1 /* ssl/bio_ssl.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 #include <stdlib.h> 61 #include <string.h> 62 #include <errno.h> 63 #include <openssl/crypto.h> 64 #include <openssl/bio.h> 65 #include <openssl/err.h> 66 #include <openssl/ssl.h> 67 68 static int ssl_write(BIO *h, const char *buf, int num); 69 static int ssl_read(BIO *h, char *buf, int size); 70 static int ssl_puts(BIO *h, const char *str); 71 static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2); 72 static int ssl_new(BIO *h); 73 static int ssl_free(BIO *data); 74 static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); 75 typedef struct bio_ssl_st { 76 SSL *ssl; /* The ssl handle :-) */ 77 /* re-negotiate every time the total number of bytes is this size */ 78 int num_renegotiates; 79 unsigned long renegotiate_count; 80 unsigned long byte_count; 81 unsigned long renegotiate_timeout; 82 unsigned long last_time; 83 } BIO_SSL; 84 85 static BIO_METHOD methods_sslp = { 86 BIO_TYPE_SSL, "ssl", 87 ssl_write, 88 ssl_read, 89 ssl_puts, 90 NULL, /* ssl_gets, */ 91 ssl_ctrl, 92 ssl_new, 93 ssl_free, 94 ssl_callback_ctrl, 95 }; 96 97 BIO_METHOD *BIO_f_ssl(void) 98 { 99 return (&methods_sslp); 100 } 101 102 static int ssl_new(BIO *bi) 103 { 104 BIO_SSL *bs; 105 106 bs = (BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL)); 107 if (bs == NULL) { 108 BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE); 109 return (0); 110 } 111 memset(bs, 0, sizeof(BIO_SSL)); 112 bi->init = 0; 113 bi->ptr = (char *)bs; 114 bi->flags = 0; 115 return (1); 116 } 117 118 static int ssl_free(BIO *a) 119 { 120 BIO_SSL *bs; 121 122 if (a == NULL) 123 return (0); 124 bs = (BIO_SSL *)a->ptr; 125 if (bs->ssl != NULL) 126 SSL_shutdown(bs->ssl); 127 if (a->shutdown) { 128 if (a->init && (bs->ssl != NULL)) 129 SSL_free(bs->ssl); 130 a->init = 0; 131 a->flags = 0; 132 } 133 if (a->ptr != NULL) 134 OPENSSL_free(a->ptr); 135 return (1); 136 } 137 138 static int ssl_read(BIO *b, char *out, int outl) 139 { 140 int ret = 1; 141 BIO_SSL *sb; 142 SSL *ssl; 143 int retry_reason = 0; 144 int r = 0; 145 146 if (out == NULL) 147 return (0); 148 sb = (BIO_SSL *)b->ptr; 149 ssl = sb->ssl; 150 151 BIO_clear_retry_flags(b); 152 153 #if 0 154 if (!SSL_is_init_finished(ssl)) { 155 /* ret=SSL_do_handshake(ssl); */ 156 if (ret > 0) { 157 158 outflags = (BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY); 159 ret = -1; 160 goto end; 161 } 162 } 163 #endif 164 /* if (ret > 0) */ 165 ret = SSL_read(ssl, out, outl); 166 167 switch (SSL_get_error(ssl, ret)) { 168 case SSL_ERROR_NONE: 169 if (ret <= 0) 170 break; 171 if (sb->renegotiate_count > 0) { 172 sb->byte_count += ret; 173 if (sb->byte_count > sb->renegotiate_count) { 174 sb->byte_count = 0; 175 sb->num_renegotiates++; 176 SSL_renegotiate(ssl); 177 r = 1; 178 } 179 } 180 if ((sb->renegotiate_timeout > 0) && (!r)) { 181 unsigned long tm; 182 183 tm = (unsigned long)time(NULL); 184 if (tm > sb->last_time + sb->renegotiate_timeout) { 185 sb->last_time = tm; 186 sb->num_renegotiates++; 187 SSL_renegotiate(ssl); 188 } 189 } 190 191 break; 192 case SSL_ERROR_WANT_READ: 193 BIO_set_retry_read(b); 194 break; 195 case SSL_ERROR_WANT_WRITE: 196 BIO_set_retry_write(b); 197 break; 198 case SSL_ERROR_WANT_X509_LOOKUP: 199 BIO_set_retry_special(b); 200 retry_reason = BIO_RR_SSL_X509_LOOKUP; 201 break; 202 case SSL_ERROR_WANT_ACCEPT: 203 BIO_set_retry_special(b); 204 retry_reason = BIO_RR_ACCEPT; 205 break; 206 case SSL_ERROR_WANT_CONNECT: 207 BIO_set_retry_special(b); 208 retry_reason = BIO_RR_CONNECT; 209 break; 210 case SSL_ERROR_SYSCALL: 211 case SSL_ERROR_SSL: 212 case SSL_ERROR_ZERO_RETURN: 213 default: 214 break; 215 } 216 217 b->retry_reason = retry_reason; 218 return (ret); 219 } 220 221 static int ssl_write(BIO *b, const char *out, int outl) 222 { 223 int ret, r = 0; 224 int retry_reason = 0; 225 SSL *ssl; 226 BIO_SSL *bs; 227 228 if (out == NULL) 229 return (0); 230 bs = (BIO_SSL *)b->ptr; 231 ssl = bs->ssl; 232 233 BIO_clear_retry_flags(b); 234 235 /* 236 * ret=SSL_do_handshake(ssl); if (ret > 0) 237 */ 238 ret = SSL_write(ssl, out, outl); 239 240 switch (SSL_get_error(ssl, ret)) { 241 case SSL_ERROR_NONE: 242 if (ret <= 0) 243 break; 244 if (bs->renegotiate_count > 0) { 245 bs->byte_count += ret; 246 if (bs->byte_count > bs->renegotiate_count) { 247 bs->byte_count = 0; 248 bs->num_renegotiates++; 249 SSL_renegotiate(ssl); 250 r = 1; 251 } 252 } 253 if ((bs->renegotiate_timeout > 0) && (!r)) { 254 unsigned long tm; 255 256 tm = (unsigned long)time(NULL); 257 if (tm > bs->last_time + bs->renegotiate_timeout) { 258 bs->last_time = tm; 259 bs->num_renegotiates++; 260 SSL_renegotiate(ssl); 261 } 262 } 263 break; 264 case SSL_ERROR_WANT_WRITE: 265 BIO_set_retry_write(b); 266 break; 267 case SSL_ERROR_WANT_READ: 268 BIO_set_retry_read(b); 269 break; 270 case SSL_ERROR_WANT_X509_LOOKUP: 271 BIO_set_retry_special(b); 272 retry_reason = BIO_RR_SSL_X509_LOOKUP; 273 break; 274 case SSL_ERROR_WANT_CONNECT: 275 BIO_set_retry_special(b); 276 retry_reason = BIO_RR_CONNECT; 277 case SSL_ERROR_SYSCALL: 278 case SSL_ERROR_SSL: 279 default: 280 break; 281 } 282 283 b->retry_reason = retry_reason; 284 return (ret); 285 } 286 287 static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) 288 { 289 SSL **sslp, *ssl; 290 BIO_SSL *bs; 291 BIO *dbio, *bio; 292 long ret = 1; 293 294 bs = (BIO_SSL *)b->ptr; 295 ssl = bs->ssl; 296 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) 297 return (0); 298 switch (cmd) { 299 case BIO_CTRL_RESET: 300 SSL_shutdown(ssl); 301 302 if (ssl->handshake_func == ssl->method->ssl_connect) 303 SSL_set_connect_state(ssl); 304 else if (ssl->handshake_func == ssl->method->ssl_accept) 305 SSL_set_accept_state(ssl); 306 307 SSL_clear(ssl); 308 309 if (b->next_bio != NULL) 310 ret = BIO_ctrl(b->next_bio, cmd, num, ptr); 311 else if (ssl->rbio != NULL) 312 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); 313 else 314 ret = 1; 315 break; 316 case BIO_CTRL_INFO: 317 ret = 0; 318 break; 319 case BIO_C_SSL_MODE: 320 if (num) /* client mode */ 321 SSL_set_connect_state(ssl); 322 else 323 SSL_set_accept_state(ssl); 324 break; 325 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: 326 ret = bs->renegotiate_timeout; 327 if (num < 60) 328 num = 5; 329 bs->renegotiate_timeout = (unsigned long)num; 330 bs->last_time = (unsigned long)time(NULL); 331 break; 332 case BIO_C_SET_SSL_RENEGOTIATE_BYTES: 333 ret = bs->renegotiate_count; 334 if ((long)num >= 512) 335 bs->renegotiate_count = (unsigned long)num; 336 break; 337 case BIO_C_GET_SSL_NUM_RENEGOTIATES: 338 ret = bs->num_renegotiates; 339 break; 340 case BIO_C_SET_SSL: 341 if (ssl != NULL) { 342 ssl_free(b); 343 if (!ssl_new(b)) 344 return 0; 345 } 346 b->shutdown = (int)num; 347 ssl = (SSL *)ptr; 348 ((BIO_SSL *)b->ptr)->ssl = ssl; 349 bio = SSL_get_rbio(ssl); 350 if (bio != NULL) { 351 if (b->next_bio != NULL) 352 BIO_push(bio, b->next_bio); 353 b->next_bio = bio; 354 CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO); 355 } 356 b->init = 1; 357 break; 358 case BIO_C_GET_SSL: 359 if (ptr != NULL) { 360 sslp = (SSL **)ptr; 361 *sslp = ssl; 362 } else 363 ret = 0; 364 break; 365 case BIO_CTRL_GET_CLOSE: 366 ret = b->shutdown; 367 break; 368 case BIO_CTRL_SET_CLOSE: 369 b->shutdown = (int)num; 370 break; 371 case BIO_CTRL_WPENDING: 372 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); 373 break; 374 case BIO_CTRL_PENDING: 375 ret = SSL_pending(ssl); 376 if (ret == 0) 377 ret = BIO_pending(ssl->rbio); 378 break; 379 case BIO_CTRL_FLUSH: 380 BIO_clear_retry_flags(b); 381 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); 382 BIO_copy_next_retry(b); 383 break; 384 case BIO_CTRL_PUSH: 385 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) { 386 SSL_set_bio(ssl, b->next_bio, b->next_bio); 387 CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO); 388 } 389 break; 390 case BIO_CTRL_POP: 391 /* Only detach if we are the BIO explicitly being popped */ 392 if (b == ptr) { 393 /* 394 * Shouldn't happen in practice because the rbio and wbio are the 395 * same when pushed. 396 */ 397 if (ssl->rbio != ssl->wbio) 398 BIO_free_all(ssl->wbio); 399 if (b->next_bio != NULL) 400 CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO); 401 ssl->wbio = NULL; 402 ssl->rbio = NULL; 403 } 404 break; 405 case BIO_C_DO_STATE_MACHINE: 406 BIO_clear_retry_flags(b); 407 408 b->retry_reason = 0; 409 ret = (int)SSL_do_handshake(ssl); 410 411 switch (SSL_get_error(ssl, (int)ret)) { 412 case SSL_ERROR_WANT_READ: 413 BIO_set_flags(b, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY); 414 break; 415 case SSL_ERROR_WANT_WRITE: 416 BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY); 417 break; 418 case SSL_ERROR_WANT_CONNECT: 419 BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY); 420 b->retry_reason = b->next_bio->retry_reason; 421 break; 422 default: 423 break; 424 } 425 break; 426 case BIO_CTRL_DUP: 427 dbio = (BIO *)ptr; 428 if (((BIO_SSL *)dbio->ptr)->ssl != NULL) 429 SSL_free(((BIO_SSL *)dbio->ptr)->ssl); 430 ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl); 431 ((BIO_SSL *)dbio->ptr)->renegotiate_count = 432 ((BIO_SSL *)b->ptr)->renegotiate_count; 433 ((BIO_SSL *)dbio->ptr)->byte_count = ((BIO_SSL *)b->ptr)->byte_count; 434 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout = 435 ((BIO_SSL *)b->ptr)->renegotiate_timeout; 436 ((BIO_SSL *)dbio->ptr)->last_time = ((BIO_SSL *)b->ptr)->last_time; 437 ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL); 438 break; 439 case BIO_C_GET_FD: 440 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); 441 break; 442 case BIO_CTRL_SET_CALLBACK: 443 { 444 #if 0 /* FIXME: Should this be used? -- Richard 445 * Levitte */ 446 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 447 ret = -1; 448 #else 449 ret = 0; 450 #endif 451 } 452 break; 453 case BIO_CTRL_GET_CALLBACK: 454 { 455 void (**fptr) (const SSL *xssl, int type, int val); 456 457 fptr = (void (**)(const SSL *xssl, int type, int val))ptr; 458 *fptr = SSL_get_info_callback(ssl); 459 } 460 break; 461 default: 462 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); 463 break; 464 } 465 return (ret); 466 } 467 468 static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) 469 { 470 SSL *ssl; 471 BIO_SSL *bs; 472 long ret = 1; 473 474 bs = (BIO_SSL *)b->ptr; 475 ssl = bs->ssl; 476 switch (cmd) { 477 case BIO_CTRL_SET_CALLBACK: 478 { 479 /* 480 * FIXME: setting this via a completely different prototype seems 481 * like a crap idea 482 */ 483 SSL_set_info_callback(ssl, (void (*)(const SSL *, int, int))fp); 484 } 485 break; 486 default: 487 ret = BIO_callback_ctrl(ssl->rbio, cmd, fp); 488 break; 489 } 490 return (ret); 491 } 492 493 static int ssl_puts(BIO *bp, const char *str) 494 { 495 int n, ret; 496 497 n = strlen(str); 498 ret = BIO_write(bp, str, n); 499 return (ret); 500 } 501 502 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) 503 { 504 #ifndef OPENSSL_NO_SOCK 505 BIO *ret = NULL, *buf = NULL, *ssl = NULL; 506 507 if ((buf = BIO_new(BIO_f_buffer())) == NULL) 508 return (NULL); 509 if ((ssl = BIO_new_ssl_connect(ctx)) == NULL) 510 goto err; 511 if ((ret = BIO_push(buf, ssl)) == NULL) 512 goto err; 513 return (ret); 514 err: 515 if (buf != NULL) 516 BIO_free(buf); 517 if (ssl != NULL) 518 BIO_free(ssl); 519 #endif 520 return (NULL); 521 } 522 523 BIO *BIO_new_ssl_connect(SSL_CTX *ctx) 524 { 525 #ifndef OPENSSL_NO_SOCK 526 BIO *ret = NULL, *con = NULL, *ssl = NULL; 527 528 if ((con = BIO_new(BIO_s_connect())) == NULL) 529 return (NULL); 530 if ((ssl = BIO_new_ssl(ctx, 1)) == NULL) 531 goto err; 532 if ((ret = BIO_push(ssl, con)) == NULL) 533 goto err; 534 return (ret); 535 err: 536 if (con != NULL) 537 BIO_free(con); 538 #endif 539 return (NULL); 540 } 541 542 BIO *BIO_new_ssl(SSL_CTX *ctx, int client) 543 { 544 BIO *ret; 545 SSL *ssl; 546 547 if ((ret = BIO_new(BIO_f_ssl())) == NULL) 548 return (NULL); 549 if ((ssl = SSL_new(ctx)) == NULL) { 550 BIO_free(ret); 551 return (NULL); 552 } 553 if (client) 554 SSL_set_connect_state(ssl); 555 else 556 SSL_set_accept_state(ssl); 557 558 BIO_set_ssl(ret, ssl, BIO_CLOSE); 559 return (ret); 560 } 561 562 int BIO_ssl_copy_session_id(BIO *t, BIO *f) 563 { 564 t = BIO_find_type(t, BIO_TYPE_SSL); 565 f = BIO_find_type(f, BIO_TYPE_SSL); 566 if ((t == NULL) || (f == NULL)) 567 return (0); 568 if ((((BIO_SSL *)t->ptr)->ssl == NULL) || 569 (((BIO_SSL *)f->ptr)->ssl == NULL)) 570 return (0); 571 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, ((BIO_SSL *)f->ptr)->ssl); 572 return (1); 573 } 574 575 void BIO_ssl_shutdown(BIO *b) 576 { 577 SSL *s; 578 579 while (b != NULL) { 580 if (b->method->type == BIO_TYPE_SSL) { 581 s = ((BIO_SSL *)b->ptr)->ssl; 582 SSL_shutdown(s); 583 break; 584 } 585 b = b->next_bio; 586 } 587 } 588