xref: /freebsd/contrib/ntp/sntp/libevent/bufferevent_openssl.c (revision 952364486a4b9d135e4b28f7f88a8703a74eae6f)
1 /*
2  * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  * 3. The name of the author may not be used to endorse or promote products
13  *    derived from this software without specific prior written permission.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26 
27 // Get rid of OSX 10.7 and greater deprecation warnings.
28 #if defined(__APPLE__) && defined(__clang__)
29 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
30 #endif
31 
32 #include "event2/event-config.h"
33 #include "evconfig-private.h"
34 
35 #include <sys/types.h>
36 
37 #ifdef EVENT__HAVE_SYS_TIME_H
38 #include <sys/time.h>
39 #endif
40 
41 #include <errno.h>
42 #include <stdio.h>
43 #include <stdlib.h>
44 #include <string.h>
45 #ifdef EVENT__HAVE_STDARG_H
46 #include <stdarg.h>
47 #endif
48 #ifdef EVENT__HAVE_UNISTD_H
49 #include <unistd.h>
50 #endif
51 
52 #ifdef _WIN32
53 #include <winsock2.h>
54 #endif
55 
56 #include "event2/bufferevent.h"
57 #include "event2/bufferevent_struct.h"
58 #include "event2/bufferevent_ssl.h"
59 #include "event2/buffer.h"
60 #include "event2/event.h"
61 
62 #include "mm-internal.h"
63 #include "bufferevent-internal.h"
64 #include "log-internal.h"
65 
66 #include <openssl/bio.h>
67 #include <openssl/ssl.h>
68 #include <openssl/err.h>
69 
70 /*
71  * Define an OpenSSL bio that targets a bufferevent.
72  */
73 
74 /* --------------------
75    A BIO is an OpenSSL abstraction that handles reading and writing data.  The
76    library will happily speak SSL over anything that implements a BIO
77    interface.
78 
79    Here we define a BIO implementation that directs its output to a
80    bufferevent.  We'll want to use this only when none of OpenSSL's built-in
81    IO mechanisms work for us.
82    -------------------- */
83 
84 /* every BIO type needs its own integer type value. */
85 #define BIO_TYPE_LIBEVENT 57
86 /* ???? Arguably, we should set BIO_TYPE_FILTER or BIO_TYPE_SOURCE_SINK on
87  * this. */
88 
89 #if 0
90 static void
91 print_err(int val)
92 {
93 	int err;
94 	printf("Error was %d\n", val);
95 
96 	while ((err = ERR_get_error())) {
97 		const char *msg = (const char*)ERR_reason_error_string(err);
98 		const char *lib = (const char*)ERR_lib_error_string(err);
99 		const char *func = (const char*)ERR_func_error_string(err);
100 
101 		printf("%s in %s %s\n", msg, lib, func);
102 	}
103 }
104 #else
105 #define print_err(v) ((void)0)
106 #endif
107 
108 /* Called to initialize a new BIO */
109 static int
110 bio_bufferevent_new(BIO *b)
111 {
112 	b->init = 0;
113 	b->num = -1;
114 	b->ptr = NULL; /* We'll be putting the bufferevent in this field.*/
115 	b->flags = 0;
116 	return 1;
117 }
118 
119 /* Called to uninitialize the BIO. */
120 static int
121 bio_bufferevent_free(BIO *b)
122 {
123 	if (!b)
124 		return 0;
125 	if (b->shutdown) {
126 		if (b->init && b->ptr)
127 			bufferevent_free(b->ptr);
128 		b->init = 0;
129 		b->flags = 0;
130 		b->ptr = NULL;
131 	}
132 	return 1;
133 }
134 
135 /* Called to extract data from the BIO. */
136 static int
137 bio_bufferevent_read(BIO *b, char *out, int outlen)
138 {
139 	int r = 0;
140 	struct evbuffer *input;
141 
142 	BIO_clear_retry_flags(b);
143 
144 	if (!out)
145 		return 0;
146 	if (!b->ptr)
147 		return -1;
148 
149 	input = bufferevent_get_input(b->ptr);
150 	if (evbuffer_get_length(input) == 0) {
151 		/* If there's no data to read, say so. */
152 		BIO_set_retry_read(b);
153 		return -1;
154 	} else {
155 		r = evbuffer_remove(input, out, outlen);
156 	}
157 
158 	return r;
159 }
160 
161 /* Called to write data info the BIO */
162 static int
163 bio_bufferevent_write(BIO *b, const char *in, int inlen)
164 {
165 	struct bufferevent *bufev = b->ptr;
166 	struct evbuffer *output;
167 	size_t outlen;
168 
169 	BIO_clear_retry_flags(b);
170 
171 	if (!b->ptr)
172 		return -1;
173 
174 	output = bufferevent_get_output(bufev);
175 	outlen = evbuffer_get_length(output);
176 
177 	/* Copy only as much data onto the output buffer as can fit under the
178 	 * high-water mark. */
179 	if (bufev->wm_write.high && bufev->wm_write.high <= (outlen+inlen)) {
180 		if (bufev->wm_write.high <= outlen) {
181 			/* If no data can fit, we'll need to retry later. */
182 			BIO_set_retry_write(b);
183 			return -1;
184 		}
185 		inlen = bufev->wm_write.high - outlen;
186 	}
187 
188 	EVUTIL_ASSERT(inlen > 0);
189 	evbuffer_add(output, in, inlen);
190 	return inlen;
191 }
192 
193 /* Called to handle various requests */
194 static long
195 bio_bufferevent_ctrl(BIO *b, int cmd, long num, void *ptr)
196 {
197 	struct bufferevent *bufev = b->ptr;
198 	long ret = 1;
199 
200 	switch (cmd) {
201 	case BIO_CTRL_GET_CLOSE:
202 		ret = b->shutdown;
203 		break;
204 	case BIO_CTRL_SET_CLOSE:
205 		b->shutdown = (int)num;
206 		break;
207 	case BIO_CTRL_PENDING:
208 		ret = evbuffer_get_length(bufferevent_get_input(bufev)) != 0;
209 		break;
210 	case BIO_CTRL_WPENDING:
211 		ret = evbuffer_get_length(bufferevent_get_output(bufev)) != 0;
212 		break;
213 	/* XXXX These two are given a special-case treatment because
214 	 * of cargo-cultism.  I should come up with a better reason. */
215 	case BIO_CTRL_DUP:
216 	case BIO_CTRL_FLUSH:
217 		ret = 1;
218 		break;
219 	default:
220 		ret = 0;
221 		break;
222 	}
223 	return ret;
224 }
225 
226 /* Called to write a string to the BIO */
227 static int
228 bio_bufferevent_puts(BIO *b, const char *s)
229 {
230 	return bio_bufferevent_write(b, s, strlen(s));
231 }
232 
233 /* Method table for the bufferevent BIO */
234 static BIO_METHOD methods_bufferevent = {
235 	BIO_TYPE_LIBEVENT, "bufferevent",
236 	bio_bufferevent_write,
237 	bio_bufferevent_read,
238 	bio_bufferevent_puts,
239 	NULL /* bio_bufferevent_gets */,
240 	bio_bufferevent_ctrl,
241 	bio_bufferevent_new,
242 	bio_bufferevent_free,
243 	NULL /* callback_ctrl */,
244 };
245 
246 /* Return the method table for the bufferevents BIO */
247 static BIO_METHOD *
248 BIO_s_bufferevent(void)
249 {
250 	return &methods_bufferevent;
251 }
252 
253 /* Create a new BIO to wrap communication around a bufferevent.  If close_flag
254  * is true, the bufferevent will be freed when the BIO is closed. */
255 static BIO *
256 BIO_new_bufferevent(struct bufferevent *bufferevent, int close_flag)
257 {
258 	BIO *result;
259 	if (!bufferevent)
260 		return NULL;
261 	if (!(result = BIO_new(BIO_s_bufferevent())))
262 		return NULL;
263 	result->init = 1;
264 	result->ptr = bufferevent;
265 	result->shutdown = close_flag ? 1 : 0;
266 	return result;
267 }
268 
269 /* --------------------
270    Now, here's the OpenSSL-based implementation of bufferevent.
271 
272    The implementation comes in two flavors: one that connects its SSL object
273    to an underlying bufferevent using a BIO_bufferevent, and one that has the
274    SSL object connect to a socket directly.  The latter should generally be
275    faster, except on Windows, where your best bet is using a
276    bufferevent_async.
277 
278    (OpenSSL supports many other BIO types, too.  But we can't use any unless
279    we have a good way to get notified when they become readable/writable.)
280    -------------------- */
281 
282 struct bio_data_counts {
283 	unsigned long n_written;
284 	unsigned long n_read;
285 };
286 
287 struct bufferevent_openssl {
288 	/* Shared fields with common bufferevent implementation code.
289 	   If we were set up with an underlying bufferevent, we use the
290 	   events here as timers only.  If we have an SSL, then we use
291 	   the events as socket events.
292 	 */
293 	struct bufferevent_private bev;
294 	/* An underlying bufferevent that we're directing our output to.
295 	   If it's NULL, then we're connected to an fd, not an evbuffer. */
296 	struct bufferevent *underlying;
297 	/* The SSL object doing our encryption. */
298 	SSL *ssl;
299 
300 	/* A callback that's invoked when data arrives on our outbuf so we
301 	   know to write data to the SSL. */
302 	struct evbuffer_cb_entry *outbuf_cb;
303 
304 	/* A count of how much data the bios have read/written total.  Used
305 	   for rate-limiting. */
306 	struct bio_data_counts counts;
307 
308 	/* If this value is greater than 0, then the last SSL_write blocked,
309 	 * and we need to try it again with this many bytes. */
310 	ev_ssize_t last_write;
311 
312 #define NUM_ERRORS 3
313 	ev_uint32_t errors[NUM_ERRORS];
314 
315 	/* When we next get available space, we should say "read" instead of
316 	   "write". This can happen if there's a renegotiation during a read
317 	   operation. */
318 	unsigned read_blocked_on_write : 1;
319 	/* When we next get data, we should say "write" instead of "read". */
320 	unsigned write_blocked_on_read : 1;
321 	/* Treat TCP close before SSL close on SSL >= v3 as clean EOF. */
322 	unsigned allow_dirty_shutdown : 1;
323 	/* XXXX */
324 	unsigned fd_is_set : 1;
325 	/* XXX */
326 	unsigned n_errors : 2;
327 
328 	/* Are we currently connecting, accepting, or doing IO? */
329 	unsigned state : 2;
330 };
331 
332 static int be_openssl_enable(struct bufferevent *, short);
333 static int be_openssl_disable(struct bufferevent *, short);
334 static void be_openssl_unlink(struct bufferevent *);
335 static void be_openssl_destruct(struct bufferevent *);
336 static int be_openssl_adj_timeouts(struct bufferevent *);
337 static int be_openssl_flush(struct bufferevent *bufev,
338     short iotype, enum bufferevent_flush_mode mode);
339 static int be_openssl_ctrl(struct bufferevent *, enum bufferevent_ctrl_op, union bufferevent_ctrl_data *);
340 
341 const struct bufferevent_ops bufferevent_ops_openssl = {
342 	"ssl",
343 	evutil_offsetof(struct bufferevent_openssl, bev.bev),
344 	be_openssl_enable,
345 	be_openssl_disable,
346 	be_openssl_unlink,
347 	be_openssl_destruct,
348 	be_openssl_adj_timeouts,
349 	be_openssl_flush,
350 	be_openssl_ctrl,
351 };
352 
353 /* Given a bufferevent, return a pointer to the bufferevent_openssl that
354  * contains it, if any. */
355 static inline struct bufferevent_openssl *
356 upcast(struct bufferevent *bev)
357 {
358 	struct bufferevent_openssl *bev_o;
359 	if (bev->be_ops != &bufferevent_ops_openssl)
360 		return NULL;
361 	bev_o = (void*)( ((char*)bev) -
362 			 evutil_offsetof(struct bufferevent_openssl, bev.bev));
363 	EVUTIL_ASSERT(bev_o->bev.bev.be_ops == &bufferevent_ops_openssl);
364 	return bev_o;
365 }
366 
367 static inline void
368 put_error(struct bufferevent_openssl *bev_ssl, unsigned long err)
369 {
370 	if (bev_ssl->n_errors == NUM_ERRORS)
371 		return;
372 	/* The error type according to openssl is "unsigned long", but
373 	   openssl never uses more than 32 bits of it.  It _can't_ use more
374 	   than 32 bits of it, since it needs to report errors on systems
375 	   where long is only 32 bits.
376 	 */
377 	bev_ssl->errors[bev_ssl->n_errors++] = (ev_uint32_t) err;
378 }
379 
380 /* Have the base communications channel (either the underlying bufferevent or
381  * ev_read and ev_write) start reading.  Take the read-blocked-on-write flag
382  * into account. */
383 static int
384 start_reading(struct bufferevent_openssl *bev_ssl)
385 {
386 	if (bev_ssl->underlying) {
387 		bufferevent_unsuspend_read_(bev_ssl->underlying,
388 		    BEV_SUSPEND_FILT_READ);
389 		return 0;
390 	} else {
391 		struct bufferevent *bev = &bev_ssl->bev.bev;
392 		int r;
393 		r = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
394 		if (r == 0 && bev_ssl->read_blocked_on_write)
395 			r = bufferevent_add_event_(&bev->ev_write,
396 			    &bev->timeout_write);
397 		return r;
398 	}
399 }
400 
401 /* Have the base communications channel (either the underlying bufferevent or
402  * ev_read and ev_write) start writing.  Take the write-blocked-on-read flag
403  * into account. */
404 static int
405 start_writing(struct bufferevent_openssl *bev_ssl)
406 {
407 	int r = 0;
408 	if (bev_ssl->underlying) {
409 		;
410 	} else {
411 		struct bufferevent *bev = &bev_ssl->bev.bev;
412 		r = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
413 		if (!r && bev_ssl->write_blocked_on_read)
414 			r = bufferevent_add_event_(&bev->ev_read,
415 			    &bev->timeout_read);
416 	}
417 	return r;
418 }
419 
420 static void
421 stop_reading(struct bufferevent_openssl *bev_ssl)
422 {
423 	if (bev_ssl->write_blocked_on_read)
424 		return;
425 	if (bev_ssl->underlying) {
426 		bufferevent_suspend_read_(bev_ssl->underlying,
427 		    BEV_SUSPEND_FILT_READ);
428 	} else {
429 		struct bufferevent *bev = &bev_ssl->bev.bev;
430 		event_del(&bev->ev_read);
431 	}
432 }
433 
434 static void
435 stop_writing(struct bufferevent_openssl *bev_ssl)
436 {
437 	if (bev_ssl->read_blocked_on_write)
438 		return;
439 	if (bev_ssl->underlying) {
440 		;
441 	} else {
442 		struct bufferevent *bev = &bev_ssl->bev.bev;
443 		event_del(&bev->ev_write);
444 	}
445 }
446 
447 static int
448 set_rbow(struct bufferevent_openssl *bev_ssl)
449 {
450 	if (!bev_ssl->underlying)
451 		stop_reading(bev_ssl);
452 	bev_ssl->read_blocked_on_write = 1;
453 	return start_writing(bev_ssl);
454 }
455 
456 static int
457 set_wbor(struct bufferevent_openssl *bev_ssl)
458 {
459 	if (!bev_ssl->underlying)
460 		stop_writing(bev_ssl);
461 	bev_ssl->write_blocked_on_read = 1;
462 	return start_reading(bev_ssl);
463 }
464 
465 static int
466 clear_rbow(struct bufferevent_openssl *bev_ssl)
467 {
468 	struct bufferevent *bev = &bev_ssl->bev.bev;
469 	int r = 0;
470 	bev_ssl->read_blocked_on_write = 0;
471 	if (!(bev->enabled & EV_WRITE))
472 		stop_writing(bev_ssl);
473 	if (bev->enabled & EV_READ)
474 		r = start_reading(bev_ssl);
475 	return r;
476 }
477 
478 
479 static int
480 clear_wbor(struct bufferevent_openssl *bev_ssl)
481 {
482 	struct bufferevent *bev = &bev_ssl->bev.bev;
483 	int r = 0;
484 	bev_ssl->write_blocked_on_read = 0;
485 	if (!(bev->enabled & EV_READ))
486 		stop_reading(bev_ssl);
487 	if (bev->enabled & EV_WRITE)
488 		r = start_writing(bev_ssl);
489 	return r;
490 }
491 
492 static void
493 conn_closed(struct bufferevent_openssl *bev_ssl, int when, int errcode, int ret)
494 {
495 	int event = BEV_EVENT_ERROR;
496 	int dirty_shutdown = 0;
497 	unsigned long err;
498 
499 	switch (errcode) {
500 	case SSL_ERROR_ZERO_RETURN:
501 		/* Possibly a clean shutdown. */
502 		if (SSL_get_shutdown(bev_ssl->ssl) & SSL_RECEIVED_SHUTDOWN)
503 			event = BEV_EVENT_EOF;
504 		else
505 			dirty_shutdown = 1;
506 		break;
507 	case SSL_ERROR_SYSCALL:
508 		/* IO error; possibly a dirty shutdown. */
509 		if (ret == 0 && ERR_peek_error() == 0)
510 			dirty_shutdown = 1;
511 		break;
512 	case SSL_ERROR_SSL:
513 		/* Protocol error. */
514 		break;
515 	case SSL_ERROR_WANT_X509_LOOKUP:
516 		/* XXXX handle this. */
517 		break;
518 	case SSL_ERROR_NONE:
519 	case SSL_ERROR_WANT_READ:
520 	case SSL_ERROR_WANT_WRITE:
521 	case SSL_ERROR_WANT_CONNECT:
522 	case SSL_ERROR_WANT_ACCEPT:
523 	default:
524 		/* should be impossible; treat as normal error. */
525 		event_warnx("BUG: Unexpected OpenSSL error code %d", errcode);
526 		break;
527 	}
528 
529 	while ((err = ERR_get_error())) {
530 		put_error(bev_ssl, err);
531 	}
532 
533 	if (dirty_shutdown && bev_ssl->allow_dirty_shutdown)
534 		event = BEV_EVENT_EOF;
535 
536 	stop_reading(bev_ssl);
537 	stop_writing(bev_ssl);
538 
539 	/* when is BEV_EVENT_{READING|WRITING} */
540 	event = when | event;
541 	bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
542 }
543 
544 static void
545 init_bio_counts(struct bufferevent_openssl *bev_ssl)
546 {
547 	bev_ssl->counts.n_written =
548 	    BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
549 	bev_ssl->counts.n_read =
550 	    BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
551 }
552 
553 static inline void
554 decrement_buckets(struct bufferevent_openssl *bev_ssl)
555 {
556 	unsigned long num_w = BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
557 	unsigned long num_r = BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
558 	/* These next two subtractions can wrap around. That's okay. */
559 	unsigned long w = num_w - bev_ssl->counts.n_written;
560 	unsigned long r = num_r - bev_ssl->counts.n_read;
561 	if (w)
562 		bufferevent_decrement_write_buckets_(&bev_ssl->bev, w);
563 	if (r)
564 		bufferevent_decrement_read_buckets_(&bev_ssl->bev, r);
565 	bev_ssl->counts.n_written = num_w;
566 	bev_ssl->counts.n_read = num_r;
567 }
568 
569 #define OP_MADE_PROGRESS 1
570 #define OP_BLOCKED 2
571 #define OP_ERR 4
572 
573 /* Return a bitmask of OP_MADE_PROGRESS (if we read anything); OP_BLOCKED (if
574    we're now blocked); and OP_ERR (if an error occurred). */
575 static int
576 do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) {
577 	/* Requires lock */
578 	struct bufferevent *bev = &bev_ssl->bev.bev;
579 	struct evbuffer *input = bev->input;
580 	int r, n, i, n_used = 0, atmost;
581 	struct evbuffer_iovec space[2];
582 	int result = 0;
583 
584 	if (bev_ssl->bev.read_suspended)
585 		return 0;
586 
587 	atmost = bufferevent_get_read_max_(&bev_ssl->bev);
588 	if (n_to_read > atmost)
589 		n_to_read = atmost;
590 
591 	n = evbuffer_reserve_space(input, n_to_read, space, 2);
592 	if (n < 0)
593 		return OP_ERR;
594 
595 	for (i=0; i<n; ++i) {
596 		if (bev_ssl->bev.read_suspended)
597 			break;
598 		r = SSL_read(bev_ssl->ssl, space[i].iov_base, space[i].iov_len);
599 		if (r>0) {
600 			result |= OP_MADE_PROGRESS;
601 			if (bev_ssl->read_blocked_on_write)
602 				if (clear_rbow(bev_ssl) < 0)
603 					return OP_ERR | result;
604 			++n_used;
605 			space[i].iov_len = r;
606 			decrement_buckets(bev_ssl);
607 		} else {
608 			int err = SSL_get_error(bev_ssl->ssl, r);
609 			print_err(err);
610 			switch (err) {
611 			case SSL_ERROR_WANT_READ:
612 				/* Can't read until underlying has more data. */
613 				if (bev_ssl->read_blocked_on_write)
614 					if (clear_rbow(bev_ssl) < 0)
615 						return OP_ERR | result;
616 				break;
617 			case SSL_ERROR_WANT_WRITE:
618 				/* This read operation requires a write, and the
619 				 * underlying is full */
620 				if (!bev_ssl->read_blocked_on_write)
621 					if (set_rbow(bev_ssl) < 0)
622 						return OP_ERR | result;
623 				break;
624 			default:
625 				conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
626 				break;
627 			}
628 			result |= OP_BLOCKED;
629 			break; /* out of the loop */
630 		}
631 	}
632 
633 	if (n_used) {
634 		evbuffer_commit_space(input, space, n_used);
635 		if (bev_ssl->underlying)
636 			BEV_RESET_GENERIC_READ_TIMEOUT(bev);
637 	}
638 
639 	return result;
640 }
641 
642 /* Return a bitmask of OP_MADE_PROGRESS (if we wrote anything); OP_BLOCKED (if
643    we're now blocked); and OP_ERR (if an error occurred). */
644 static int
645 do_write(struct bufferevent_openssl *bev_ssl, int atmost)
646 {
647 	int i, r, n, n_written = 0;
648 	struct bufferevent *bev = &bev_ssl->bev.bev;
649 	struct evbuffer *output = bev->output;
650 	struct evbuffer_iovec space[8];
651 	int result = 0;
652 
653 	if (bev_ssl->last_write > 0)
654 		atmost = bev_ssl->last_write;
655 	else
656 		atmost = bufferevent_get_write_max_(&bev_ssl->bev);
657 
658 	n = evbuffer_peek(output, atmost, NULL, space, 8);
659 	if (n < 0)
660 		return OP_ERR | result;
661 
662 	if (n > 8)
663 		n = 8;
664 	for (i=0; i < n; ++i) {
665 		if (bev_ssl->bev.write_suspended)
666 			break;
667 
668 		/* SSL_write will (reasonably) return 0 if we tell it to
669 		   send 0 data.  Skip this case so we don't interpret the
670 		   result as an error */
671 		if (space[i].iov_len == 0)
672 			continue;
673 
674 		r = SSL_write(bev_ssl->ssl, space[i].iov_base,
675 		    space[i].iov_len);
676 		if (r > 0) {
677 			result |= OP_MADE_PROGRESS;
678 			if (bev_ssl->write_blocked_on_read)
679 				if (clear_wbor(bev_ssl) < 0)
680 					return OP_ERR | result;
681 			n_written += r;
682 			bev_ssl->last_write = -1;
683 			decrement_buckets(bev_ssl);
684 		} else {
685 			int err = SSL_get_error(bev_ssl->ssl, r);
686 			print_err(err);
687 			switch (err) {
688 			case SSL_ERROR_WANT_WRITE:
689 				/* Can't read until underlying has more data. */
690 				if (bev_ssl->write_blocked_on_read)
691 					if (clear_wbor(bev_ssl) < 0)
692 						return OP_ERR | result;
693 				bev_ssl->last_write = space[i].iov_len;
694 				break;
695 			case SSL_ERROR_WANT_READ:
696 				/* This read operation requires a write, and the
697 				 * underlying is full */
698 				if (!bev_ssl->write_blocked_on_read)
699 					if (set_wbor(bev_ssl) < 0)
700 						return OP_ERR | result;
701 				bev_ssl->last_write = space[i].iov_len;
702 				break;
703 			default:
704 				conn_closed(bev_ssl, BEV_EVENT_WRITING, err, r);
705 				bev_ssl->last_write = -1;
706 				break;
707 			}
708 			result |= OP_BLOCKED;
709 			break;
710 		}
711 	}
712 	if (n_written) {
713 		evbuffer_drain(output, n_written);
714 		if (bev_ssl->underlying)
715 			BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
716 
717 		bufferevent_trigger_nolock_(bev, EV_WRITE, 0);
718 	}
719 	return result;
720 }
721 
722 #define WRITE_FRAME 15000
723 
724 #define READ_DEFAULT 4096
725 
726 /* Try to figure out how many bytes to read; return 0 if we shouldn't be
727  * reading. */
728 static int
729 bytes_to_read(struct bufferevent_openssl *bev)
730 {
731 	struct evbuffer *input = bev->bev.bev.input;
732 	struct event_watermark *wm = &bev->bev.bev.wm_read;
733 	int result = READ_DEFAULT;
734 	ev_ssize_t limit;
735 	/* XXX 99% of this is generic code that nearly all bufferevents will
736 	 * want. */
737 
738 	if (bev->write_blocked_on_read) {
739 		return 0;
740 	}
741 
742 	if (! (bev->bev.bev.enabled & EV_READ)) {
743 		return 0;
744 	}
745 
746 	if (bev->bev.read_suspended) {
747 		return 0;
748 	}
749 
750 	if (wm->high) {
751 		if (evbuffer_get_length(input) >= wm->high) {
752 			return 0;
753 		}
754 
755 		result = wm->high - evbuffer_get_length(input);
756 	} else {
757 		result = READ_DEFAULT;
758 	}
759 
760 	/* Respect the rate limit */
761 	limit = bufferevent_get_read_max_(&bev->bev);
762 	if (result > limit) {
763 		result = limit;
764 	}
765 
766 	return result;
767 }
768 
769 
770 /* Things look readable.  If write is blocked on read, write till it isn't.
771  * Read from the underlying buffer until we block or we hit our high-water
772  * mark.
773  */
774 static void
775 consider_reading(struct bufferevent_openssl *bev_ssl)
776 {
777 	int r;
778 	int n_to_read;
779 	int all_result_flags = 0;
780 
781 	while (bev_ssl->write_blocked_on_read) {
782 		r = do_write(bev_ssl, WRITE_FRAME);
783 		if (r & (OP_BLOCKED|OP_ERR))
784 			break;
785 	}
786 	if (bev_ssl->write_blocked_on_read)
787 		return;
788 
789 	n_to_read = bytes_to_read(bev_ssl);
790 
791 	while (n_to_read) {
792 		r = do_read(bev_ssl, n_to_read);
793 		all_result_flags |= r;
794 
795 		if (r & (OP_BLOCKED|OP_ERR))
796 			break;
797 
798 		if (bev_ssl->bev.read_suspended)
799 			break;
800 
801 		/* Read all pending data.  This won't hit the network
802 		 * again, and will (most importantly) put us in a state
803 		 * where we don't need to read anything else until the
804 		 * socket is readable again.  It'll potentially make us
805 		 * overrun our read high-watermark (somewhat
806 		 * regrettable).  The damage to the rate-limit has
807 		 * already been done, since OpenSSL went and read a
808 		 * whole SSL record anyway. */
809 		n_to_read = SSL_pending(bev_ssl->ssl);
810 
811 		/* XXX This if statement is actually a bad bug, added to avoid
812 		 * XXX a worse bug.
813 		 *
814 		 * The bad bug: It can potentially cause resource unfairness
815 		 * by reading too much data from the underlying bufferevent;
816 		 * it can potentially cause read looping if the underlying
817 		 * bufferevent is a bufferevent_pair and deferred callbacks
818 		 * aren't used.
819 		 *
820 		 * The worse bug: If we didn't do this, then we would
821 		 * potentially not read any more from bev_ssl->underlying
822 		 * until more data arrived there, which could lead to us
823 		 * waiting forever.
824 		 */
825 		if (!n_to_read && bev_ssl->underlying)
826 			n_to_read = bytes_to_read(bev_ssl);
827 	}
828 
829 	if (all_result_flags & OP_MADE_PROGRESS) {
830 		struct bufferevent *bev = &bev_ssl->bev.bev;
831 
832 		bufferevent_trigger_nolock_(bev, EV_READ, 0);
833 	}
834 
835 	if (!bev_ssl->underlying) {
836 		/* Should be redundant, but let's avoid busy-looping */
837 		if (bev_ssl->bev.read_suspended ||
838 		    !(bev_ssl->bev.bev.enabled & EV_READ)) {
839 			event_del(&bev_ssl->bev.bev.ev_read);
840 		}
841 	}
842 }
843 
844 static void
845 consider_writing(struct bufferevent_openssl *bev_ssl)
846 {
847 	int r;
848 	struct evbuffer *output = bev_ssl->bev.bev.output;
849 	struct evbuffer *target = NULL;
850 	struct event_watermark *wm = NULL;
851 
852 	while (bev_ssl->read_blocked_on_write) {
853 		r = do_read(bev_ssl, 1024); /* XXXX 1024 is a hack */
854 		if (r & OP_MADE_PROGRESS) {
855 			struct bufferevent *bev = &bev_ssl->bev.bev;
856 
857 			bufferevent_trigger_nolock_(bev, EV_READ, 0);
858 		}
859 		if (r & (OP_ERR|OP_BLOCKED))
860 			break;
861 	}
862 	if (bev_ssl->read_blocked_on_write)
863 		return;
864 	if (bev_ssl->underlying) {
865 		target = bev_ssl->underlying->output;
866 		wm = &bev_ssl->underlying->wm_write;
867 	}
868 	while ((bev_ssl->bev.bev.enabled & EV_WRITE) &&
869 	    (! bev_ssl->bev.write_suspended) &&
870 	    evbuffer_get_length(output) &&
871 	    (!target || (! wm->high || evbuffer_get_length(target) < wm->high))) {
872 		int n_to_write;
873 		if (wm && wm->high)
874 			n_to_write = wm->high - evbuffer_get_length(target);
875 		else
876 			n_to_write = WRITE_FRAME;
877 		r = do_write(bev_ssl, n_to_write);
878 		if (r & (OP_BLOCKED|OP_ERR))
879 			break;
880 	}
881 
882 	if (!bev_ssl->underlying) {
883 		if (evbuffer_get_length(output) == 0) {
884 			event_del(&bev_ssl->bev.bev.ev_write);
885 		} else if (bev_ssl->bev.write_suspended ||
886 		    !(bev_ssl->bev.bev.enabled & EV_WRITE)) {
887 			/* Should be redundant, but let's avoid busy-looping */
888 			event_del(&bev_ssl->bev.bev.ev_write);
889 		}
890 	}
891 }
892 
893 static void
894 be_openssl_readcb(struct bufferevent *bev_base, void *ctx)
895 {
896 	struct bufferevent_openssl *bev_ssl = ctx;
897 	consider_reading(bev_ssl);
898 }
899 
900 static void
901 be_openssl_writecb(struct bufferevent *bev_base, void *ctx)
902 {
903 	struct bufferevent_openssl *bev_ssl = ctx;
904 	consider_writing(bev_ssl);
905 }
906 
907 static void
908 be_openssl_eventcb(struct bufferevent *bev_base, short what, void *ctx)
909 {
910 	struct bufferevent_openssl *bev_ssl = ctx;
911 	int event = 0;
912 
913 	if (what & BEV_EVENT_EOF) {
914 		if (bev_ssl->allow_dirty_shutdown)
915 			event = BEV_EVENT_EOF;
916 		else
917 			event = BEV_EVENT_ERROR;
918 	} else if (what & BEV_EVENT_TIMEOUT) {
919 		/* We sure didn't set this.  Propagate it to the user. */
920 		event = what;
921 	} else if (what & BEV_EVENT_ERROR) {
922 		/* An error occurred on the connection.  Propagate it to the user. */
923 		event = what;
924 	} else if (what & BEV_EVENT_CONNECTED) {
925 		/* Ignore it.  We're saying SSL_connect() already, which will
926 		   eat it. */
927 	}
928 	if (event)
929 		bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
930 }
931 
932 static void
933 be_openssl_readeventcb(evutil_socket_t fd, short what, void *ptr)
934 {
935 	struct bufferevent_openssl *bev_ssl = ptr;
936 	bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
937 	if (what == EV_TIMEOUT) {
938 		bufferevent_run_eventcb_(&bev_ssl->bev.bev,
939 		    BEV_EVENT_TIMEOUT|BEV_EVENT_READING, 0);
940 	} else {
941 		consider_reading(bev_ssl);
942 	}
943 	bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
944 }
945 
946 static void
947 be_openssl_writeeventcb(evutil_socket_t fd, short what, void *ptr)
948 {
949 	struct bufferevent_openssl *bev_ssl = ptr;
950 	bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
951 	if (what == EV_TIMEOUT) {
952 		bufferevent_run_eventcb_(&bev_ssl->bev.bev,
953 		    BEV_EVENT_TIMEOUT|BEV_EVENT_WRITING, 0);
954 	} else {
955 		consider_writing(bev_ssl);
956 	}
957 	bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
958 }
959 
960 static int
961 set_open_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
962 {
963 	if (bev_ssl->underlying) {
964 		bufferevent_setcb(bev_ssl->underlying,
965 		    be_openssl_readcb, be_openssl_writecb, be_openssl_eventcb,
966 		    bev_ssl);
967 		return 0;
968 	} else {
969 		struct bufferevent *bev = &bev_ssl->bev.bev;
970 		int rpending=0, wpending=0, r1=0, r2=0;
971 		if (fd < 0 && bev_ssl->fd_is_set)
972 			fd = event_get_fd(&bev->ev_read);
973 		if (bev_ssl->fd_is_set) {
974 			rpending = event_pending(&bev->ev_read, EV_READ, NULL);
975 			wpending = event_pending(&bev->ev_write, EV_WRITE, NULL);
976 			event_del(&bev->ev_read);
977 			event_del(&bev->ev_write);
978 		}
979 		event_assign(&bev->ev_read, bev->ev_base, fd,
980 		    EV_READ|EV_PERSIST|EV_FINALIZE,
981 		    be_openssl_readeventcb, bev_ssl);
982 		event_assign(&bev->ev_write, bev->ev_base, fd,
983 		    EV_WRITE|EV_PERSIST|EV_FINALIZE,
984 		    be_openssl_writeeventcb, bev_ssl);
985 		if (rpending)
986 			r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
987 		if (wpending)
988 			r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
989 		if (fd >= 0) {
990 			bev_ssl->fd_is_set = 1;
991 		}
992 		return (r1<0 || r2<0) ? -1 : 0;
993 	}
994 }
995 
996 static int
997 do_handshake(struct bufferevent_openssl *bev_ssl)
998 {
999 	int r;
1000 
1001 	switch (bev_ssl->state) {
1002 	default:
1003 	case BUFFEREVENT_SSL_OPEN:
1004 		EVUTIL_ASSERT(0);
1005 		return -1;
1006 	case BUFFEREVENT_SSL_CONNECTING:
1007 	case BUFFEREVENT_SSL_ACCEPTING:
1008 		r = SSL_do_handshake(bev_ssl->ssl);
1009 		break;
1010 	}
1011 	decrement_buckets(bev_ssl);
1012 
1013 	if (r==1) {
1014 		/* We're done! */
1015 		bev_ssl->state = BUFFEREVENT_SSL_OPEN;
1016 		set_open_callbacks(bev_ssl, -1); /* XXXX handle failure */
1017 		/* Call do_read and do_write as needed */
1018 		bufferevent_enable(&bev_ssl->bev.bev, bev_ssl->bev.bev.enabled);
1019 		bufferevent_run_eventcb_(&bev_ssl->bev.bev,
1020 		    BEV_EVENT_CONNECTED, 0);
1021 		return 1;
1022 	} else {
1023 		int err = SSL_get_error(bev_ssl->ssl, r);
1024 		print_err(err);
1025 		switch (err) {
1026 		case SSL_ERROR_WANT_WRITE:
1027 			if (!bev_ssl->underlying) {
1028 				stop_reading(bev_ssl);
1029 				return start_writing(bev_ssl);
1030 			}
1031 			return 0;
1032 		case SSL_ERROR_WANT_READ:
1033 			if (!bev_ssl->underlying) {
1034 				stop_writing(bev_ssl);
1035 				return start_reading(bev_ssl);
1036 			}
1037 			return 0;
1038 		default:
1039 			conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
1040 			return -1;
1041 		}
1042 	}
1043 }
1044 
1045 static void
1046 be_openssl_handshakecb(struct bufferevent *bev_base, void *ctx)
1047 {
1048 	struct bufferevent_openssl *bev_ssl = ctx;
1049 	do_handshake(bev_ssl);/* XXX handle failure */
1050 }
1051 
1052 static void
1053 be_openssl_handshakeeventcb(evutil_socket_t fd, short what, void *ptr)
1054 {
1055 	struct bufferevent_openssl *bev_ssl = ptr;
1056 
1057 	bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
1058 	if (what & EV_TIMEOUT) {
1059 		bufferevent_run_eventcb_(&bev_ssl->bev.bev, BEV_EVENT_TIMEOUT, 0);
1060 	} else
1061 		do_handshake(bev_ssl);/* XXX handle failure */
1062 	bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
1063 }
1064 
1065 static int
1066 set_handshake_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
1067 {
1068 	if (bev_ssl->underlying) {
1069 		bufferevent_setcb(bev_ssl->underlying,
1070 		    be_openssl_handshakecb, be_openssl_handshakecb,
1071 		    be_openssl_eventcb,
1072 		    bev_ssl);
1073 		return do_handshake(bev_ssl);
1074 	} else {
1075 		struct bufferevent *bev = &bev_ssl->bev.bev;
1076 		int r1=0, r2=0;
1077 		if (fd < 0 && bev_ssl->fd_is_set)
1078 			fd = event_get_fd(&bev->ev_read);
1079 		if (bev_ssl->fd_is_set) {
1080 			event_del(&bev->ev_read);
1081 			event_del(&bev->ev_write);
1082 		}
1083 		event_assign(&bev->ev_read, bev->ev_base, fd,
1084 		    EV_READ|EV_PERSIST|EV_FINALIZE,
1085 		    be_openssl_handshakeeventcb, bev_ssl);
1086 		event_assign(&bev->ev_write, bev->ev_base, fd,
1087 		    EV_WRITE|EV_PERSIST|EV_FINALIZE,
1088 		    be_openssl_handshakeeventcb, bev_ssl);
1089 		if (fd >= 0) {
1090 			r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
1091 			r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
1092 			bev_ssl->fd_is_set = 1;
1093 		}
1094 		return (r1<0 || r2<0) ? -1 : 0;
1095 	}
1096 }
1097 
1098 int
1099 bufferevent_ssl_renegotiate(struct bufferevent *bev)
1100 {
1101 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1102 	if (!bev_ssl)
1103 		return -1;
1104 	if (SSL_renegotiate(bev_ssl->ssl) < 0)
1105 		return -1;
1106 	bev_ssl->state = BUFFEREVENT_SSL_CONNECTING;
1107 	if (set_handshake_callbacks(bev_ssl, -1) < 0)
1108 		return -1;
1109 	if (!bev_ssl->underlying)
1110 		return do_handshake(bev_ssl);
1111 	return 0;
1112 }
1113 
1114 static void
1115 be_openssl_outbuf_cb(struct evbuffer *buf,
1116     const struct evbuffer_cb_info *cbinfo, void *arg)
1117 {
1118 	struct bufferevent_openssl *bev_ssl = arg;
1119 	int r = 0;
1120 	/* XXX need to hold a reference here. */
1121 
1122 	if (cbinfo->n_added && bev_ssl->state == BUFFEREVENT_SSL_OPEN) {
1123 		if (cbinfo->orig_size == 0)
1124 			r = bufferevent_add_event_(&bev_ssl->bev.bev.ev_write,
1125 			    &bev_ssl->bev.bev.timeout_write);
1126 		consider_writing(bev_ssl);
1127 	}
1128 	/* XXX Handle r < 0 */
1129         (void)r;
1130 }
1131 
1132 
1133 static int
1134 be_openssl_enable(struct bufferevent *bev, short events)
1135 {
1136 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1137 	int r1 = 0, r2 = 0;
1138 
1139 	if (bev_ssl->state != BUFFEREVENT_SSL_OPEN)
1140 		return 0;
1141 
1142 	if (events & EV_READ)
1143 		r1 = start_reading(bev_ssl);
1144 	if (events & EV_WRITE)
1145 		r2 = start_writing(bev_ssl);
1146 
1147 	if (bev_ssl->underlying) {
1148 		if (events & EV_READ)
1149 			BEV_RESET_GENERIC_READ_TIMEOUT(bev);
1150 		if (events & EV_WRITE)
1151 			BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
1152 
1153 		if (events & EV_READ)
1154 			consider_reading(bev_ssl);
1155 		if (events & EV_WRITE)
1156 			consider_writing(bev_ssl);
1157 	}
1158 	return (r1 < 0 || r2 < 0) ? -1 : 0;
1159 }
1160 
1161 static int
1162 be_openssl_disable(struct bufferevent *bev, short events)
1163 {
1164 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1165 	if (bev_ssl->state != BUFFEREVENT_SSL_OPEN)
1166 		return 0;
1167 
1168 	if (events & EV_READ)
1169 		stop_reading(bev_ssl);
1170 	if (events & EV_WRITE)
1171 		stop_writing(bev_ssl);
1172 
1173 	if (bev_ssl->underlying) {
1174 		if (events & EV_READ)
1175 			BEV_DEL_GENERIC_READ_TIMEOUT(bev);
1176 		if (events & EV_WRITE)
1177 			BEV_DEL_GENERIC_WRITE_TIMEOUT(bev);
1178 	}
1179 	return 0;
1180 }
1181 
1182 static void
1183 be_openssl_unlink(struct bufferevent *bev)
1184 {
1185 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1186 
1187 	if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1188 		if (bev_ssl->underlying) {
1189 			if (BEV_UPCAST(bev_ssl->underlying)->refcnt < 2) {
1190 				event_warnx("BEV_OPT_CLOSE_ON_FREE set on an "
1191 				    "bufferevent with too few references");
1192 			} else {
1193 				bufferevent_free(bev_ssl->underlying);
1194 				/* We still have a reference to it, via our
1195 				 * BIO. So we don't drop this. */
1196 				// bev_ssl->underlying = NULL;
1197 			}
1198 		}
1199 	} else {
1200 		if (bev_ssl->underlying) {
1201 			if (bev_ssl->underlying->errorcb == be_openssl_eventcb)
1202 				bufferevent_setcb(bev_ssl->underlying,
1203 				    NULL,NULL,NULL,NULL);
1204 			bufferevent_unsuspend_read_(bev_ssl->underlying,
1205 			    BEV_SUSPEND_FILT_READ);
1206 		}
1207 	}
1208 }
1209 
1210 static void
1211 be_openssl_destruct(struct bufferevent *bev)
1212 {
1213 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1214 
1215 	if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1216 		if (! bev_ssl->underlying) {
1217 			evutil_socket_t fd = -1;
1218 			BIO *bio = SSL_get_wbio(bev_ssl->ssl);
1219 			if (bio)
1220 				fd = BIO_get_fd(bio, NULL);
1221 			if (fd >= 0)
1222 				evutil_closesocket(fd);
1223 		}
1224 		SSL_free(bev_ssl->ssl);
1225 	}
1226 }
1227 
1228 static int
1229 be_openssl_adj_timeouts(struct bufferevent *bev)
1230 {
1231 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1232 
1233 	if (bev_ssl->underlying) {
1234 		return bufferevent_generic_adj_timeouts_(bev);
1235 	} else {
1236 		int r1=0, r2=0;
1237 		if (event_pending(&bev->ev_read, EV_READ, NULL)) {
1238 			if (evutil_timerisset(&bev->timeout_read)) {
1239 				r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
1240 			} else {
1241 				event_remove_timer(&bev->ev_read);
1242 			}
1243 		}
1244 		if (event_pending(&bev->ev_write, EV_WRITE, NULL)) {
1245 			if (evutil_timerisset(&bev->timeout_write)) {
1246 				r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
1247 			} else {
1248 				event_remove_timer(&bev->ev_write);
1249 			}
1250 		}
1251 
1252 		return (r1<0 || r2<0) ? -1 : 0;
1253 	}
1254 }
1255 
1256 static int
1257 be_openssl_flush(struct bufferevent *bufev,
1258     short iotype, enum bufferevent_flush_mode mode)
1259 {
1260 	/* XXXX Implement this. */
1261 	return 0;
1262 }
1263 
1264 static int
1265 be_openssl_ctrl(struct bufferevent *bev,
1266     enum bufferevent_ctrl_op op, union bufferevent_ctrl_data *data)
1267 {
1268 	struct bufferevent_openssl *bev_ssl = upcast(bev);
1269 	switch (op) {
1270 	case BEV_CTRL_SET_FD:
1271 		if (bev_ssl->underlying)
1272 			return -1;
1273 		{
1274 			BIO *bio;
1275 			bio = BIO_new_socket(data->fd, 0);
1276 			SSL_set_bio(bev_ssl->ssl, bio, bio);
1277 			bev_ssl->fd_is_set = 1;
1278 		}
1279 		if (bev_ssl->state == BUFFEREVENT_SSL_OPEN)
1280 			return set_open_callbacks(bev_ssl, data->fd);
1281 		else {
1282 			return set_handshake_callbacks(bev_ssl, data->fd);
1283 		}
1284 	case BEV_CTRL_GET_FD:
1285 		if (bev_ssl->underlying)
1286 			return -1;
1287 		if (!bev_ssl->fd_is_set)
1288 			return -1;
1289 		data->fd = event_get_fd(&bev->ev_read);
1290 		return 0;
1291 	case BEV_CTRL_GET_UNDERLYING:
1292 		if (!bev_ssl->underlying)
1293 			return -1;
1294 		data->ptr = bev_ssl->underlying;
1295 		return 0;
1296 	case BEV_CTRL_CANCEL_ALL:
1297 	default:
1298 		return -1;
1299 	}
1300 }
1301 
1302 SSL *
1303 bufferevent_openssl_get_ssl(struct bufferevent *bufev)
1304 {
1305 	struct bufferevent_openssl *bev_ssl = upcast(bufev);
1306 	if (!bev_ssl)
1307 		return NULL;
1308 	return bev_ssl->ssl;
1309 }
1310 
1311 static struct bufferevent *
1312 bufferevent_openssl_new_impl(struct event_base *base,
1313     struct bufferevent *underlying,
1314     evutil_socket_t fd,
1315     SSL *ssl,
1316     enum bufferevent_ssl_state state,
1317     int options)
1318 {
1319 	struct bufferevent_openssl *bev_ssl = NULL;
1320 	struct bufferevent_private *bev_p = NULL;
1321 	int tmp_options = options & ~BEV_OPT_THREADSAFE;
1322 
1323 	if (underlying != NULL && fd >= 0)
1324 		return NULL; /* Only one can be set. */
1325 
1326 	if (!(bev_ssl = mm_calloc(1, sizeof(struct bufferevent_openssl))))
1327 		goto err;
1328 
1329 	bev_p = &bev_ssl->bev;
1330 
1331 	if (bufferevent_init_common_(bev_p, base,
1332 		&bufferevent_ops_openssl, tmp_options) < 0)
1333 		goto err;
1334 
1335 	/* Don't explode if we decide to realloc a chunk we're writing from in
1336 	 * the output buffer. */
1337 	SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1338 
1339 	bev_ssl->underlying = underlying;
1340 	bev_ssl->ssl = ssl;
1341 
1342 	bev_ssl->outbuf_cb = evbuffer_add_cb(bev_p->bev.output,
1343 	    be_openssl_outbuf_cb, bev_ssl);
1344 
1345 	if (options & BEV_OPT_THREADSAFE)
1346 		bufferevent_enable_locking_(&bev_ssl->bev.bev, NULL);
1347 
1348 	if (underlying) {
1349 		bufferevent_init_generic_timeout_cbs_(&bev_ssl->bev.bev);
1350 		bufferevent_incref_(underlying);
1351 	}
1352 
1353 	bev_ssl->state = state;
1354 	bev_ssl->last_write = -1;
1355 
1356 	init_bio_counts(bev_ssl);
1357 
1358 	switch (state) {
1359 	case BUFFEREVENT_SSL_ACCEPTING:
1360 		SSL_set_accept_state(bev_ssl->ssl);
1361 		if (set_handshake_callbacks(bev_ssl, fd) < 0)
1362 			goto err;
1363 		break;
1364 	case BUFFEREVENT_SSL_CONNECTING:
1365 		SSL_set_connect_state(bev_ssl->ssl);
1366 		if (set_handshake_callbacks(bev_ssl, fd) < 0)
1367 			goto err;
1368 		break;
1369 	case BUFFEREVENT_SSL_OPEN:
1370 		if (set_open_callbacks(bev_ssl, fd) < 0)
1371 			goto err;
1372 		break;
1373 	default:
1374 		goto err;
1375 	}
1376 
1377 	if (underlying) {
1378 		bufferevent_setwatermark(underlying, EV_READ, 0, 0);
1379 		bufferevent_enable(underlying, EV_READ|EV_WRITE);
1380 		if (state == BUFFEREVENT_SSL_OPEN)
1381 			bufferevent_suspend_read_(underlying,
1382 			    BEV_SUSPEND_FILT_READ);
1383 	} else {
1384 		bev_ssl->bev.bev.enabled = EV_READ|EV_WRITE;
1385 		if (bev_ssl->fd_is_set) {
1386 			if (state != BUFFEREVENT_SSL_OPEN)
1387 				if (event_add(&bev_ssl->bev.bev.ev_read, NULL) < 0)
1388 					goto err;
1389 			if (event_add(&bev_ssl->bev.bev.ev_write, NULL) < 0)
1390 				goto err;
1391 		}
1392 	}
1393 
1394 	return &bev_ssl->bev.bev;
1395 err:
1396 	if (bev_ssl)
1397 		bufferevent_free(&bev_ssl->bev.bev);
1398 	return NULL;
1399 }
1400 
1401 struct bufferevent *
1402 bufferevent_openssl_filter_new(struct event_base *base,
1403     struct bufferevent *underlying,
1404     SSL *ssl,
1405     enum bufferevent_ssl_state state,
1406     int options)
1407 {
1408 	/* We don't tell the BIO to close the bufferevent; we do it ourselves
1409 	 * on be_openssl_destruct */
1410 	int close_flag = 0; /* options & BEV_OPT_CLOSE_ON_FREE; */
1411 	BIO *bio;
1412 	if (!underlying)
1413 		return NULL;
1414 	if (!(bio = BIO_new_bufferevent(underlying, close_flag)))
1415 		return NULL;
1416 
1417 	SSL_set_bio(ssl, bio, bio);
1418 
1419 	return bufferevent_openssl_new_impl(
1420 		base, underlying, -1, ssl, state, options);
1421 }
1422 
1423 struct bufferevent *
1424 bufferevent_openssl_socket_new(struct event_base *base,
1425     evutil_socket_t fd,
1426     SSL *ssl,
1427     enum bufferevent_ssl_state state,
1428     int options)
1429 {
1430 	/* Does the SSL already have an fd? */
1431 	BIO *bio = SSL_get_wbio(ssl);
1432 	long have_fd = -1;
1433 
1434 	if (bio)
1435 		have_fd = BIO_get_fd(bio, NULL);
1436 
1437 	if (have_fd >= 0) {
1438 		/* The SSL is already configured with an fd. */
1439 		if (fd < 0) {
1440 			/* We should learn the fd from the SSL. */
1441 			fd = (evutil_socket_t) have_fd;
1442 		} else if (have_fd == (long)fd) {
1443 			/* We already know the fd from the SSL; do nothing */
1444 		} else {
1445 			/* We specified an fd different from that of the SSL.
1446 			   This is probably an error on our part.  Fail. */
1447 			return NULL;
1448 		}
1449 		(void) BIO_set_close(bio, 0);
1450 	} else {
1451 		/* The SSL isn't configured with a BIO with an fd. */
1452 		if (fd >= 0) {
1453 			/* ... and we have an fd we want to use. */
1454 			bio = BIO_new_socket(fd, 0);
1455 			SSL_set_bio(ssl, bio, bio);
1456 		} else {
1457 			/* Leave the fd unset. */
1458 		}
1459 	}
1460 
1461 	return bufferevent_openssl_new_impl(
1462 		base, NULL, fd, ssl, state, options);
1463 }
1464 
1465 int
1466 bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev)
1467 {
1468 	int allow_dirty_shutdown = -1;
1469 	struct bufferevent_openssl *bev_ssl;
1470 	BEV_LOCK(bev);
1471 	bev_ssl = upcast(bev);
1472 	if (bev_ssl)
1473 		allow_dirty_shutdown = bev_ssl->allow_dirty_shutdown;
1474 	BEV_UNLOCK(bev);
1475 	return allow_dirty_shutdown;
1476 }
1477 
1478 void
1479 bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev,
1480     int allow_dirty_shutdown)
1481 {
1482 	struct bufferevent_openssl *bev_ssl;
1483 	BEV_LOCK(bev);
1484 	bev_ssl = upcast(bev);
1485 	if (bev_ssl)
1486 		bev_ssl->allow_dirty_shutdown = !!allow_dirty_shutdown;
1487 	BEV_UNLOCK(bev);
1488 }
1489 
1490 unsigned long
1491 bufferevent_get_openssl_error(struct bufferevent *bev)
1492 {
1493 	unsigned long err = 0;
1494 	struct bufferevent_openssl *bev_ssl;
1495 	BEV_LOCK(bev);
1496 	bev_ssl = upcast(bev);
1497 	if (bev_ssl && bev_ssl->n_errors) {
1498 		err = bev_ssl->errors[--bev_ssl->n_errors];
1499 	}
1500 	BEV_UNLOCK(bev);
1501 	return err;
1502 }
1503