bio_ssl.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592
  1. /* ssl/bio_ssl.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include <stdlib.h>
  60. #include <string.h>
  61. #include <errno.h>
  62. #include <openssl/crypto.h>
  63. #include <openssl/bio.h>
  64. #include <openssl/err.h>
  65. #include <openssl/ssl.h>
  66. static int ssl_write(BIO *h, const char *buf, int num);
  67. static int ssl_read(BIO *h, char *buf, int size);
  68. static int ssl_puts(BIO *h, const char *str);
  69. static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
  70. static int ssl_new(BIO *h);
  71. static int ssl_free(BIO *data);
  72. static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
  73. typedef struct bio_ssl_st {
  74. SSL *ssl; /* The ssl handle :-) */
  75. /* re-negotiate every time the total number of bytes is this size */
  76. int num_renegotiates;
  77. unsigned long renegotiate_count;
  78. unsigned long byte_count;
  79. unsigned long renegotiate_timeout;
  80. unsigned long last_time;
  81. } BIO_SSL;
  82. static BIO_METHOD methods_sslp = {
  83. BIO_TYPE_SSL, "ssl",
  84. ssl_write,
  85. ssl_read,
  86. ssl_puts,
  87. NULL, /* ssl_gets, */
  88. ssl_ctrl,
  89. ssl_new,
  90. ssl_free,
  91. ssl_callback_ctrl,
  92. };
  93. BIO_METHOD *BIO_f_ssl(void)
  94. {
  95. return (&methods_sslp);
  96. }
  97. static int ssl_new(BIO *bi)
  98. {
  99. BIO_SSL *bs;
  100. bs = (BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
  101. if (bs == NULL) {
  102. BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
  103. return (0);
  104. }
  105. memset(bs, 0, sizeof(BIO_SSL));
  106. bi->init = 0;
  107. bi->ptr = (char *)bs;
  108. bi->flags = 0;
  109. return (1);
  110. }
  111. static int ssl_free(BIO *a)
  112. {
  113. BIO_SSL *bs;
  114. if (a == NULL)
  115. return (0);
  116. bs = (BIO_SSL *)a->ptr;
  117. if (bs->ssl != NULL)
  118. SSL_shutdown(bs->ssl);
  119. if (a->shutdown) {
  120. if (a->init && (bs->ssl != NULL))
  121. SSL_free(bs->ssl);
  122. a->init = 0;
  123. a->flags = 0;
  124. }
  125. if (a->ptr != NULL)
  126. OPENSSL_free(a->ptr);
  127. return (1);
  128. }
  129. static int ssl_read(BIO *b, char *out, int outl)
  130. {
  131. int ret = 1;
  132. BIO_SSL *sb;
  133. SSL *ssl;
  134. int retry_reason = 0;
  135. int r = 0;
  136. if (out == NULL)
  137. return (0);
  138. sb = (BIO_SSL *)b->ptr;
  139. ssl = sb->ssl;
  140. BIO_clear_retry_flags(b);
  141. #if 0
  142. if (!SSL_is_init_finished(ssl)) {
  143. /* ret=SSL_do_handshake(ssl); */
  144. if (ret > 0) {
  145. outflags = (BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
  146. ret = -1;
  147. goto end;
  148. }
  149. }
  150. #endif
  151. /* if (ret > 0) */
  152. ret = SSL_read(ssl, out, outl);
  153. switch (SSL_get_error(ssl, ret)) {
  154. case SSL_ERROR_NONE:
  155. if (ret <= 0)
  156. break;
  157. if (sb->renegotiate_count > 0) {
  158. sb->byte_count += ret;
  159. if (sb->byte_count > sb->renegotiate_count) {
  160. sb->byte_count = 0;
  161. sb->num_renegotiates++;
  162. SSL_renegotiate(ssl);
  163. r = 1;
  164. }
  165. }
  166. if ((sb->renegotiate_timeout > 0) && (!r)) {
  167. unsigned long tm;
  168. tm = (unsigned long)time(NULL);
  169. if (tm > sb->last_time + sb->renegotiate_timeout) {
  170. sb->last_time = tm;
  171. sb->num_renegotiates++;
  172. SSL_renegotiate(ssl);
  173. }
  174. }
  175. break;
  176. case SSL_ERROR_WANT_READ:
  177. BIO_set_retry_read(b);
  178. break;
  179. case SSL_ERROR_WANT_WRITE:
  180. BIO_set_retry_write(b);
  181. break;
  182. case SSL_ERROR_WANT_X509_LOOKUP:
  183. BIO_set_retry_special(b);
  184. retry_reason = BIO_RR_SSL_X509_LOOKUP;
  185. break;
  186. case SSL_ERROR_WANT_ACCEPT:
  187. BIO_set_retry_special(b);
  188. retry_reason = BIO_RR_ACCEPT;
  189. break;
  190. case SSL_ERROR_WANT_CONNECT:
  191. BIO_set_retry_special(b);
  192. retry_reason = BIO_RR_CONNECT;
  193. break;
  194. case SSL_ERROR_SYSCALL:
  195. case SSL_ERROR_SSL:
  196. case SSL_ERROR_ZERO_RETURN:
  197. default:
  198. break;
  199. }
  200. b->retry_reason = retry_reason;
  201. return (ret);
  202. }
  203. static int ssl_write(BIO *b, const char *out, int outl)
  204. {
  205. int ret, r = 0;
  206. int retry_reason = 0;
  207. SSL *ssl;
  208. BIO_SSL *bs;
  209. if (out == NULL)
  210. return (0);
  211. bs = (BIO_SSL *)b->ptr;
  212. ssl = bs->ssl;
  213. BIO_clear_retry_flags(b);
  214. /*
  215. * ret=SSL_do_handshake(ssl); if (ret > 0)
  216. */
  217. ret = SSL_write(ssl, out, outl);
  218. switch (SSL_get_error(ssl, ret)) {
  219. case SSL_ERROR_NONE:
  220. if (ret <= 0)
  221. break;
  222. if (bs->renegotiate_count > 0) {
  223. bs->byte_count += ret;
  224. if (bs->byte_count > bs->renegotiate_count) {
  225. bs->byte_count = 0;
  226. bs->num_renegotiates++;
  227. SSL_renegotiate(ssl);
  228. r = 1;
  229. }
  230. }
  231. if ((bs->renegotiate_timeout > 0) && (!r)) {
  232. unsigned long tm;
  233. tm = (unsigned long)time(NULL);
  234. if (tm > bs->last_time + bs->renegotiate_timeout) {
  235. bs->last_time = tm;
  236. bs->num_renegotiates++;
  237. SSL_renegotiate(ssl);
  238. }
  239. }
  240. break;
  241. case SSL_ERROR_WANT_WRITE:
  242. BIO_set_retry_write(b);
  243. break;
  244. case SSL_ERROR_WANT_READ:
  245. BIO_set_retry_read(b);
  246. break;
  247. case SSL_ERROR_WANT_X509_LOOKUP:
  248. BIO_set_retry_special(b);
  249. retry_reason = BIO_RR_SSL_X509_LOOKUP;
  250. break;
  251. case SSL_ERROR_WANT_CONNECT:
  252. BIO_set_retry_special(b);
  253. retry_reason = BIO_RR_CONNECT;
  254. case SSL_ERROR_SYSCALL:
  255. case SSL_ERROR_SSL:
  256. default:
  257. break;
  258. }
  259. b->retry_reason = retry_reason;
  260. return (ret);
  261. }
  262. static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
  263. {
  264. SSL **sslp, *ssl;
  265. BIO_SSL *bs;
  266. BIO *dbio, *bio;
  267. long ret = 1;
  268. bs = (BIO_SSL *)b->ptr;
  269. ssl = bs->ssl;
  270. if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
  271. return (0);
  272. switch (cmd) {
  273. case BIO_CTRL_RESET:
  274. SSL_shutdown(ssl);
  275. if (ssl->handshake_func == ssl->method->ssl_connect)
  276. SSL_set_connect_state(ssl);
  277. else if (ssl->handshake_func == ssl->method->ssl_accept)
  278. SSL_set_accept_state(ssl);
  279. SSL_clear(ssl);
  280. if (b->next_bio != NULL)
  281. ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
  282. else if (ssl->rbio != NULL)
  283. ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
  284. else
  285. ret = 1;
  286. break;
  287. case BIO_CTRL_INFO:
  288. ret = 0;
  289. break;
  290. case BIO_C_SSL_MODE:
  291. if (num) /* client mode */
  292. SSL_set_connect_state(ssl);
  293. else
  294. SSL_set_accept_state(ssl);
  295. break;
  296. case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
  297. ret = bs->renegotiate_timeout;
  298. if (num < 60)
  299. num = 5;
  300. bs->renegotiate_timeout = (unsigned long)num;
  301. bs->last_time = (unsigned long)time(NULL);
  302. break;
  303. case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
  304. ret = bs->renegotiate_count;
  305. if ((long)num >= 512)
  306. bs->renegotiate_count = (unsigned long)num;
  307. break;
  308. case BIO_C_GET_SSL_NUM_RENEGOTIATES:
  309. ret = bs->num_renegotiates;
  310. break;
  311. case BIO_C_SET_SSL:
  312. if (ssl != NULL) {
  313. ssl_free(b);
  314. if (!ssl_new(b))
  315. return 0;
  316. }
  317. b->shutdown = (int)num;
  318. ssl = (SSL *)ptr;
  319. ((BIO_SSL *)b->ptr)->ssl = ssl;
  320. bio = SSL_get_rbio(ssl);
  321. if (bio != NULL) {
  322. if (b->next_bio != NULL)
  323. BIO_push(bio, b->next_bio);
  324. b->next_bio = bio;
  325. CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
  326. }
  327. b->init = 1;
  328. break;
  329. case BIO_C_GET_SSL:
  330. if (ptr != NULL) {
  331. sslp = (SSL **)ptr;
  332. *sslp = ssl;
  333. } else
  334. ret = 0;
  335. break;
  336. case BIO_CTRL_GET_CLOSE:
  337. ret = b->shutdown;
  338. break;
  339. case BIO_CTRL_SET_CLOSE:
  340. b->shutdown = (int)num;
  341. break;
  342. case BIO_CTRL_WPENDING:
  343. ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
  344. break;
  345. case BIO_CTRL_PENDING:
  346. ret = SSL_pending(ssl);
  347. if (ret == 0)
  348. ret = BIO_pending(ssl->rbio);
  349. break;
  350. case BIO_CTRL_FLUSH:
  351. BIO_clear_retry_flags(b);
  352. ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
  353. BIO_copy_next_retry(b);
  354. break;
  355. case BIO_CTRL_PUSH:
  356. if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) {
  357. SSL_set_bio(ssl, b->next_bio, b->next_bio);
  358. CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO);
  359. }
  360. break;
  361. case BIO_CTRL_POP:
  362. /* Only detach if we are the BIO explicitly being popped */
  363. if (b == ptr) {
  364. /*
  365. * Shouldn't happen in practice because the rbio and wbio are the
  366. * same when pushed.
  367. */
  368. if (ssl->rbio != ssl->wbio)
  369. BIO_free_all(ssl->wbio);
  370. if (b->next_bio != NULL)
  371. CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO);
  372. ssl->wbio = NULL;
  373. ssl->rbio = NULL;
  374. }
  375. break;
  376. case BIO_C_DO_STATE_MACHINE:
  377. BIO_clear_retry_flags(b);
  378. b->retry_reason = 0;
  379. ret = (int)SSL_do_handshake(ssl);
  380. switch (SSL_get_error(ssl, (int)ret)) {
  381. case SSL_ERROR_WANT_READ:
  382. BIO_set_flags(b, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
  383. break;
  384. case SSL_ERROR_WANT_WRITE:
  385. BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
  386. break;
  387. case SSL_ERROR_WANT_CONNECT:
  388. BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
  389. b->retry_reason = b->next_bio->retry_reason;
  390. break;
  391. case SSL_ERROR_WANT_X509_LOOKUP:
  392. BIO_set_retry_special(b);
  393. b->retry_reason = BIO_RR_SSL_X509_LOOKUP;
  394. break;
  395. default:
  396. break;
  397. }
  398. break;
  399. case BIO_CTRL_DUP:
  400. dbio = (BIO *)ptr;
  401. if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
  402. SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
  403. ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl);
  404. ((BIO_SSL *)dbio->ptr)->renegotiate_count =
  405. ((BIO_SSL *)b->ptr)->renegotiate_count;
  406. ((BIO_SSL *)dbio->ptr)->byte_count = ((BIO_SSL *)b->ptr)->byte_count;
  407. ((BIO_SSL *)dbio->ptr)->renegotiate_timeout =
  408. ((BIO_SSL *)b->ptr)->renegotiate_timeout;
  409. ((BIO_SSL *)dbio->ptr)->last_time = ((BIO_SSL *)b->ptr)->last_time;
  410. ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL);
  411. break;
  412. case BIO_C_GET_FD:
  413. ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
  414. break;
  415. case BIO_CTRL_SET_CALLBACK:
  416. {
  417. #if 0 /* FIXME: Should this be used? -- Richard
  418. * Levitte */
  419. SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
  420. ret = -1;
  421. #else
  422. ret = 0;
  423. #endif
  424. }
  425. break;
  426. case BIO_CTRL_GET_CALLBACK:
  427. {
  428. void (**fptr) (const SSL *xssl, int type, int val);
  429. fptr = (void (**)(const SSL *xssl, int type, int val))ptr;
  430. *fptr = SSL_get_info_callback(ssl);
  431. }
  432. break;
  433. default:
  434. ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
  435. break;
  436. }
  437. return (ret);
  438. }
  439. static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
  440. {
  441. SSL *ssl;
  442. BIO_SSL *bs;
  443. long ret = 1;
  444. bs = (BIO_SSL *)b->ptr;
  445. ssl = bs->ssl;
  446. switch (cmd) {
  447. case BIO_CTRL_SET_CALLBACK:
  448. {
  449. /*
  450. * FIXME: setting this via a completely different prototype seems
  451. * like a crap idea
  452. */
  453. SSL_set_info_callback(ssl, (void (*)(const SSL *, int, int))fp);
  454. }
  455. break;
  456. default:
  457. ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
  458. break;
  459. }
  460. return (ret);
  461. }
  462. static int ssl_puts(BIO *bp, const char *str)
  463. {
  464. int n, ret;
  465. n = strlen(str);
  466. ret = BIO_write(bp, str, n);
  467. return (ret);
  468. }
  469. BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
  470. {
  471. #ifndef OPENSSL_NO_SOCK
  472. BIO *ret = NULL, *buf = NULL, *ssl = NULL;
  473. if ((buf = BIO_new(BIO_f_buffer())) == NULL)
  474. return (NULL);
  475. if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
  476. goto err;
  477. if ((ret = BIO_push(buf, ssl)) == NULL)
  478. goto err;
  479. return (ret);
  480. err:
  481. if (buf != NULL)
  482. BIO_free(buf);
  483. if (ssl != NULL)
  484. BIO_free(ssl);
  485. #endif
  486. return (NULL);
  487. }
  488. BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
  489. {
  490. #ifndef OPENSSL_NO_SOCK
  491. BIO *ret = NULL, *con = NULL, *ssl = NULL;
  492. if ((con = BIO_new(BIO_s_connect())) == NULL)
  493. return (NULL);
  494. if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
  495. goto err;
  496. if ((ret = BIO_push(ssl, con)) == NULL)
  497. goto err;
  498. return (ret);
  499. err:
  500. if (con != NULL)
  501. BIO_free(con);
  502. #endif
  503. return (NULL);
  504. }
  505. BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
  506. {
  507. BIO *ret;
  508. SSL *ssl;
  509. if ((ret = BIO_new(BIO_f_ssl())) == NULL)
  510. return (NULL);
  511. if ((ssl = SSL_new(ctx)) == NULL) {
  512. BIO_free(ret);
  513. return (NULL);
  514. }
  515. if (client)
  516. SSL_set_connect_state(ssl);
  517. else
  518. SSL_set_accept_state(ssl);
  519. BIO_set_ssl(ret, ssl, BIO_CLOSE);
  520. return (ret);
  521. }
  522. int BIO_ssl_copy_session_id(BIO *t, BIO *f)
  523. {
  524. t = BIO_find_type(t, BIO_TYPE_SSL);
  525. f = BIO_find_type(f, BIO_TYPE_SSL);
  526. if ((t == NULL) || (f == NULL))
  527. return (0);
  528. if ((((BIO_SSL *)t->ptr)->ssl == NULL) ||
  529. (((BIO_SSL *)f->ptr)->ssl == NULL))
  530. return (0);
  531. SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, ((BIO_SSL *)f->ptr)->ssl);
  532. return (1);
  533. }
  534. void BIO_ssl_shutdown(BIO *b)
  535. {
  536. SSL *s;
  537. while (b != NULL) {
  538. if (b->method->type == BIO_TYPE_SSL) {
  539. s = ((BIO_SSL *)b->ptr)->ssl;
  540. SSL_shutdown(s);
  541. break;
  542. }
  543. b = b->next_bio;
  544. }
  545. }