1 /* ssl/bio_ssl.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62 #include <errno.h>
63 #include <openssl/opensslconf.h>
64 #include <openssl/crypto.h>
65 #include <openssl/bio.h>
66 #include <openssl/err.h>
67 #include <openssl/ssl.h>
68
69 static int ssl_write(BIO *h, const char *buf, int num);
70 static int ssl_read(BIO *h, char *buf, int size);
71 static int ssl_puts(BIO *h, const char *str);
72 static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
73 static int ssl_new(BIO *h);
74 static int ssl_free(BIO *data);
75 static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
76 typedef struct bio_ssl_st
77 {
78 SSL *ssl; /* The ssl handle :-) */
79 /* re-negotiate every time the total number of bytes is this size */
80 int num_renegotiates;
81 unsigned long renegotiate_count;
82 unsigned long byte_count;
83 unsigned long renegotiate_timeout;
84 unsigned long last_time;
85 } BIO_SSL;
86
87 static BIO_METHOD methods_sslp=
88 {
89 BIO_TYPE_SSL,"ssl",
90 ssl_write,
91 ssl_read,
92 ssl_puts,
93 NULL, /* ssl_gets, */
94 ssl_ctrl,
95 ssl_new,
96 ssl_free,
97 ssl_callback_ctrl,
98 };
99
100 BIO_METHOD *BIO_f_ssl(void)
101 {
102 return(&methods_sslp);
103 }
104
105 static int ssl_new(BIO *bi)
106 {
107 BIO_SSL *bs;
108
109 bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
110 if (bs == NULL)
111 {
112 BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
113 return(0);
114 }
115 memset(bs,0,sizeof(BIO_SSL));
116 bi->init=0;
117 bi->ptr=(char *)bs;
118 bi->flags=0;
119 return(1);
120 }
121
122 static int ssl_free(BIO *a)
123 {
124 BIO_SSL *bs;
125
126 if (a == NULL) return(0);
127 bs=(BIO_SSL *)a->ptr;
128 if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
129 if (a->shutdown)
130 {
131 if (a->init && (bs->ssl != NULL))
132 SSL_free(bs->ssl);
133 a->init=0;
134 a->flags=0;
135 }
136 if (a->ptr != NULL)
137 OPENSSL_free(a->ptr);
138 return(1);
139 }
140
141 static int ssl_read(BIO *b, char *out, int outl)
142 {
143 int ret=1;
144 BIO_SSL *sb;
145 SSL *ssl;
146 int retry_reason=0;
147 int r=0;
148
149 if (out == NULL) return(0);
150 sb=(BIO_SSL *)b->ptr;
151 ssl=sb->ssl;
152
153 BIO_clear_retry_flags(b);
154
155 #if 0
156 if (!SSL_is_init_finished(ssl))
157 {
158 /* ret=SSL_do_handshake(ssl); */
159 if (ret > 0)
160 {
161
162 outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
163 ret= -1;
164 goto end;
165 }
166 }
167 #endif
168 /* if (ret > 0) */
169 ret=SSL_read(ssl,out,outl);
170
171 switch (SSL_get_error(ssl,ret))
172 {
173 case SSL_ERROR_NONE:
174 if (ret <= 0) break;
175 if (sb->renegotiate_count > 0)
176 {
177 sb->byte_count+=ret;
178 if (sb->byte_count > sb->renegotiate_count)
179 {
180 sb->byte_count=0;
181 sb->num_renegotiates++;
182 SSL_renegotiate(ssl);
183 r=1;
184 }
185 }
186 if ((sb->renegotiate_timeout > 0) && (!r))
187 {
188 unsigned long tm;
189
190 tm=(unsigned long)time(NULL);
191 if (tm > sb->last_time+sb->renegotiate_timeout)
192 {
193 sb->last_time=tm;
194 sb->num_renegotiates++;
195 SSL_renegotiate(ssl);
196 }
197 }
198
199 break;
200 case SSL_ERROR_WANT_READ:
201 BIO_set_retry_read(b);
202 break;
203 case SSL_ERROR_WANT_WRITE:
204 BIO_set_retry_write(b);
205 break;
206 case SSL_ERROR_WANT_X509_LOOKUP:
207 BIO_set_retry_special(b);
208 retry_reason=BIO_RR_SSL_X509_LOOKUP;
209 break;
210 case SSL_ERROR_WANT_ACCEPT:
211 BIO_set_retry_special(b);
212 retry_reason=BIO_RR_ACCEPT;
213 break;
214 case SSL_ERROR_WANT_CONNECT:
215 BIO_set_retry_special(b);
216 retry_reason=BIO_RR_CONNECT;
217 break;
218 case SSL_ERROR_SYSCALL:
219 case SSL_ERROR_SSL:
220 case SSL_ERROR_ZERO_RETURN:
221 default:
222 break;
223 }
224
225 b->retry_reason=retry_reason;
226 return(ret);
227 }
228
229 static int ssl_write(BIO *b, const char *out, int outl)
230 {
231 int ret,r=0;
232 int retry_reason=0;
233 SSL *ssl;
234 BIO_SSL *bs;
235
236 if (out == NULL) return(0);
237 bs=(BIO_SSL *)b->ptr;
238 ssl=bs->ssl;
239
240 BIO_clear_retry_flags(b);
241
242 /* ret=SSL_do_handshake(ssl);
243 if (ret > 0) */
244 ret=SSL_write(ssl,out,outl);
245
246 switch (SSL_get_error(ssl,ret))
247 {
248 case SSL_ERROR_NONE:
249 if (ret <= 0) break;
250 if (bs->renegotiate_count > 0)
251 {
252 bs->byte_count+=ret;
253 if (bs->byte_count > bs->renegotiate_count)
254 {
255 bs->byte_count=0;
256 bs->num_renegotiates++;
257 SSL_renegotiate(ssl);
258 r=1;
259 }
260 }
261 if ((bs->renegotiate_timeout > 0) && (!r))
262 {
263 unsigned long tm;
264
265 tm=(unsigned long)time(NULL);
266 if (tm > bs->last_time+bs->renegotiate_timeout)
267 {
268 bs->last_time=tm;
269 bs->num_renegotiates++;
270 SSL_renegotiate(ssl);
271 }
272 }
273 break;
274 case SSL_ERROR_WANT_WRITE:
275 BIO_set_retry_write(b);
276 break;
277 case SSL_ERROR_WANT_READ:
278 BIO_set_retry_read(b);
279 break;
280 case SSL_ERROR_WANT_X509_LOOKUP:
281 BIO_set_retry_special(b);
282 retry_reason=BIO_RR_SSL_X509_LOOKUP;
283 break;
284 case SSL_ERROR_WANT_CONNECT:
285 BIO_set_retry_special(b);
286 retry_reason=BIO_RR_CONNECT;
287 case SSL_ERROR_SYSCALL:
288 case SSL_ERROR_SSL:
289 default:
290 break;
291 }
292
293 b->retry_reason=retry_reason;
294 return(ret);
295 }
296
297 static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
298 {
299 SSL **sslp,*ssl;
300 BIO_SSL *bs;
301 BIO *dbio,*bio;
302 long ret=1;
303
304 bs=(BIO_SSL *)b->ptr;
305 ssl=bs->ssl;
306 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
307 return(0);
308 switch (cmd)
309 {
310 case BIO_CTRL_RESET:
311 SSL_shutdown(ssl);
312
313 if (ssl->handshake_func == ssl->method->ssl_connect)
314 SSL_set_connect_state(ssl);
315 else if (ssl->handshake_func == ssl->method->ssl_accept)
316 SSL_set_accept_state(ssl);
317
318 SSL_clear(ssl);
319
320 if (b->next_bio != NULL)
321 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
322 else if (ssl->rbio != NULL)
323 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
324 else
325 ret=1;
326 break;
327 case BIO_CTRL_INFO:
328 ret=0;
329 break;
330 case BIO_C_SSL_MODE:
331 if (num) /* client mode */
332 SSL_set_connect_state(ssl);
333 else
334 SSL_set_accept_state(ssl);
335 break;
336 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
337 ret=bs->renegotiate_timeout;
338 if (num < 60) num=5;
339 bs->renegotiate_timeout=(unsigned long)num;
340 bs->last_time=(unsigned long)time(NULL);
341 break;
342 case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
343 ret=bs->renegotiate_count;
344 if ((long)num >=512)
345 bs->renegotiate_count=(unsigned long)num;
346 break;
347 case BIO_C_GET_SSL_NUM_RENEGOTIATES:
348 ret=bs->num_renegotiates;
349 break;
350 case BIO_C_SET_SSL:
351 if (ssl != NULL)
352 {
353 ssl_free(b);
354 if (!ssl_new(b))
355 return 0;
356 }
357 b->shutdown=(int)num;
358 ssl=(SSL *)ptr;
359 ((BIO_SSL *)b->ptr)->ssl=ssl;
360 bio=SSL_get_rbio(ssl);
361 if (bio != NULL)
362 {
363 if (b->next_bio != NULL)
364 BIO_push(bio,b->next_bio);
365 b->next_bio=bio;
366 CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
367 }
368 b->init=1;
369 break;
370 case BIO_C_GET_SSL:
371 if (ptr != NULL)
372 {
373 sslp=(SSL **)ptr;
374 *sslp=ssl;
375 }
376 else
377 ret=0;
378 break;
379 case BIO_CTRL_GET_CLOSE:
380 ret=b->shutdown;
381 break;
382 case BIO_CTRL_SET_CLOSE:
383 b->shutdown=(int)num;
384 break;
385 case BIO_CTRL_WPENDING:
386 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
387 break;
388 case BIO_CTRL_PENDING:
389 ret=SSL_pending(ssl);
390 if (ret == 0)
391 ret=BIO_pending(ssl->rbio);
392 break;
393 case BIO_CTRL_FLUSH:
394 BIO_clear_retry_flags(b);
395 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
396 BIO_copy_next_retry(b);
397 break;
398 case BIO_CTRL_PUSH:
399 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
400 {
401 SSL_set_bio(ssl,b->next_bio,b->next_bio);
402 CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
403 }
404 break;
405 case BIO_CTRL_POP:
406 /* Only detach if we are the BIO explicitly being popped */
407 if (b == ptr)
408 {
409 /* Shouldn't happen in practice because the
410 * rbio and wbio are the same when pushed.
411 */
412 if (ssl->rbio != ssl->wbio)
413 BIO_free_all(ssl->wbio);
414 if (b->next_bio != NULL)
415 CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO);
416 ssl->wbio=NULL;
417 ssl->rbio=NULL;
418 }
419 break;
420 case BIO_C_DO_STATE_MACHINE:
421 BIO_clear_retry_flags(b);
422
423 b->retry_reason=0;
424 ret=(int)SSL_do_handshake(ssl);
425
426 switch (SSL_get_error(ssl,(int)ret))
427 {
428 case SSL_ERROR_WANT_READ:
429 BIO_set_flags(b,
430 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
431 break;
432 case SSL_ERROR_WANT_WRITE:
433 BIO_set_flags(b,
434 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
435 break;
436 case SSL_ERROR_WANT_CONNECT:
437 BIO_set_flags(b,
438 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
439 b->retry_reason=b->next_bio->retry_reason;
440 break;
441 default:
442 break;
443 }
444 break;
445 case BIO_CTRL_DUP:
446 dbio=(BIO *)ptr;
447 if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
448 SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
449 ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
450 ((BIO_SSL *)dbio->ptr)->renegotiate_count=
451 ((BIO_SSL *)b->ptr)->renegotiate_count;
452 ((BIO_SSL *)dbio->ptr)->byte_count=
453 ((BIO_SSL *)b->ptr)->byte_count;
454 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
455 ((BIO_SSL *)b->ptr)->renegotiate_timeout;
456 ((BIO_SSL *)dbio->ptr)->last_time=
457 ((BIO_SSL *)b->ptr)->last_time;
458 ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
459 break;
460 case BIO_C_GET_FD:
461 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
462 break;
463 case BIO_CTRL_SET_CALLBACK:
464 {
465 #if 0 /* FIXME: Should this be used? -- Richard Levitte */
466 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
467 ret = -1;
468 #else
469 ret=0;
470 #endif
471 }
472 break;
473 case BIO_CTRL_GET_CALLBACK:
474 {
475 void (**fptr)(const SSL *xssl,int type,int val);
476
477 fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
478 *fptr=SSL_get_info_callback(ssl);
479 }
480 break;
481 default:
482 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
483 break;
484 }
485 return(ret);
486 }
487
488 static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
489 {
490 SSL *ssl;
491 BIO_SSL *bs;
492 long ret=1;
493
494 bs=(BIO_SSL *)b->ptr;
495 ssl=bs->ssl;
496 switch (cmd)
497 {
498 case BIO_CTRL_SET_CALLBACK:
499 {
500 /* FIXME: setting this via a completely different prototype
501 seems like a crap idea */
502 SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
503 }
504 break;
505 default:
506 ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
507 break;
508 }
509 return(ret);
510 }
511
512 static int ssl_puts(BIO *bp, const char *str)
513 {
514 int n,ret;
515
516 n=strlen(str);
517 ret=BIO_write(bp,str,n);
518 return(ret);
519 }
520
521 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
522 {
523 #ifndef OPENSSL_NO_SOCK
524 BIO *ret=NULL,*buf=NULL,*ssl=NULL;
525
526 if ((buf=BIO_new(BIO_f_buffer())) == NULL)
527 return(NULL);
528 if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
529 goto err;
530 if ((ret=BIO_push(buf,ssl)) == NULL)
531 goto err;
532 return(ret);
533 err:
534 if (buf != NULL) BIO_free(buf);
535 if (ssl != NULL) BIO_free(ssl);
536 #endif
537 return(NULL);
538 }
539
540 BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
541 {
542 #ifndef OPENSSL_NO_SOCK
543 BIO *ret=NULL,*con=NULL,*ssl=NULL;
544
545 if ((con=BIO_new(BIO_s_connect())) == NULL)
546 return(NULL);
547 if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
548 goto err;
549 if ((ret=BIO_push(ssl,con)) == NULL)
550 goto err;
551 return(ret);
552 err:
553 if (con != NULL) BIO_free(con);
554 #endif
555 return(NULL);
556 }
557
558 BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
559 {
560 BIO *ret;
561 SSL *ssl;
562
563 if ((ret=BIO_new(BIO_f_ssl())) == NULL)
564 return(NULL);
565 if ((ssl=SSL_new(ctx)) == NULL)
566 {
567 BIO_free(ret);
568 return(NULL);
569 }
570 if (client)
571 SSL_set_connect_state(ssl);
572 else
573 SSL_set_accept_state(ssl);
574
575 BIO_set_ssl(ret,ssl,BIO_CLOSE);
576 return(ret);
577 }
578
579 int BIO_ssl_copy_session_id(BIO *t, BIO *f)
580 {
581 t=BIO_find_type(t,BIO_TYPE_SSL);
582 f=BIO_find_type(f,BIO_TYPE_SSL);
583 if ((t == NULL) || (f == NULL))
584 return(0);
585 if ( (((BIO_SSL *)t->ptr)->ssl == NULL) ||
586 (((BIO_SSL *)f->ptr)->ssl == NULL))
587 return(0);
588 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
589 return(1);
590 }
591
592 void BIO_ssl_shutdown(BIO *b)
593 {
594 SSL *s;
595
596 while (b != NULL)
597 {
598 if (b->method->type == BIO_TYPE_SSL)
599 {
600 s=((BIO_SSL *)b->ptr)->ssl;
601 SSL_shutdown(s);
602 break;
603 }
604 b=b->next_bio;
605 }
606 }