_assign(&bev->ev_write, bev->ev_base, fd,
1107 EV_WRITE|EV_PERSIST|EV_FINALIZE,
1108 be_openssl_handshakeeventcb, bev_ssl);
1110 bufferevent_enable(bev, bev->enabled);
1116 bufferevent_ssl_renegotiate(struct bufferevent *bev)
1118 struct bufferevent_openssl *bev_ssl = upcast(bev);
1121 if (SSL_renegotiate(bev_ssl->ssl) < 0)
1123 bev_ssl->state = BUFFEREVENT_SSL_CONNECTING;
1124 if (set_handshake_callbacks(bev_ssl, be_openssl_auto_fd(bev_ssl, -1)) < 0)
1126 if (!bev_ssl->underlying)
1127 return do_handshake(bev_ssl);
1132 be_openssl_outbuf_cb(struct evbuffer *buf,
1133 const struct evbuffer_cb_info *cbinfo, void *arg)
1135 struct bufferevent_openssl *bev_ssl = arg;
1137 /* XXX need to hold a reference here. */
1139 if (cbinfo->n_added && bev_ssl->state == BUFFEREVENT_SSL_OPEN) {
1140 if (cbinfo->orig_size == 0)
1141 r = bufferevent_add_event_(&bev_ssl->bev.bev.ev_write,
1142 &bev_ssl->bev.bev.timeout_write);
1144 if (bev_ssl->underlying)
1145 consider_writing(bev_ssl);
1147 /* XXX Handle r < 0 */
1153 be_openssl_enable(struct bufferevent *bev, short events)
1155 struct bufferevent_openssl *bev_ssl = upcast(bev);
1158 if (events & EV_READ)
1159 r1 = start_reading(bev_ssl);
1160 if (events & EV_WRITE)
1161 r2 = start_writing(bev_ssl);
1163 if (bev_ssl->underlying) {
1164 if (events & EV_READ)
1165 BEV_RESET_GENERIC_READ_TIMEOUT(bev);
1166 if (events & EV_WRITE)
1167 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
1169 if (events & EV_READ)
1170 consider_reading(bev_ssl);
1171 if (events & EV_WRITE)
1172 consider_writing(bev_ssl);
1174 return (r1 < 0 || r2 < 0) ? -1 : 0;
1178 be_openssl_disable(struct bufferevent *bev, short events)
1180 struct bufferevent_openssl *bev_ssl = upcast(bev);
1182 if (events & EV_READ)
1183 stop_reading(bev_ssl);
1184 if (events & EV_WRITE)
1185 stop_writing(bev_ssl);
1187 if (bev_ssl->underlying) {
1188 if (events & EV_READ)
1189 BEV_DEL_GENERIC_READ_TIMEOUT(bev);
1190 if (events & EV_WRITE)
1191 BEV_DEL_GENERIC_WRITE_TIMEOUT(bev);
1197 be_openssl_unlink(struct bufferevent *bev)
1199 struct bufferevent_openssl *bev_ssl = upcast(bev);
1201 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1202 if (bev_ssl->underlying) {
1203 if (BEV_UPCAST(bev_ssl->underlying)->refcnt < 2) {
1204 event_warnx("BEV_OPT_CLOSE_ON_FREE set on an "
1205 "bufferevent with too few references");
1207 bufferevent_free(bev_ssl->underlying);
1208 /* We still have a reference to it, via our
1209 * BIO. So we don't drop this. */
1210 // bev_ssl->underlying = NULL;
1214 if (bev_ssl->underlying) {
1215 if (bev_ssl->underlying->errorcb == be_openssl_eventcb)
1216 bufferevent_setcb(bev_ssl->underlying,
1217 NULL,NULL,NULL,NULL);
1218 bufferevent_unsuspend_read_(bev_ssl->underlying,
1219 BEV_SUSPEND_FILT_READ);
1225 be_openssl_destruct(struct bufferevent *bev)
1227 struct bufferevent_openssl *bev_ssl = upcast(bev);
1229 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1230 if (! bev_ssl->underlying) {
1231 evutil_socket_t fd = -1;
1232 BIO *bio = SSL_get_wbio(bev_ssl->ssl);
1234 fd = BIO_get_fd(bio, NULL);
1236 evutil_closesocket(fd);
1238 SSL_free(bev_ssl->ssl);
1243 be_openssl_adj_timeouts(struct bufferevent *bev)
1245 struct bufferevent_openssl *bev_ssl = upcast(bev);
1247 if (bev_ssl->underlying) {
1248 return bufferevent_generic_adj_timeouts_(bev);
1250 return bufferevent_generic_adj_existing_timeouts_(bev);
1255 be_openssl_flush(struct bufferevent *bufev,
1256 short iotype, enum bufferevent_flush_mode mode)
1258 /* XXXX Implement this. */
1263 be_openssl_set_fd(struct bufferevent_openssl *bev_ssl,
1264 enum bufferevent_ssl_state state, int fd)
1266 bev_ssl->state = state;
1269 case BUFFEREVENT_SSL_ACCEPTING:
1270 SSL_set_accept_state(bev_ssl->ssl);
1271 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1274 case BUFFEREVENT_SSL_CONNECTING:
1275 SSL_set_connect_state(bev_ssl->ssl);
1276 if (set_handshake_callbacks(bev_ssl, fd) < 0)
1279 case BUFFEREVENT_SSL_OPEN:
1280 if (set_open_callbacks(bev_ssl, fd) < 0)
1291 be_openssl_ctrl(struct bufferevent *bev,
1292 enum bufferevent_ctrl_op op, union bufferevent_ctrl_data *data)
1294 struct bufferevent_openssl *bev_ssl = upcast(bev);
1296 case BEV_CTRL_SET_FD:
1297 if (!bev_ssl->underlying) {
1299 bio = BIO_new_socket(data->fd, 0);
1300 SSL_set_bio(bev_ssl->ssl, bio, bio);
1303 if (!(bio = BIO_new_bufferevent(bev_ssl->underlying, 0)))
1305 SSL_set_bio(bev_ssl->ssl, bio, bio);
1308 return be_openssl_set_fd(bev_ssl, bev_ssl->old_state, data->fd);
1309 case BEV_CTRL_GET_FD:
1310 if (bev_ssl->underlying) {
1311 data->fd = event_get_fd(&bev_ssl->underlying->ev_read);
1313 data->fd = event_get_fd(&bev->ev_read);
1316 case BEV_CTRL_GET_UNDERLYING:
1317 data->ptr = bev_ssl->underlying;
1319 case BEV_CTRL_CANCEL_ALL:
1326 bufferevent_openssl_get_ssl(struct bufferevent *bufev)
1328 struct bufferevent_openssl *bev_ssl = upcast(bufev);
1331 return bev_ssl->ssl;
1334 static struct bufferevent *
1335 bufferevent_openssl_new_impl(struct event_base *base,
1336 struct bufferevent *underlying,
1339 enum bufferevent_ssl_state state,
1342 struct bufferevent_openssl *bev_ssl = NULL;
1343 struct bufferevent_private *bev_p = NULL;
1344 int tmp_options = options & ~BEV_OPT_THREADSAFE;
1346 if (underlying != NULL && fd >= 0)
1347 return NULL; /* Only one can be set. */
1349 if (!(bev_ssl = mm_calloc(1, sizeof(struct bufferevent_openssl))))
1352 bev_p = &bev_ssl->bev;
1354 if (bufferevent_init_common_(bev_p, base,
1355 &bufferevent_ops_openssl, tmp_options) < 0)
1358 /* Don't explode if we decide to realloc a chunk we're writing from in
1359 * the output buffer. */
1360 SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1362 bev_ssl->underlying = underlying;
1365 bev_ssl->outbuf_cb = evbuffer_add_cb(bev_p->bev.output,
1366 be_openssl_outbuf_cb, bev_ssl);
1368 if (options & BEV_OPT_THREADSAFE)
1369 bufferevent_enable_locking_(&bev_ssl->bev.bev, NULL);
1372 bufferevent_init_generic_timeout_cbs_(&bev_ssl->bev.bev);
1373 bufferevent_incref_(underlying);
1376 bev_ssl->old_state = state;
1377 bev_ssl->last_write = -1;
1379 init_bio_counts(bev_ssl);
1381 fd = be_openssl_auto_fd(bev_ssl, fd);
1382 if (be_openssl_set_fd(bev_ssl, state, fd))
1386 bufferevent_setwatermark(underlying, EV_READ, 0, 0);
1387 bufferevent_enable(underlying, EV_READ|EV_WRITE);
1388 if (state == BUFFEREVENT_SSL_OPEN)
1389 bufferevent_suspend_read_(underlying,
1390 BEV_SUSPEND_FILT_READ);
1393 return &bev_ssl->bev.bev;
1396 bufferevent_free(&bev_ssl->bev.bev);
1400 struct bufferevent *
1401 bufferevent_openssl_filter_new(struct event_base *base,
1402 struct bufferevent *underlying,
1404 enum bufferevent_ssl_state state,
1407 /* We don't tell the BIO to close the bufferevent; we do it ourselves
1408 * on be_openssl_destruct */
1409 int close_flag = 0; /* options & BEV_OPT_CLOSE_ON_FREE; */
1413 if (!(bio = BIO_new_bufferevent(underlying, close_flag)))
1416 SSL_set_bio(ssl, bio, bio);
1418 return bufferevent_openssl_new_impl(
1419 base, underlying, -1, ssl, state, options);
1422 struct bufferevent *
1423 bufferevent_openssl_socket_new(struct event_base *base,
1426 enum bufferevent_ssl_state state,
1429 /* Does the SSL already have an fd? */
1430 BIO *bio = SSL_get_wbio(ssl);
1434 have_fd = BIO_get_fd(bio, NULL);
1437 /* The SSL is already configured with an fd. */
1439 /* We should learn the fd from the SSL. */
1440 fd = (evutil_socket_t) have_fd;
1441 } else if (have_fd == (long)fd) {
1442 /* We already know the fd from the SSL; do nothing */
1444 /* We specified an fd different from that of the SSL.
1445 This is probably an error on our part. Fail. */
1448 (void) BIO_set_close(bio, 0);
1450 /* The SSL isn't configured with a BIO with an fd. */
1452 /* ... and we have an fd we want to use. */
1453 bio = BIO_new_socket(fd, 0);
1454 SSL_set_bio(ssl, bio, bio);
1456 /* Leave the fd unset. */
1460 return bufferevent_openssl_new_impl(
1461 base, NULL, fd, ssl, state, options);
1465 bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev)
1467 int allow_dirty_shutdown = -1;
1468 struct bufferevent_openssl *bev_ssl;
1470 bev_ssl = upcast(bev);
1472 allow_dirty_shutdown = bev_ssl->allow_dirty_shutdown;
1474 return allow_dirty_shutdown;
1478 bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev,
1479 int allow_dirty_shutdown)
1481 struct bufferevent_openssl *bev_ssl;
1483 bev_ssl = upcast(bev);
1485 bev_ssl->allow_dirty_shutdown = !!allow_dirty_shutdown;
1490 bufferevent_get_openssl_error(struct bufferevent *bev)
1492 unsigned long err = 0;
1493 struct bufferevent_openssl *bev_ssl;
1495 bev_ssl = upcast(bev);
1496 if (bev_ssl && bev_ssl->n_errors) {
1497 err = bev_ssl->errors[--bev_ssl->n_errors];