Note SRP support.
[openssl.git] / ssl / bio_ssl.c
1 /* ssl/bio_ssl.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62 #include <errno.h>
63 #include <openssl/crypto.h>
64 #include <openssl/bio.h>
65 #include <openssl/err.h>
66 #include <openssl/ssl.h>
67
68 static int ssl_write(BIO *h, const char *buf, int num);
69 static int ssl_read(BIO *h, char *buf, int size);
70 static int ssl_puts(BIO *h, const char *str);
71 static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
72 static int ssl_new(BIO *h);
73 static int ssl_free(BIO *data);
74 static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
75 typedef struct bio_ssl_st
76         {
77         SSL *ssl; /* The ssl handle :-) */
78         /* re-negotiate every time the total number of bytes is this size */
79         int num_renegotiates;
80         unsigned long renegotiate_count;
81         unsigned long byte_count;
82         unsigned long renegotiate_timeout;
83         unsigned long last_time;
84         } BIO_SSL;
85
86 static BIO_METHOD methods_sslp=
87         {
88         BIO_TYPE_SSL,"ssl",
89         ssl_write,
90         ssl_read,
91         ssl_puts,
92         NULL, /* ssl_gets, */
93         ssl_ctrl,
94         ssl_new,
95         ssl_free,
96         ssl_callback_ctrl,
97         };
98
99 BIO_METHOD *BIO_f_ssl(void)
100         {
101         return(&methods_sslp);
102         }
103
104 static int ssl_new(BIO *bi)
105         {
106         BIO_SSL *bs;
107
108         bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
109         if (bs == NULL)
110                 {
111                 BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
112                 return(0);
113                 }
114         memset(bs,0,sizeof(BIO_SSL));
115         bi->init=0;
116         bi->ptr=(char *)bs;
117         bi->flags=0;
118         return(1);
119         }
120
121 static int ssl_free(BIO *a)
122         {
123         BIO_SSL *bs;
124
125         if (a == NULL) return(0);
126         bs=(BIO_SSL *)a->ptr;
127         if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
128         if (a->shutdown)
129                 {
130                 if (a->init && (bs->ssl != NULL))
131                         SSL_free(bs->ssl);
132                 a->init=0;
133                 a->flags=0;
134                 }
135         if (a->ptr != NULL)
136                 OPENSSL_free(a->ptr);
137         return(1);
138         }
139         
140 static int ssl_read(BIO *b, char *out, int outl)
141         {
142         int ret=1;
143         BIO_SSL *sb;
144         SSL *ssl;
145         int retry_reason=0;
146         int r=0;
147
148         if (out == NULL) return(0);
149         sb=(BIO_SSL *)b->ptr;
150         ssl=sb->ssl;
151
152         BIO_clear_retry_flags(b);
153
154 #if 0
155         if (!SSL_is_init_finished(ssl))
156                 {
157 /*              ret=SSL_do_handshake(ssl); */
158                 if (ret > 0)
159                         {
160
161                         outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
162                         ret= -1;
163                         goto end;
164                         }
165                 }
166 #endif
167 /*      if (ret > 0) */
168         ret=SSL_read(ssl,out,outl);
169
170         switch (SSL_get_error(ssl,ret))
171                 {
172         case SSL_ERROR_NONE:
173                 if (ret <= 0) break;
174                 if (sb->renegotiate_count > 0)
175                         {
176                         sb->byte_count+=ret;
177                         if (sb->byte_count > sb->renegotiate_count)
178                                 {
179                                 sb->byte_count=0;
180                                 sb->num_renegotiates++;
181                                 SSL_renegotiate(ssl);
182                                 r=1;
183                                 }
184                         }
185                 if ((sb->renegotiate_timeout > 0) && (!r))
186                         {
187                         unsigned long tm;
188
189                         tm=(unsigned long)time(NULL);
190                         if (tm > sb->last_time+sb->renegotiate_timeout)
191                                 {
192                                 sb->last_time=tm;
193                                 sb->num_renegotiates++;
194                                 SSL_renegotiate(ssl);
195                                 }
196                         }
197
198                 break;
199         case SSL_ERROR_WANT_READ:
200                 BIO_set_retry_read(b);
201                 break;
202         case SSL_ERROR_WANT_WRITE:
203                 BIO_set_retry_write(b);
204                 break;
205         case SSL_ERROR_WANT_X509_LOOKUP:
206                 BIO_set_retry_special(b);
207                 retry_reason=BIO_RR_SSL_X509_LOOKUP;
208                 break;
209         case SSL_ERROR_WANT_ACCEPT:
210                 BIO_set_retry_special(b);
211                 retry_reason=BIO_RR_ACCEPT;
212                 break;
213         case SSL_ERROR_WANT_CONNECT:
214                 BIO_set_retry_special(b);
215                 retry_reason=BIO_RR_CONNECT;
216                 break;
217         case SSL_ERROR_SYSCALL:
218         case SSL_ERROR_SSL:
219         case SSL_ERROR_ZERO_RETURN:
220         default:
221                 break;
222                 }
223
224         b->retry_reason=retry_reason;
225         return(ret);
226         }
227
228 static int ssl_write(BIO *b, const char *out, int outl)
229         {
230         int ret,r=0;
231         int retry_reason=0;
232         SSL *ssl;
233         BIO_SSL *bs;
234
235         if (out == NULL) return(0);
236         bs=(BIO_SSL *)b->ptr;
237         ssl=bs->ssl;
238
239         BIO_clear_retry_flags(b);
240
241 /*      ret=SSL_do_handshake(ssl);
242         if (ret > 0) */
243         ret=SSL_write(ssl,out,outl);
244
245         switch (SSL_get_error(ssl,ret))
246                 {
247         case SSL_ERROR_NONE:
248                 if (ret <= 0) break;
249                 if (bs->renegotiate_count > 0)
250                         {
251                         bs->byte_count+=ret;
252                         if (bs->byte_count > bs->renegotiate_count)
253                                 {
254                                 bs->byte_count=0;
255                                 bs->num_renegotiates++;
256                                 SSL_renegotiate(ssl);
257                                 r=1;
258                                 }
259                         }
260                 if ((bs->renegotiate_timeout > 0) && (!r))
261                         {
262                         unsigned long tm;
263
264                         tm=(unsigned long)time(NULL);
265                         if (tm > bs->last_time+bs->renegotiate_timeout)
266                                 {
267                                 bs->last_time=tm;
268                                 bs->num_renegotiates++;
269                                 SSL_renegotiate(ssl);
270                                 }
271                         }
272                 break;
273         case SSL_ERROR_WANT_WRITE:
274                 BIO_set_retry_write(b);
275                 break;
276         case SSL_ERROR_WANT_READ:
277                 BIO_set_retry_read(b);
278                 break;
279         case SSL_ERROR_WANT_X509_LOOKUP:
280                 BIO_set_retry_special(b);
281                 retry_reason=BIO_RR_SSL_X509_LOOKUP;
282                 break;
283         case SSL_ERROR_WANT_CONNECT:
284                 BIO_set_retry_special(b);
285                 retry_reason=BIO_RR_CONNECT;
286         case SSL_ERROR_SYSCALL:
287         case SSL_ERROR_SSL:
288         default:
289                 break;
290                 }
291
292         b->retry_reason=retry_reason;
293         return(ret);
294         }
295
296 static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
297         {
298         SSL **sslp,*ssl;
299         BIO_SSL *bs;
300         BIO *dbio,*bio;
301         long ret=1;
302
303         bs=(BIO_SSL *)b->ptr;
304         ssl=bs->ssl;
305         if ((ssl == NULL)  && (cmd != BIO_C_SET_SSL))
306                 return(0);
307         switch (cmd)
308                 {
309         case BIO_CTRL_RESET:
310                 SSL_shutdown(ssl);
311
312                 if (ssl->handshake_func == ssl->method->ssl_connect)
313                         SSL_set_connect_state(ssl);
314                 else if (ssl->handshake_func == ssl->method->ssl_accept)
315                         SSL_set_accept_state(ssl);
316
317                 SSL_clear(ssl);
318
319                 if (b->next_bio != NULL)
320                         ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
321                 else if (ssl->rbio != NULL)
322                         ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
323                 else
324                         ret=1;
325                 break;
326         case BIO_CTRL_INFO:
327                 ret=0;
328                 break;
329         case BIO_C_SSL_MODE:
330                 if (num) /* client mode */
331                         SSL_set_connect_state(ssl);
332                 else
333                         SSL_set_accept_state(ssl);
334                 break;
335         case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
336                 ret=bs->renegotiate_timeout;
337                 if (num < 60) num=5;
338                 bs->renegotiate_timeout=(unsigned long)num;
339                 bs->last_time=(unsigned long)time(NULL);
340                 break;
341         case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
342                 ret=bs->renegotiate_count;
343                 if ((long)num >=512)
344                         bs->renegotiate_count=(unsigned long)num;
345                 break;
346         case BIO_C_GET_SSL_NUM_RENEGOTIATES:
347                 ret=bs->num_renegotiates;
348                 break;
349         case BIO_C_SET_SSL:
350                 if (ssl != NULL)
351                         ssl_free(b);
352                 b->shutdown=(int)num;
353                 ssl=(SSL *)ptr;
354                 ((BIO_SSL *)b->ptr)->ssl=ssl;
355                 bio=SSL_get_rbio(ssl);
356                 if (bio != NULL)
357                         {
358                         if (b->next_bio != NULL)
359                                 BIO_push(bio,b->next_bio);
360                         b->next_bio=bio;
361                         CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
362                         }
363                 b->init=1;
364                 break;
365         case BIO_C_GET_SSL:
366                 if (ptr != NULL)
367                         {
368                         sslp=(SSL **)ptr;
369                         *sslp=ssl;
370                         }
371                 else
372                         ret=0;
373                 break;
374         case BIO_CTRL_GET_CLOSE:
375                 ret=b->shutdown;
376                 break;
377         case BIO_CTRL_SET_CLOSE:
378                 b->shutdown=(int)num;
379                 break;
380         case BIO_CTRL_WPENDING:
381                 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
382                 break;
383         case BIO_CTRL_PENDING:
384                 ret=SSL_pending(ssl);
385                 if (ret == 0)
386                         ret=BIO_pending(ssl->rbio);
387                 break;
388         case BIO_CTRL_FLUSH:
389                 BIO_clear_retry_flags(b);
390                 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
391                 BIO_copy_next_retry(b);
392                 break;
393         case BIO_CTRL_PUSH:
394                 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
395                         {
396                         SSL_set_bio(ssl,b->next_bio,b->next_bio);
397                         CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
398                         }
399                 break;
400         case BIO_CTRL_POP:
401                 /* Only detach if we are the BIO explicitly being popped */
402                 if (b == ptr)
403                         {
404                         /* Shouldn't happen in practice because the
405                          * rbio and wbio are the same when pushed.
406                          */
407                         if (ssl->rbio != ssl->wbio)
408                                 BIO_free_all(ssl->wbio);
409                         if (b->next_bio != NULL)
410                                 CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO);
411                         ssl->wbio=NULL;
412                         ssl->rbio=NULL;
413                         }
414                 break;
415         case BIO_C_DO_STATE_MACHINE:
416                 BIO_clear_retry_flags(b);
417
418                 b->retry_reason=0;
419                 ret=(int)SSL_do_handshake(ssl);
420
421                 switch (SSL_get_error(ssl,(int)ret))
422                         {
423                 case SSL_ERROR_WANT_READ:
424                         BIO_set_flags(b,
425                                 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
426                         break;
427                 case SSL_ERROR_WANT_WRITE:
428                         BIO_set_flags(b,
429                                 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
430                         break;
431                 case SSL_ERROR_WANT_CONNECT:
432                         BIO_set_flags(b,
433                                 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
434                         b->retry_reason=b->next_bio->retry_reason;
435                         break;
436                 default:
437                         break;
438                         }
439                 break;
440         case BIO_CTRL_DUP:
441                 dbio=(BIO *)ptr;
442                 if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
443                         SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
444                 ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
445                 ((BIO_SSL *)dbio->ptr)->renegotiate_count=
446                         ((BIO_SSL *)b->ptr)->renegotiate_count;
447                 ((BIO_SSL *)dbio->ptr)->byte_count=
448                         ((BIO_SSL *)b->ptr)->byte_count;
449                 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
450                         ((BIO_SSL *)b->ptr)->renegotiate_timeout;
451                 ((BIO_SSL *)dbio->ptr)->last_time=
452                         ((BIO_SSL *)b->ptr)->last_time;
453                 ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
454                 break;
455         case BIO_C_GET_FD:
456                 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
457                 break;
458         case BIO_CTRL_SET_CALLBACK:
459                 {
460 #if 0 /* FIXME: Should this be used?  -- Richard Levitte */
461                 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
462                 ret = -1;
463 #else
464                 ret=0;
465 #endif
466                 }
467                 break;
468         case BIO_CTRL_GET_CALLBACK:
469                 {
470                 void (**fptr)(const SSL *xssl,int type,int val);
471
472                 fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
473                 *fptr=SSL_get_info_callback(ssl);
474                 }
475                 break;
476         default:
477                 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
478                 break;
479                 }
480         return(ret);
481         }
482
483 static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
484         {
485         SSL *ssl;
486         BIO_SSL *bs;
487         long ret=1;
488
489         bs=(BIO_SSL *)b->ptr;
490         ssl=bs->ssl;
491         switch (cmd)
492                 {
493         case BIO_CTRL_SET_CALLBACK:
494                 {
495                 /* FIXME: setting this via a completely different prototype
496                    seems like a crap idea */
497                 SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
498                 }
499                 break;
500         default:
501                 ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
502                 break;
503                 }
504         return(ret);
505         }
506
507 static int ssl_puts(BIO *bp, const char *str)
508         {
509         int n,ret;
510
511         n=strlen(str);
512         ret=BIO_write(bp,str,n);
513         return(ret);
514         }
515
516 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
517         {
518 #ifndef OPENSSL_NO_SOCK
519         BIO *ret=NULL,*buf=NULL,*ssl=NULL;
520
521         if ((buf=BIO_new(BIO_f_buffer())) == NULL)
522                 return(NULL);
523         if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
524                 goto err;
525         if ((ret=BIO_push(buf,ssl)) == NULL)
526                 goto err;
527         return(ret);
528 err:
529         if (buf != NULL) BIO_free(buf);
530         if (ssl != NULL) BIO_free(ssl);
531 #endif
532         return(NULL);
533         }
534
535 BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
536         {
537         BIO *ret=NULL,*con=NULL,*ssl=NULL;
538
539         if ((con=BIO_new(BIO_s_connect())) == NULL)
540                 return(NULL);
541         if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
542                 goto err;
543         if ((ret=BIO_push(ssl,con)) == NULL)
544                 goto err;
545         return(ret);
546 err:
547         if (con != NULL) BIO_free(con);
548         return(NULL);
549         }
550
551 BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
552         {
553         BIO *ret;
554         SSL *ssl;
555
556         if ((ret=BIO_new(BIO_f_ssl())) == NULL)
557                 return(NULL);
558         if ((ssl=SSL_new(ctx)) == NULL)
559                 {
560                 BIO_free(ret);
561                 return(NULL);
562                 }
563         if (client)
564                 SSL_set_connect_state(ssl);
565         else
566                 SSL_set_accept_state(ssl);
567                 
568         BIO_set_ssl(ret,ssl,BIO_CLOSE);
569         return(ret);
570         }
571
572 int BIO_ssl_copy_session_id(BIO *t, BIO *f)
573         {
574         t=BIO_find_type(t,BIO_TYPE_SSL);
575         f=BIO_find_type(f,BIO_TYPE_SSL);
576         if ((t == NULL) || (f == NULL))
577                 return(0);
578         if (    (((BIO_SSL *)t->ptr)->ssl == NULL) || 
579                 (((BIO_SSL *)f->ptr)->ssl == NULL))
580                 return(0);
581         SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
582         return(1);
583         }
584
585 void BIO_ssl_shutdown(BIO *b)
586         {
587         SSL *s;
588
589         while (b != NULL)
590                 {
591                 if (b->method->type == BIO_TYPE_SSL)
592                         {
593                         s=((BIO_SSL *)b->ptr)->ssl;
594                         SSL_shutdown(s);
595                         break;
596                         }
597                 b=b->next_bio;
598                 }
599         }