1
/*
2
 * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
3
 *
4
 * Redistribution and use in source and binary forms, with or without
5
 * modification, are permitted provided that the following conditions
6
 * are met:
7
 * 1. Redistributions of source code must retain the above copyright
8
 *    notice, this list of conditions and the following disclaimer.
9
 * 2. Redistributions in binary form must reproduce the above copyright
10
 *    notice, this list of conditions and the following disclaimer in the
11
 *    documentation and/or other materials provided with the distribution.
12
 * 3. The name of the author may not be used to endorse or promote products
13
 *    derived from this software without specific prior written permission.
14
 *
15
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25
 */
26

27
// Get rid of OSX 10.7 and greater deprecation warnings.
28
#if defined(__APPLE__) && defined(__clang__)
29
#pragma clang diagnostic ignored "-Wdeprecated-declarations"
30
#endif
31

32
#include "event2/event-config.h"
33
#include "evconfig-private.h"
34

35
#include <sys/types.h>
36

37
#ifdef EVENT__HAVE_SYS_TIME_H
38
#include <sys/time.h>
39
#endif
40

41
#include <errno.h>
42
#include <stdio.h>
43
#include <stdlib.h>
44
#include <string.h>
45
#ifdef EVENT__HAVE_STDARG_H
46
#include <stdarg.h>
47
#endif
48
#ifdef EVENT__HAVE_UNISTD_H
49
#include <unistd.h>
50
#endif
51

52
#ifdef _WIN32
53
#include <winsock2.h>
54
#endif
55

56
#include "event2/bufferevent.h"
57
#include "event2/bufferevent_struct.h"
58
#include "event2/bufferevent_ssl.h"
59
#include "event2/buffer.h"
60
#include "event2/event.h"
61

62
#include "mm-internal.h"
63
#include "bufferevent-internal.h"
64
#include "log-internal.h"
65

66
#include <openssl/ssl.h>
67
#include <openssl/err.h>
68
#include "openssl-compat.h"
69

70
/*
71
 * Define an OpenSSL bio that targets a bufferevent.
72
 */
73

74
/* --------------------
75
   A BIO is an OpenSSL abstraction that handles reading and writing data.  The
76
   library will happily speak SSL over anything that implements a BIO
77
   interface.
78

79
   Here we define a BIO implementation that directs its output to a
80
   bufferevent.  We'll want to use this only when none of OpenSSL's built-in
81
   IO mechanisms work for us.
82
   -------------------- */
83

84
/* every BIO type needs its own integer type value. */
85
#define BIO_TYPE_LIBEVENT 57
86
/* ???? Arguably, we should set BIO_TYPE_FILTER or BIO_TYPE_SOURCE_SINK on
87
 * this. */
88

89
#if 0
90
static void
91
print_err(int val)
92
{
93
	int err;
94
	printf("Error was %d\n", val);
95

96
	while ((err = ERR_get_error())) {
97
		const char *msg = (const char*)ERR_reason_error_string(err);
98
		const char *lib = (const char*)ERR_lib_error_string(err);
99
		const char *func = (const char*)ERR_func_error_string(err);
100

101
		printf("%s in %s %s\n", msg, lib, func);
102
	}
103
}
104
#else
105
#define print_err(v) ((void)0)
106
#endif
107

108
/* Called to initialize a new BIO */
109
static int
110
bio_bufferevent_new(BIO *b)
111
{
112
	BIO_set_init(b, 0);
113
	BIO_set_data(b, NULL); /* We'll be putting the bufferevent in this field.*/
114
	return 1;
115
}
116

117
/* Called to uninitialize the BIO. */
118
static int
119
bio_bufferevent_free(BIO *b)
120
{
121
	if (!b)
122
		return 0;
123
	if (BIO_get_shutdown(b)) {
124
		if (BIO_get_init(b) && BIO_get_data(b))
125
			bufferevent_free(BIO_get_data(b));
126
		BIO_free(b);
127
	}
128
	return 1;
129
}
130

131
/* Called to extract data from the BIO. */
132
static int
133
bio_bufferevent_read(BIO *b, char *out, int outlen)
134
{
135
	int r = 0;
136
	struct evbuffer *input;
137

138
	BIO_clear_retry_flags(b);
139

140
	if (!out)
141
		return 0;
142
	if (!BIO_get_data(b))
143
		return -1;
144

145
	input = bufferevent_get_input(BIO_get_data(b));
146
	if (evbuffer_get_length(input) == 0) {
147
		/* If there's no data to read, say so. */
148
		BIO_set_retry_read(b);
149
		return -1;
150
	} else {
151
		r = evbuffer_remove(input, out, outlen);
152
	}
153

154
	return r;
155
}
156

157
/* Called to write data into the BIO */
158
static int
159
bio_bufferevent_write(BIO *b, const char *in, int inlen)
160
{
161
	struct bufferevent *bufev = BIO_get_data(b);
162
	struct evbuffer *output;
163
	size_t outlen;
164

165
	BIO_clear_retry_flags(b);
166

167
	if (!BIO_get_data(b))
168
		return -1;
169

170
	output = bufferevent_get_output(bufev);
171
	outlen = evbuffer_get_length(output);
172

173
	/* Copy only as much data onto the output buffer as can fit under the
174
	 * high-water mark. */
175
	if (bufev->wm_write.high && bufev->wm_write.high <= (outlen+inlen)) {
176
		if (bufev->wm_write.high <= outlen) {
177
			/* If no data can fit, we'll need to retry later. */
178
			BIO_set_retry_write(b);
179
			return -1;
180
		}
181
		inlen = bufev->wm_write.high - outlen;
182
	}
183

184
	EVUTIL_ASSERT(inlen > 0);
185
	evbuffer_add(output, in, inlen);
186
	return inlen;
187
}
188

189
/* Called to handle various requests */
190
static long
191
bio_bufferevent_ctrl(BIO *b, int cmd, long num, void *ptr)
192
{
193
	struct bufferevent *bufev = BIO_get_data(b);
194
	long ret = 1;
195

196
	switch (cmd) {
197
	case BIO_CTRL_GET_CLOSE:
198
		ret = BIO_get_shutdown(b);
199
		break;
200
	case BIO_CTRL_SET_CLOSE:
201
		BIO_set_shutdown(b, (int)num);
202
		break;
203
	case BIO_CTRL_PENDING:
204
		ret = evbuffer_get_length(bufferevent_get_input(bufev)) != 0;
205
		break;
206
	case BIO_CTRL_WPENDING:
207
		ret = evbuffer_get_length(bufferevent_get_output(bufev)) != 0;
208
		break;
209
	/* XXXX These two are given a special-case treatment because
210
	 * of cargo-cultism.  I should come up with a better reason. */
211
	case BIO_CTRL_DUP:
212
	case BIO_CTRL_FLUSH:
213
		ret = 1;
214
		break;
215
	default:
216
		ret = 0;
217
		break;
218
	}
219
	return ret;
220
}
221

222
/* Called to write a string to the BIO */
223
static int
224
bio_bufferevent_puts(BIO *b, const char *s)
225
{
226
	return bio_bufferevent_write(b, s, strlen(s));
227
}
228

229
/* Method table for the bufferevent BIO */
230
static BIO_METHOD *methods_bufferevent;
231

232
/* Return the method table for the bufferevents BIO */
233
static BIO_METHOD *
234
BIO_s_bufferevent(void)
235
{
236
	if (methods_bufferevent == NULL) {
237
		methods_bufferevent = BIO_meth_new(BIO_TYPE_LIBEVENT, "bufferevent");
238
		if (methods_bufferevent == NULL)
239
			return NULL;
240
		BIO_meth_set_write(methods_bufferevent, bio_bufferevent_write);
241
		BIO_meth_set_read(methods_bufferevent, bio_bufferevent_read);
242
		BIO_meth_set_puts(methods_bufferevent, bio_bufferevent_puts);
243
		BIO_meth_set_ctrl(methods_bufferevent, bio_bufferevent_ctrl);
244
		BIO_meth_set_create(methods_bufferevent, bio_bufferevent_new);
245
		BIO_meth_set_destroy(methods_bufferevent, bio_bufferevent_free);
246
	}
247
	return methods_bufferevent;
248
}
249

250
/* Create a new BIO to wrap communication around a bufferevent.  If close_flag
251
 * is true, the bufferevent will be freed when the BIO is closed. */
252
static BIO *
253
BIO_new_bufferevent(struct bufferevent *bufferevent)
254
{
255
	BIO *result;
256
	if (!bufferevent)
257
		return NULL;
258
	if (!(result = BIO_new(BIO_s_bufferevent())))
259
		return NULL;
260
	BIO_set_init(result, 1);
261
	BIO_set_data(result, bufferevent);
262
	/* We don't tell the BIO to close the bufferevent; we do it ourselves on
263
	 * be_openssl_destruct() */
264
	BIO_set_shutdown(result, 0);
265
	return result;
266
}
267

268
/* --------------------
269
   Now, here's the OpenSSL-based implementation of bufferevent.
270

271
   The implementation comes in two flavors: one that connects its SSL object
272
   to an underlying bufferevent using a BIO_bufferevent, and one that has the
273
   SSL object connect to a socket directly.  The latter should generally be
274
   faster, except on Windows, where your best bet is using a
275
   bufferevent_async.
276

277
   (OpenSSL supports many other BIO types, too.  But we can't use any unless
278
   we have a good way to get notified when they become readable/writable.)
279
   -------------------- */
280

281
struct bio_data_counts {
282
	unsigned long n_written;
283
	unsigned long n_read;
284
};
285

286
struct bufferevent_openssl {
287
	/* Shared fields with common bufferevent implementation code.
288
	   If we were set up with an underlying bufferevent, we use the
289
	   events here as timers only.  If we have an SSL, then we use
290
	   the events as socket events.
291
	 */
292
	struct bufferevent_private bev;
293
	/* An underlying bufferevent that we're directing our output to.
294
	   If it's NULL, then we're connected to an fd, not an evbuffer. */
295
	struct bufferevent *underlying;
296
	/* The SSL object doing our encryption. */
297
	SSL *ssl;
298

299
	/* A callback that's invoked when data arrives on our outbuf so we
300
	   know to write data to the SSL. */
301
	struct evbuffer_cb_entry *outbuf_cb;
302

303
	/* A count of how much data the bios have read/written total.  Used
304
	   for rate-limiting. */
305
	struct bio_data_counts counts;
306

307
	/* If this value is greater than 0, then the last SSL_write blocked,
308
	 * and we need to try it again with this many bytes. */
309
	ev_ssize_t last_write;
310

311
#define NUM_ERRORS 3
312
	ev_uint32_t errors[NUM_ERRORS];
313

314
	/* When we next get available space, we should say "read" instead of
315
	   "write". This can happen if there's a renegotiation during a read
316
	   operation. */
317
	unsigned read_blocked_on_write : 1;
318
	/* When we next get data, we should say "write" instead of "read". */
319
	unsigned write_blocked_on_read : 1;
320
	/* Treat TCP close before SSL close on SSL >= v3 as clean EOF. */
321
	unsigned allow_dirty_shutdown : 1;
322
	/* XXX */
323
	unsigned n_errors : 2;
324

325
	/* Are we currently connecting, accepting, or doing IO? */
326
	unsigned state : 2;
327
	/* If we reset fd, we sould reset state too */
328
	unsigned old_state : 2;
329
};
330

331
static int be_openssl_enable(struct bufferevent *, short);
332
static int be_openssl_disable(struct bufferevent *, short);
333
static void be_openssl_unlink(struct bufferevent *);
334
static void be_openssl_destruct(struct bufferevent *);
335
static int be_openssl_adj_timeouts(struct bufferevent *);
336
static int be_openssl_flush(struct bufferevent *bufev,
337
    short iotype, enum bufferevent_flush_mode mode);
338
static int be_openssl_ctrl(struct bufferevent *, enum bufferevent_ctrl_op, union bufferevent_ctrl_data *);
339

340
const struct bufferevent_ops bufferevent_ops_openssl = {
341
	"ssl",
342
	evutil_offsetof(struct bufferevent_openssl, bev.bev),
343
	be_openssl_enable,
344
	be_openssl_disable,
345
	be_openssl_unlink,
346
	be_openssl_destruct,
347
	be_openssl_adj_timeouts,
348
	be_openssl_flush,
349
	be_openssl_ctrl,
350
};
351

352
/* Given a bufferevent, return a pointer to the bufferevent_openssl that
353
 * contains it, if any. */
354
static inline struct bufferevent_openssl *
355
upcast(struct bufferevent *bev)
356
{
357
	struct bufferevent_openssl *bev_o;
358
	if (!BEV_IS_OPENSSL(bev))
359
		return NULL;
360
	bev_o = (void*)( ((char*)bev) -
361
			 evutil_offsetof(struct bufferevent_openssl, bev.bev));
362
	EVUTIL_ASSERT(BEV_IS_OPENSSL(&bev_o->bev.bev));
363
	return bev_o;
364
}
365

366
static inline void
367
put_error(struct bufferevent_openssl *bev_ssl, unsigned long err)
368
{
369
	if (bev_ssl->n_errors == NUM_ERRORS)
370
		return;
371
	/* The error type according to openssl is "unsigned long", but
372
	   openssl never uses more than 32 bits of it.  It _can't_ use more
373
	   than 32 bits of it, since it needs to report errors on systems
374
	   where long is only 32 bits.
375
	 */
376
	bev_ssl->errors[bev_ssl->n_errors++] = (ev_uint32_t) err;
377
}
378

379
/* Have the base communications channel (either the underlying bufferevent or
380
 * ev_read and ev_write) start reading.  Take the read-blocked-on-write flag
381
 * into account. */
382
static int
383
start_reading(struct bufferevent_openssl *bev_ssl)
384
{
385
	if (bev_ssl->underlying) {
386
		bufferevent_unsuspend_read_(bev_ssl->underlying,
387
		    BEV_SUSPEND_FILT_READ);
388
		return 0;
389
	} else {
390
		struct bufferevent *bev = &bev_ssl->bev.bev;
391
		int r;
392
		r = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
393
		if (r == 0 && bev_ssl->read_blocked_on_write)
394
			r = bufferevent_add_event_(&bev->ev_write,
395
			    &bev->timeout_write);
396
		return r;
397
	}
398
}
399

400
/* Have the base communications channel (either the underlying bufferevent or
401
 * ev_read and ev_write) start writing.  Take the write-blocked-on-read flag
402
 * into account. */
403
static int
404
start_writing(struct bufferevent_openssl *bev_ssl)
405
{
406
	int r = 0;
407
	if (bev_ssl->underlying) {
408
		if (bev_ssl->write_blocked_on_read) {
409
			bufferevent_unsuspend_read_(bev_ssl->underlying,
410
			    BEV_SUSPEND_FILT_READ);
411
		}
412
	} else {
413
		struct bufferevent *bev = &bev_ssl->bev.bev;
414
		r = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
415
		if (!r && bev_ssl->write_blocked_on_read)
416
			r = bufferevent_add_event_(&bev->ev_read,
417
			    &bev->timeout_read);
418
	}
419
	return r;
420
}
421

422
static void
423
stop_reading(struct bufferevent_openssl *bev_ssl)
424
{
425
	if (bev_ssl->write_blocked_on_read)
426
		return;
427
	if (bev_ssl->underlying) {
428
		bufferevent_suspend_read_(bev_ssl->underlying,
429
		    BEV_SUSPEND_FILT_READ);
430
	} else {
431
		struct bufferevent *bev = &bev_ssl->bev.bev;
432
		event_del(&bev->ev_read);
433
	}
434
}
435

436
static void
437
stop_writing(struct bufferevent_openssl *bev_ssl)
438
{
439
	if (bev_ssl->read_blocked_on_write)
440
		return;
441
	if (bev_ssl->underlying) {
442
		bufferevent_unsuspend_read_(bev_ssl->underlying,
443
		    BEV_SUSPEND_FILT_READ);
444
	} else {
445
		struct bufferevent *bev = &bev_ssl->bev.bev;
446
		event_del(&bev->ev_write);
447
	}
448
}
449

450
static int
451
set_rbow(struct bufferevent_openssl *bev_ssl)
452
{
453
	if (!bev_ssl->underlying)
454
		stop_reading(bev_ssl);
455
	bev_ssl->read_blocked_on_write = 1;
456
	return start_writing(bev_ssl);
457
}
458

459
static int
460
set_wbor(struct bufferevent_openssl *bev_ssl)
461
{
462
	if (!bev_ssl->underlying)
463
		stop_writing(bev_ssl);
464
	bev_ssl->write_blocked_on_read = 1;
465
	return start_reading(bev_ssl);
466
}
467

468
static int
469
clear_rbow(struct bufferevent_openssl *bev_ssl)
470
{
471
	struct bufferevent *bev = &bev_ssl->bev.bev;
472
	int r = 0;
473
	bev_ssl->read_blocked_on_write = 0;
474
	if (!(bev->enabled & EV_WRITE))
475
		stop_writing(bev_ssl);
476
	if (bev->enabled & EV_READ)
477
		r = start_reading(bev_ssl);
478
	return r;
479
}
480

481

482
static int
483
clear_wbor(struct bufferevent_openssl *bev_ssl)
484
{
485
	struct bufferevent *bev = &bev_ssl->bev.bev;
486
	int r = 0;
487
	bev_ssl->write_blocked_on_read = 0;
488
	if (!(bev->enabled & EV_READ))
489
		stop_reading(bev_ssl);
490
	if (bev->enabled & EV_WRITE)
491
		r = start_writing(bev_ssl);
492
	return r;
493
}
494

495
static void
496
conn_closed(struct bufferevent_openssl *bev_ssl, int when, int errcode, int ret)
497
{
498
	int event = BEV_EVENT_ERROR;
499
	int dirty_shutdown = 0;
500
	unsigned long err;
501

502
	switch (errcode) {
503
	case SSL_ERROR_ZERO_RETURN:
504
		/* Possibly a clean shutdown. */
505
		if (SSL_get_shutdown(bev_ssl->ssl) & SSL_RECEIVED_SHUTDOWN)
506
			event = BEV_EVENT_EOF;
507
		else
508
			dirty_shutdown = 1;
509
		break;
510
	case SSL_ERROR_SYSCALL:
511
		/* IO error; possibly a dirty shutdown. */
512
		if ((ret == 0 || ret == -1) && ERR_peek_error() == 0)
513
			dirty_shutdown = 1;
514
		put_error(bev_ssl, errcode);
515
		break;
516
	case SSL_ERROR_SSL:
517
		/* Protocol error. */
518
		put_error(bev_ssl, errcode);
519
		break;
520
	case SSL_ERROR_WANT_X509_LOOKUP:
521
		/* XXXX handle this. */
522
		put_error(bev_ssl, errcode);
523
		break;
524
	case SSL_ERROR_NONE:
525
	case SSL_ERROR_WANT_READ:
526
	case SSL_ERROR_WANT_WRITE:
527
	case SSL_ERROR_WANT_CONNECT:
528
	case SSL_ERROR_WANT_ACCEPT:
529
	default:
530
		/* should be impossible; treat as normal error. */
531
		event_warnx("BUG: Unexpected OpenSSL error code %d", errcode);
532
		break;
533
	}
534

535
	while ((err = ERR_get_error())) {
536
		put_error(bev_ssl, err);
537
	}
538

539
	if (dirty_shutdown && bev_ssl->allow_dirty_shutdown)
540
		event = BEV_EVENT_EOF;
541

542
	stop_reading(bev_ssl);
543
	stop_writing(bev_ssl);
544

545
	/* when is BEV_EVENT_{READING|WRITING} */
546
	event = when | event;
547
	bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
548
}
549

550
static void
551
init_bio_counts(struct bufferevent_openssl *bev_ssl)
552
{
553
	BIO *rbio, *wbio;
554

555
	wbio = SSL_get_wbio(bev_ssl->ssl);
556
	bev_ssl->counts.n_written = wbio ? BIO_number_written(wbio) : 0;
557
	rbio = SSL_get_rbio(bev_ssl->ssl);
558
	bev_ssl->counts.n_read = rbio ? BIO_number_read(rbio) : 0;
559
}
560

561
static inline void
562
decrement_buckets(struct bufferevent_openssl *bev_ssl)
563
{
564
	unsigned long num_w = BIO_number_written(SSL_get_wbio(bev_ssl->ssl));
565
	unsigned long num_r = BIO_number_read(SSL_get_rbio(bev_ssl->ssl));
566
	/* These next two subtractions can wrap around. That's okay. */
567
	unsigned long w = num_w - bev_ssl->counts.n_written;
568
	unsigned long r = num_r - bev_ssl->counts.n_read;
569
	if (w)
570
		bufferevent_decrement_write_buckets_(&bev_ssl->bev, w);
571
	if (r)
572
		bufferevent_decrement_read_buckets_(&bev_ssl->bev, r);
573
	bev_ssl->counts.n_written = num_w;
574
	bev_ssl->counts.n_read = num_r;
575
}
576

577
#define OP_MADE_PROGRESS 1
578
#define OP_BLOCKED 2
579
#define OP_ERR 4
580

581
/* Return a bitmask of OP_MADE_PROGRESS (if we read anything); OP_BLOCKED (if
582
   we're now blocked); and OP_ERR (if an error occurred). */
583
static int
584
do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) {
585
	/* Requires lock */
586
	struct bufferevent *bev = &bev_ssl->bev.bev;
587
	struct evbuffer *input = bev->input;
588
	int r, n, i, n_used = 0, atmost;
589
	struct evbuffer_iovec space[2];
590
	int result = 0;
591

592
	if (bev_ssl->bev.read_suspended)
593
		return 0;
594

595
	atmost = bufferevent_get_read_max_(&bev_ssl->bev);
596
	if (n_to_read > atmost)
597
		n_to_read = atmost;
598

599
	n = evbuffer_reserve_space(input, n_to_read, space, 2);
600
	if (n < 0)
601
		return OP_ERR;
602

603
	for (i=0; i<n; ++i) {
604
		if (bev_ssl->bev.read_suspended)
605
			break;
606
		ERR_clear_error();
607
		r = SSL_read(bev_ssl->ssl, space[i].iov_base, space[i].iov_len);
608
		if (r>0) {
609
			result |= OP_MADE_PROGRESS;
610
			if (bev_ssl->read_blocked_on_write)
611
				if (clear_rbow(bev_ssl) < 0)
612
					return OP_ERR | result;
613
			++n_used;
614
			space[i].iov_len = r;
615
			decrement_buckets(bev_ssl);
616
		} else {
617
			int err = SSL_get_error(bev_ssl->ssl, r);
618
			print_err(err);
619
			switch (err) {
620
			case SSL_ERROR_WANT_READ:
621
				/* Can't read until underlying has more data. */
622
				if (bev_ssl->read_blocked_on_write)
623
					if (clear_rbow(bev_ssl) < 0)
624
						return OP_ERR | result;
625
				break;
626
			case SSL_ERROR_WANT_WRITE:
627
				/* This read operation requires a write, and the
628
				 * underlying is full */
629
				if (!bev_ssl->read_blocked_on_write)
630
					if (set_rbow(bev_ssl) < 0)
631
						return OP_ERR | result;
632
				break;
633
			default:
634
				conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
635
				break;
636
			}
637
			result |= OP_BLOCKED;
638
			break; /* out of the loop */
639
		}
640
	}
641

642
	if (n_used) {
643
		evbuffer_commit_space(input, space, n_used);
644
		if (bev_ssl->underlying)
645
			BEV_RESET_GENERIC_READ_TIMEOUT(bev);
646
	}
647

648
	return result;
649
}
650

651
/* Return a bitmask of OP_MADE_PROGRESS (if we wrote anything); OP_BLOCKED (if
652
   we're now blocked); and OP_ERR (if an error occurred). */
653
static int
654
do_write(struct bufferevent_openssl *bev_ssl, int atmost)
655
{
656
	int i, r, n, n_written = 0;
657
	struct bufferevent *bev = &bev_ssl->bev.bev;
658
	struct evbuffer *output = bev->output;
659
	struct evbuffer_iovec space[8];
660
	int result = 0;
661

662
	if (bev_ssl->last_write > 0)
663
		atmost = bev_ssl->last_write;
664
	else
665
		atmost = bufferevent_get_write_max_(&bev_ssl->bev);
666

667
	n = evbuffer_peek(output, atmost, NULL, space, 8);
668
	if (n < 0)
669
		return OP_ERR | result;
670

671
	if (n > 8)
672
		n = 8;
673
	for (i=0; i < n; ++i) {
674
		if (bev_ssl->bev.write_suspended)
675
			break;
676

677
		/* SSL_write will (reasonably) return 0 if we tell it to
678
		   send 0 data.  Skip this case so we don't interpret the
679
		   result as an error */
680
		if (space[i].iov_len == 0)
681
			continue;
682

683
		ERR_clear_error();
684
		r = SSL_write(bev_ssl->ssl, space[i].iov_base,
685
		    space[i].iov_len);
686
		if (r > 0) {
687
			result |= OP_MADE_PROGRESS;
688
			if (bev_ssl->write_blocked_on_read)
689
				if (clear_wbor(bev_ssl) < 0)
690
					return OP_ERR | result;
691
			n_written += r;
692
			bev_ssl->last_write = -1;
693
			decrement_buckets(bev_ssl);
694
		} else {
695
			int err = SSL_get_error(bev_ssl->ssl, r);
696
			print_err(err);
697
			switch (err) {
698
			case SSL_ERROR_WANT_WRITE:
699
				/* Can't read until underlying has more data. */
700
				if (bev_ssl->write_blocked_on_read)
701
					if (clear_wbor(bev_ssl) < 0)
702
						return OP_ERR | result;
703
				bev_ssl->last_write = space[i].iov_len;
704
				break;
705
			case SSL_ERROR_WANT_READ:
706
				/* This read operation requires a write, and the
707
				 * underlying is full */
708
				if (!bev_ssl->write_blocked_on_read)
709
					if (set_wbor(bev_ssl) < 0)
710
						return OP_ERR | result;
711
				bev_ssl->last_write = space[i].iov_len;
712
				break;
713
			default:
714
				conn_closed(bev_ssl, BEV_EVENT_WRITING, err, r);
715
				bev_ssl->last_write = -1;
716
				break;
717
			}
718
			result |= OP_BLOCKED;
719
			break;
720
		}
721
	}
722
	if (n_written) {
723
		evbuffer_drain(output, n_written);
724
		if (bev_ssl->underlying)
725
			BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
726

727
		bufferevent_trigger_nolock_(bev, EV_WRITE, BEV_OPT_DEFER_CALLBACKS);
728
	}
729
	return result;
730
}
731

732
#define WRITE_FRAME 15000
733

734
#define READ_DEFAULT 4096
735

736
/* Try to figure out how many bytes to read; return 0 if we shouldn't be
737
 * reading. */
738
static int
739
bytes_to_read(struct bufferevent_openssl *bev)
740
{
741
	struct evbuffer *input = bev->bev.bev.input;
742
	struct event_watermark *wm = &bev->bev.bev.wm_read;
743
	int result = READ_DEFAULT;
744
	ev_ssize_t limit;
745
	/* XXX 99% of this is generic code that nearly all bufferevents will
746
	 * want. */
747

748
	if (bev->write_blocked_on_read) {
749
		return 0;
750
	}
751

752
	if (! (bev->bev.bev.enabled & EV_READ)) {
753
		return 0;
754
	}
755

756
	if (bev->bev.read_suspended) {
757
		return 0;
758
	}
759

760
	if (wm->high) {
761
		if (evbuffer_get_length(input) >= wm->high) {
762
			return 0;
763
		}
764

765
		result = wm->high - evbuffer_get_length(input);
766
	} else {
767
		result = READ_DEFAULT;
768
	}
769

770
	/* Respect the rate limit */
771
	limit = bufferevent_get_read_max_(&bev->bev);
772
	if (result > limit) {
773
		result = limit;
774
	}
775

776
	return result;
777
}
778

779

780
/* Things look readable.  If write is blocked on read, write till it isn't.
781
 * Read from the underlying buffer until we block or we hit our high-water
782
 * mark.
783
 */
784
static void
785
consider_reading(struct bufferevent_openssl *bev_ssl)
786
{
787
	int r;
788
	int n_to_read;
789
	int all_result_flags = 0;
790

791
	while (bev_ssl->write_blocked_on_read) {
792
		r = do_write(bev_ssl, WRITE_FRAME);
793
		if (r & (OP_BLOCKED|OP_ERR))
794
			break;
795
	}
796
	if (bev_ssl->write_blocked_on_read)
797
		return;
798

799
	n_to_read = bytes_to_read(bev_ssl);
800

801
	while (n_to_read) {
802
		r = do_read(bev_ssl, n_to_read);
803
		all_result_flags |= r;
804

805
		if (r & (OP_BLOCKED|OP_ERR))
806
			break;
807

808
		if (bev_ssl->bev.read_suspended)
809
			break;
810

811
		/* Read all pending data.  This won't hit the network
812
		 * again, and will (most importantly) put us in a state
813
		 * where we don't need to read anything else until the
814
		 * socket is readable again.  It'll potentially make us
815
		 * overrun our read high-watermark (somewhat
816
		 * regrettable).  The damage to the rate-limit has
817
		 * already been done, since OpenSSL went and read a
818
		 * whole SSL record anyway. */
819
		n_to_read = SSL_pending(bev_ssl->ssl);
820

821
		/* XXX This if statement is actually a bad bug, added to avoid
822
		 * XXX a worse bug.
823
		 *
824
		 * The bad bug: It can potentially cause resource unfairness
825
		 * by reading too much data from the underlying bufferevent;
826
		 * it can potentially cause read looping if the underlying
827
		 * bufferevent is a bufferevent_pair and deferred callbacks
828
		 * aren't used.
829
		 *
830
		 * The worse bug: If we didn't do this, then we would
831
		 * potentially not read any more from bev_ssl->underlying
832
		 * until more data arrived there, which could lead to us
833
		 * waiting forever.
834
		 */
835
		if (!n_to_read && bev_ssl->underlying)
836
			n_to_read = bytes_to_read(bev_ssl);
837
	}
838

839
	if (all_result_flags & OP_MADE_PROGRESS) {
840
		struct bufferevent *bev = &bev_ssl->bev.bev;
841

842
		bufferevent_trigger_nolock_(bev, EV_READ, 0);
843
	}
844

845
	if (!bev_ssl->underlying) {
846
		/* Should be redundant, but let's avoid busy-looping */
847
		if (bev_ssl->bev.read_suspended ||
848
		    !(bev_ssl->bev.bev.enabled & EV_READ)) {
849
			event_del(&bev_ssl->bev.bev.ev_read);
850
		}
851
	}
852
}
853

854
static void
855
consider_writing(struct bufferevent_openssl *bev_ssl)
856
{
857
	int r;
858
	struct evbuffer *output = bev_ssl->bev.bev.output;
859
	struct evbuffer *target = NULL;
860
	struct event_watermark *wm = NULL;
861

862
	while (bev_ssl->read_blocked_on_write) {
863
		r = do_read(bev_ssl, 1024); /* XXXX 1024 is a hack */
864
		if (r & OP_MADE_PROGRESS) {
865
			struct bufferevent *bev = &bev_ssl->bev.bev;
866

867
			bufferevent_trigger_nolock_(bev, EV_READ, 0);
868
		}
869
		if (r & (OP_ERR|OP_BLOCKED))
870
			break;
871
	}
872
	if (bev_ssl->read_blocked_on_write)
873
		return;
874
	if (bev_ssl->underlying) {
875
		target = bev_ssl->underlying->output;
876
		wm = &bev_ssl->underlying->wm_write;
877
	}
878
	while ((bev_ssl->bev.bev.enabled & EV_WRITE) &&
879
	    (! bev_ssl->bev.write_suspended) &&
880
	    evbuffer_get_length(output) &&
881
	    (!target || (! wm->high || evbuffer_get_length(target) < wm->high))) {
882
		int n_to_write;
883
		if (wm && wm->high)
884
			n_to_write = wm->high - evbuffer_get_length(target);
885
		else
886
			n_to_write = WRITE_FRAME;
887
		r = do_write(bev_ssl, n_to_write);
888
		if (r & (OP_BLOCKED|OP_ERR))
889
			break;
890
	}
891

892
	if (!bev_ssl->underlying) {
893
		if (evbuffer_get_length(output) == 0) {
894
			event_del(&bev_ssl->bev.bev.ev_write);
895
		} else if (bev_ssl->bev.write_suspended ||
896
		    !(bev_ssl->bev.bev.enabled & EV_WRITE)) {
897
			/* Should be redundant, but let's avoid busy-looping */
898
			event_del(&bev_ssl->bev.bev.ev_write);
899
		}
900
	}
901
}
902

903
static void
904
be_openssl_readcb(struct bufferevent *bev_base, void *ctx)
905
{
906
	struct bufferevent_openssl *bev_ssl = ctx;
907
	consider_reading(bev_ssl);
908
}
909

910
static void
911
be_openssl_writecb(struct bufferevent *bev_base, void *ctx)
912
{
913
	struct bufferevent_openssl *bev_ssl = ctx;
914
	consider_writing(bev_ssl);
915
}
916

917
static void
918
be_openssl_eventcb(struct bufferevent *bev_base, short what, void *ctx)
919
{
920
	struct bufferevent_openssl *bev_ssl = ctx;
921
	int event = 0;
922

923
	if (what & BEV_EVENT_EOF) {
924
		if (bev_ssl->allow_dirty_shutdown)
925
			event = BEV_EVENT_EOF;
926
		else
927
			event = BEV_EVENT_ERROR;
928
	} else if (what & BEV_EVENT_TIMEOUT) {
929
		/* We sure didn't set this.  Propagate it to the user. */
930
		event = what;
931
	} else if (what & BEV_EVENT_ERROR) {
932
		/* An error occurred on the connection.  Propagate it to the user. */
933
		event = what;
934
	} else if (what & BEV_EVENT_CONNECTED) {
935
		/* Ignore it.  We're saying SSL_connect() already, which will
936
		   eat it. */
937
	}
938
	if (event)
939
		bufferevent_run_eventcb_(&bev_ssl->bev.bev, event, 0);
940
}
941

942
static void
943
be_openssl_readeventcb(evutil_socket_t fd, short what, void *ptr)
944
{
945
	struct bufferevent_openssl *bev_ssl = ptr;
946
	bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
947
	if (what == EV_TIMEOUT) {
948
		bufferevent_run_eventcb_(&bev_ssl->bev.bev,
949
		    BEV_EVENT_TIMEOUT|BEV_EVENT_READING, 0);
950
	} else {
951
		consider_reading(bev_ssl);
952
	}
953
	bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
954
}
955

956
static void
957
be_openssl_writeeventcb(evutil_socket_t fd, short what, void *ptr)
958
{
959
	struct bufferevent_openssl *bev_ssl = ptr;
960
	bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
961
	if (what == EV_TIMEOUT) {
962
		bufferevent_run_eventcb_(&bev_ssl->bev.bev,
963
		    BEV_EVENT_TIMEOUT|BEV_EVENT_WRITING, 0);
964
	} else {
965
		consider_writing(bev_ssl);
966
	}
967
	bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
968
}
969

970
static evutil_socket_t
971
be_openssl_auto_fd(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
972
{
973
	if (!bev_ssl->underlying) {
974
		struct bufferevent *bev = &bev_ssl->bev.bev;
975
		if (event_initialized(&bev->ev_read) && fd < 0) {
976
			fd = event_get_fd(&bev->ev_read);
977
		}
978
	}
979
	return fd;
980
}
981

982
static int
983
set_open_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
984
{
985
	if (bev_ssl->underlying) {
986
		bufferevent_setcb(bev_ssl->underlying,
987
		    be_openssl_readcb, be_openssl_writecb, be_openssl_eventcb,
988
		    bev_ssl);
989
		return 0;
990
	} else {
991
		struct bufferevent *bev = &bev_ssl->bev.bev;
992
		int rpending=0, wpending=0, r1=0, r2=0;
993

994
		if (event_initialized(&bev->ev_read)) {
995
			rpending = event_pending(&bev->ev_read, EV_READ, NULL);
996
			wpending = event_pending(&bev->ev_write, EV_WRITE, NULL);
997

998
			event_del(&bev->ev_read);
999
			event_del(&bev->ev_write);
1000
		}
1001

1002
		event_assign(&bev->ev_read, bev->ev_base, fd,
1003
		    EV_READ|EV_PERSIST|EV_FINALIZE,
1004
		    be_openssl_readeventcb, bev_ssl);
1005
		event_assign(&bev->ev_write, bev->ev_base, fd,
1006
		    EV_WRITE|EV_PERSIST|EV_FINALIZE,
1007
		    be_openssl_writeeventcb, bev_ssl);
1008

1009
		if (rpending)
1010
			r1 = bufferevent_add_event_(&bev->ev_read, &bev->timeout_read);
1011
		if (wpending)
1012
			r2 = bufferevent_add_event_(&bev->ev_write, &bev->timeout_write);
1013

1014
		return (r1<0 || r2<0) ? -1 : 0;
1015
	}
1016
}
1017

1018
static int
1019
do_handshake(struct bufferevent_openssl *bev_ssl)
1020
{
1021
	int r;
1022

1023
	switch (bev_ssl->state) {
1024
	default:
1025
	case BUFFEREVENT_SSL_OPEN:
1026
		EVUTIL_ASSERT(0);
1027
		return -1;
1028
	case BUFFEREVENT_SSL_CONNECTING:
1029
	case BUFFEREVENT_SSL_ACCEPTING:
1030
		ERR_clear_error();
1031
		r = SSL_do_handshake(bev_ssl->ssl);
1032
		break;
1033
	}
1034
	decrement_buckets(bev_ssl);
1035

1036
	if (r==1) {
1037
		evutil_socket_t fd = event_get_fd(&bev_ssl->bev.bev.ev_read);
1038
		/* We're done! */
1039
		bev_ssl->state = BUFFEREVENT_SSL_OPEN;
1040
		set_open_callbacks(bev_ssl, fd); /* XXXX handle failure */
1041
		/* Call do_read and do_write as needed */
1042
		bufferevent_enable(&bev_ssl->bev.bev, bev_ssl->bev.bev.enabled);
1043
		bufferevent_run_eventcb_(&bev_ssl->bev.bev,
1044
		    BEV_EVENT_CONNECTED, 0);
1045
		return 1;
1046
	} else {
1047
		int err = SSL_get_error(bev_ssl->ssl, r);
1048
		print_err(err);
1049
		switch (err) {
1050
		case SSL_ERROR_WANT_WRITE:
1051
			stop_reading(bev_ssl);
1052
			return start_writing(bev_ssl);
1053
		case SSL_ERROR_WANT_READ:
1054
			stop_writing(bev_ssl);
1055
			return start_reading(bev_ssl);
1056
		default:
1057
			conn_closed(bev_ssl, BEV_EVENT_READING, err, r);
1058
			return -1;
1059
		}
1060
	}
1061
}
1062

1063
static void
1064
be_openssl_handshakecb(struct bufferevent *bev_base, void *ctx)
1065
{
1066
	struct bufferevent_openssl *bev_ssl = ctx;
1067
	do_handshake(bev_ssl);/* XXX handle failure */
1068
}
1069

1070
static void
1071
be_openssl_handshakeeventcb(evutil_socket_t fd, short what, void *ptr)
1072
{
1073
	struct bufferevent_openssl *bev_ssl = ptr;
1074

1075
	bufferevent_incref_and_lock_(&bev_ssl->bev.bev);
1076
	if (what & EV_TIMEOUT) {
1077
		bufferevent_run_eventcb_(&bev_ssl->bev.bev, BEV_EVENT_TIMEOUT, 0);
1078
	} else
1079
		do_handshake(bev_ssl);/* XXX handle failure */
1080
	bufferevent_decref_and_unlock_(&bev_ssl->bev.bev);
1081
}
1082

1083
static int
1084
set_handshake_callbacks(struct bufferevent_openssl *bev_ssl, evutil_socket_t fd)
1085
{
1086
	if (bev_ssl->underlying) {
1087
		bufferevent_setcb(bev_ssl->underlying,
1088
		    be_openssl_handshakecb, be_openssl_handshakecb,
1089
		    be_openssl_eventcb,
1090
		    bev_ssl);
1091

1092
		if (fd < 0)
1093
			return 0;
1094

1095
		if (bufferevent_setfd(bev_ssl->underlying, fd))
1096
			return 1;
1097

1098
		return do_handshake(bev_ssl);
1099
	} else {
1100
		struct bufferevent *bev = &bev_ssl->bev.bev;
1101

1102
		if (event_initialized(&bev->ev_read)) {
1103
			event_del(&bev->ev_read);
1104
			event_del(&bev->ev_write);
1105
		}
1106

1107
		event_assign(&bev->ev_read, bev->ev_base, fd,
1108
		    EV_READ|EV_PERSIST|EV_FINALIZE,
1109
		    be_openssl_handshakeeventcb, bev_ssl);
1110
		event_assign(&bev->ev_write, bev->ev_base, fd,
1111
		    EV_WRITE|EV_PERSIST|EV_FINALIZE,
1112
		    be_openssl_handshakeeventcb, bev_ssl);
1113
		if (fd >= 0)
1114
			bufferevent_enable(bev, bev->enabled);
1115
		return 0;
1116
	}
1117
}
1118

1119
int
1120
bufferevent_ssl_renegotiate(struct bufferevent *bev)
1121
{
1122
	struct bufferevent_openssl *bev_ssl = upcast(bev);
1123
	if (!bev_ssl)
1124
		return -1;
1125
	if (SSL_renegotiate(bev_ssl->ssl) < 0)
1126
		return -1;
1127
	bev_ssl->state = BUFFEREVENT_SSL_CONNECTING;
1128
	if (set_handshake_callbacks(bev_ssl, be_openssl_auto_fd(bev_ssl, -1)) < 0)
1129
		return -1;
1130
	if (!bev_ssl->underlying)
1131
		return do_handshake(bev_ssl);
1132
	return 0;
1133
}
1134

1135
static void
1136
be_openssl_outbuf_cb(struct evbuffer *buf,
1137
    const struct evbuffer_cb_info *cbinfo, void *arg)
1138
{
1139
	struct bufferevent_openssl *bev_ssl = arg;
1140
	int r = 0;
1141
	/* XXX need to hold a reference here. */
1142

1143
	if (cbinfo->n_added && bev_ssl->state == BUFFEREVENT_SSL_OPEN) {
1144
		if (cbinfo->orig_size == 0)
1145
			r = bufferevent_add_event_(&bev_ssl->bev.bev.ev_write,
1146
			    &bev_ssl->bev.bev.timeout_write);
1147

1148
		if (bev_ssl->underlying)
1149
			consider_writing(bev_ssl);
1150
	}
1151
	/* XXX Handle r < 0 */
1152
	(void)r;
1153
}
1154

1155

1156
static int
1157
be_openssl_enable(struct bufferevent *bev, short events)
1158
{
1159
	struct bufferevent_openssl *bev_ssl = upcast(bev);
1160
	int r1 = 0, r2 = 0;
1161

1162
	if (events & EV_READ)
1163
		r1 = start_reading(bev_ssl);
1164
	if (events & EV_WRITE)
1165
		r2 = start_writing(bev_ssl);
1166

1167
	if (bev_ssl->underlying) {
1168
		if (events & EV_READ)
1169
			BEV_RESET_GENERIC_READ_TIMEOUT(bev);
1170
		if (events & EV_WRITE)
1171
			BEV_RESET_GENERIC_WRITE_TIMEOUT(bev);
1172

1173
		if (events & EV_READ)
1174
			consider_reading(bev_ssl);
1175
		if (events & EV_WRITE)
1176
			consider_writing(bev_ssl);
1177
	}
1178
	return (r1 < 0 || r2 < 0) ? -1 : 0;
1179
}
1180

1181
static int
1182
be_openssl_disable(struct bufferevent *bev, short events)
1183
{
1184
	struct bufferevent_openssl *bev_ssl = upcast(bev);
1185

1186
	if (events & EV_READ)
1187
		stop_reading(bev_ssl);
1188
	if (events & EV_WRITE)
1189
		stop_writing(bev_ssl);
1190

1191
	if (bev_ssl->underlying) {
1192
		if (events & EV_READ)
1193
			BEV_DEL_GENERIC_READ_TIMEOUT(bev);
1194
		if (events & EV_WRITE)
1195
			BEV_DEL_GENERIC_WRITE_TIMEOUT(bev);
1196
	}
1197
	return 0;
1198
}
1199

1200
static void
1201
be_openssl_unlink(struct bufferevent *bev)
1202
{
1203
	struct bufferevent_openssl *bev_ssl = upcast(bev);
1204

1205
	if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1206
		if (bev_ssl->underlying) {
1207
			if (BEV_UPCAST(bev_ssl->underlying)->refcnt < 2) {
1208
				event_warnx("BEV_OPT_CLOSE_ON_FREE set on an "
1209
				    "bufferevent with too few references");
1210
			} else {
1211
				bufferevent_free(bev_ssl->underlying);
1212
				/* We still have a reference to it, via our
1213
				 * BIO. So we don't drop this. */
1214
				// bev_ssl->underlying = NULL;
1215
			}
1216
		}
1217
	} else {
1218
		if (bev_ssl->underlying) {
1219
			if (bev_ssl->underlying->errorcb == be_openssl_eventcb)
1220
				bufferevent_setcb(bev_ssl->underlying,
1221
				    NULL,NULL,NULL,NULL);
1222
			bufferevent_unsuspend_read_(bev_ssl->underlying,
1223
			    BEV_SUSPEND_FILT_READ);
1224
		}
1225
	}
1226
}
1227

1228
static void
1229
be_openssl_destruct(struct bufferevent *bev)
1230
{
1231
	struct bufferevent_openssl *bev_ssl = upcast(bev);
1232

1233
	if (bev_ssl->bev.options & BEV_OPT_CLOSE_ON_FREE) {
1234
		if (! bev_ssl->underlying) {
1235
			evutil_socket_t fd = EVUTIL_INVALID_SOCKET;
1236
			BIO *bio = SSL_get_wbio(bev_ssl->ssl);
1237
			if (bio)
1238
				fd = BIO_get_fd(bio, NULL);
1239
			if (fd >= 0)
1240
				evutil_closesocket(fd);
1241
		}
1242
		SSL_free(bev_ssl->ssl);
1243
	}
1244
}
1245

1246
static int
1247
be_openssl_adj_timeouts(struct bufferevent *bev)
1248
{
1249
	struct bufferevent_openssl *bev_ssl = upcast(bev);
1250

1251
	if (bev_ssl->underlying) {
1252
		return bufferevent_generic_adj_timeouts_(bev);
1253
	} else {
1254
		return bufferevent_generic_adj_existing_timeouts_(bev);
1255
	}
1256
}
1257

1258
static int
1259
be_openssl_flush(struct bufferevent *bufev,
1260
    short iotype, enum bufferevent_flush_mode mode)
1261
{
1262
	/* XXXX Implement this. */
1263
	return 0;
1264
}
1265

1266
static int
1267
be_openssl_set_fd(struct bufferevent_openssl *bev_ssl,
1268
    enum bufferevent_ssl_state state, evutil_socket_t fd)
1269
{
1270
	bev_ssl->state = state;
1271

1272
	switch (state) {
1273
	case BUFFEREVENT_SSL_ACCEPTING:
1274
		if (!SSL_clear(bev_ssl->ssl))
1275
			return -1;
1276
		SSL_set_accept_state(bev_ssl->ssl);
1277
		if (set_handshake_callbacks(bev_ssl, fd) < 0)
1278
			return -1;
1279
		break;
1280
	case BUFFEREVENT_SSL_CONNECTING:
1281
		if (!SSL_clear(bev_ssl->ssl))
1282
			return -1;
1283
		SSL_set_connect_state(bev_ssl->ssl);
1284
		if (set_handshake_callbacks(bev_ssl, fd) < 0)
1285
			return -1;
1286
		break;
1287
	case BUFFEREVENT_SSL_OPEN:
1288
		if (set_open_callbacks(bev_ssl, fd) < 0)
1289
			return -1;
1290
		break;
1291
	default:
1292
		return -1;
1293
	}
1294

1295
	return 0;
1296
}
1297

1298
static int
1299
be_openssl_ctrl(struct bufferevent *bev,
1300
    enum bufferevent_ctrl_op op, union bufferevent_ctrl_data *data)
1301
{
1302
	struct bufferevent_openssl *bev_ssl = upcast(bev);
1303
	switch (op) {
1304
	case BEV_CTRL_SET_FD:
1305
		if (!bev_ssl->underlying) {
1306
			BIO *bio;
1307
			bio = BIO_new_socket((int)data->fd, 0);
1308
			SSL_set_bio(bev_ssl->ssl, bio, bio);
1309
		} else {
1310
			BIO *bio;
1311
			if (!(bio = BIO_new_bufferevent(bev_ssl->underlying)))
1312
				return -1;
1313
			SSL_set_bio(bev_ssl->ssl, bio, bio);
1314
		}
1315

1316
		return be_openssl_set_fd(bev_ssl, bev_ssl->old_state, data->fd);
1317
	case BEV_CTRL_GET_FD:
1318
		if (bev_ssl->underlying) {
1319
			data->fd = event_get_fd(&bev_ssl->underlying->ev_read);
1320
		} else {
1321
			data->fd = event_get_fd(&bev->ev_read);
1322
		}
1323
		return 0;
1324
	case BEV_CTRL_GET_UNDERLYING:
1325
		data->ptr = bev_ssl->underlying;
1326
		return 0;
1327
	case BEV_CTRL_CANCEL_ALL:
1328
	default:
1329
		return -1;
1330
	}
1331
}
1332

1333
SSL *
1334
bufferevent_openssl_get_ssl(struct bufferevent *bufev)
1335
{
1336
	struct bufferevent_openssl *bev_ssl = upcast(bufev);
1337
	if (!bev_ssl)
1338
		return NULL;
1339
	return bev_ssl->ssl;
1340
}
1341

1342
static struct bufferevent *
1343
bufferevent_openssl_new_impl(struct event_base *base,
1344
    struct bufferevent *underlying,
1345
    evutil_socket_t fd,
1346
    SSL *ssl,
1347
    enum bufferevent_ssl_state state,
1348
    int options)
1349
{
1350
	struct bufferevent_openssl *bev_ssl = NULL;
1351
	struct bufferevent_private *bev_p = NULL;
1352
	int tmp_options = options & ~BEV_OPT_THREADSAFE;
1353

1354
	/* Only one can be set. */
1355
	if (underlying != NULL && fd >= 0)
1356
		goto err;
1357

1358
	if (!(bev_ssl = mm_calloc(1, sizeof(struct bufferevent_openssl))))
1359
		goto err;
1360

1361
	bev_p = &bev_ssl->bev;
1362

1363
	if (bufferevent_init_common_(bev_p, base,
1364
		&bufferevent_ops_openssl, tmp_options) < 0)
1365
		goto err;
1366

1367
	/* Don't explode if we decide to realloc a chunk we're writing from in
1368
	 * the output buffer. */
1369
	SSL_set_mode(ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
1370

1371
	bev_ssl->underlying = underlying;
1372
	bev_ssl->ssl = ssl;
1373

1374
	bev_ssl->outbuf_cb = evbuffer_add_cb(bev_p->bev.output,
1375
	    be_openssl_outbuf_cb, bev_ssl);
1376

1377
	if (options & BEV_OPT_THREADSAFE)
1378
		bufferevent_enable_locking_(&bev_ssl->bev.bev, NULL);
1379

1380
	if (underlying) {
1381
		bufferevent_init_generic_timeout_cbs_(&bev_ssl->bev.bev);
1382
		bufferevent_incref_(underlying);
1383
	}
1384

1385
	bev_ssl->old_state = state;
1386
	bev_ssl->last_write = -1;
1387

1388
	init_bio_counts(bev_ssl);
1389

1390
	fd = be_openssl_auto_fd(bev_ssl, fd);
1391
	if (be_openssl_set_fd(bev_ssl, state, fd))
1392
		goto err;
1393

1394
	if (underlying) {
1395
		bufferevent_setwatermark(underlying, EV_READ, 0, 0);
1396
		bufferevent_enable(underlying, EV_READ|EV_WRITE);
1397
		if (state == BUFFEREVENT_SSL_OPEN)
1398
			bufferevent_suspend_read_(underlying,
1399
			    BEV_SUSPEND_FILT_READ);
1400
	}
1401

1402
	return &bev_ssl->bev.bev;
1403
err:
1404
	if (options & BEV_OPT_CLOSE_ON_FREE)
1405
		SSL_free(ssl);
1406
	if (bev_ssl) {
1407
		bev_ssl->ssl = NULL;
1408
		bufferevent_free(&bev_ssl->bev.bev);
1409
	}
1410
	return NULL;
1411
}
1412

1413
struct bufferevent *
1414
bufferevent_openssl_filter_new(struct event_base *base,
1415
    struct bufferevent *underlying,
1416
    SSL *ssl,
1417
    enum bufferevent_ssl_state state,
1418
    int options)
1419
{
1420
	BIO *bio;
1421
	struct bufferevent *bev;
1422

1423
	if (!underlying)
1424
		goto err;
1425
	if (!(bio = BIO_new_bufferevent(underlying)))
1426
		goto err;
1427

1428
	SSL_set_bio(ssl, bio, bio);
1429

1430
	bev = bufferevent_openssl_new_impl(
1431
		base, underlying, -1, ssl, state, options);
1432
	return bev;
1433

1434
err:
1435
	if (options & BEV_OPT_CLOSE_ON_FREE)
1436
		SSL_free(ssl);
1437
	return NULL;
1438
}
1439

1440
struct bufferevent *
1441
bufferevent_openssl_socket_new(struct event_base *base,
1442
    evutil_socket_t fd,
1443
    SSL *ssl,
1444
    enum bufferevent_ssl_state state,
1445
    int options)
1446
{
1447
	/* Does the SSL already have an fd? */
1448
	BIO *bio = SSL_get_wbio(ssl);
1449
	long have_fd = -1;
1450

1451
	if (bio)
1452
		have_fd = BIO_get_fd(bio, NULL);
1453

1454
	if (have_fd >= 0) {
1455
		/* The SSL is already configured with an fd. */
1456
		if (fd < 0) {
1457
			/* We should learn the fd from the SSL. */
1458
			fd = (evutil_socket_t) have_fd;
1459
		} else if (have_fd == (long)fd) {
1460
			/* We already know the fd from the SSL; do nothing */
1461
		} else {
1462
			/* We specified an fd different from that of the SSL.
1463
			   This is probably an error on our part.  Fail. */
1464
			goto err;
1465
		}
1466
		BIO_set_close(bio, 0);
1467
	} else {
1468
		/* The SSL isn't configured with a BIO with an fd. */
1469
		if (fd >= 0) {
1470
			/* ... and we have an fd we want to use. */
1471
			bio = BIO_new_socket((int)fd, 0);
1472
			SSL_set_bio(ssl, bio, bio);
1473
		} else {
1474
			/* Leave the fd unset. */
1475
		}
1476
	}
1477

1478
	return bufferevent_openssl_new_impl(
1479
		base, NULL, fd, ssl, state, options);
1480

1481
err:
1482
	if (options & BEV_OPT_CLOSE_ON_FREE)
1483
		SSL_free(ssl);
1484
	return NULL;
1485
}
1486

1487
int
1488
bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev)
1489
{
1490
	int allow_dirty_shutdown = -1;
1491
	struct bufferevent_openssl *bev_ssl;
1492
	BEV_LOCK(bev);
1493
	bev_ssl = upcast(bev);
1494
	if (bev_ssl)
1495
		allow_dirty_shutdown = bev_ssl->allow_dirty_shutdown;
1496
	BEV_UNLOCK(bev);
1497
	return allow_dirty_shutdown;
1498
}
1499

1500
void
1501
bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev,
1502
    int allow_dirty_shutdown)
1503
{
1504
	struct bufferevent_openssl *bev_ssl;
1505
	BEV_LOCK(bev);
1506
	bev_ssl = upcast(bev);
1507
	if (bev_ssl)
1508
		bev_ssl->allow_dirty_shutdown = !!allow_dirty_shutdown;
1509
	BEV_UNLOCK(bev);
1510
}
1511

1512
unsigned long
1513
bufferevent_get_openssl_error(struct bufferevent *bev)
1514
{
1515
	unsigned long err = 0;
1516
	struct bufferevent_openssl *bev_ssl;
1517
	BEV_LOCK(bev);
1518
	bev_ssl = upcast(bev);
1519
	if (bev_ssl && bev_ssl->n_errors) {
1520
		err = bev_ssl->errors[--bev_ssl->n_errors];
1521
	}
1522
	BEV_UNLOCK(bev);
1523
	return err;
1524
}
1525

1526