xref: /freebsd/contrib/libevent/bufferevent_openssl.c (revision 5b31cc94b10d4bb7109c6b27940a0fc76a44a331)
1 /*
2  * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  * 3. The name of the author may not be used to endorse or promote products
13  *    derived from this software without specific prior written permission.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26 
27 // Get rid of OSX 10.7 and greater deprecation warnings.
28 #if defined(__APPLE__) && defined(__clang__)
29 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
30 #endif
31 
32 #include "event2/event-config.h"
33 #include "evconfig-private.h"
34 
35 #include <sys/types.h>
36 
37 #ifdef EVENT__HAVE_SYS_TIME_H
38 #include <sys/time.h>
39 #endif
40 
41 #include <errno.h>
42 #include <stdio.h>
43 #include <stdlib.h>
44 #include <string.h>
45 #ifdef EVENT__HAVE_STDARG_H
46 #include <stdarg.h>
47 #endif
48 #ifdef EVENT__HAVE_UNISTD_H
49 #include <unistd.h>
50 #endif
51 
52 #ifdef _WIN32
53 #include <winsock2.h>
54 #endif
55 
56 #include "event2/bufferevent.h"
57 #include "event2/bufferevent_struct.h"
58 #include "event2/bufferevent_ssl.h"
59 #include "event2/buffer.h"
60 #include "event2/event.h"
61 
62 #include "mm-internal.h"
63 #include "bufferevent-internal.h"
64 #include "log-internal.h"
65 
66 #include <openssl/ssl.h>
67 #include <openssl/err.h>
68 #include "openssl-compat.h"
69 
70 /*
71  * Define an OpenSSL bio that targets a bufferevent.
72  */
73 
74 /* --------------------
75    A BIO is an OpenSSL abstraction that handles reading and writing data.  The
76    library will happily speak SSL over anything that implements a BIO
77    interface.
78 
79    Here we define a BIO implementation that directs its output to a
80    bufferevent.  We'll want to use this only when none of OpenSSL's built-in
81    IO mechanisms work for us.
82    -------------------- */
83 
84 /* every BIO type needs its own integer type value. */
85 #define BIO_TYPE_LIBEVENT 57
86 /* ???? Arguably, we should set BIO_TYPE_FILTER or BIO_TYPE_SOURCE_SINK on
87  * this. */
88 
89 #if 0
90 static void
91 print_err(int val)
92 {
93 	int err;
94 	printf("Error was %d\n", val);
95 
96 	while ((err = ERR_get_error())) {
97 		const char *msg = (const char*)ERR_reason_error_string(err);
98 		const char *lib = (const char*)ERR_lib_error_string(err);
99 		const char *func = (const char*)ERR_func_error_string(err);
100 
101 		printf("%s in %s %s\n", msg, lib, func);
102 	}
103 }
104 #else
105 #define print_err(v) ((void)0)
106 #endif
107 
108 /* Called to initialize a new BIO */
109 static int
110 bio_bufferevent_new(BIO *b)
111 {
112 	BIO_set_init(b, 0);
113 	BIO_set_data(b, NULL); /* We'll be putting the bufferevent in this field.*/
114 	return 1;
115 }
116 
117 /* Called to uninitialize the BIO. */
118 static int
119 bio_bufferevent_free(BIO *b)
120 {
121 	if (!b)
122 		return 0;
123 	if (BIO_get_shutdown(b)) {
124 		if (BIO_get_init(b) && BIO_get_data(b))
125 			bufferevent_free(BIO_get_data(b));
126 		BIO_free(b);
127 	}
128 	return 1;
129 }
130 
131 /* Called to extract data from the BIO. */
132 static int
133 bio_bufferevent_read(BIO *b, char *out, int outlen)
134 {
135 	int r = 0;
136 	struct evbuffer *input;
137 
138 	BIO_clear_retry_flags(b);
139 
140 	if (!out)
141 		return 0;
142 	if (!BIO_get_data(b))
143 		return -1;
144 
145 	input = bufferevent_get_input(BIO_get_data(b));
146 	if (evbuffer_get_length(input) == 0) {
147 		/* If there's no data to read, say so. */
148 		BIO_set_retry_read(b);
149 		return -1;
150 	} else {
151 		r = evbuffer_remove(input, out, outlen);
152 	}
153 
154 	return r;
155 }
156 
157 /* Called to write data into the BIO */
158 static int
159 bio_bufferevent_write(BIO *b, const char *in, int inlen)
160 {
161 	struct bufferevent *bufev = BIO_get_data(b);
162 	struct evbuffer *output;
163 	size_t outlen;
164 
165 	BIO_clear_retry_flags(b);
166 
167 	if (!BIO_get_data(b))
168 		return -1;
169 
170 	output = bufferevent_get_output(bufev);
171 	outlen = evbuffer_get_length(output);
172 
173 	/* Copy only as much data onto the output buffer as can fit under the
174 	 * high-water mark. */
175 	if (bufev->wm_write.high && bufev->wm_write.high <= (outlen+inlen)) {
176 		if (bufev->wm_write.high <= outlen) {
177 			/* If no data can fit, we'll need to retry later. */
178 			BIO_set_retry_write(b);
179 			return -1;
180 		}
181 		inlen = bufev->wm_write.high - outlen;
182 	}
183 
184 	EVUTIL_ASSERT(inlen > 0);
185 	evbuffer_add(output, in, inlen);
186 	return inlen;
187 }
188 
189 /* Called to handle various requests */
190 static long
191 bio_bufferevent_ctrl(BIO *b, int cmd, long num, void *ptr)
192 {
193 	struct bufferevent *bufev = BIO_get_data(b);
194 	long ret = 1;
195 
196 	switch (cmd) {
197 	case BIO_CTRL_GET_CLOSE:
198 		ret = BIO_get_shutdown(b);
199 		break;
200 	case BIO_CTRL_SET_CLOSE:
201 		BIO_set_shutdown(b, (int)num);
202 		break;
203 	case BIO_CTRL_PENDING:
204 		ret = evbuffer_get_length(bufferevent_get_input(bufev)) != 0;
205 		break;
206 	case BIO_CTRL_WPENDING:
207 		ret = evbuffer_get_length(bufferevent_get_output(bufev)) != 0;
208 		break;
209 	/* XXXX These two are given a special-case treatment because
210 	 * of cargo-cultism.  I should come up with a better reason. */
211 	case BIO_CTRL_DUP:
212 	case BIO_CTRL_FLUSH:
213 		ret = 1;
214 		break;
215 	default:
216 		ret = 0;
217 		break;
218 	}
219 	return ret;
220 }
221 
222 /* Called to write a string to the BIO */
223 static int
224 bio_bufferevent_puts(BIO *b, const char *s)
225 {
226 	return bio_bufferevent_write(b, s, strlen(s));
227 }
228 
229 /* Method table for the bufferevent BIO */
230 static BIO_METHOD *methods_bufferevent;
231 
232 /* Return the method table for the bufferevents BIO */
233 static BIO_METHOD *
234 BIO_s_bufferevent(void)
235 {
236 	if (methods_bufferevent == NULL) {
237 		methods_bufferevent = BIO_meth_new(BIO_TYPE_LIBEVENT, "bufferevent");
238 		if (methods_bufferevent == NULL)
239 			return NULL;
240 		BIO_meth_set_write(methods_bufferevent, bio_bufferevent_write);
241 		BIO_meth_set_read(methods_bufferevent, bio_bufferevent_read);
242 		BIO_meth_set_puts(methods_bufferevent, bio_bufferevent_puts);
243 		BIO_meth_set_ctrl(methods_bufferevent, bio_bufferevent_ctrl);
244 		BIO_meth_set_create(methods_bufferevent, bio_bufferevent_new);
245 		BIO_meth_set_destroy(methods_bufferevent, bio_bufferevent_free);
246 	}
247 	return methods_bufferevent;
248 }
249 
250 /* Create a new BIO to wrap communication around a bufferevent.  If close_flag
251  * is true, the bufferevent will be freed when the BIO is closed. */
252 static BIO *
253 BIO_new_bufferevent(struct bufferevent *bufferevent)
254 {
255 	BIO *result;
256 	if (!bufferevent)
257 		return NULL;
258 	if (!(result = BIO_new(BIO_s_bufferevent())))
259 		return NULL;
260 	BIO_set_init(result, 1);
261 	BIO_set_data(result, bufferevent);
262 	/* We don't tell the BIO to close the bufferevent; we do it ourselves on
263 	 * be_openssl_destruct() */
264 	BIO_set_shutdown(result, 0);
265 	return result;
266 }
267 
268 /* --------------------
269    Now, here's the OpenSSL-based implementation of bufferevent.
270 
271    The implementation comes in two flavors: one that connects its SSL object
272    to an underlying bufferevent using a BIO_bufferevent, and one that has the
273    SSL object connect to a socket directly.  The latter should generally be
274    faster, except on Windows, where your best bet is using a
275    bufferevent_async.
276 
277    (OpenSSL supports many other BIO types, too.  But we can't use any unless
278    we have a good way to get notified when they become readable/writable.)
279    -------------------- */
280 
281 struct bio_data_counts {
282 	unsigned long n_written;
283 	unsigned long n_read;
284 };
285 
286 struct bufferevent_openssl {
287 	/* Shared fields with common bufferevent implementation code.
288 	   If we were set up with an underlying bufferevent, we use the
289 	   events here as timers only.  If we have an SSL, then we use
290 	   the events as socket events.
291 	 */
292 	struct bufferevent_private bev;
293 	/* An underlying bufferevent that we're directing our output to.
294 	   If it's NULL, then we're connected to an fd, not an evbuffer. */
295 	struct bufferevent *underlying;
296 	/* The SSL object doing our encryption. */
297 	SSL *ssl;
298 
299 	/* A callback that's invoked when data arrives on our outbuf so we
300 	   know to write data to the SSL. */
301 	struct evbuffer_cb_entry *outbuf_cb;
302 
303 	/* A count of how much data the bios have read/written total.  Used
304 	   for rate-limiting. */
305 	struct bio_data_counts counts;
306 
307 	/* If this value is greater than 0, then the last SSL_write blocked,
308 	 * and we need to try it again with this many bytes. */
309 	ev_ssize_t last_write;
310 
311 #define NUM_ERRORS 3
312 	ev_uint32_t errors[NUM_ERRORS];
313 
314 	/* When we next get available space, we should say "read" instead of
315 	   "write". This can happen if there's a renegotiation during a read
316 	   operation. */
317 	unsigned read_blocked_on_write : 1;
318 	/* When we next get data, we should say "write" instead of "read". */
319 	unsigned write_blocked_on_read : 1;
320 	/* Treat TCP close before SSL close on SSL >= v3 as clean EOF. */
321 	unsigned allow_dirty_shutdown : 1;
322 	/* XXX */
323 	unsigned n_errors : 2;
324 
325 	/* Are we currently connecting, accepting, or doing IO? */
326 	unsigned state : 2;
327 	/* If we reset fd, we sould reset state too */
328 	unsigned old_state : 2;
329 };
330 
331 static int be_openssl_enable(struct bufferevent *, short);
332 static int be_openssl_disable(struct bufferevent *, short);
333 static void be_openssl_unlink(struct bufferevent *);
334 static void be_openssl_destruct(struct bufferevent *);
335 static int be_openssl_adj_timeouts(struct bufferevent *);
336 static int be_openssl_flush(struct bufferevent *bufev,
337     short iotype, enum bufferevent_flush_mode mode);
338 static int be_openssl_ctrl(struct bufferevent *, enum bufferevent_ctrl_op, union bufferevent_ctrl_data *);
339 
340 const struct bufferevent_ops bufferevent_ops_openssl = {
341 	"ssl",
342 	evutil_offsetof(struct bufferevent_openssl, bev.bev),
343 	be_openssl_enable,
344 	be_openssl_disable,
345 	be_openssl_unlink,
346 	be_openssl_destruct,
347 	be_openssl_adj_timeouts,
348 	be_openssl_flush,
349 	be_openssl_ctrl,
350 };
351 
352 /* Given a bufferevent, return a pointer to the bufferevent_openssl that
353  * contains it, if any. */
354 static inline struct bufferevent_openssl *
355 upcast(struct bufferevent *bev)
356 {
357 	struct bufferevent_openssl *bev_o;
358 	if (!BEV_IS_OPENSSL(bev))
359 		return NULL;
360 	bev_o = (void*)( ((char*)bev) -
361 			 evutil_offsetof(struct bufferevent_openssl, bev.bev));
362 	EVUTIL_ASSERT(BEV_IS_OPENSSL(&bev_o->bev.bev));
363 	return bev_o;
364 }
365 
366 static inline void
367 put_error(struct bufferevent_openssl *bev_ssl, unsigned long err)
368 {
369 	if (bev_ssl->n_errors == NUM_ERRORS)
370 		return;
371 	/* The error type according to openssl is "unsigned long", but
372 	   openssl never uses more than 32 bits of it.  It _can't_ use more
373 	   than 32 bits of it, since it needs to report errors on systems
374 	   where long is only 32 bits.
375 	 */
376 	bev_ssl->errors[bev_ssl->n_errors++] = (ev_uint32_t) err;
377 }
378 
379 /* Have the base communications channel (either the underlying bufferevent or
380  * ev_read and ev_write) start reading.  Take the read-blocked-on-write flag
381  * into account. */
382 static int
383 start_reading(struct bufferevent_openssl *bev_ssl)
384 {
385 	if (bev_ssl->underlying) {
386 		bufferevent_unsuspend_read_(bev_ssl->underlying,
387 		    BEV_SUSPEND_FILT_READ);
388 		return 0;
389 	} else {
390 		struct bufferevent *bev = &bev_ssl->bev.bev;
391 		int r;
392 		r = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
393 		if (r == 0 && bev_ssl->read_blocked_on_write)
394 			r = bufferevent_add_event_(&bev->ev_write,
395 			    &bev->timeout_write);
396 		return r;
397 	}
398 }
399 
400 /* Have the base communications channel (either the underlying bufferevent or
401  * ev_read and ev_write) start writing.  Take the write-blocked-on-read flag
402  * into account. */
403 static int
404 start_writing(struct bufferevent_openssl *bev_ssl)
405 {
406 	int r = 0;
407 	if (bev_ssl->underlying) {
408 		if (bev_ssl->write_blocked_on_read) {
409 			bufferevent_unsuspend_read_(bev_ssl->underlying,
410 			    BEV_SUSPEND_FILT_READ);
411 		}
412 	} else {
413 		struct bufferevent *bev = &bev_ssl->bev.bev;
414 		r = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
415 		if (!r && bev_ssl->write_blocked_on_read)
416 			r = bufferevent_add_event_(&bev->ev_read,
417 			    &bev->timeout_read);
418 	}
419 	return r;
420 }
421 
422 static void
423 stop_reading(struct bufferevent_openssl *bev_ssl)
424 {
425 	if (bev_ssl->write_blocked_on_read)
426 		return;
427 	if (bev_ssl->underlying) {
428 		bufferevent_suspend_read_(bev_ssl->underlying,
429 		    BEV_SUSPEND_FILT_READ);
430 	} else {
431 		struct bufferevent *bev = &bev_ssl->bev.bev;
432 		event_del(&bev->ev_read);
433 	}
434 }
435 
436 static void
437 stop_writing(struct bufferevent_openssl *bev_ssl)
438 {
439 	if (bev_ssl->read_blocked_on_write)
440 		return;
441 	if (bev_ssl->underlying) {
442 		bufferevent_unsuspend_read_(bev_ssl->underlying,
443 		    BEV_SUSPEND_FILT_READ);
444 	} else {
445 		struct bufferevent *bev = &bev_ssl->bev.bev;
446 		event_del(&bev->ev_write);
447 	}
448 }
449 
450 static int
451 set_rbow(struct bufferevent_openssl *bev_ssl)
452 {
453 	if (!bev_ssl->underlying)
454 		stop_reading(bev_ssl);
455 	bev_ssl->read_blocked_on_write = 1;
456 	return start_writing(bev_ssl);
457 }
458 
459 static int
460 set_wbor(struct bufferevent_openssl *bev_ssl)
461 {
462 	if (!bev_ssl->underlying)
463 		stop_writing(bev_ssl);
464 	bev_ssl->write_blocked_on_read = 1;
465 	return start_reading(bev_ssl);
466 }
467 
468 static int
469 clear_rbow(struct bufferevent_openssl *bev_ssl)
470 {
471 	struct bufferevent *bev = &bev_ssl->bev.bev;
472 	int r = 0;
473 	bev_ssl->read_blocked_on_write = 0;
474 	if (!(bev->enabled & EV_WRITE))
475 		stop_writing(bev_ssl);
476 	if (bev->enabled & EV_READ)
477 		r = start_reading(bev_ssl);
478 	return r;
479 }
480 
481 
482 static int
483 clear_wbor(struct bufferevent_openssl *bev_ssl)
484 {
485 	struct bufferevent *bev = &bev_ssl->bev.bev;
486 	int r = 0;
487 	bev_ssl->write_blocked_on_read = 0;
488 	if (!(bev->enabled & EV_READ))
489 		stop_reading(bev_ssl);
490 	if (bev->enabled & EV_WRITE)
491 		r = start_writing(bev_ssl);
492 	return r;
493 }
494 
495 static void
496 conn_closed(struct bufferevent_openssl *bev_ssl, int when, int errcode, int ret)
497 {
498 	int event = BEV_EVENT_ERROR;
499 	int dirty_shutdown = 0;
500 	unsigned long err;
501 
502 	switch (errcode) {
503 	case SSL_ERROR_ZERO_RETURN:
504 		/* Possibly a clean shutdown. */
505 		if (SSL_get_shutdown(bev_ssl->ssl) & SSL_RECEIVED_SHUTDOWN)
506 			event = BEV_EVENT_EOF;
507 		else
508 			dirty_shutdown = 1;
509 		break;
510 	case SSL_ERROR_SYSCALL:
511 		/* IO error; possibly a dirty shutdown. */
512 		if ((ret == 0 || ret == -1) && ERR_peek_error() == 0)
513 			dirty_shutdown = 1;
514 		put_error(bev_ssl, errcode);
515 		break;
516 	case SSL_ERROR_SSL:
517 		/* Protocol error. */
518 		put_error(bev_ssl, errcode);
519 		break;
520 	case SSL_ERROR_WANT_X509_LOOKUP:
521 		/* XXXX handle this. */
522 		put_error(bev_ssl, errcode);
523 		break;
524 	case SSL_ERROR_NONE:
525 	case SSL_ERROR_WANT_READ:
526 	case SSL_ERROR_WANT_WRITE:
527 	case SSL_ERROR_WANT_CONNECT:
528 	case SSL_ERROR_WANT_ACCEPT:
529 	default:
530 		/* should be impossible; treat as normal error. */
531 		event_warnx("BUG: Unexpected OpenSSL error code %d", errcode);
532 		break;
533 	}
534 
535 	while ((err = ERR_get_error())) {
536 		put_error(bev_ssl, err);
537 	}
538 
539 	if (dirty_shutdown && bev_ssl->allow_dirty_shutdown)
540 		event = BEV_EVENT_EOF;
541 
542 	stop_reading(bev_ssl);
543 	stop_writing(bev_ssl);
544 
545 	/* when is BEV_EVENT_{READING|WRITING} */
546 	event = when | event;
547 	bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
548 }
549 
550 static void
551 init_bio_counts(struct bufferevent_openssl *bev_ssl)
552 {
553 	BIO *rbio, *wbio;
554 
555 	wbio = SSL_get_wbio(bev_ssl->ssl);
556 	bev_ssl->counts.n_written = wbio ? BIO_number_written(wbio) : 0;
557 	rbio = SSL_get_rbio(bev_ssl->ssl);
558 	bev_ssl->counts.n_read = rbio ? BIO_number_read(rbio) : 0;
559 }
560 
561 static inline void
562 decrement_buckets(struct bufferevent_openssl *bev_ssl)
563 {
564 	unsigned long num_w = BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
565 	unsigned long num_r = BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
566 	/* These next two subtractions can wrap around. That's okay. */
567 	unsigned long w = num_w - bev_ssl->counts.n_written;
568 	unsigned long r = num_r - bev_ssl->counts.n_read;
569 	if (w)
570 		bufferevent_decrement_write_buckets_(&bev_ssl->bev, w);
571 	if (r)
572 		bufferevent_decrement_read_buckets_(&bev_ssl->bev, r);
573 	bev_ssl->counts.n_written = num_w;
574 	bev_ssl->counts.n_read = num_r;
575 }
576 
577 #define OP_MADE_PROGRESS 1
578 #define OP_BLOCKED 2
579 #define OP_ERR 4
580 
581 /* Return a bitmask of OP_MADE_PROGRESS (if we read anything); OP_BLOCKED (if
582    we're now blocked); and OP_ERR (if an error occurred). */
583 static int
584 do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) {
585 	/* Requires lock */
586 	struct bufferevent *bev = &bev_ssl->bev.bev;
587 	struct evbuffer *input = bev->input;
588 	int r, n, i, n_used = 0, atmost;
589 	struct evbuffer_iovec space[2];
590 	int result = 0;
591 
592 	if (bev_ssl->bev.read_suspended)
593 		return 0;
594 
595 	atmost = bufferevent_get_read_max_(&bev_ssl->bev);
596 	if (n_to_read > atmost)
597 		n_to_read = atmost;
598 
599 	n = evbuffer_reserve_space(input, n_to_read, space, 2);
600 	if (n < 0)
601 		return OP_ERR;
602 
603 	for (i=0; i<n; ++i) {
604 		if (bev_ssl->bev.read_suspended)
605 			break;
606 		ERR_clear_error();
607 		r = SSL_read(bev_ssl->ssl, space[i].iov_base, space[i].iov_len);
608 		if (r>0) {
609 			result |= OP_MADE_PROGRESS;
610 			if (bev_ssl->read_blocked_on_write)
611 				if (clear_rbow(bev_ssl) < 0)
612 					return OP_ERR | result;
613 			++n_used;
614 			space[i].iov_len = r;
615 			decrement_buckets(bev_ssl);
616 		} else {
617 			int err = SSL_get_error(bev_ssl->ssl, r);
618 			print_err(err);
619 			switch (err) {
620 			case SSL_ERROR_WANT_READ:
621 				/* Can't read until underlying has more data. */
622 				if (bev_ssl->read_blocked_on_write)
623 					if (clear_rbow(bev_ssl) < 0)
624 						return OP_ERR | result;
625 				break;
626 			case SSL_ERROR_WANT_WRITE:
627 				/* This read operation requires a write, and the
628 				 * underlying is full */
629 				if (!bev_ssl->read_blocked_on_write)
630 					if (set_rbow(bev_ssl) < 0)
631 						return OP_ERR | result;
632 				break;
633 			default:
634 				conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
635 				break;
636 			}
637 			result |= OP_BLOCKED;
638 			break; /* out of the loop */
639 		}
640 	}
641 
642 	if (n_used) {
643 		evbuffer_commit_space(input, space, n_used);
644 		if (bev_ssl->underlying)
645 			BEV_RESET_GENERIC_READ_TIMEOUT(bev);
646 	}
647 
648 	return result;
649 }
650 
651 /* Return a bitmask of OP_MADE_PROGRESS (if we wrote anything); OP_BLOCKED (if
652    we're now blocked); and OP_ERR (if an error occurred). */
653 static int
654 do_write(struct bufferevent_openssl *bev_ssl, int atmost)
655 {
656 	int i, r, n, n_written = 0;
657 	struct bufferevent *bev = &bev_ssl->bev.bev;
658 	struct evbuffer *output = bev->output;
659 	struct evbuffer_iovec space[8];
660 	int result = 0;
661 
662 	if (bev_ssl->last_write > 0)
663 		atmost = bev_ssl->last_write;
664 	else
665 		atmost = bufferevent_get_write_max_(&bev_ssl->bev);
666 
667 	n = evbuffer_peek(output, atmost, NULL, space, 8);
668 	if (n < 0)
669 		return OP_ERR | result;
670 
671 	if (n > 8)
672 		n = 8;
673 	for (i=0; i < n; ++i) {
674 		if (bev_ssl->bev.write_suspended)
675 			break;
676 
677 		/* SSL_write will (reasonably) return 0 if we tell it to
678 		   send 0 data.  Skip this case so we don't interpret the
679 		   result as an error */
680 		if (space[i].iov_len == 0)
681 			continue;
682 
683 		ERR_clear_error();
684 		r = SSL_write(bev_ssl->ssl, space[i].iov_base,
685 		    space[i].iov_len);
686 		if (r > 0) {
687 			result |= OP_MADE_PROGRESS;
688 			if (bev_ssl->write_blocked_on_read)
689 				if (clear_wbor(bev_ssl) < 0)
690 					return OP_ERR | result;
691 			n_written += r;
692 			bev_ssl->last_write = -1;
693 			decrement_buckets(bev_ssl);
694 		} else {
695 			int err = SSL_get_error(bev_ssl->ssl, r);
696 			print_err(err);
697 			switch (err) {
698 			case SSL_ERROR_WANT_WRITE:
699 				/* Can't read until underlying has more data. */
700 				if (bev_ssl->write_blocked_on_read)
701 					if (clear_wbor(bev_ssl) < 0)
702 						return OP_ERR | result;
703 				bev_ssl->last_write = space[i].iov_len;
704 				break;
705 			case SSL_ERROR_WANT_READ:
706 				/* This read operation requires a write, and the
707 				 * underlying is full */
708 				if (!bev_ssl->write_blocked_on_read)
709 					if (set_wbor(bev_ssl) < 0)
710 						return OP_ERR | result;
711 				bev_ssl->last_write = space[i].iov_len;
712 				break;
713 			default:
714 				conn_closed(bev_ssl, BEV_EVENT_WRITING, err, r);
715 				bev_ssl->last_write = -1;
716 				break;
717 			}
718 			result |= OP_BLOCKED;
719 			break;
720 		}
721 	}
722 	if (n_written) {
723 		evbuffer_drain(output, n_written);
724 		if (bev_ssl->underlying)
725 			BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
726 
727 		bufferevent_trigger_nolock_(bev, EV_WRITE, BEV_OPT_DEFER_CALLBACKS);
728 	}
729 	return result;
730 }
731 
732 #define WRITE_FRAME 15000
733 
734 #define READ_DEFAULT 4096
735 
736 /* Try to figure out how many bytes to read; return 0 if we shouldn't be
737  * reading. */
738 static int
739 bytes_to_read(struct bufferevent_openssl *bev)
740 {
741 	struct evbuffer *input = bev->bev.bev.input;
742 	struct event_watermark *wm = &bev->bev.bev.wm_read;
743 	int result = READ_DEFAULT;
744 	ev_ssize_t limit;
745 	/* XXX 99% of this is generic code that nearly all bufferevents will
746 	 * want. */
747 
748 	if (bev->write_blocked_on_read) {
749 		return 0;
750 	}
751 
752 	if (! (bev->bev.bev.enabled & EV_READ)) {
753 		return 0;
754 	}
755 
756 	if (bev->bev.read_suspended) {
757 		return 0;
758 	}
759 
760 	if (wm->high) {
761 		if (evbuffer_get_length(input) >= wm->high) {
762 			return 0;
763 		}
764 
765 		result = wm->high - evbuffer_get_length(input);
766 	} else {
767 		result = READ_DEFAULT;
768 	}
769 
770 	/* Respect the rate limit */
771 	limit = bufferevent_get_read_max_(&bev->bev);
772 	if (result > limit) {
773 		result = limit;
774 	}
775 
776 	return result;
777 }
778 
779 
780 /* Things look readable.  If write is blocked on read, write till it isn't.
781  * Read from the underlying buffer until we block or we hit our high-water
782  * mark.
783  */
784 static void
785 consider_reading(struct bufferevent_openssl *bev_ssl)
786 {
787 	int r;
788 	int n_to_read;
789 	int all_result_flags = 0;
790 
791 	while (bev_ssl->write_blocked_on_read) {
792 		r = do_write(bev_ssl, WRITE_FRAME);
793 		if (r & (OP_BLOCKED|OP_ERR))
794 			break;
795 	}
796 	if (bev_ssl->write_blocked_on_read)
797 		return;
798 
799 	n_to_read = bytes_to_read(bev_ssl);
800 
801 	while (n_to_read) {
802 		r = do_read(bev_ssl, n_to_read);
803 		all_result_flags |= r;
804 
805 		if (r & (OP_BLOCKED|OP_ERR))
806 			break;
807 
808 		if (bev_ssl->bev.read_suspended)
809 			break;
810 
811 		/* Read all pending data.  This won't hit the network
812 		 * again, and will (most importantly) put us in a state
813 		 * where we don't need to read anything else until the
814 		 * socket is readable again.  It'll potentially make us
815 		 * overrun our read high-watermark (somewhat
816 		 * regrettable).  The damage to the rate-limit has
817 		 * already been done, since OpenSSL went and read a
818 		 * whole SSL record anyway. */
819 		n_to_read = SSL_pending(bev_ssl->ssl);
820 
821 		/* XXX This if statement is actually a bad bug, added to avoid
822 		 * XXX a worse bug.
823 		 *
824 		 * The bad bug: It can potentially cause resource unfairness
825 		 * by reading too much data from the underlying bufferevent;
826 		 * it can potentially cause read looping if the underlying
827 		 * bufferevent is a bufferevent_pair and deferred callbacks
828 		 * aren't used.
829 		 *
830 		 * The worse bug: If we didn't do this, then we would
831 		 * potentially not read any more from bev_ssl->underlying
832 		 * until more data arrived there, which could lead to us
833 		 * waiting forever.
834 		 */
835 		if (!n_to_read && bev_ssl->underlying)
836 			n_to_read = bytes_to_read(bev_ssl);
837 	}
838 
839 	if (all_result_flags & OP_MADE_PROGRESS) {
840 		struct bufferevent *bev = &bev_ssl->bev.bev;
841 
842 		bufferevent_trigger_nolock_(bev, EV_READ, 0);
843 	}
844 
845 	if (!bev_ssl->underlying) {
846 		/* Should be redundant, but let's avoid busy-looping */
847 		if (bev_ssl->bev.read_suspended ||
848 		    !(bev_ssl->bev.bev.enabled & EV_READ)) {
849 			event_del(&bev_ssl->bev.bev.ev_read);
850 		}
851 	}
852 }
853 
854 static void
855 consider_writing(struct bufferevent_openssl *bev_ssl)
856 {
857 	int r;
858 	struct evbuffer *output = bev_ssl->bev.bev.output;
859 	struct evbuffer *target = NULL;
860 	struct event_watermark *wm = NULL;
861 
862 	while (bev_ssl->read_blocked_on_write) {
863 		r = do_read(bev_ssl, 1024); /* XXXX 1024 is a hack */
864 		if (r & OP_MADE_PROGRESS) {
865 			struct bufferevent *bev = &bev_ssl->bev.bev;
866 
867 			bufferevent_trigger_nolock_(bev, EV_READ, 0);
868 		}
869 		if (r & (OP_ERR|OP_BLOCKED))
870 			break;
871 	}
872 	if (bev_ssl->read_blocked_on_write)
873 		return;
874 	if (bev_ssl->underlying) {
875 		target = bev_ssl->underlying->output;
876 		wm = &bev_ssl->underlying->wm_write;
877 	}
878 	while ((bev_ssl->bev.bev.enabled & EV_WRITE) &&
879 	    (! bev_ssl->bev.write_suspended) &&
880 	    evbuffer_get_length(output) &&
881 	    (!target || (! wm->high || evbuffer_get_length(target) < wm->high))) {
882 		int n_to_write;
883 		if (wm && wm->high)
884 			n_to_write = wm->high - evbuffer_get_length(target);
885 		else
886 			n_to_write = WRITE_FRAME;
887 		r = do_write(bev_ssl, n_to_write);
888 		if (r & (OP_BLOCKED|OP_ERR))
889 			break;
890 	}
891 
892 	if (!bev_ssl->underlying) {
893 		if (evbuffer_get_length(output) == 0) {
894 			event_del(&bev_ssl->bev.bev.ev_write);
895 		} else if (bev_ssl->bev.write_suspended ||
896 		    !(bev_ssl->bev.bev.enabled & EV_WRITE)) {
897 			/* Should be redundant, but let's avoid busy-looping */
898 			event_del(&bev_ssl->bev.bev.ev_write);
899 		}
900 	}
901 }
902 
903 static void
904 be_openssl_readcb(struct bufferevent *bev_base, void *ctx)
905 {
906 	struct bufferevent_openssl *bev_ssl = ctx;
907 	consider_reading(bev_ssl);
908 }
909 
910 static void
911 be_openssl_writecb(struct bufferevent *bev_base, void *ctx)
912 {
913 	struct bufferevent_openssl *bev_ssl = ctx;
914 	consider_writing(bev_ssl);
915 }
916 
917 static void
918 be_openssl_eventcb(struct bufferevent *bev_base, short what, void *ctx)
919 {
920 	struct bufferevent_openssl *bev_ssl = ctx;
921 	int event = 0;
922 
923 	if (what & BEV_EVENT_EOF) {
924 		if (bev_ssl->allow_dirty_shutdown)
925 			event = BEV_EVENT_EOF;
926 		else
927 			event = BEV_EVENT_ERROR;
928 	} else if (what & BEV_EVENT_TIMEOUT) {
929 		/* We sure didn't set this.  Propagate it to the user. */
930 		event = what;
931 	} else if (what & BEV_EVENT_ERROR) {
932 		/* An error occurred on the connection.  Propagate it to the user. */
933 		event = what;
934 	} else if (what & BEV_EVENT_CONNECTED) {
935 		/* Ignore it.  We're saying SSL_connect() already, which will
936 		   eat it. */
937 	}
938 	if (event)
939 		bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
940 }
941 
942 static void
943 be_openssl_readeventcb(evutil_socket_t fd, short what, void *ptr)
944 {
945 	struct bufferevent_openssl *bev_ssl = ptr;
946 	bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
947 	if (what == EV_TIMEOUT) {
948 		bufferevent_run_eventcb_(&bev_ssl->bev.bev,
949 		    BEV_EVENT_TIMEOUT|BEV_EVENT_READING, 0);
950 	} else {
951 		consider_reading(bev_ssl);
952 	}
953 	bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
954 }
955 
956 static void
957 be_openssl_writeeventcb(evutil_socket_t fd, short what, void *ptr)
958 {
959 	struct bufferevent_openssl *bev_ssl = ptr;
960 	bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
961 	if (what == EV_TIMEOUT) {
962 		bufferevent_run_eventcb_(&bev_ssl->bev.bev,
963 		    BEV_EVENT_TIMEOUT|BEV_EVENT_WRITING, 0);
964 	} else {
965 		consider_writing(bev_ssl);
966 	}
967 	bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
968 }
969 
970 static evutil_socket_t
971 be_openssl_auto_fd(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
972 {
973 	if (!bev_ssl->underlying) {
974 		struct bufferevent *bev = &bev_ssl->bev.bev;
975 		if (event_initialized(&bev->ev_read) && fd < 0) {
976 			fd = event_get_fd(&bev->ev_read);
977 		}
978 	}
979 	return fd;
980 }
981 
982 static int
983 set_open_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
984 {
985 	if (bev_ssl->underlying) {
986 		bufferevent_setcb(bev_ssl->underlying,
987 		    be_openssl_readcb, be_openssl_writecb, be_openssl_eventcb,
988 		    bev_ssl);
989 		return 0;
990 	} else {
991 		struct bufferevent *bev = &bev_ssl->bev.bev;
992 		int rpending=0, wpending=0, r1=0, r2=0;
993 
994 		if (event_initialized(&bev->ev_read)) {
995 			rpending = event_pending(&bev->ev_read, EV_READ, NULL);
996 			wpending = event_pending(&bev->ev_write, EV_WRITE, NULL);
997 
998 			event_del(&bev->ev_read);
999 			event_del(&bev->ev_write);
1000 		}
1001 
1002 		event_assign(&bev->ev_read, bev->ev_base, fd,
1003 		    EV_READ|EV_PERSIST|EV_FINALIZE,
1004 		    be_openssl_readeventcb, bev_ssl);
1005 		event_assign(&bev->ev_write, bev->ev_base, fd,
1006 		    EV_WRITE|EV_PERSIST|EV_FINALIZE,
1007 		    be_openssl_writeeventcb, bev_ssl);
1008 
1009 		if (rpending)
1010 			r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
1011 		if (wpending)
1012 			r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
1013 
1014 		return (r1<0 || r2<0) ? -1 : 0;
1015 	}
1016 }
1017 
1018 static int
1019 do_handshake(struct bufferevent_openssl *bev_ssl)
1020 {
1021 	int r;
1022 
1023 	switch (bev_ssl->state) {
1024 	default:
1025 	case BUFFEREVENT_SSL_OPEN:
1026 		EVUTIL_ASSERT(0);
1027 		return -1;
1028 	case BUFFEREVENT_SSL_CONNECTING:
1029 	case BUFFEREVENT_SSL_ACCEPTING:
1030 		ERR_clear_error();
1031 		r = SSL_do_handshake(bev_ssl->ssl);
1032 		break;
1033 	}
1034 	decrement_buckets(bev_ssl);
1035 
1036 	if (r==1) {
1037 		evutil_socket_t fd = event_get_fd(&bev_ssl->bev.bev.ev_read);
1038 		/* We're done! */
1039 		bev_ssl->state = BUFFEREVENT_SSL_OPEN;
1040 		set_open_callbacks(bev_ssl, fd); /* XXXX handle failure */
1041 		/* Call do_read and do_write as needed */
1042 		bufferevent_enable(&bev_ssl->bev.bev, bev_ssl->bev.bev.enabled);
1043 		bufferevent_run_eventcb_(&bev_ssl->bev.bev,
1044 		    BEV_EVENT_CONNECTED, 0);
1045 		return 1;
1046 	} else {
1047 		int err = SSL_get_error(bev_ssl->ssl, r);
1048 		print_err(err);
1049 		switch (err) {
1050 		case SSL_ERROR_WANT_WRITE:
1051 			stop_reading(bev_ssl);
1052 			return start_writing(bev_ssl);
1053 		case SSL_ERROR_WANT_READ:
1054 			stop_writing(bev_ssl);
1055 			return start_reading(bev_ssl);
1056 		default:
1057 			conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
1058 			return -1;
1059 		}
1060 	}
1061 }
1062 
1063 static void
1064 be_openssl_handshakecb(struct bufferevent *bev_base, void *ctx)
1065 {
1066 	struct bufferevent_openssl *bev_ssl = ctx;
1067 	do_handshake(bev_ssl);/* XXX handle failure */
1068 }
1069 
1070 static void
1071 be_openssl_handshakeeventcb(evutil_socket_t fd, short what, void *ptr)
1072 {
1073 	struct bufferevent_openssl *bev_ssl = ptr;
1074 
1075 	bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
1076 	if (what & EV_TIMEOUT) {
1077 		bufferevent_run_eventcb_(&bev_ssl->bev.bev, BEV_EVENT_TIMEOUT, 0);
1078 	} else
1079 		do_handshake(bev_ssl);/* XXX handle failure */
1080 	bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
1081 }
1082 
1083 static int
1084 set_handshake_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
1085 {
1086 	if (bev_ssl->underlying) {
1087 		bufferevent_setcb(bev_ssl->underlying,
1088 		    be_openssl_handshakecb, be_openssl_handshakecb,
1089 		    be_openssl_eventcb,
1090 		    bev_ssl);
1091 
1092 		if (fd < 0)
1093 			return 0;
1094 
1095 		if (bufferevent_setfd(bev_ssl->underlying, fd))
1096 			return 1;
1097 
1098 		return do_handshake(bev_ssl);
1099 	} else {
1100 		struct bufferevent *bev = &bev_ssl->bev.bev;
1101 
1102 		if (event_initialized(&bev->ev_read)) {
1103 			event_del(&bev->ev_read);
1104 			event_del(&bev->ev_write);
1105 		}
1106 
1107 		event_assign(&bev->ev_read, bev->ev_base, fd,
1108 		    EV_READ|EV_PERSIST|EV_FINALIZE,
1109 		    be_openssl_handshakeeventcb, bev_ssl);
1110 		event_assign(&bev->ev_write, bev->ev_base, fd,
1111 		    EV_WRITE|EV_PERSIST|EV_FINALIZE,
1112 		    be_openssl_handshakeeventcb, bev_ssl);
1113 		if (fd >= 0)
1114 			bufferevent_enable(bev, bev->enabled);
1115 		return 0;
1116 	}
1117 }
1118 
1119 int
1120 bufferevent_ssl_renegotiate(struct bufferevent *bev)
1121 {
1122 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1123 	if (!bev_ssl)
1124 		return -1;
1125 	if (SSL_renegotiate(bev_ssl->ssl) < 0)
1126 		return -1;
1127 	bev_ssl->state = BUFFEREVENT_SSL_CONNECTING;
1128 	if (set_handshake_callbacks(bev_ssl, be_openssl_auto_fd(bev_ssl, -1)) < 0)
1129 		return -1;
1130 	if (!bev_ssl->underlying)
1131 		return do_handshake(bev_ssl);
1132 	return 0;
1133 }
1134 
1135 static void
1136 be_openssl_outbuf_cb(struct evbuffer *buf,
1137     const struct evbuffer_cb_info *cbinfo, void *arg)
1138 {
1139 	struct bufferevent_openssl *bev_ssl = arg;
1140 	int r = 0;
1141 	/* XXX need to hold a reference here. */
1142 
1143 	if (cbinfo->n_added && bev_ssl->state == BUFFEREVENT_SSL_OPEN) {
1144 		if (cbinfo->orig_size == 0)
1145 			r = bufferevent_add_event_(&bev_ssl->bev.bev.ev_write,
1146 			    &bev_ssl->bev.bev.timeout_write);
1147 
1148 		if (bev_ssl->underlying)
1149 			consider_writing(bev_ssl);
1150 	}
1151 	/* XXX Handle r < 0 */
1152 	(void)r;
1153 }
1154 
1155 
1156 static int
1157 be_openssl_enable(struct bufferevent *bev, short events)
1158 {
1159 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1160 	int r1 = 0, r2 = 0;
1161 
1162 	if (events & EV_READ)
1163 		r1 = start_reading(bev_ssl);
1164 	if (events & EV_WRITE)
1165 		r2 = start_writing(bev_ssl);
1166 
1167 	if (bev_ssl->underlying) {
1168 		if (events & EV_READ)
1169 			BEV_RESET_GENERIC_READ_TIMEOUT(bev);
1170 		if (events & EV_WRITE)
1171 			BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
1172 
1173 		if (events & EV_READ)
1174 			consider_reading(bev_ssl);
1175 		if (events & EV_WRITE)
1176 			consider_writing(bev_ssl);
1177 	}
1178 	return (r1 < 0 || r2 < 0) ? -1 : 0;
1179 }
1180 
1181 static int
1182 be_openssl_disable(struct bufferevent *bev, short events)
1183 {
1184 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1185 
1186 	if (events & EV_READ)
1187 		stop_reading(bev_ssl);
1188 	if (events & EV_WRITE)
1189 		stop_writing(bev_ssl);
1190 
1191 	if (bev_ssl->underlying) {
1192 		if (events & EV_READ)
1193 			BEV_DEL_GENERIC_READ_TIMEOUT(bev);
1194 		if (events & EV_WRITE)
1195 			BEV_DEL_GENERIC_WRITE_TIMEOUT(bev);
1196 	}
1197 	return 0;
1198 }
1199 
1200 static void
1201 be_openssl_unlink(struct bufferevent *bev)
1202 {
1203 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1204 
1205 	if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1206 		if (bev_ssl->underlying) {
1207 			if (BEV_UPCAST(bev_ssl->underlying)->refcnt < 2) {
1208 				event_warnx("BEV_OPT_CLOSE_ON_FREE set on an "
1209 				    "bufferevent with too few references");
1210 			} else {
1211 				bufferevent_free(bev_ssl->underlying);
1212 				/* We still have a reference to it, via our
1213 				 * BIO. So we don't drop this. */
1214 				// bev_ssl->underlying = NULL;
1215 			}
1216 		}
1217 	} else {
1218 		if (bev_ssl->underlying) {
1219 			if (bev_ssl->underlying->errorcb == be_openssl_eventcb)
1220 				bufferevent_setcb(bev_ssl->underlying,
1221 				    NULL,NULL,NULL,NULL);
1222 			bufferevent_unsuspend_read_(bev_ssl->underlying,
1223 			    BEV_SUSPEND_FILT_READ);
1224 		}
1225 	}
1226 }
1227 
1228 static void
1229 be_openssl_destruct(struct bufferevent *bev)
1230 {
1231 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1232 
1233 	if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1234 		if (! bev_ssl->underlying) {
1235 			evutil_socket_t fd = EVUTIL_INVALID_SOCKET;
1236 			BIO *bio = SSL_get_wbio(bev_ssl->ssl);
1237 			if (bio)
1238 				fd = BIO_get_fd(bio, NULL);
1239 			if (fd >= 0)
1240 				evutil_closesocket(fd);
1241 		}
1242 		SSL_free(bev_ssl->ssl);
1243 	}
1244 }
1245 
1246 static int
1247 be_openssl_adj_timeouts(struct bufferevent *bev)
1248 {
1249 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1250 
1251 	if (bev_ssl->underlying) {
1252 		return bufferevent_generic_adj_timeouts_(bev);
1253 	} else {
1254 		return bufferevent_generic_adj_existing_timeouts_(bev);
1255 	}
1256 }
1257 
1258 static int
1259 be_openssl_flush(struct bufferevent *bufev,
1260     short iotype, enum bufferevent_flush_mode mode)
1261 {
1262 	/* XXXX Implement this. */
1263 	return 0;
1264 }
1265 
1266 static int
1267 be_openssl_set_fd(struct bufferevent_openssl *bev_ssl,
1268     enum bufferevent_ssl_state state, evutil_socket_t fd)
1269 {
1270 	bev_ssl->state = state;
1271 
1272 	switch (state) {
1273 	case BUFFEREVENT_SSL_ACCEPTING:
1274 		if (!SSL_clear(bev_ssl->ssl))
1275 			return -1;
1276 		SSL_set_accept_state(bev_ssl->ssl);
1277 		if (set_handshake_callbacks(bev_ssl, fd) < 0)
1278 			return -1;
1279 		break;
1280 	case BUFFEREVENT_SSL_CONNECTING:
1281 		if (!SSL_clear(bev_ssl->ssl))
1282 			return -1;
1283 		SSL_set_connect_state(bev_ssl->ssl);
1284 		if (set_handshake_callbacks(bev_ssl, fd) < 0)
1285 			return -1;
1286 		break;
1287 	case BUFFEREVENT_SSL_OPEN:
1288 		if (set_open_callbacks(bev_ssl, fd) < 0)
1289 			return -1;
1290 		break;
1291 	default:
1292 		return -1;
1293 	}
1294 
1295 	return 0;
1296 }
1297 
1298 static int
1299 be_openssl_ctrl(struct bufferevent *bev,
1300     enum bufferevent_ctrl_op op, union bufferevent_ctrl_data *data)
1301 {
1302 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1303 	switch (op) {
1304 	case BEV_CTRL_SET_FD:
1305 		if (!bev_ssl->underlying) {
1306 			BIO *bio;
1307 			bio = BIO_new_socket((int)data->fd, 0);
1308 			SSL_set_bio(bev_ssl->ssl, bio, bio);
1309 		} else {
1310 			BIO *bio;
1311 			if (!(bio = BIO_new_bufferevent(bev_ssl->underlying)))
1312 				return -1;
1313 			SSL_set_bio(bev_ssl->ssl, bio, bio);
1314 		}
1315 
1316 		return be_openssl_set_fd(bev_ssl, bev_ssl->old_state, data->fd);
1317 	case BEV_CTRL_GET_FD:
1318 		if (bev_ssl->underlying) {
1319 			data->fd = event_get_fd(&bev_ssl->underlying->ev_read);
1320 		} else {
1321 			data->fd = event_get_fd(&bev->ev_read);
1322 		}
1323 		return 0;
1324 	case BEV_CTRL_GET_UNDERLYING:
1325 		data->ptr = bev_ssl->underlying;
1326 		return 0;
1327 	case BEV_CTRL_CANCEL_ALL:
1328 	default:
1329 		return -1;
1330 	}
1331 }
1332 
1333 SSL *
1334 bufferevent_openssl_get_ssl(struct bufferevent *bufev)
1335 {
1336 	struct bufferevent_openssl *bev_ssl = upcast(bufev);
1337 	if (!bev_ssl)
1338 		return NULL;
1339 	return bev_ssl->ssl;
1340 }
1341 
1342 static struct bufferevent *
1343 bufferevent_openssl_new_impl(struct event_base *base,
1344     struct bufferevent *underlying,
1345     evutil_socket_t fd,
1346     SSL *ssl,
1347     enum bufferevent_ssl_state state,
1348     int options)
1349 {
1350 	struct bufferevent_openssl *bev_ssl = NULL;
1351 	struct bufferevent_private *bev_p = NULL;
1352 	int tmp_options = options & ~BEV_OPT_THREADSAFE;
1353 
1354 	/* Only one can be set. */
1355 	if (underlying != NULL && fd >= 0)
1356 		goto err;
1357 
1358 	if (!(bev_ssl = mm_calloc(1, sizeof(struct bufferevent_openssl))))
1359 		goto err;
1360 
1361 	bev_p = &bev_ssl->bev;
1362 
1363 	if (bufferevent_init_common_(bev_p, base,
1364 		&bufferevent_ops_openssl, tmp_options) < 0)
1365 		goto err;
1366 
1367 	/* Don't explode if we decide to realloc a chunk we're writing from in
1368 	 * the output buffer. */
1369 	SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1370 
1371 	bev_ssl->underlying = underlying;
1372 	bev_ssl->ssl = ssl;
1373 
1374 	bev_ssl->outbuf_cb = evbuffer_add_cb(bev_p->bev.output,
1375 	    be_openssl_outbuf_cb, bev_ssl);
1376 
1377 	if (options & BEV_OPT_THREADSAFE)
1378 		bufferevent_enable_locking_(&bev_ssl->bev.bev, NULL);
1379 
1380 	if (underlying) {
1381 		bufferevent_init_generic_timeout_cbs_(&bev_ssl->bev.bev);
1382 		bufferevent_incref_(underlying);
1383 	}
1384 
1385 	bev_ssl->old_state = state;
1386 	bev_ssl->last_write = -1;
1387 
1388 	init_bio_counts(bev_ssl);
1389 
1390 	fd = be_openssl_auto_fd(bev_ssl, fd);
1391 	if (be_openssl_set_fd(bev_ssl, state, fd))
1392 		goto err;
1393 
1394 	if (underlying) {
1395 		bufferevent_setwatermark(underlying, EV_READ, 0, 0);
1396 		bufferevent_enable(underlying, EV_READ|EV_WRITE);
1397 		if (state == BUFFEREVENT_SSL_OPEN)
1398 			bufferevent_suspend_read_(underlying,
1399 			    BEV_SUSPEND_FILT_READ);
1400 	}
1401 
1402 	return &bev_ssl->bev.bev;
1403 err:
1404 	if (options & BEV_OPT_CLOSE_ON_FREE)
1405 		SSL_free(ssl);
1406 	if (bev_ssl) {
1407 		bev_ssl->ssl = NULL;
1408 		bufferevent_free(&bev_ssl->bev.bev);
1409 	}
1410 	return NULL;
1411 }
1412 
1413 struct bufferevent *
1414 bufferevent_openssl_filter_new(struct event_base *base,
1415     struct bufferevent *underlying,
1416     SSL *ssl,
1417     enum bufferevent_ssl_state state,
1418     int options)
1419 {
1420 	BIO *bio;
1421 	struct bufferevent *bev;
1422 
1423 	if (!underlying)
1424 		goto err;
1425 	if (!(bio = BIO_new_bufferevent(underlying)))
1426 		goto err;
1427 
1428 	SSL_set_bio(ssl, bio, bio);
1429 
1430 	bev = bufferevent_openssl_new_impl(
1431 		base, underlying, -1, ssl, state, options);
1432 	return bev;
1433 
1434 err:
1435 	if (options & BEV_OPT_CLOSE_ON_FREE)
1436 		SSL_free(ssl);
1437 	return NULL;
1438 }
1439 
1440 struct bufferevent *
1441 bufferevent_openssl_socket_new(struct event_base *base,
1442     evutil_socket_t fd,
1443     SSL *ssl,
1444     enum bufferevent_ssl_state state,
1445     int options)
1446 {
1447 	/* Does the SSL already have an fd? */
1448 	BIO *bio = SSL_get_wbio(ssl);
1449 	long have_fd = -1;
1450 
1451 	if (bio)
1452 		have_fd = BIO_get_fd(bio, NULL);
1453 
1454 	if (have_fd >= 0) {
1455 		/* The SSL is already configured with an fd. */
1456 		if (fd < 0) {
1457 			/* We should learn the fd from the SSL. */
1458 			fd = (evutil_socket_t) have_fd;
1459 		} else if (have_fd == (long)fd) {
1460 			/* We already know the fd from the SSL; do nothing */
1461 		} else {
1462 			/* We specified an fd different from that of the SSL.
1463 			   This is probably an error on our part.  Fail. */
1464 			goto err;
1465 		}
1466 		BIO_set_close(bio, 0);
1467 	} else {
1468 		/* The SSL isn't configured with a BIO with an fd. */
1469 		if (fd >= 0) {
1470 			/* ... and we have an fd we want to use. */
1471 			bio = BIO_new_socket((int)fd, 0);
1472 			SSL_set_bio(ssl, bio, bio);
1473 		} else {
1474 			/* Leave the fd unset. */
1475 		}
1476 	}
1477 
1478 	return bufferevent_openssl_new_impl(
1479 		base, NULL, fd, ssl, state, options);
1480 
1481 err:
1482 	if (options & BEV_OPT_CLOSE_ON_FREE)
1483 		SSL_free(ssl);
1484 	return NULL;
1485 }
1486 
1487 int
1488 bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev)
1489 {
1490 	int allow_dirty_shutdown = -1;
1491 	struct bufferevent_openssl *bev_ssl;
1492 	BEV_LOCK(bev);
1493 	bev_ssl = upcast(bev);
1494 	if (bev_ssl)
1495 		allow_dirty_shutdown = bev_ssl->allow_dirty_shutdown;
1496 	BEV_UNLOCK(bev);
1497 	return allow_dirty_shutdown;
1498 }
1499 
1500 void
1501 bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev,
1502     int allow_dirty_shutdown)
1503 {
1504 	struct bufferevent_openssl *bev_ssl;
1505 	BEV_LOCK(bev);
1506 	bev_ssl = upcast(bev);
1507 	if (bev_ssl)
1508 		bev_ssl->allow_dirty_shutdown = !!allow_dirty_shutdown;
1509 	BEV_UNLOCK(bev);
1510 }
1511 
1512 unsigned long
1513 bufferevent_get_openssl_error(struct bufferevent *bev)
1514 {
1515 	unsigned long err = 0;
1516 	struct bufferevent_openssl *bev_ssl;
1517 	BEV_LOCK(bev);
1518 	bev_ssl = upcast(bev);
1519 	if (bev_ssl && bev_ssl->n_errors) {
1520 		err = bev_ssl->errors[--bev_ssl->n_errors];
1521 	}
1522 	BEV_UNLOCK(bev);
1523 	return err;
1524 }
1525