1/* 2 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. The name of the author may not be used to endorse or promote products 13 * derived from this software without specific prior written permission. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#include <sys/types.h> 28 29#include "event2/event-config.h" 30 31#ifdef _EVENT_HAVE_SYS_TIME_H 32#include <sys/time.h> 33#endif 34 35#include <errno.h> 36#include <stdio.h> 37#include <stdlib.h> 38#include <string.h> 39#ifdef _EVENT_HAVE_STDARG_H 40#include <stdarg.h> 41#endif 42#ifdef _EVENT_HAVE_UNISTD_H 43#include <unistd.h> 44#endif 45 46#ifdef WIN32 47#include <winsock2.h> 48#endif 49 50#include "event2/bufferevent.h" 51#include "event2/bufferevent_struct.h" 52#include "event2/bufferevent_ssl.h" 53#include "event2/buffer.h" 54#include "event2/event.h" 55 56#include "mm-internal.h" 57#include "bufferevent-internal.h" 58#include "log-internal.h" 59 60#include <openssl/bio.h> 61#include <openssl/ssl.h> 62#include <openssl/err.h> 63 64/* 65 * Define an OpenSSL bio that targets a bufferevent. 66 */ 67 68/* -------------------- 69 A BIO is an OpenSSL abstraction that handles reading and writing data. The 70 library will happily speak SSL over anything that implements a BIO 71 interface. 72 73 Here we define a BIO implementation that directs its output to a 74 bufferevent. We'll want to use this only when none of OpenSSL's built-in 75 IO mechanisms work for us. 76 -------------------- */ 77 78/* every BIO type needs its own integer type value. */ 79#define BIO_TYPE_LIBEVENT 57 80/* ???? Arguably, we should set BIO_TYPE_FILTER or BIO_TYPE_SOURCE_SINK on 81 * this. */ 82 83#if 0 84static void 85print_err(int val) 86{ 87 int err; 88 printf("Error was %d\n", val); 89 90 while ((err = ERR_get_error()))x { 91 const char *msg = (const char*)ERR_reason_error_string(err); 92 const char *lib = (const char*)ERR_lib_error_string(err); 93 const char *func = (const char*)ERR_func_error_string(err); 94 95 printf("%s in %s %s\n", msg, lib, func); 96 } 97} 98#else 99#define print_err(v) ((void)0) 100#endif 101 102/* Called to initialize a new BIO */ 103static int 104bio_bufferevent_new(BIO *b) 105{ 106 b->init = 0; 107 b->num = -1; 108 b->ptr = NULL; /* We'll be putting the bufferevent in this field.*/ 109 b->flags = 0; 110 return 1; 111} 112 113/* Called to uninitialize the BIO. */ 114static int 115bio_bufferevent_free(BIO *b) 116{ 117 if (!b) 118 return 0; 119 if (b->shutdown) { 120 if (b->init && b->ptr) 121 bufferevent_free(b->ptr); 122 b->init = 0; 123 b->flags = 0; 124 b->ptr = NULL; 125 } 126 return 1; 127} 128 129/* Called to extract data from the BIO. */ 130static int 131bio_bufferevent_read(BIO *b, char *out, int outlen) 132{ 133 int r = 0; 134 struct evbuffer *input; 135 136 BIO_clear_retry_flags(b); 137 138 if (!out) 139 return 0; 140 if (!b->ptr) 141 return -1; 142 143 input = bufferevent_get_input(b->ptr); 144 if (evbuffer_get_length(input) == 0) { 145 /* If there's no data to read, say so. */ 146 BIO_set_retry_read(b); 147 return -1; 148 } else { 149 r = evbuffer_remove(input, out, outlen); 150 } 151 152 return r; 153} 154 155/* Called to write data info the BIO */ 156static int 157bio_bufferevent_write(BIO *b, const char *in, int inlen) 158{ 159 struct bufferevent *bufev = b->ptr; 160 struct evbuffer *output; 161 size_t outlen; 162 163 BIO_clear_retry_flags(b); 164 165 if (!b->ptr) 166 return -1; 167 168 output = bufferevent_get_output(bufev); 169 outlen = evbuffer_get_length(output); 170 171 /* Copy only as much data onto the output buffer as can fit under the 172 * high-water mark. */ 173 if (bufev->wm_write.high && bufev->wm_write.high <= (outlen+inlen)) { 174 if (bufev->wm_write.high <= outlen) { 175 /* If no data can fit, we'll need to retry later. */ 176 BIO_set_retry_write(b); 177 return -1; 178 } 179 inlen = bufev->wm_write.high - outlen; 180 } 181 182 EVUTIL_ASSERT(inlen > 0); 183 evbuffer_add(output, in, inlen); 184 return inlen; 185} 186 187/* Called to handle various requests */ 188static long 189bio_bufferevent_ctrl(BIO *b, int cmd, long num, void *ptr) 190{ 191 struct bufferevent *bufev = b->ptr; 192 long ret = 1; 193 194 switch (cmd) { 195 case BIO_CTRL_GET_CLOSE: 196 ret = b->shutdown; 197 break; 198 case BIO_CTRL_SET_CLOSE: 199 b->shutdown = (int)num; 200 break; 201 case BIO_CTRL_PENDING: 202 ret = evbuffer_get_length(bufferevent_get_input(bufev)) != 0; 203 break; 204 case BIO_CTRL_WPENDING: 205 ret = evbuffer_get_length(bufferevent_get_output(bufev)) != 0; 206 break; 207 /* XXXX These two are given a special-case treatment because 208 * of cargo-cultism. I should come up with a better reason. */ 209 case BIO_CTRL_DUP: 210 case BIO_CTRL_FLUSH: 211 ret = 1; 212 break; 213 default: 214 ret = 0; 215 break; 216 } 217 return ret; 218} 219 220/* Called to write a string to the BIO */ 221static int 222bio_bufferevent_puts(BIO *b, const char *s) 223{ 224 return bio_bufferevent_write(b, s, strlen(s)); 225} 226 227/* Method table for the bufferevent BIO */ 228static BIO_METHOD methods_bufferevent = { 229 BIO_TYPE_LIBEVENT, "bufferevent", 230 bio_bufferevent_write, 231 bio_bufferevent_read, 232 bio_bufferevent_puts, 233 NULL /* bio_bufferevent_gets */, 234 bio_bufferevent_ctrl, 235 bio_bufferevent_new, 236 bio_bufferevent_free, 237 NULL /* callback_ctrl */, 238}; 239 240/* Return the method table for the bufferevents BIO */ 241static BIO_METHOD * 242BIO_s_bufferevent(void) 243{ 244 return &methods_bufferevent; 245} 246 247/* Create a new BIO to wrap communication around a bufferevent. If close_flag 248 * is true, the bufferevent will be freed when the BIO is closed. */ 249static BIO * 250BIO_new_bufferevent(struct bufferevent *bufferevent, int close_flag) 251{ 252 BIO *result; 253 if (!bufferevent) 254 return NULL; 255 if (!(result = BIO_new(BIO_s_bufferevent()))) 256 return NULL; 257 result->init = 1; 258 result->ptr = bufferevent; 259 result->shutdown = close_flag ? 1 : 0; 260 return result; 261} 262 263/* -------------------- 264 Now, here's the OpenSSL-based implementation of bufferevent. 265 266 The implementation comes in two flavors: one that connects its SSL object 267 to an underlying bufferevent using a BIO_bufferevent, and one that has the 268 SSL object connect to a socket directly. The latter should generally be 269 faster, except on Windows, where your best bet is using a 270 bufferevent_async. 271 272 (OpenSSL supports many other BIO types, too. But we can't use any unless 273 we have a good way to get notified when they become readable/writable.) 274 -------------------- */ 275 276struct bio_data_counts { 277 unsigned long n_written; 278 unsigned long n_read; 279}; 280 281struct bufferevent_openssl { 282 /* Shared fields with common bufferevent implementation code. 283 If we were set up with an underlying bufferevent, we use the 284 events here as timers only. If we have an SSL, then we use 285 the events as socket events. 286 */ 287 struct bufferevent_private bev; 288 /* An underlying bufferevent that we're directing our output to. 289 If it's NULL, then we're connected to an fd, not an evbuffer. */ 290 struct bufferevent *underlying; 291 /* The SSL object doing our encryption. */ 292 SSL *ssl; 293 294 /* A callback that's invoked when data arrives on our outbuf so we 295 know to write data to the SSL. */ 296 struct evbuffer_cb_entry *outbuf_cb; 297 298 /* A count of how much data the bios have read/written total. Used 299 for rate-limiting. */ 300 struct bio_data_counts counts; 301 302 /* If this value is greater than 0, then the last SSL_write blocked, 303 * and we need to try it again with this many bytes. */ 304 ev_ssize_t last_write; 305 306#define NUM_ERRORS 3 307 ev_uint32_t errors[NUM_ERRORS]; 308 309 /* When we next get available space, we should say "read" instead of 310 "write". This can happen if there's a renegotiation during a read 311 operation. */ 312 unsigned read_blocked_on_write : 1; 313 /* When we next get data, we should say "write" instead of "read". */ 314 unsigned write_blocked_on_read : 1; 315 /* XXX */ 316 unsigned allow_dirty_shutdown : 1; 317 /* XXXX */ 318 unsigned fd_is_set : 1; 319 /* XXX */ 320 unsigned n_errors : 2; 321 322 /* Are we currently connecting, accepting, or doing IO? */ 323 unsigned state : 2; 324}; 325 326static int be_openssl_enable(struct bufferevent *, short); 327static int be_openssl_disable(struct bufferevent *, short); 328static void be_openssl_destruct(struct bufferevent *); 329static int be_openssl_adj_timeouts(struct bufferevent *); 330static int be_openssl_flush(struct bufferevent *bufev, 331 short iotype, enum bufferevent_flush_mode mode); 332static int be_openssl_ctrl(struct bufferevent *, enum bufferevent_ctrl_op, union bufferevent_ctrl_data *); 333 334const struct bufferevent_ops bufferevent_ops_openssl = { 335 "ssl", 336 evutil_offsetof(struct bufferevent_openssl, bev.bev), 337 be_openssl_enable, 338 be_openssl_disable, 339 be_openssl_destruct, 340 be_openssl_adj_timeouts, 341 be_openssl_flush, 342 be_openssl_ctrl, 343}; 344 345/* Given a bufferevent, return a pointer to the bufferevent_openssl that 346 * contains it, if any. */ 347static inline struct bufferevent_openssl * 348upcast(struct bufferevent *bev) 349{ 350 struct bufferevent_openssl *bev_o; 351 if (bev->be_ops != &bufferevent_ops_openssl) 352 return NULL; 353 bev_o = (void*)( ((char*)bev) - 354 evutil_offsetof(struct bufferevent_openssl, bev.bev)); 355 EVUTIL_ASSERT(bev_o->bev.bev.be_ops == &bufferevent_ops_openssl); 356 return bev_o; 357} 358 359static inline void 360put_error(struct bufferevent_openssl *bev_ssl, unsigned long err) 361{ 362 if (bev_ssl->n_errors == NUM_ERRORS) 363 return; 364 /* The error type according to openssl is "unsigned long", but 365 openssl never uses more than 32 bits of it. It _can't_ use more 366 than 32 bits of it, since it needs to report errors on systems 367 where long is only 32 bits. 368 */ 369 bev_ssl->errors[bev_ssl->n_errors++] = (ev_uint32_t) err; 370} 371 372/* Have the base communications channel (either the underlying bufferevent or 373 * ev_read and ev_write) start reading. Take the read-blocked-on-write flag 374 * into account. */ 375static int 376start_reading(struct bufferevent_openssl *bev_ssl) 377{ 378 if (bev_ssl->underlying) { 379 bufferevent_unsuspend_read(bev_ssl->underlying, 380 BEV_SUSPEND_FILT_READ); 381 return 0; 382 } else { 383 struct bufferevent *bev = &bev_ssl->bev.bev; 384 int r; 385 r = _bufferevent_add_event(&bev->ev_read, &bev->timeout_read); 386 if (r == 0 && bev_ssl->read_blocked_on_write) 387 r = _bufferevent_add_event(&bev->ev_write, 388 &bev->timeout_write); 389 return r; 390 } 391} 392 393/* Have the base communications channel (either the underlying bufferevent or 394 * ev_read and ev_write) start writing. Take the write-blocked-on-read flag 395 * into account. */ 396static int 397start_writing(struct bufferevent_openssl *bev_ssl) 398{ 399 int r = 0; 400 if (bev_ssl->underlying) { 401 ; 402 } else { 403 struct bufferevent *bev = &bev_ssl->bev.bev; 404 r = _bufferevent_add_event(&bev->ev_write, &bev->timeout_write); 405 if (!r && bev_ssl->write_blocked_on_read) 406 r = _bufferevent_add_event(&bev->ev_read, 407 &bev->timeout_read); 408 } 409 return r; 410} 411 412static void 413stop_reading(struct bufferevent_openssl *bev_ssl) 414{ 415 if (bev_ssl->write_blocked_on_read) 416 return; 417 if (bev_ssl->underlying) { 418 bufferevent_suspend_read(bev_ssl->underlying, 419 BEV_SUSPEND_FILT_READ); 420 } else { 421 struct bufferevent *bev = &bev_ssl->bev.bev; 422 event_del(&bev->ev_read); 423 } 424} 425 426static void 427stop_writing(struct bufferevent_openssl *bev_ssl) 428{ 429 if (bev_ssl->read_blocked_on_write) 430 return; 431 if (bev_ssl->underlying) { 432 ; 433 } else { 434 struct bufferevent *bev = &bev_ssl->bev.bev; 435 event_del(&bev->ev_write); 436 } 437} 438 439static int 440set_rbow(struct bufferevent_openssl *bev_ssl) 441{ 442 if (!bev_ssl->underlying) 443 stop_reading(bev_ssl); 444 bev_ssl->read_blocked_on_write = 1; 445 return start_writing(bev_ssl); 446} 447 448static int 449set_wbor(struct bufferevent_openssl *bev_ssl) 450{ 451 if (!bev_ssl->underlying) 452 stop_writing(bev_ssl); 453 bev_ssl->write_blocked_on_read = 1; 454 return start_reading(bev_ssl); 455} 456 457static int 458clear_rbow(struct bufferevent_openssl *bev_ssl) 459{ 460 struct bufferevent *bev = &bev_ssl->bev.bev; 461 int r = 0; 462 bev_ssl->read_blocked_on_write = 0; 463 if (!(bev->enabled & EV_WRITE)) 464 stop_writing(bev_ssl); 465 if (bev->enabled & EV_READ) 466 r = start_reading(bev_ssl); 467 return r; 468} 469 470 471static int 472clear_wbor(struct bufferevent_openssl *bev_ssl) 473{ 474 struct bufferevent *bev = &bev_ssl->bev.bev; 475 int r = 0; 476 bev_ssl->write_blocked_on_read = 0; 477 if (!(bev->enabled & EV_READ)) 478 stop_reading(bev_ssl); 479 if (bev->enabled & EV_WRITE) 480 r = start_writing(bev_ssl); 481 return r; 482} 483 484static void 485conn_closed(struct bufferevent_openssl *bev_ssl, int errcode, int ret) 486{ 487 int event = BEV_EVENT_ERROR; 488 int dirty_shutdown = 0; 489 unsigned long err; 490 491 switch (errcode) { 492 case SSL_ERROR_ZERO_RETURN: 493 /* Possibly a clean shutdown. */ 494 if (SSL_get_shutdown(bev_ssl->ssl) & SSL_RECEIVED_SHUTDOWN) 495 event = BEV_EVENT_EOF; 496 else 497 dirty_shutdown = 1; 498 break; 499 case SSL_ERROR_SYSCALL: 500 /* IO error; possibly a dirty shutdown. */ 501 if (ret == 0 && ERR_peek_error() == 0) 502 dirty_shutdown = 1; 503 break; 504 case SSL_ERROR_SSL: 505 /* Protocol error. */ 506 break; 507 case SSL_ERROR_WANT_X509_LOOKUP: 508 /* XXXX handle this. */ 509 break; 510 case SSL_ERROR_NONE: 511 case SSL_ERROR_WANT_READ: 512 case SSL_ERROR_WANT_WRITE: 513 case SSL_ERROR_WANT_CONNECT: 514 case SSL_ERROR_WANT_ACCEPT: 515 default: 516 /* should be impossible; treat as normal error. */ 517 event_warnx("BUG: Unexpected OpenSSL error code %d", errcode); 518 break; 519 } 520 521 while ((err = ERR_get_error())) { 522 put_error(bev_ssl, err); 523 } 524 525 if (dirty_shutdown && bev_ssl->allow_dirty_shutdown) 526 event = BEV_EVENT_EOF; 527 528 stop_reading(bev_ssl); 529 stop_writing(bev_ssl); 530 531 _bufferevent_run_eventcb(&bev_ssl->bev.bev, event); 532} 533 534static void 535init_bio_counts(struct bufferevent_openssl *bev_ssl) 536{ 537 bev_ssl->counts.n_written = 538 BIO_number_written(SSL_get_wbio(bev_ssl->ssl)); 539 bev_ssl->counts.n_read = 540 BIO_number_read(SSL_get_rbio(bev_ssl->ssl)); 541} 542 543static inline void 544decrement_buckets(struct bufferevent_openssl *bev_ssl) 545{ 546 unsigned long num_w = BIO_number_written(SSL_get_wbio(bev_ssl->ssl)); 547 unsigned long num_r = BIO_number_read(SSL_get_rbio(bev_ssl->ssl)); 548 /* These next two subtractions can wrap around. That's okay. */ 549 unsigned long w = num_w - bev_ssl->counts.n_written; 550 unsigned long r = num_r - bev_ssl->counts.n_read; 551 if (w) 552 _bufferevent_decrement_write_buckets(&bev_ssl->bev, w); 553 if (r) 554 _bufferevent_decrement_read_buckets(&bev_ssl->bev, r); 555 bev_ssl->counts.n_written = num_w; 556 bev_ssl->counts.n_read = num_r; 557} 558 559/* returns -1 on internal error, 0 on stall, 1 on progress */ 560static int 561do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) 562{ 563 /* Requires lock */ 564 struct bufferevent *bev = &bev_ssl->bev.bev; 565 struct evbuffer *input = bev->input; 566 int r, n, i, n_used = 0, blocked = 0, atmost; 567 struct evbuffer_iovec space[2]; 568 569 atmost = _bufferevent_get_read_max(&bev_ssl->bev); 570 if (n_to_read > atmost) 571 n_to_read = atmost; 572 573 n = evbuffer_reserve_space(input, n_to_read, space, 2); 574 if (n < 0) 575 return -1; 576 577 for (i=0; i<n; ++i) { 578 if (bev_ssl->bev.read_suspended) 579 break; 580 r = SSL_read(bev_ssl->ssl, space[i].iov_base, space[i].iov_len); 581 if (r>0) { 582 if (bev_ssl->read_blocked_on_write) 583 if (clear_rbow(bev_ssl) < 0) 584 return -1; 585 ++n_used; 586 space[i].iov_len = r; 587 decrement_buckets(bev_ssl); 588 } else { 589 int err = SSL_get_error(bev_ssl->ssl, r); 590 print_err(err); 591 switch (err) { 592 case SSL_ERROR_WANT_READ: 593 /* Can't read until underlying has more data. */ 594 if (bev_ssl->read_blocked_on_write) 595 if (clear_rbow(bev_ssl) < 0) 596 return -1; 597 break; 598 case SSL_ERROR_WANT_WRITE: 599 /* This read operation requires a write, and the 600 * underlying is full */ 601 if (!bev_ssl->read_blocked_on_write) 602 if (set_rbow(bev_ssl) < 0) 603 return -1; 604 break; 605 default: 606 conn_closed(bev_ssl, err, r); 607 break; 608 } 609 blocked = 1; 610 break; /* out of the loop */ 611 } 612 } 613 614 if (n_used) { 615 evbuffer_commit_space(input, space, n_used); 616 if (bev_ssl->underlying) 617 BEV_RESET_GENERIC_READ_TIMEOUT(bev); 618 619 if (evbuffer_get_length(input) >= bev->wm_read.low) 620 _bufferevent_run_readcb(bev); 621 } 622 623 return blocked ? 0 : 1; 624} 625 626static int 627do_write(struct bufferevent_openssl *bev_ssl, int atmost) 628{ 629 int i, r, n, n_written = 0, blocked=0; 630 struct bufferevent *bev = &bev_ssl->bev.bev; 631 struct evbuffer *output = bev->output; 632 struct evbuffer_iovec space[8]; 633 634 if (bev_ssl->last_write > 0) 635 atmost = bev_ssl->last_write; 636 else 637 atmost = _bufferevent_get_write_max(&bev_ssl->bev); 638 639 n = evbuffer_peek(output, atmost, NULL, space, 8); 640 if (n < 0) 641 return -1; 642 643 if (n > 8) 644 n = 8; 645 for (i=0; i < n; ++i) { 646 if (bev_ssl->bev.write_suspended) 647 break; 648 649 /* SSL_write will (reasonably) return 0 if we tell it to 650 send 0 data. Skip this case so we don't interpret the 651 result as an error */ 652 if (space[i].iov_len == 0) 653 continue; 654 655 r = SSL_write(bev_ssl->ssl, space[i].iov_base, 656 space[i].iov_len); 657 if (r > 0) { 658 if (bev_ssl->write_blocked_on_read) 659 if (clear_wbor(bev_ssl) < 0) 660 return -1; 661 n_written += r; 662 bev_ssl->last_write = -1; 663 decrement_buckets(bev_ssl); 664 } else { 665 int err = SSL_get_error(bev_ssl->ssl, r); 666 print_err(err); 667 switch (err) { 668 case SSL_ERROR_WANT_WRITE: 669 /* Can't read until underlying has more data. */ 670 if (bev_ssl->write_blocked_on_read) 671 if (clear_wbor(bev_ssl) < 0) 672 return -1; 673 bev_ssl->last_write = space[i].iov_len; 674 break; 675 case SSL_ERROR_WANT_READ: 676 /* This read operation requires a write, and the 677 * underlying is full */ 678 if (!bev_ssl->write_blocked_on_read) 679 if (set_wbor(bev_ssl) < 0) 680 return -1; 681 bev_ssl->last_write = space[i].iov_len; 682 break; 683 default: 684 conn_closed(bev_ssl, err, r); 685 bev_ssl->last_write = -1; 686 break; 687 } 688 blocked = 1; 689 break; 690 } 691 } 692 if (n_written) { 693 evbuffer_drain(output, n_written); 694 if (bev_ssl->underlying) 695 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev); 696 697 if (evbuffer_get_length(output) <= bev->wm_write.low) 698 _bufferevent_run_writecb(bev); 699 } 700 return blocked ? 0 : 1; 701} 702 703#define WRITE_FRAME 15000 704 705#define READ_DEFAULT 4096 706 707/* Try to figure out how many bytes to read; return 0 if we shouldn't be 708 * reading. */ 709static int 710bytes_to_read(struct bufferevent_openssl *bev) 711{ 712 struct evbuffer *input = bev->bev.bev.input; 713 struct event_watermark *wm = &bev->bev.bev.wm_read; 714 int result = READ_DEFAULT; 715 ev_ssize_t limit; 716 /* XXX 99% of this is generic code that nearly all bufferevents will 717 * want. */ 718 719 if (bev->write_blocked_on_read) { 720 return 0; 721 } 722 723 if (! (bev->bev.bev.enabled & EV_READ)) { 724 return 0; 725 } 726 727 if (bev->bev.read_suspended) { 728 return 0; 729 } 730 731 if (wm->high) { 732 if (evbuffer_get_length(input) >= wm->high) { 733 return 0; 734 } 735 736 result = wm->high - evbuffer_get_length(input); 737 } else { 738 result = READ_DEFAULT; 739 } 740 741 /* Respect the rate limit */ 742 limit = _bufferevent_get_read_max(&bev->bev); 743 if (result > limit) { 744 result = limit; 745 } 746 747 return result; 748} 749 750 751/* Things look readable. If write is blocked on read, write till it isn't. 752 * Read from the underlying buffer until we block or we hit our high-water 753 * mark. 754 */ 755static void 756consider_reading(struct bufferevent_openssl *bev_ssl) 757{ 758 int r; 759 int n_to_read; 760 761 while (bev_ssl->write_blocked_on_read) { 762 r = do_write(bev_ssl, WRITE_FRAME); 763 if (r <= 0) 764 break; 765 } 766 if (bev_ssl->write_blocked_on_read) 767 return; 768 769 n_to_read = bytes_to_read(bev_ssl); 770 771 while (n_to_read) { 772 if (do_read(bev_ssl, n_to_read) <= 0) 773 break; 774 775 /* Read all pending data. This won't hit the network 776 * again, and will (most importantly) put us in a state 777 * where we don't need to read anything else until the 778 * socket is readable again. It'll potentially make us 779 * overrun our read high-watermark (somewhat 780 * regrettable). The damage to the rate-limit has 781 * already been done, since OpenSSL went and read a 782 * whole SSL record anyway. */ 783 n_to_read = SSL_pending(bev_ssl->ssl); 784 785 /* XXX This if statement is actually a bad bug, added to avoid 786 * XXX a worse bug. 787 * 788 * The bad bug: It can potentially cause resource unfairness 789 * by reading too much data from the underlying bufferevent; 790 * it can potentially cause read looping if the underlying 791 * bufferevent is a bufferevent_pair and deferred callbacks 792 * aren't used. 793 * 794 * The worse bug: If we didn't do this, then we would 795 * potentially not read any more from bev_ssl->underlying 796 * until more data arrived there, which could lead to us 797 * waiting forever. 798 */ 799 if (!n_to_read && bev_ssl->underlying) 800 n_to_read = bytes_to_read(bev_ssl); 801 } 802 803 if (!bev_ssl->underlying) { 804 /* Should be redundant, but let's avoid busy-looping */ 805 if (bev_ssl->bev.read_suspended || 806 !(bev_ssl->bev.bev.enabled & EV_READ)) { 807 event_del(&bev_ssl->bev.bev.ev_read); 808 } 809 } 810} 811 812static void 813consider_writing(struct bufferevent_openssl *bev_ssl) 814{ 815 int r; 816 struct evbuffer *output = bev_ssl->bev.bev.output; 817 struct evbuffer *target = NULL; 818 struct event_watermark *wm = NULL; 819 820 while (bev_ssl->read_blocked_on_write) { 821 r = do_read(bev_ssl, 1024); /* XXXX 1024 is a hack */ 822 if (r <= 0) 823 break; 824 } 825 if (bev_ssl->read_blocked_on_write) 826 return; 827 if (bev_ssl->underlying) { 828 target = bev_ssl->underlying->output; 829 wm = &bev_ssl->underlying->wm_write; 830 } 831 while ((bev_ssl->bev.bev.enabled & EV_WRITE) && 832 (! bev_ssl->bev.write_suspended) && 833 evbuffer_get_length(output) && 834 (!target || (! wm->high || evbuffer_get_length(target) < wm->high))) { 835 int n_to_write; 836 if (wm && wm->high) 837 n_to_write = wm->high - evbuffer_get_length(target); 838 else 839 n_to_write = WRITE_FRAME; 840 r = do_write(bev_ssl, n_to_write); 841 if (r <= 0) 842 break; 843 } 844 845 if (!bev_ssl->underlying) { 846 if (evbuffer_get_length(output) == 0) { 847 event_del(&bev_ssl->bev.bev.ev_write); 848 } else if (bev_ssl->bev.write_suspended || 849 !(bev_ssl->bev.bev.enabled & EV_WRITE)) { 850 /* Should be redundant, but let's avoid busy-looping */ 851 event_del(&bev_ssl->bev.bev.ev_write); 852 } 853 } 854} 855 856static void 857be_openssl_readcb(struct bufferevent *bev_base, void *ctx) 858{ 859 struct bufferevent_openssl *bev_ssl = ctx; 860 consider_reading(bev_ssl); 861} 862 863static void 864be_openssl_writecb(struct bufferevent *bev_base, void *ctx) 865{ 866 struct bufferevent_openssl *bev_ssl = ctx; 867 consider_writing(bev_ssl); 868} 869 870static void 871be_openssl_eventcb(struct bufferevent *bev_base, short what, void *ctx) 872{ 873 struct bufferevent_openssl *bev_ssl = ctx; 874 int event = 0; 875 876 if (what & BEV_EVENT_EOF) { 877 if (bev_ssl->allow_dirty_shutdown) 878 event = BEV_EVENT_EOF; 879 else 880 event = BEV_EVENT_ERROR; 881 } else if (what & BEV_EVENT_TIMEOUT) { 882 /* We sure didn't set this. Propagate it to the user. */ 883 event = what; 884 } else if (what & BEV_EVENT_ERROR) { 885 /* An error occurred on the connection. Propagate it to the user. */ 886 event = what; 887 } else if (what & BEV_EVENT_CONNECTED) { 888 /* Ignore it. We're saying SSL_connect() already, which will 889 eat it. */ 890 } 891 if (event) 892 _bufferevent_run_eventcb(&bev_ssl->bev.bev, event); 893} 894 895static void 896be_openssl_readeventcb(evutil_socket_t fd, short what, void *ptr) 897{ 898 struct bufferevent_openssl *bev_ssl = ptr; 899 _bufferevent_incref_and_lock(&bev_ssl->bev.bev); 900 if (what & EV_TIMEOUT) { 901 _bufferevent_run_eventcb(&bev_ssl->bev.bev, 902 BEV_EVENT_TIMEOUT|BEV_EVENT_READING); 903 } else 904 consider_reading(bev_ssl); 905 _bufferevent_decref_and_unlock(&bev_ssl->bev.bev); 906} 907 908static void 909be_openssl_writeeventcb(evutil_socket_t fd, short what, void *ptr) 910{ 911 struct bufferevent_openssl *bev_ssl = ptr; 912 _bufferevent_incref_and_lock(&bev_ssl->bev.bev); 913 if (what & EV_TIMEOUT) { 914 _bufferevent_run_eventcb(&bev_ssl->bev.bev, 915 BEV_EVENT_TIMEOUT|BEV_EVENT_WRITING); 916 } 917 consider_writing(bev_ssl); 918 _bufferevent_decref_and_unlock(&bev_ssl->bev.bev); 919} 920 921static int 922set_open_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd) 923{ 924 if (bev_ssl->underlying) { 925 bufferevent_setcb(bev_ssl->underlying, 926 be_openssl_readcb, be_openssl_writecb, be_openssl_eventcb, 927 bev_ssl); 928 return 0; 929 } else { 930 struct bufferevent *bev = &bev_ssl->bev.bev; 931 int rpending=0, wpending=0, r1=0, r2=0; 932 if (fd < 0 && bev_ssl->fd_is_set) 933 fd = event_get_fd(&bev->ev_read); 934 if (bev_ssl->fd_is_set) { 935 rpending = event_pending(&bev->ev_read, EV_READ, NULL); 936 wpending = event_pending(&bev->ev_write, EV_WRITE, NULL); 937 event_del(&bev->ev_read); 938 event_del(&bev->ev_write); 939 } 940 event_assign(&bev->ev_read, bev->ev_base, fd, 941 EV_READ|EV_PERSIST, be_openssl_readeventcb, bev_ssl); 942 event_assign(&bev->ev_write, bev->ev_base, fd, 943 EV_WRITE|EV_PERSIST, be_openssl_writeeventcb, bev_ssl); 944 if (rpending) 945 r1 = _bufferevent_add_event(&bev->ev_read, &bev->timeout_read); 946 if (wpending) 947 r2 = _bufferevent_add_event(&bev->ev_write, &bev->timeout_write); 948 if (fd >= 0) { 949 bev_ssl->fd_is_set = 1; 950 } 951 return (r1<0 || r2<0) ? -1 : 0; 952 } 953} 954 955static int 956do_handshake(struct bufferevent_openssl *bev_ssl) 957{ 958 int r; 959 960 switch (bev_ssl->state) { 961 default: 962 case BUFFEREVENT_SSL_OPEN: 963 EVUTIL_ASSERT(0); 964 return -1; 965 case BUFFEREVENT_SSL_CONNECTING: 966 case BUFFEREVENT_SSL_ACCEPTING: 967 r = SSL_do_handshake(bev_ssl->ssl); 968 break; 969 } 970 decrement_buckets(bev_ssl); 971 972 if (r==1) { 973 /* We're done! */ 974 bev_ssl->state = BUFFEREVENT_SSL_OPEN; 975 set_open_callbacks(bev_ssl, -1); /* XXXX handle failure */ 976 /* Call do_read and do_write as needed */ 977 bufferevent_enable(&bev_ssl->bev.bev, bev_ssl->bev.bev.enabled); 978 _bufferevent_run_eventcb(&bev_ssl->bev.bev, 979 BEV_EVENT_CONNECTED); 980 return 1; 981 } else { 982 int err = SSL_get_error(bev_ssl->ssl, r); 983 print_err(err); 984 switch (err) { 985 case SSL_ERROR_WANT_WRITE: 986 if (!bev_ssl->underlying) { 987 stop_reading(bev_ssl); 988 return start_writing(bev_ssl); 989 } 990 return 0; 991 case SSL_ERROR_WANT_READ: 992 if (!bev_ssl->underlying) { 993 stop_writing(bev_ssl); 994 return start_reading(bev_ssl); 995 } 996 return 0; 997 default: 998 conn_closed(bev_ssl, err, r); 999 return -1; 1000 } 1001 } 1002} 1003 1004static void 1005be_openssl_handshakecb(struct bufferevent *bev_base, void *ctx) 1006{ 1007 struct bufferevent_openssl *bev_ssl = ctx; 1008 do_handshake(bev_ssl);/* XXX handle failure */ 1009} 1010 1011static void 1012be_openssl_handshakeeventcb(evutil_socket_t fd, short what, void *ptr) 1013{ 1014 struct bufferevent_openssl *bev_ssl = ptr; 1015 1016 _bufferevent_incref_and_lock(&bev_ssl->bev.bev); 1017 if (what & EV_TIMEOUT) { 1018 _bufferevent_run_eventcb(&bev_ssl->bev.bev, BEV_EVENT_TIMEOUT); 1019 } else 1020 do_handshake(bev_ssl);/* XXX handle failure */ 1021 _bufferevent_decref_and_unlock(&bev_ssl->bev.bev); 1022} 1023 1024static int 1025set_handshake_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd) 1026{ 1027 if (bev_ssl->underlying) { 1028 bufferevent_setcb(bev_ssl->underlying, 1029 be_openssl_handshakecb, be_openssl_handshakecb, 1030 be_openssl_eventcb, 1031 bev_ssl); 1032 return do_handshake(bev_ssl); 1033 } else { 1034 struct bufferevent *bev = &bev_ssl->bev.bev; 1035 int r1=0, r2=0; 1036 if (fd < 0 && bev_ssl->fd_is_set) 1037 fd = event_get_fd(&bev->ev_read); 1038 if (bev_ssl->fd_is_set) { 1039 event_del(&bev->ev_read); 1040 event_del(&bev->ev_write); 1041 } 1042 event_assign(&bev->ev_read, bev->ev_base, fd, 1043 EV_READ|EV_PERSIST, be_openssl_handshakeeventcb, bev_ssl); 1044 event_assign(&bev->ev_write, bev->ev_base, fd, 1045 EV_WRITE|EV_PERSIST, be_openssl_handshakeeventcb, bev_ssl); 1046 if (fd >= 0) { 1047 r1 = _bufferevent_add_event(&bev->ev_read, &bev->timeout_read); 1048 r2 = _bufferevent_add_event(&bev->ev_write, &bev->timeout_write); 1049 bev_ssl->fd_is_set = 1; 1050 } 1051 return (r1<0 || r2<0) ? -1 : 0; 1052 } 1053} 1054 1055int 1056bufferevent_ssl_renegotiate(struct bufferevent *bev) 1057{ 1058 struct bufferevent_openssl *bev_ssl = upcast(bev); 1059 if (!bev_ssl) 1060 return -1; 1061 if (SSL_renegotiate(bev_ssl->ssl) < 0) 1062 return -1; 1063 bev_ssl->state = BUFFEREVENT_SSL_CONNECTING; 1064 if (set_handshake_callbacks(bev_ssl, -1) < 0) 1065 return -1; 1066 if (!bev_ssl->underlying) 1067 return do_handshake(bev_ssl); 1068 return 0; 1069} 1070 1071static void 1072be_openssl_outbuf_cb(struct evbuffer *buf, 1073 const struct evbuffer_cb_info *cbinfo, void *arg) 1074{ 1075 struct bufferevent_openssl *bev_ssl = arg; 1076 int r = 0; 1077 /* XXX need to hold a reference here. */ 1078 1079 if (cbinfo->n_added && bev_ssl->state == BUFFEREVENT_SSL_OPEN) { 1080 if (cbinfo->orig_size == 0) 1081 r = _bufferevent_add_event(&bev_ssl->bev.bev.ev_write, 1082 &bev_ssl->bev.bev.timeout_write); 1083 consider_writing(bev_ssl); 1084 } 1085 /* XXX Handle r < 0 */ 1086 (void)r; 1087} 1088 1089 1090static int 1091be_openssl_enable(struct bufferevent *bev, short events) 1092{ 1093 struct bufferevent_openssl *bev_ssl = upcast(bev); 1094 int r1 = 0, r2 = 0; 1095 1096 if (bev_ssl->state != BUFFEREVENT_SSL_OPEN) 1097 return 0; 1098 1099 if (events & EV_READ) 1100 r1 = start_reading(bev_ssl); 1101 if (events & EV_WRITE) 1102 r2 = start_writing(bev_ssl); 1103 1104 if (bev_ssl->underlying) { 1105 if (events & EV_READ) 1106 BEV_RESET_GENERIC_READ_TIMEOUT(bev); 1107 if (events & EV_WRITE) 1108 BEV_RESET_GENERIC_WRITE_TIMEOUT(bev); 1109 1110 if (events & EV_READ) 1111 consider_reading(bev_ssl); 1112 if (events & EV_WRITE) 1113 consider_writing(bev_ssl); 1114 } 1115 return (r1 < 0 || r2 < 0) ? -1 : 0; 1116} 1117 1118static int 1119be_openssl_disable(struct bufferevent *bev, short events) 1120{ 1121 struct bufferevent_openssl *bev_ssl = upcast(bev); 1122 if (bev_ssl->state != BUFFEREVENT_SSL_OPEN) 1123 return 0; 1124 1125 if (events & EV_READ) 1126 stop_reading(bev_ssl); 1127 if (events & EV_WRITE) 1128 stop_writing(bev_ssl); 1129 1130 if (bev_ssl->underlying) { 1131 if (events & EV_READ) 1132 BEV_DEL_GENERIC_READ_TIMEOUT(bev); 1133 if (events & EV_WRITE) 1134 BEV_DEL_GENERIC_WRITE_TIMEOUT(bev); 1135 } 1136 return 0; 1137} 1138 1139static void 1140be_openssl_destruct(struct bufferevent *bev) 1141{ 1142 struct bufferevent_openssl *bev_ssl = upcast(bev); 1143 1144 if (bev_ssl->underlying) { 1145 _bufferevent_del_generic_timeout_cbs(bev); 1146 } else { 1147 event_del(&bev->ev_read); 1148 event_del(&bev->ev_write); 1149 } 1150 1151 if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) { 1152 if (bev_ssl->underlying) { 1153 if (BEV_UPCAST(bev_ssl->underlying)->refcnt < 2) { 1154 event_warnx("BEV_OPT_CLOSE_ON_FREE set on an " 1155 "bufferevent with too few references"); 1156 } else { 1157 bufferevent_free(bev_ssl->underlying); 1158 bev_ssl->underlying = NULL; 1159 } 1160 } else { 1161 evutil_socket_t fd = -1; 1162 BIO *bio = SSL_get_wbio(bev_ssl->ssl); 1163 if (bio) 1164 fd = BIO_get_fd(bio, NULL); 1165 if (fd >= 0) 1166 evutil_closesocket(fd); 1167 } 1168 SSL_free(bev_ssl->ssl); 1169 } else { 1170 if (bev_ssl->underlying) { 1171 if (bev_ssl->underlying->errorcb == be_openssl_eventcb) 1172 bufferevent_setcb(bev_ssl->underlying, 1173 NULL,NULL,NULL,NULL); 1174 bufferevent_unsuspend_read(bev_ssl->underlying, 1175 BEV_SUSPEND_FILT_READ); 1176 } 1177 } 1178} 1179 1180static int 1181be_openssl_adj_timeouts(struct bufferevent *bev) 1182{ 1183 struct bufferevent_openssl *bev_ssl = upcast(bev); 1184 1185 if (bev_ssl->underlying) 1186 return _bufferevent_generic_adj_timeouts(bev); 1187 else { 1188 int r1=0, r2=0; 1189 if (event_pending(&bev->ev_read, EV_READ, NULL)) 1190 r1 = _bufferevent_add_event(&bev->ev_read, &bev->timeout_read); 1191 if (event_pending(&bev->ev_write, EV_WRITE, NULL)) 1192 r2 = _bufferevent_add_event(&bev->ev_write, &bev->timeout_write); 1193 return (r1<0 || r2<0) ? -1 : 0; 1194 } 1195} 1196 1197static int 1198be_openssl_flush(struct bufferevent *bufev, 1199 short iotype, enum bufferevent_flush_mode mode) 1200{ 1201 /* XXXX Implement this. */ 1202 return 0; 1203} 1204 1205static int 1206be_openssl_ctrl(struct bufferevent *bev, 1207 enum bufferevent_ctrl_op op, union bufferevent_ctrl_data *data) 1208{ 1209 struct bufferevent_openssl *bev_ssl = upcast(bev); 1210 switch (op) { 1211 case BEV_CTRL_SET_FD: 1212 if (bev_ssl->underlying) 1213 return -1; 1214 { 1215 BIO *bio; 1216 bio = BIO_new_socket(data->fd, 0); 1217 SSL_set_bio(bev_ssl->ssl, bio, bio); 1218 bev_ssl->fd_is_set = 1; 1219 } 1220 if (bev_ssl->state == BUFFEREVENT_SSL_OPEN) 1221 return set_open_callbacks(bev_ssl, data->fd); 1222 else { 1223 return set_handshake_callbacks(bev_ssl, data->fd); 1224 } 1225 case BEV_CTRL_GET_FD: 1226 if (bev_ssl->underlying) 1227 return -1; 1228 if (!bev_ssl->fd_is_set) 1229 return -1; 1230 data->fd = event_get_fd(&bev->ev_read); 1231 return 0; 1232 case BEV_CTRL_GET_UNDERLYING: 1233 if (!bev_ssl->underlying) 1234 return -1; 1235 data->ptr = bev_ssl->underlying; 1236 return 0; 1237 case BEV_CTRL_CANCEL_ALL: 1238 default: 1239 return -1; 1240 } 1241} 1242 1243SSL * 1244bufferevent_openssl_get_ssl(struct bufferevent *bufev) 1245{ 1246 struct bufferevent_openssl *bev_ssl = upcast(bufev); 1247 if (!bev_ssl) 1248 return NULL; 1249 return bev_ssl->ssl; 1250} 1251 1252static struct bufferevent * 1253bufferevent_openssl_new_impl(struct event_base *base, 1254 struct bufferevent *underlying, 1255 evutil_socket_t fd, 1256 SSL *ssl, 1257 enum bufferevent_ssl_state state, 1258 int options) 1259{ 1260 struct bufferevent_openssl *bev_ssl = NULL; 1261 struct bufferevent_private *bev_p = NULL; 1262 int tmp_options = options & ~BEV_OPT_THREADSAFE; 1263 1264 if (underlying != NULL && fd >= 0) 1265 return NULL; /* Only one can be set. */ 1266 1267 if (!(bev_ssl = mm_calloc(1, sizeof(struct bufferevent_openssl)))) 1268 goto err; 1269 1270 bev_p = &bev_ssl->bev; 1271 1272 if (bufferevent_init_common(bev_p, base, 1273 &bufferevent_ops_openssl, tmp_options) < 0) 1274 goto err; 1275 1276 /* Don't explode if we decide to realloc a chunk we're writing from in 1277 * the output buffer. */ 1278 SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); 1279 1280 bev_ssl->underlying = underlying; 1281 bev_ssl->ssl = ssl; 1282 1283 bev_ssl->outbuf_cb = evbuffer_add_cb(bev_p->bev.output, 1284 be_openssl_outbuf_cb, bev_ssl); 1285 1286 if (options & BEV_OPT_THREADSAFE) 1287 bufferevent_enable_locking(&bev_ssl->bev.bev, NULL); 1288 1289 if (underlying) { 1290 _bufferevent_init_generic_timeout_cbs(&bev_ssl->bev.bev); 1291 bufferevent_incref(underlying); 1292 } 1293 1294 bev_ssl->state = state; 1295 bev_ssl->last_write = -1; 1296 1297 init_bio_counts(bev_ssl); 1298 1299 switch (state) { 1300 case BUFFEREVENT_SSL_ACCEPTING: 1301 SSL_set_accept_state(bev_ssl->ssl); 1302 if (set_handshake_callbacks(bev_ssl, fd) < 0) 1303 goto err; 1304 break; 1305 case BUFFEREVENT_SSL_CONNECTING: 1306 SSL_set_connect_state(bev_ssl->ssl); 1307 if (set_handshake_callbacks(bev_ssl, fd) < 0) 1308 goto err; 1309 break; 1310 case BUFFEREVENT_SSL_OPEN: 1311 if (set_open_callbacks(bev_ssl, fd) < 0) 1312 goto err; 1313 break; 1314 default: 1315 goto err; 1316 } 1317 1318 if (underlying) { 1319 bufferevent_setwatermark(underlying, EV_READ, 0, 0); 1320 bufferevent_enable(underlying, EV_READ|EV_WRITE); 1321 if (state == BUFFEREVENT_SSL_OPEN) 1322 bufferevent_suspend_read(underlying, 1323 BEV_SUSPEND_FILT_READ); 1324 } else { 1325 bev_ssl->bev.bev.enabled = EV_READ|EV_WRITE; 1326 if (bev_ssl->fd_is_set) { 1327 if (state != BUFFEREVENT_SSL_OPEN) 1328 if (event_add(&bev_ssl->bev.bev.ev_read, NULL) < 0) 1329 goto err; 1330 if (event_add(&bev_ssl->bev.bev.ev_write, NULL) < 0) 1331 goto err; 1332 } 1333 } 1334 1335 return &bev_ssl->bev.bev; 1336err: 1337 if (bev_ssl) 1338 bufferevent_free(&bev_ssl->bev.bev); 1339 return NULL; 1340} 1341 1342struct bufferevent * 1343bufferevent_openssl_filter_new(struct event_base *base, 1344 struct bufferevent *underlying, 1345 SSL *ssl, 1346 enum bufferevent_ssl_state state, 1347 int options) 1348{ 1349 /* We don't tell the BIO to close the bufferevent; we do it ourselves 1350 * on be_openssl_destruct */ 1351 int close_flag = 0; /* options & BEV_OPT_CLOSE_ON_FREE; */ 1352 BIO *bio; 1353 if (!underlying) 1354 return NULL; 1355 if (!(bio = BIO_new_bufferevent(underlying, close_flag))) 1356 return NULL; 1357 1358 SSL_set_bio(ssl, bio, bio); 1359 1360 return bufferevent_openssl_new_impl( 1361 base, underlying, -1, ssl, state, options); 1362} 1363 1364struct bufferevent * 1365bufferevent_openssl_socket_new(struct event_base *base, 1366 evutil_socket_t fd, 1367 SSL *ssl, 1368 enum bufferevent_ssl_state state, 1369 int options) 1370{ 1371 /* Does the SSL already have an fd? */ 1372 BIO *bio = SSL_get_wbio(ssl); 1373 long have_fd = -1; 1374 1375 if (bio) 1376 have_fd = BIO_get_fd(bio, NULL); 1377 1378 if (have_fd >= 0) { 1379 /* The SSL is already configured with an fd. */ 1380 if (fd < 0) { 1381 /* We should learn the fd from the SSL. */ 1382 fd = (evutil_socket_t) have_fd; 1383 } else if (have_fd == (long)fd) { 1384 /* We already know the fd from the SSL; do nothing */ 1385 } else { 1386 /* We specified an fd different from that of the SSL. 1387 This is probably an error on our part. Fail. */ 1388 return NULL; 1389 } 1390 (void) BIO_set_close(bio, 0); 1391 } else { 1392 /* The SSL isn't configured with a BIO with an fd. */ 1393 if (fd >= 0) { 1394 /* ... and we have an fd we want to use. */ 1395 bio = BIO_new_socket(fd, 0); 1396 SSL_set_bio(ssl, bio, bio); 1397 } else { 1398 /* Leave the fd unset. */ 1399 } 1400 } 1401 1402 return bufferevent_openssl_new_impl( 1403 base, NULL, fd, ssl, state, options); 1404} 1405 1406unsigned long 1407bufferevent_get_openssl_error(struct bufferevent *bev) 1408{ 1409 unsigned long err = 0; 1410 struct bufferevent_openssl *bev_ssl; 1411 BEV_LOCK(bev); 1412 bev_ssl = upcast(bev); 1413 if (bev_ssl && bev_ssl->n_errors) { 1414 err = bev_ssl->errors[--bev_ssl->n_errors]; 1415 } 1416 BEV_UNLOCK(bev); 1417 return err; 1418} 1419