xref: /freebsd/contrib/ntp/sntp/libevent/bufferevent_openssl.c (revision 39ee7a7a6bdd1557b1c3532abf60d139798ac88b)
1 /*
2  * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  * 3. The name of the author may not be used to endorse or promote products
13  *    derived from this software without specific prior written permission.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26 
27 // Get rid of OSX 10.7 and greater deprecation warnings.
28 #if defined(__APPLE__) && defined(__clang__)
29 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
30 #endif
31 
32 #include "event2/event-config.h"
33 #include "evconfig-private.h"
34 
35 #include <sys/types.h>
36 
37 #ifdef EVENT__HAVE_SYS_TIME_H
38 #include <sys/time.h>
39 #endif
40 
41 #include <errno.h>
42 #include <stdio.h>
43 #include <stdlib.h>
44 #include <string.h>
45 #ifdef EVENT__HAVE_STDARG_H
46 #include <stdarg.h>
47 #endif
48 #ifdef EVENT__HAVE_UNISTD_H
49 #include <unistd.h>
50 #endif
51 
52 #ifdef _WIN32
53 #include <winsock2.h>
54 #endif
55 
56 #include "event2/bufferevent.h"
57 #include "event2/bufferevent_struct.h"
58 #include "event2/bufferevent_ssl.h"
59 #include "event2/buffer.h"
60 #include "event2/event.h"
61 
62 #include "mm-internal.h"
63 #include "bufferevent-internal.h"
64 #include "log-internal.h"
65 
66 #include <openssl/bio.h>
67 #include <openssl/ssl.h>
68 #include <openssl/err.h>
69 
70 /*
71  * Define an OpenSSL bio that targets a bufferevent.
72  */
73 
74 /* --------------------
75    A BIO is an OpenSSL abstraction that handles reading and writing data.  The
76    library will happily speak SSL over anything that implements a BIO
77    interface.
78 
79    Here we define a BIO implementation that directs its output to a
80    bufferevent.  We'll want to use this only when none of OpenSSL's built-in
81    IO mechanisms work for us.
82    -------------------- */
83 
84 /* every BIO type needs its own integer type value. */
85 #define BIO_TYPE_LIBEVENT 57
86 /* ???? Arguably, we should set BIO_TYPE_FILTER or BIO_TYPE_SOURCE_SINK on
87  * this. */
88 
89 #if 0
90 static void
91 print_err(int val)
92 {
93 	int err;
94 	printf("Error was %d\n", val);
95 
96 	while ((err = ERR_get_error())) {
97 		const char *msg = (const char*)ERR_reason_error_string(err);
98 		const char *lib = (const char*)ERR_lib_error_string(err);
99 		const char *func = (const char*)ERR_func_error_string(err);
100 
101 		printf("%s in %s %s\n", msg, lib, func);
102 	}
103 }
104 #else
105 #define print_err(v) ((void)0)
106 #endif
107 
108 /* Called to initialize a new BIO */
109 static int
110 bio_bufferevent_new(BIO *b)
111 {
112 	b->init = 0;
113 	b->num = -1;
114 	b->ptr = NULL; /* We'll be putting the bufferevent in this field.*/
115 	b->flags = 0;
116 	return 1;
117 }
118 
119 /* Called to uninitialize the BIO. */
120 static int
121 bio_bufferevent_free(BIO *b)
122 {
123 	if (!b)
124 		return 0;
125 	if (b->shutdown) {
126 		if (b->init && b->ptr)
127 			bufferevent_free(b->ptr);
128 		b->init = 0;
129 		b->flags = 0;
130 		b->ptr = NULL;
131 	}
132 	return 1;
133 }
134 
135 /* Called to extract data from the BIO. */
136 static int
137 bio_bufferevent_read(BIO *b, char *out, int outlen)
138 {
139 	int r = 0;
140 	struct evbuffer *input;
141 
142 	BIO_clear_retry_flags(b);
143 
144 	if (!out)
145 		return 0;
146 	if (!b->ptr)
147 		return -1;
148 
149 	input = bufferevent_get_input(b->ptr);
150 	if (evbuffer_get_length(input) == 0) {
151 		/* If there's no data to read, say so. */
152 		BIO_set_retry_read(b);
153 		return -1;
154 	} else {
155 		r = evbuffer_remove(input, out, outlen);
156 	}
157 
158 	return r;
159 }
160 
161 /* Called to write data info the BIO */
162 static int
163 bio_bufferevent_write(BIO *b, const char *in, int inlen)
164 {
165 	struct bufferevent *bufev = b->ptr;
166 	struct evbuffer *output;
167 	size_t outlen;
168 
169 	BIO_clear_retry_flags(b);
170 
171 	if (!b->ptr)
172 		return -1;
173 
174 	output = bufferevent_get_output(bufev);
175 	outlen = evbuffer_get_length(output);
176 
177 	/* Copy only as much data onto the output buffer as can fit under the
178 	 * high-water mark. */
179 	if (bufev->wm_write.high && bufev->wm_write.high <= (outlen+inlen)) {
180 		if (bufev->wm_write.high <= outlen) {
181 			/* If no data can fit, we'll need to retry later. */
182 			BIO_set_retry_write(b);
183 			return -1;
184 		}
185 		inlen = bufev->wm_write.high - outlen;
186 	}
187 
188 	EVUTIL_ASSERT(inlen > 0);
189 	evbuffer_add(output, in, inlen);
190 	return inlen;
191 }
192 
193 /* Called to handle various requests */
194 static long
195 bio_bufferevent_ctrl(BIO *b, int cmd, long num, void *ptr)
196 {
197 	struct bufferevent *bufev = b->ptr;
198 	long ret = 1;
199 
200 	switch (cmd) {
201 	case BIO_CTRL_GET_CLOSE:
202 		ret = b->shutdown;
203 		break;
204 	case BIO_CTRL_SET_CLOSE:
205 		b->shutdown = (int)num;
206 		break;
207 	case BIO_CTRL_PENDING:
208 		ret = evbuffer_get_length(bufferevent_get_input(bufev)) != 0;
209 		break;
210 	case BIO_CTRL_WPENDING:
211 		ret = evbuffer_get_length(bufferevent_get_output(bufev)) != 0;
212 		break;
213 	/* XXXX These two are given a special-case treatment because
214 	 * of cargo-cultism.  I should come up with a better reason. */
215 	case BIO_CTRL_DUP:
216 	case BIO_CTRL_FLUSH:
217 		ret = 1;
218 		break;
219 	default:
220 		ret = 0;
221 		break;
222 	}
223 	return ret;
224 }
225 
226 /* Called to write a string to the BIO */
227 static int
228 bio_bufferevent_puts(BIO *b, const char *s)
229 {
230 	return bio_bufferevent_write(b, s, strlen(s));
231 }
232 
233 /* Method table for the bufferevent BIO */
234 static BIO_METHOD methods_bufferevent = {
235 	BIO_TYPE_LIBEVENT, "bufferevent",
236 	bio_bufferevent_write,
237 	bio_bufferevent_read,
238 	bio_bufferevent_puts,
239 	NULL /* bio_bufferevent_gets */,
240 	bio_bufferevent_ctrl,
241 	bio_bufferevent_new,
242 	bio_bufferevent_free,
243 	NULL /* callback_ctrl */,
244 };
245 
246 /* Return the method table for the bufferevents BIO */
247 static BIO_METHOD *
248 BIO_s_bufferevent(void)
249 {
250 	return &methods_bufferevent;
251 }
252 
253 /* Create a new BIO to wrap communication around a bufferevent.  If close_flag
254  * is true, the bufferevent will be freed when the BIO is closed. */
255 static BIO *
256 BIO_new_bufferevent(struct bufferevent *bufferevent, int close_flag)
257 {
258 	BIO *result;
259 	if (!bufferevent)
260 		return NULL;
261 	if (!(result = BIO_new(BIO_s_bufferevent())))
262 		return NULL;
263 	result->init = 1;
264 	result->ptr = bufferevent;
265 	result->shutdown = close_flag ? 1 : 0;
266 	return result;
267 }
268 
269 /* --------------------
270    Now, here's the OpenSSL-based implementation of bufferevent.
271 
272    The implementation comes in two flavors: one that connects its SSL object
273    to an underlying bufferevent using a BIO_bufferevent, and one that has the
274    SSL object connect to a socket directly.  The latter should generally be
275    faster, except on Windows, where your best bet is using a
276    bufferevent_async.
277 
278    (OpenSSL supports many other BIO types, too.  But we can't use any unless
279    we have a good way to get notified when they become readable/writable.)
280    -------------------- */
281 
282 struct bio_data_counts {
283 	unsigned long n_written;
284 	unsigned long n_read;
285 };
286 
287 struct bufferevent_openssl {
288 	/* Shared fields with common bufferevent implementation code.
289 	   If we were set up with an underlying bufferevent, we use the
290 	   events here as timers only.  If we have an SSL, then we use
291 	   the events as socket events.
292 	 */
293 	struct bufferevent_private bev;
294 	/* An underlying bufferevent that we're directing our output to.
295 	   If it's NULL, then we're connected to an fd, not an evbuffer. */
296 	struct bufferevent *underlying;
297 	/* The SSL object doing our encryption. */
298 	SSL *ssl;
299 
300 	/* A callback that's invoked when data arrives on our outbuf so we
301 	   know to write data to the SSL. */
302 	struct evbuffer_cb_entry *outbuf_cb;
303 
304 	/* A count of how much data the bios have read/written total.  Used
305 	   for rate-limiting. */
306 	struct bio_data_counts counts;
307 
308 	/* If this value is greater than 0, then the last SSL_write blocked,
309 	 * and we need to try it again with this many bytes. */
310 	ev_ssize_t last_write;
311 
312 #define NUM_ERRORS 3
313 	ev_uint32_t errors[NUM_ERRORS];
314 
315 	/* When we next get available space, we should say "read" instead of
316 	   "write". This can happen if there's a renegotiation during a read
317 	   operation. */
318 	unsigned read_blocked_on_write : 1;
319 	/* When we next get data, we should say "write" instead of "read". */
320 	unsigned write_blocked_on_read : 1;
321 	/* Treat TCP close before SSL close on SSL >= v3 as clean EOF. */
322 	unsigned allow_dirty_shutdown : 1;
323 	/* XXXX */
324 	unsigned fd_is_set : 1;
325 	/* XXX */
326 	unsigned n_errors : 2;
327 
328 	/* Are we currently connecting, accepting, or doing IO? */
329 	unsigned state : 2;
330 };
331 
332 static int be_openssl_enable(struct bufferevent *, short);
333 static int be_openssl_disable(struct bufferevent *, short);
334 static void be_openssl_unlink(struct bufferevent *);
335 static void be_openssl_destruct(struct bufferevent *);
336 static int be_openssl_adj_timeouts(struct bufferevent *);
337 static int be_openssl_flush(struct bufferevent *bufev,
338     short iotype, enum bufferevent_flush_mode mode);
339 static int be_openssl_ctrl(struct bufferevent *, enum bufferevent_ctrl_op, union bufferevent_ctrl_data *);
340 
341 const struct bufferevent_ops bufferevent_ops_openssl = {
342 	"ssl",
343 	evutil_offsetof(struct bufferevent_openssl, bev.bev),
344 	be_openssl_enable,
345 	be_openssl_disable,
346 	be_openssl_unlink,
347 	be_openssl_destruct,
348 	be_openssl_adj_timeouts,
349 	be_openssl_flush,
350 	be_openssl_ctrl,
351 };
352 
353 /* Given a bufferevent, return a pointer to the bufferevent_openssl that
354  * contains it, if any. */
355 static inline struct bufferevent_openssl *
356 upcast(struct bufferevent *bev)
357 {
358 	struct bufferevent_openssl *bev_o;
359 	if (bev->be_ops != &bufferevent_ops_openssl)
360 		return NULL;
361 	bev_o = (void*)( ((char*)bev) -
362 			 evutil_offsetof(struct bufferevent_openssl, bev.bev));
363 	EVUTIL_ASSERT(bev_o->bev.bev.be_ops == &bufferevent_ops_openssl);
364 	return bev_o;
365 }
366 
367 static inline void
368 put_error(struct bufferevent_openssl *bev_ssl, unsigned long err)
369 {
370 	if (bev_ssl->n_errors == NUM_ERRORS)
371 		return;
372 	/* The error type according to openssl is "unsigned long", but
373 	   openssl never uses more than 32 bits of it.  It _can't_ use more
374 	   than 32 bits of it, since it needs to report errors on systems
375 	   where long is only 32 bits.
376 	 */
377 	bev_ssl->errors[bev_ssl->n_errors++] = (ev_uint32_t) err;
378 }
379 
380 /* Have the base communications channel (either the underlying bufferevent or
381  * ev_read and ev_write) start reading.  Take the read-blocked-on-write flag
382  * into account. */
383 static int
384 start_reading(struct bufferevent_openssl *bev_ssl)
385 {
386 	if (bev_ssl->underlying) {
387 		bufferevent_unsuspend_read_(bev_ssl->underlying,
388 		    BEV_SUSPEND_FILT_READ);
389 		return 0;
390 	} else {
391 		struct bufferevent *bev = &bev_ssl->bev.bev;
392 		int r;
393 		r = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
394 		if (r == 0 && bev_ssl->read_blocked_on_write)
395 			r = bufferevent_add_event_(&bev->ev_write,
396 			    &bev->timeout_write);
397 		return r;
398 	}
399 }
400 
401 /* Have the base communications channel (either the underlying bufferevent or
402  * ev_read and ev_write) start writing.  Take the write-blocked-on-read flag
403  * into account. */
404 static int
405 start_writing(struct bufferevent_openssl *bev_ssl)
406 {
407 	int r = 0;
408 	if (bev_ssl->underlying) {
409 		;
410 	} else {
411 		struct bufferevent *bev = &bev_ssl->bev.bev;
412 		r = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
413 		if (!r && bev_ssl->write_blocked_on_read)
414 			r = bufferevent_add_event_(&bev->ev_read,
415 			    &bev->timeout_read);
416 	}
417 	return r;
418 }
419 
420 static void
421 stop_reading(struct bufferevent_openssl *bev_ssl)
422 {
423 	if (bev_ssl->write_blocked_on_read)
424 		return;
425 	if (bev_ssl->underlying) {
426 		bufferevent_suspend_read_(bev_ssl->underlying,
427 		    BEV_SUSPEND_FILT_READ);
428 	} else {
429 		struct bufferevent *bev = &bev_ssl->bev.bev;
430 		event_del(&bev->ev_read);
431 	}
432 }
433 
434 static void
435 stop_writing(struct bufferevent_openssl *bev_ssl)
436 {
437 	if (bev_ssl->read_blocked_on_write)
438 		return;
439 	if (bev_ssl->underlying) {
440 		;
441 	} else {
442 		struct bufferevent *bev = &bev_ssl->bev.bev;
443 		event_del(&bev->ev_write);
444 	}
445 }
446 
447 static int
448 set_rbow(struct bufferevent_openssl *bev_ssl)
449 {
450 	if (!bev_ssl->underlying)
451 		stop_reading(bev_ssl);
452 	bev_ssl->read_blocked_on_write = 1;
453 	return start_writing(bev_ssl);
454 }
455 
456 static int
457 set_wbor(struct bufferevent_openssl *bev_ssl)
458 {
459 	if (!bev_ssl->underlying)
460 		stop_writing(bev_ssl);
461 	bev_ssl->write_blocked_on_read = 1;
462 	return start_reading(bev_ssl);
463 }
464 
465 static int
466 clear_rbow(struct bufferevent_openssl *bev_ssl)
467 {
468 	struct bufferevent *bev = &bev_ssl->bev.bev;
469 	int r = 0;
470 	bev_ssl->read_blocked_on_write = 0;
471 	if (!(bev->enabled & EV_WRITE))
472 		stop_writing(bev_ssl);
473 	if (bev->enabled & EV_READ)
474 		r = start_reading(bev_ssl);
475 	return r;
476 }
477 
478 
479 static int
480 clear_wbor(struct bufferevent_openssl *bev_ssl)
481 {
482 	struct bufferevent *bev = &bev_ssl->bev.bev;
483 	int r = 0;
484 	bev_ssl->write_blocked_on_read = 0;
485 	if (!(bev->enabled & EV_READ))
486 		stop_reading(bev_ssl);
487 	if (bev->enabled & EV_WRITE)
488 		r = start_writing(bev_ssl);
489 	return r;
490 }
491 
492 static void
493 conn_closed(struct bufferevent_openssl *bev_ssl, int when, int errcode, int ret)
494 {
495 	int event = BEV_EVENT_ERROR;
496 	int dirty_shutdown = 0;
497 	unsigned long err;
498 
499 	switch (errcode) {
500 	case SSL_ERROR_ZERO_RETURN:
501 		/* Possibly a clean shutdown. */
502 		if (SSL_get_shutdown(bev_ssl->ssl) & SSL_RECEIVED_SHUTDOWN)
503 			event = BEV_EVENT_EOF;
504 		else
505 			dirty_shutdown = 1;
506 		break;
507 	case SSL_ERROR_SYSCALL:
508 		/* IO error; possibly a dirty shutdown. */
509 		if (ret == 0 && ERR_peek_error() == 0)
510 			dirty_shutdown = 1;
511 		break;
512 	case SSL_ERROR_SSL:
513 		/* Protocol error. */
514 		break;
515 	case SSL_ERROR_WANT_X509_LOOKUP:
516 		/* XXXX handle this. */
517 		break;
518 	case SSL_ERROR_NONE:
519 	case SSL_ERROR_WANT_READ:
520 	case SSL_ERROR_WANT_WRITE:
521 	case SSL_ERROR_WANT_CONNECT:
522 	case SSL_ERROR_WANT_ACCEPT:
523 	default:
524 		/* should be impossible; treat as normal error. */
525 		event_warnx("BUG: Unexpected OpenSSL error code %d", errcode);
526 		break;
527 	}
528 
529 	while ((err = ERR_get_error())) {
530 		put_error(bev_ssl, err);
531 	}
532 
533 	if (dirty_shutdown && bev_ssl->allow_dirty_shutdown)
534 		event = BEV_EVENT_EOF;
535 
536 	stop_reading(bev_ssl);
537 	stop_writing(bev_ssl);
538 
539 	/* when is BEV_EVENT_{READING|WRITING} */
540 	event = when | event;
541 	bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
542 }
543 
544 static void
545 init_bio_counts(struct bufferevent_openssl *bev_ssl)
546 {
547 	bev_ssl->counts.n_written =
548 	    BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
549 	bev_ssl->counts.n_read =
550 	    BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
551 }
552 
553 static inline void
554 decrement_buckets(struct bufferevent_openssl *bev_ssl)
555 {
556 	unsigned long num_w = BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
557 	unsigned long num_r = BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
558 	/* These next two subtractions can wrap around. That's okay. */
559 	unsigned long w = num_w - bev_ssl->counts.n_written;
560 	unsigned long r = num_r - bev_ssl->counts.n_read;
561 	if (w)
562 		bufferevent_decrement_write_buckets_(&bev_ssl->bev, w);
563 	if (r)
564 		bufferevent_decrement_read_buckets_(&bev_ssl->bev, r);
565 	bev_ssl->counts.n_written = num_w;
566 	bev_ssl->counts.n_read = num_r;
567 }
568 
569 #define OP_MADE_PROGRESS 1
570 #define OP_BLOCKED 2
571 #define OP_ERR 4
572 
573 /* Return a bitmask of OP_MADE_PROGRESS (if we read anything); OP_BLOCKED (if
574    we're now blocked); and OP_ERR (if an error occurred). */
575 static int
576 do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) {
577 	/* Requires lock */
578 	struct bufferevent *bev = &bev_ssl->bev.bev;
579 	struct evbuffer *input = bev->input;
580 	int r, n, i, n_used = 0, atmost;
581 	struct evbuffer_iovec space[2];
582 	int result = 0;
583 
584 	if (bev_ssl->bev.read_suspended)
585 		return 0;
586 
587 	atmost = bufferevent_get_read_max_(&bev_ssl->bev);
588 	if (n_to_read > atmost)
589 		n_to_read = atmost;
590 
591 	n = evbuffer_reserve_space(input, n_to_read, space, 2);
592 	if (n < 0)
593 		return OP_ERR;
594 
595 	for (i=0; i<n; ++i) {
596 		if (bev_ssl->bev.read_suspended)
597 			break;
598 		r = SSL_read(bev_ssl->ssl, space[i].iov_base, space[i].iov_len);
599 		if (r>0) {
600 			result |= OP_MADE_PROGRESS;
601 			if (bev_ssl->read_blocked_on_write)
602 				if (clear_rbow(bev_ssl) < 0)
603 					return OP_ERR | result;
604 			++n_used;
605 			space[i].iov_len = r;
606 			decrement_buckets(bev_ssl);
607 		} else {
608 			int err = SSL_get_error(bev_ssl->ssl, r);
609 			print_err(err);
610 			switch (err) {
611 			case SSL_ERROR_WANT_READ:
612 				/* Can't read until underlying has more data. */
613 				if (bev_ssl->read_blocked_on_write)
614 					if (clear_rbow(bev_ssl) < 0)
615 						return OP_ERR | result;
616 				break;
617 			case SSL_ERROR_WANT_WRITE:
618 				/* This read operation requires a write, and the
619 				 * underlying is full */
620 				if (!bev_ssl->read_blocked_on_write)
621 					if (set_rbow(bev_ssl) < 0)
622 						return OP_ERR | result;
623 				break;
624 			default:
625 				conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
626 				break;
627 			}
628 			result |= OP_BLOCKED;
629 			break; /* out of the loop */
630 		}
631 	}
632 
633 	if (n_used) {
634 		evbuffer_commit_space(input, space, n_used);
635 		if (bev_ssl->underlying)
636 			BEV_RESET_GENERIC_READ_TIMEOUT(bev);
637 	}
638 
639 	return result;
640 }
641 
642 /* Return a bitmask of OP_MADE_PROGRESS (if we wrote anything); OP_BLOCKED (if
643    we're now blocked); and OP_ERR (if an error occurred). */
644 static int
645 do_write(struct bufferevent_openssl *bev_ssl, int atmost)
646 {
647 	int i, r, n, n_written = 0;
648 	struct bufferevent *bev = &bev_ssl->bev.bev;
649 	struct evbuffer *output = bev->output;
650 	struct evbuffer_iovec space[8];
651 	int result = 0;
652 
653 	if (bev_ssl->last_write > 0)
654 		atmost = bev_ssl->last_write;
655 	else
656 		atmost = bufferevent_get_write_max_(&bev_ssl->bev);
657 
658 	n = evbuffer_peek(output, atmost, NULL, space, 8);
659 	if (n < 0)
660 		return OP_ERR | result;
661 
662 	if (n > 8)
663 		n = 8;
664 	for (i=0; i < n; ++i) {
665 		if (bev_ssl->bev.write_suspended)
666 			break;
667 
668 		/* SSL_write will (reasonably) return 0 if we tell it to
669 		   send 0 data.  Skip this case so we don't interpret the
670 		   result as an error */
671 		if (space[i].iov_len == 0)
672 			continue;
673 
674 		r = SSL_write(bev_ssl->ssl, space[i].iov_base,
675 		    space[i].iov_len);
676 		if (r > 0) {
677 			result |= OP_MADE_PROGRESS;
678 			if (bev_ssl->write_blocked_on_read)
679 				if (clear_wbor(bev_ssl) < 0)
680 					return OP_ERR | result;
681 			n_written += r;
682 			bev_ssl->last_write = -1;
683 			decrement_buckets(bev_ssl);
684 		} else {
685 			int err = SSL_get_error(bev_ssl->ssl, r);
686 			print_err(err);
687 			switch (err) {
688 			case SSL_ERROR_WANT_WRITE:
689 				/* Can't read until underlying has more data. */
690 				if (bev_ssl->write_blocked_on_read)
691 					if (clear_wbor(bev_ssl) < 0)
692 						return OP_ERR | result;
693 				bev_ssl->last_write = space[i].iov_len;
694 				break;
695 			case SSL_ERROR_WANT_READ:
696 				/* This read operation requires a write, and the
697 				 * underlying is full */
698 				if (!bev_ssl->write_blocked_on_read)
699 					if (set_wbor(bev_ssl) < 0)
700 						return OP_ERR | result;
701 				bev_ssl->last_write = space[i].iov_len;
702 				break;
703 			default:
704 				conn_closed(bev_ssl, BEV_EVENT_WRITING, err, r);
705 				bev_ssl->last_write = -1;
706 				break;
707 			}
708 			result |= OP_BLOCKED;
709 			break;
710 		}
711 	}
712 	if (n_written) {
713 		evbuffer_drain(output, n_written);
714 		if (bev_ssl->underlying)
715 			BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
716 
717 		bufferevent_trigger_nolock_(bev, EV_WRITE, 0);
718 	}
719 	return result;
720 }
721 
722 #define WRITE_FRAME 15000
723 
724 #define READ_DEFAULT 4096
725 
726 /* Try to figure out how many bytes to read; return 0 if we shouldn't be
727  * reading. */
728 static int
729 bytes_to_read(struct bufferevent_openssl *bev)
730 {
731 	struct evbuffer *input = bev->bev.bev.input;
732 	struct event_watermark *wm = &bev->bev.bev.wm_read;
733 	int result = READ_DEFAULT;
734 	ev_ssize_t limit;
735 	/* XXX 99% of this is generic code that nearly all bufferevents will
736 	 * want. */
737 
738 	if (bev->write_blocked_on_read) {
739 		return 0;
740 	}
741 
742 	if (! (bev->bev.bev.enabled & EV_READ)) {
743 		return 0;
744 	}
745 
746 	if (bev->bev.read_suspended) {
747 		return 0;
748 	}
749 
750 	if (wm->high) {
751 		if (evbuffer_get_length(input) >= wm->high) {
752 			return 0;
753 		}
754 
755 		result = wm->high - evbuffer_get_length(input);
756 	} else {
757 		result = READ_DEFAULT;
758 	}
759 
760 	/* Respect the rate limit */
761 	limit = bufferevent_get_read_max_(&bev->bev);
762 	if (result > limit) {
763 		result = limit;
764 	}
765 
766 	return result;
767 }
768 
769 
770 /* Things look readable.  If write is blocked on read, write till it isn't.
771  * Read from the underlying buffer until we block or we hit our high-water
772  * mark.
773  */
774 static void
775 consider_reading(struct bufferevent_openssl *bev_ssl)
776 {
777 	int r;
778 	int n_to_read;
779 	int all_result_flags = 0;
780 
781 	while (bev_ssl->write_blocked_on_read) {
782 		r = do_write(bev_ssl, WRITE_FRAME);
783 		if (r & (OP_BLOCKED|OP_ERR))
784 			break;
785 	}
786 	if (bev_ssl->write_blocked_on_read)
787 		return;
788 
789 	n_to_read = bytes_to_read(bev_ssl);
790 
791 	while (n_to_read) {
792 		r = do_read(bev_ssl, n_to_read);
793 		all_result_flags |= r;
794 
795 		if (r & (OP_BLOCKED|OP_ERR))
796 			break;
797 
798 		if (bev_ssl->bev.read_suspended)
799 			break;
800 
801 		/* Read all pending data.  This won't hit the network
802 		 * again, and will (most importantly) put us in a state
803 		 * where we don't need to read anything else until the
804 		 * socket is readable again.  It'll potentially make us
805 		 * overrun our read high-watermark (somewhat
806 		 * regrettable).  The damage to the rate-limit has
807 		 * already been done, since OpenSSL went and read a
808 		 * whole SSL record anyway. */
809 		n_to_read = SSL_pending(bev_ssl->ssl);
810 
811 		/* XXX This if statement is actually a bad bug, added to avoid
812 		 * XXX a worse bug.
813 		 *
814 		 * The bad bug: It can potentially cause resource unfairness
815 		 * by reading too much data from the underlying bufferevent;
816 		 * it can potentially cause read looping if the underlying
817 		 * bufferevent is a bufferevent_pair and deferred callbacks
818 		 * aren't used.
819 		 *
820 		 * The worse bug: If we didn't do this, then we would
821 		 * potentially not read any more from bev_ssl->underlying
822 		 * until more data arrived there, which could lead to us
823 		 * waiting forever.
824 		 */
825 		if (!n_to_read && bev_ssl->underlying)
826 			n_to_read = bytes_to_read(bev_ssl);
827 	}
828 
829 	if (all_result_flags & OP_MADE_PROGRESS) {
830 		struct bufferevent *bev = &bev_ssl->bev.bev;
831 
832 		bufferevent_trigger_nolock_(bev, EV_READ, 0);
833 	}
834 
835 	if (!bev_ssl->underlying) {
836 		/* Should be redundant, but let's avoid busy-looping */
837 		if (bev_ssl->bev.read_suspended ||
838 		    !(bev_ssl->bev.bev.enabled & EV_READ)) {
839 			event_del(&bev_ssl->bev.bev.ev_read);
840 		}
841 	}
842 }
843 
844 static void
845 consider_writing(struct bufferevent_openssl *bev_ssl)
846 {
847 	int r;
848 	struct evbuffer *output = bev_ssl->bev.bev.output;
849 	struct evbuffer *target = NULL;
850 	struct event_watermark *wm = NULL;
851 
852 	while (bev_ssl->read_blocked_on_write) {
853 		r = do_read(bev_ssl, 1024); /* XXXX 1024 is a hack */
854 		if (r & OP_MADE_PROGRESS) {
855 			struct bufferevent *bev = &bev_ssl->bev.bev;
856 
857 			bufferevent_trigger_nolock_(bev, EV_READ, 0);
858 		}
859 		if (r & (OP_ERR|OP_BLOCKED))
860 			break;
861 	}
862 	if (bev_ssl->read_blocked_on_write)
863 		return;
864 	if (bev_ssl->underlying) {
865 		target = bev_ssl->underlying->output;
866 		wm = &bev_ssl->underlying->wm_write;
867 	}
868 	while ((bev_ssl->bev.bev.enabled & EV_WRITE) &&
869 	    (! bev_ssl->bev.write_suspended) &&
870 	    evbuffer_get_length(output) &&
871 	    (!target || (! wm->high || evbuffer_get_length(target) < wm->high))) {
872 		int n_to_write;
873 		if (wm && wm->high)
874 			n_to_write = wm->high - evbuffer_get_length(target);
875 		else
876 			n_to_write = WRITE_FRAME;
877 		r = do_write(bev_ssl, n_to_write);
878 		if (r & (OP_BLOCKED|OP_ERR))
879 			break;
880 	}
881 
882 	if (!bev_ssl->underlying) {
883 		if (evbuffer_get_length(output) == 0) {
884 			event_del(&bev_ssl->bev.bev.ev_write);
885 		} else if (bev_ssl->bev.write_suspended ||
886 		    !(bev_ssl->bev.bev.enabled & EV_WRITE)) {
887 			/* Should be redundant, but let's avoid busy-looping */
888 			event_del(&bev_ssl->bev.bev.ev_write);
889 		}
890 	}
891 }
892 
893 static void
894 be_openssl_readcb(struct bufferevent *bev_base, void *ctx)
895 {
896 	struct bufferevent_openssl *bev_ssl = ctx;
897 	consider_reading(bev_ssl);
898 }
899 
900 static void
901 be_openssl_writecb(struct bufferevent *bev_base, void *ctx)
902 {
903 	struct bufferevent_openssl *bev_ssl = ctx;
904 	consider_writing(bev_ssl);
905 }
906 
907 static void
908 be_openssl_eventcb(struct bufferevent *bev_base, short what, void *ctx)
909 {
910 	struct bufferevent_openssl *bev_ssl = ctx;
911 	int event = 0;
912 
913 	if (what & BEV_EVENT_EOF) {
914 		if (bev_ssl->allow_dirty_shutdown)
915 			event = BEV_EVENT_EOF;
916 		else
917 			event = BEV_EVENT_ERROR;
918 	} else if (what & BEV_EVENT_TIMEOUT) {
919 		/* We sure didn't set this.  Propagate it to the user. */
920 		event = what;
921 	} else if (what & BEV_EVENT_ERROR) {
922 		/* An error occurred on the connection.  Propagate it to the user. */
923 		event = what;
924 	} else if (what & BEV_EVENT_CONNECTED) {
925 		/* Ignore it.  We're saying SSL_connect() already, which will
926 		   eat it. */
927 	}
928 	if (event)
929 		bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
930 }
931 
932 static void
933 be_openssl_readeventcb(evutil_socket_t fd, short what, void *ptr)
934 {
935 	struct bufferevent_openssl *bev_ssl = ptr;
936 	bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
937 	if (what == EV_TIMEOUT) {
938 		bufferevent_run_eventcb_(&bev_ssl->bev.bev,
939 		    BEV_EVENT_TIMEOUT|BEV_EVENT_READING, 0);
940 	} else {
941 		consider_reading(bev_ssl);
942 	}
943 	bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
944 }
945 
946 static void
947 be_openssl_writeeventcb(evutil_socket_t fd, short what, void *ptr)
948 {
949 	struct bufferevent_openssl *bev_ssl = ptr;
950 	bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
951 	if (what == EV_TIMEOUT) {
952 		bufferevent_run_eventcb_(&bev_ssl->bev.bev,
953 		    BEV_EVENT_TIMEOUT|BEV_EVENT_WRITING, 0);
954 	} else {
955 		consider_writing(bev_ssl);
956 	}
957 	bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
958 }
959 
960 static int
961 set_open_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
962 {
963 	if (bev_ssl->underlying) {
964 		bufferevent_setcb(bev_ssl->underlying,
965 		    be_openssl_readcb, be_openssl_writecb, be_openssl_eventcb,
966 		    bev_ssl);
967 		return 0;
968 	} else {
969 		struct bufferevent *bev = &bev_ssl->bev.bev;
970 		int rpending=0, wpending=0, r1=0, r2=0;
971 		if (fd < 0 && bev_ssl->fd_is_set)
972 			fd = event_get_fd(&bev->ev_read);
973 		if (bev_ssl->fd_is_set) {
974 			rpending = event_pending(&bev->ev_read, EV_READ, NULL);
975 			wpending = event_pending(&bev->ev_write, EV_WRITE, NULL);
976 			event_del(&bev->ev_read);
977 			event_del(&bev->ev_write);
978 		}
979 		event_assign(&bev->ev_read, bev->ev_base, fd,
980 		    EV_READ|EV_PERSIST|EV_FINALIZE,
981 		    be_openssl_readeventcb, bev_ssl);
982 		event_assign(&bev->ev_write, bev->ev_base, fd,
983 		    EV_WRITE|EV_PERSIST|EV_FINALIZE,
984 		    be_openssl_writeeventcb, bev_ssl);
985 		if (rpending)
986 			r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
987 		if (wpending)
988 			r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
989 		if (fd >= 0) {
990 			bev_ssl->fd_is_set = 1;
991 		}
992 		return (r1<0 || r2<0) ? -1 : 0;
993 	}
994 }
995 
996 static int
997 do_handshake(struct bufferevent_openssl *bev_ssl)
998 {
999 	int r;
1000 
1001 	switch (bev_ssl->state) {
1002 	default:
1003 	case BUFFEREVENT_SSL_OPEN:
1004 		EVUTIL_ASSERT(0);
1005 		return -1;
1006 	case BUFFEREVENT_SSL_CONNECTING:
1007 	case BUFFEREVENT_SSL_ACCEPTING:
1008 		r = SSL_do_handshake(bev_ssl->ssl);
1009 		break;
1010 	}
1011 	decrement_buckets(bev_ssl);
1012 
1013 	if (r==1) {
1014 		/* We're done! */
1015 		bev_ssl->state = BUFFEREVENT_SSL_OPEN;
1016 		set_open_callbacks(bev_ssl, -1); /* XXXX handle failure */
1017 		/* Call do_read and do_write as needed */
1018 		bufferevent_enable(&bev_ssl->bev.bev, bev_ssl->bev.bev.enabled);
1019 		bufferevent_run_eventcb_(&bev_ssl->bev.bev,
1020 		    BEV_EVENT_CONNECTED, 0);
1021 		return 1;
1022 	} else {
1023 		int err = SSL_get_error(bev_ssl->ssl, r);
1024 		print_err(err);
1025 		switch (err) {
1026 		case SSL_ERROR_WANT_WRITE:
1027 			if (!bev_ssl->underlying) {
1028 				stop_reading(bev_ssl);
1029 				return start_writing(bev_ssl);
1030 			}
1031 			return 0;
1032 		case SSL_ERROR_WANT_READ:
1033 			if (!bev_ssl->underlying) {
1034 				stop_writing(bev_ssl);
1035 				return start_reading(bev_ssl);
1036 			}
1037 			return 0;
1038 		default:
1039 			conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
1040 			return -1;
1041 		}
1042 	}
1043 }
1044 
1045 static void
1046 be_openssl_handshakecb(struct bufferevent *bev_base, void *ctx)
1047 {
1048 	struct bufferevent_openssl *bev_ssl = ctx;
1049 	do_handshake(bev_ssl);/* XXX handle failure */
1050 }
1051 
1052 static void
1053 be_openssl_handshakeeventcb(evutil_socket_t fd, short what, void *ptr)
1054 {
1055 	struct bufferevent_openssl *bev_ssl = ptr;
1056 
1057 	bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
1058 	if (what & EV_TIMEOUT) {
1059 		bufferevent_run_eventcb_(&bev_ssl->bev.bev, BEV_EVENT_TIMEOUT, 0);
1060 	} else
1061 		do_handshake(bev_ssl);/* XXX handle failure */
1062 	bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
1063 }
1064 
1065 static int
1066 set_handshake_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
1067 {
1068 	if (bev_ssl->underlying) {
1069 		bufferevent_setcb(bev_ssl->underlying,
1070 		    be_openssl_handshakecb, be_openssl_handshakecb,
1071 		    be_openssl_eventcb,
1072 		    bev_ssl);
1073 		return do_handshake(bev_ssl);
1074 	} else {
1075 		struct bufferevent *bev = &bev_ssl->bev.bev;
1076 		int r1=0, r2=0;
1077 		if (fd < 0 && bev_ssl->fd_is_set)
1078 			fd = event_get_fd(&bev->ev_read);
1079 		if (bev_ssl->fd_is_set) {
1080 			event_del(&bev->ev_read);
1081 			event_del(&bev->ev_write);
1082 		}
1083 		event_assign(&bev->ev_read, bev->ev_base, fd,
1084 		    EV_READ|EV_PERSIST|EV_FINALIZE,
1085 		    be_openssl_handshakeeventcb, bev_ssl);
1086 		event_assign(&bev->ev_write, bev->ev_base, fd,
1087 		    EV_WRITE|EV_PERSIST|EV_FINALIZE,
1088 		    be_openssl_handshakeeventcb, bev_ssl);
1089 		if (fd >= 0) {
1090 			r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
1091 			r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
1092 			bev_ssl->fd_is_set = 1;
1093 		}
1094 		return (r1<0 || r2<0) ? -1 : 0;
1095 	}
1096 }
1097 
1098 int
1099 bufferevent_ssl_renegotiate(struct bufferevent *bev)
1100 {
1101 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1102 	if (!bev_ssl)
1103 		return -1;
1104 	if (SSL_renegotiate(bev_ssl->ssl) < 0)
1105 		return -1;
1106 	bev_ssl->state = BUFFEREVENT_SSL_CONNECTING;
1107 	if (set_handshake_callbacks(bev_ssl, -1) < 0)
1108 		return -1;
1109 	if (!bev_ssl->underlying)
1110 		return do_handshake(bev_ssl);
1111 	return 0;
1112 }
1113 
1114 static void
1115 be_openssl_outbuf_cb(struct evbuffer *buf,
1116     const struct evbuffer_cb_info *cbinfo, void *arg)
1117 {
1118 	struct bufferevent_openssl *bev_ssl = arg;
1119 	int r = 0;
1120 	/* XXX need to hold a reference here. */
1121 
1122 	if (cbinfo->n_added && bev_ssl->state == BUFFEREVENT_SSL_OPEN) {
1123 		if (cbinfo->orig_size == 0)
1124 			r = bufferevent_add_event_(&bev_ssl->bev.bev.ev_write,
1125 			    &bev_ssl->bev.bev.timeout_write);
1126 		consider_writing(bev_ssl);
1127 	}
1128 	/* XXX Handle r < 0 */
1129         (void)r;
1130 }
1131 
1132 
1133 static int
1134 be_openssl_enable(struct bufferevent *bev, short events)
1135 {
1136 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1137 	int r1 = 0, r2 = 0;
1138 
1139 	if (bev_ssl->state != BUFFEREVENT_SSL_OPEN)
1140 		return 0;
1141 
1142 	if (events & EV_READ)
1143 		r1 = start_reading(bev_ssl);
1144 	if (events & EV_WRITE)
1145 		r2 = start_writing(bev_ssl);
1146 
1147 	if (bev_ssl->underlying) {
1148 		if (events & EV_READ)
1149 			BEV_RESET_GENERIC_READ_TIMEOUT(bev);
1150 		if (events & EV_WRITE)
1151 			BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
1152 
1153 		if (events & EV_READ)
1154 			consider_reading(bev_ssl);
1155 		if (events & EV_WRITE)
1156 			consider_writing(bev_ssl);
1157 	}
1158 	return (r1 < 0 || r2 < 0) ? -1 : 0;
1159 }
1160 
1161 static int
1162 be_openssl_disable(struct bufferevent *bev, short events)
1163 {
1164 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1165 	if (bev_ssl->state != BUFFEREVENT_SSL_OPEN)
1166 		return 0;
1167 
1168 	if (events & EV_READ)
1169 		stop_reading(bev_ssl);
1170 	if (events & EV_WRITE)
1171 		stop_writing(bev_ssl);
1172 
1173 	if (bev_ssl->underlying) {
1174 		if (events & EV_READ)
1175 			BEV_DEL_GENERIC_READ_TIMEOUT(bev);
1176 		if (events & EV_WRITE)
1177 			BEV_DEL_GENERIC_WRITE_TIMEOUT(bev);
1178 	}
1179 	return 0;
1180 }
1181 
1182 static void
1183 be_openssl_unlink(struct bufferevent *bev)
1184 {
1185 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1186 
1187 	if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1188 		if (bev_ssl->underlying) {
1189 			if (BEV_UPCAST(bev_ssl->underlying)->refcnt < 2) {
1190 				event_warnx("BEV_OPT_CLOSE_ON_FREE set on an "
1191 				    "bufferevent with too few references");
1192 			} else {
1193 				bufferevent_free(bev_ssl->underlying);
1194 				/* We still have a reference to it, via our
1195 				 * BIO. So we don't drop this. */
1196 				// bev_ssl->underlying = NULL;
1197 			}
1198 		}
1199 	} else {
1200 		if (bev_ssl->underlying) {
1201 			if (bev_ssl->underlying->errorcb == be_openssl_eventcb)
1202 				bufferevent_setcb(bev_ssl->underlying,
1203 				    NULL,NULL,NULL,NULL);
1204 			bufferevent_unsuspend_read_(bev_ssl->underlying,
1205 			    BEV_SUSPEND_FILT_READ);
1206 		}
1207 	}
1208 }
1209 
1210 static void
1211 be_openssl_destruct(struct bufferevent *bev)
1212 {
1213 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1214 
1215 	if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1216 		if (! bev_ssl->underlying) {
1217 			evutil_socket_t fd = -1;
1218 			BIO *bio = SSL_get_wbio(bev_ssl->ssl);
1219 			if (bio)
1220 				fd = BIO_get_fd(bio, NULL);
1221 			if (fd >= 0)
1222 				evutil_closesocket(fd);
1223 		}
1224 		SSL_free(bev_ssl->ssl);
1225 	}
1226 }
1227 
1228 static int
1229 be_openssl_adj_timeouts(struct bufferevent *bev)
1230 {
1231 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1232 
1233 	if (bev_ssl->underlying) {
1234 		return bufferevent_generic_adj_timeouts_(bev);
1235 	} else {
1236 		int r1=0, r2=0;
1237 		if (event_pending(&bev->ev_read, EV_READ, NULL)) {
1238 			if (evutil_timerisset(&bev->timeout_read)) {
1239 				r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
1240 			} else {
1241 				event_remove_timer(&bev->ev_read);
1242 			}
1243 		}
1244 		if (event_pending(&bev->ev_write, EV_WRITE, NULL)) {
1245 			if (evutil_timerisset(&bev->timeout_write)) {
1246 				r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
1247 			} else {
1248 				event_remove_timer(&bev->ev_write);
1249 			}
1250 		}
1251 
1252 		return (r1<0 || r2<0) ? -1 : 0;
1253 	}
1254 }
1255 
1256 static int
1257 be_openssl_flush(struct bufferevent *bufev,
1258     short iotype, enum bufferevent_flush_mode mode)
1259 {
1260 	/* XXXX Implement this. */
1261 	return 0;
1262 }
1263 
1264 static int
1265 be_openssl_ctrl(struct bufferevent *bev,
1266     enum bufferevent_ctrl_op op, union bufferevent_ctrl_data *data)
1267 {
1268 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1269 	switch (op) {
1270 	case BEV_CTRL_SET_FD:
1271 		if (bev_ssl->underlying)
1272 			return -1;
1273 		{
1274 			BIO *bio;
1275 			bio = BIO_new_socket(data->fd, 0);
1276 			SSL_set_bio(bev_ssl->ssl, bio, bio);
1277 			bev_ssl->fd_is_set = 1;
1278 		}
1279 		if (data->fd == -1)
1280 			bev_ssl->fd_is_set = 0;
1281 		if (bev_ssl->state == BUFFEREVENT_SSL_OPEN)
1282 			return set_open_callbacks(bev_ssl, data->fd);
1283 		else {
1284 			return set_handshake_callbacks(bev_ssl, data->fd);
1285 		}
1286 	case BEV_CTRL_GET_FD:
1287 		if (bev_ssl->underlying)
1288 			return -1;
1289 		if (!bev_ssl->fd_is_set)
1290 			return -1;
1291 		data->fd = event_get_fd(&bev->ev_read);
1292 		return 0;
1293 	case BEV_CTRL_GET_UNDERLYING:
1294 		if (!bev_ssl->underlying)
1295 			return -1;
1296 		data->ptr = bev_ssl->underlying;
1297 		return 0;
1298 	case BEV_CTRL_CANCEL_ALL:
1299 	default:
1300 		return -1;
1301 	}
1302 }
1303 
1304 SSL *
1305 bufferevent_openssl_get_ssl(struct bufferevent *bufev)
1306 {
1307 	struct bufferevent_openssl *bev_ssl = upcast(bufev);
1308 	if (!bev_ssl)
1309 		return NULL;
1310 	return bev_ssl->ssl;
1311 }
1312 
1313 static struct bufferevent *
1314 bufferevent_openssl_new_impl(struct event_base *base,
1315     struct bufferevent *underlying,
1316     evutil_socket_t fd,
1317     SSL *ssl,
1318     enum bufferevent_ssl_state state,
1319     int options)
1320 {
1321 	struct bufferevent_openssl *bev_ssl = NULL;
1322 	struct bufferevent_private *bev_p = NULL;
1323 	int tmp_options = options & ~BEV_OPT_THREADSAFE;
1324 
1325 	if (underlying != NULL && fd >= 0)
1326 		return NULL; /* Only one can be set. */
1327 
1328 	if (!(bev_ssl = mm_calloc(1, sizeof(struct bufferevent_openssl))))
1329 		goto err;
1330 
1331 	bev_p = &bev_ssl->bev;
1332 
1333 	if (bufferevent_init_common_(bev_p, base,
1334 		&bufferevent_ops_openssl, tmp_options) < 0)
1335 		goto err;
1336 
1337 	/* Don't explode if we decide to realloc a chunk we're writing from in
1338 	 * the output buffer. */
1339 	SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1340 
1341 	bev_ssl->underlying = underlying;
1342 	bev_ssl->ssl = ssl;
1343 
1344 	bev_ssl->outbuf_cb = evbuffer_add_cb(bev_p->bev.output,
1345 	    be_openssl_outbuf_cb, bev_ssl);
1346 
1347 	if (options & BEV_OPT_THREADSAFE)
1348 		bufferevent_enable_locking_(&bev_ssl->bev.bev, NULL);
1349 
1350 	if (underlying) {
1351 		bufferevent_init_generic_timeout_cbs_(&bev_ssl->bev.bev);
1352 		bufferevent_incref_(underlying);
1353 	}
1354 
1355 	bev_ssl->state = state;
1356 	bev_ssl->last_write = -1;
1357 
1358 	init_bio_counts(bev_ssl);
1359 
1360 	switch (state) {
1361 	case BUFFEREVENT_SSL_ACCEPTING:
1362 		SSL_set_accept_state(bev_ssl->ssl);
1363 		if (set_handshake_callbacks(bev_ssl, fd) < 0)
1364 			goto err;
1365 		break;
1366 	case BUFFEREVENT_SSL_CONNECTING:
1367 		SSL_set_connect_state(bev_ssl->ssl);
1368 		if (set_handshake_callbacks(bev_ssl, fd) < 0)
1369 			goto err;
1370 		break;
1371 	case BUFFEREVENT_SSL_OPEN:
1372 		if (set_open_callbacks(bev_ssl, fd) < 0)
1373 			goto err;
1374 		break;
1375 	default:
1376 		goto err;
1377 	}
1378 
1379 	if (underlying) {
1380 		bufferevent_setwatermark(underlying, EV_READ, 0, 0);
1381 		bufferevent_enable(underlying, EV_READ|EV_WRITE);
1382 		if (state == BUFFEREVENT_SSL_OPEN)
1383 			bufferevent_suspend_read_(underlying,
1384 			    BEV_SUSPEND_FILT_READ);
1385 	} else {
1386 		bev_ssl->bev.bev.enabled = EV_READ|EV_WRITE;
1387 		if (bev_ssl->fd_is_set) {
1388 			if (state != BUFFEREVENT_SSL_OPEN)
1389 				if (event_add(&bev_ssl->bev.bev.ev_read, NULL) < 0)
1390 					goto err;
1391 			if (event_add(&bev_ssl->bev.bev.ev_write, NULL) < 0)
1392 				goto err;
1393 		}
1394 	}
1395 
1396 	return &bev_ssl->bev.bev;
1397 err:
1398 	if (bev_ssl)
1399 		bufferevent_free(&bev_ssl->bev.bev);
1400 	return NULL;
1401 }
1402 
1403 struct bufferevent *
1404 bufferevent_openssl_filter_new(struct event_base *base,
1405     struct bufferevent *underlying,
1406     SSL *ssl,
1407     enum bufferevent_ssl_state state,
1408     int options)
1409 {
1410 	/* We don't tell the BIO to close the bufferevent; we do it ourselves
1411 	 * on be_openssl_destruct */
1412 	int close_flag = 0; /* options & BEV_OPT_CLOSE_ON_FREE; */
1413 	BIO *bio;
1414 	if (!underlying)
1415 		return NULL;
1416 	if (!(bio = BIO_new_bufferevent(underlying, close_flag)))
1417 		return NULL;
1418 
1419 	SSL_set_bio(ssl, bio, bio);
1420 
1421 	return bufferevent_openssl_new_impl(
1422 		base, underlying, -1, ssl, state, options);
1423 }
1424 
1425 struct bufferevent *
1426 bufferevent_openssl_socket_new(struct event_base *base,
1427     evutil_socket_t fd,
1428     SSL *ssl,
1429     enum bufferevent_ssl_state state,
1430     int options)
1431 {
1432 	/* Does the SSL already have an fd? */
1433 	BIO *bio = SSL_get_wbio(ssl);
1434 	long have_fd = -1;
1435 
1436 	if (bio)
1437 		have_fd = BIO_get_fd(bio, NULL);
1438 
1439 	if (have_fd >= 0) {
1440 		/* The SSL is already configured with an fd. */
1441 		if (fd < 0) {
1442 			/* We should learn the fd from the SSL. */
1443 			fd = (evutil_socket_t) have_fd;
1444 		} else if (have_fd == (long)fd) {
1445 			/* We already know the fd from the SSL; do nothing */
1446 		} else {
1447 			/* We specified an fd different from that of the SSL.
1448 			   This is probably an error on our part.  Fail. */
1449 			return NULL;
1450 		}
1451 		(void) BIO_set_close(bio, 0);
1452 	} else {
1453 		/* The SSL isn't configured with a BIO with an fd. */
1454 		if (fd >= 0) {
1455 			/* ... and we have an fd we want to use. */
1456 			bio = BIO_new_socket(fd, 0);
1457 			SSL_set_bio(ssl, bio, bio);
1458 		} else {
1459 			/* Leave the fd unset. */
1460 		}
1461 	}
1462 
1463 	return bufferevent_openssl_new_impl(
1464 		base, NULL, fd, ssl, state, options);
1465 }
1466 
1467 int
1468 bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev)
1469 {
1470 	int allow_dirty_shutdown = -1;
1471 	struct bufferevent_openssl *bev_ssl;
1472 	BEV_LOCK(bev);
1473 	bev_ssl = upcast(bev);
1474 	if (bev_ssl)
1475 		allow_dirty_shutdown = bev_ssl->allow_dirty_shutdown;
1476 	BEV_UNLOCK(bev);
1477 	return allow_dirty_shutdown;
1478 }
1479 
1480 void
1481 bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev,
1482     int allow_dirty_shutdown)
1483 {
1484 	struct bufferevent_openssl *bev_ssl;
1485 	BEV_LOCK(bev);
1486 	bev_ssl = upcast(bev);
1487 	if (bev_ssl)
1488 		bev_ssl->allow_dirty_shutdown = !!allow_dirty_shutdown;
1489 	BEV_UNLOCK(bev);
1490 }
1491 
1492 unsigned long
1493 bufferevent_get_openssl_error(struct bufferevent *bev)
1494 {
1495 	unsigned long err = 0;
1496 	struct bufferevent_openssl *bev_ssl;
1497 	BEV_LOCK(bev);
1498 	bev_ssl = upcast(bev);
1499 	if (bev_ssl && bev_ssl->n_errors) {
1500 		err = bev_ssl->errors[--bev_ssl->n_errors];
1501 	}
1502 	BEV_UNLOCK(bev);
1503 	return err;
1504 }
1505