]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | // |
2 | // ssl/detail/impl/engine.ipp | |
3 | // ~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
4 | // | |
f67539c2 | 5 | // Copyright (c) 2003-2020 Christopher M. Kohlhoff (chris at kohlhoff dot com) |
7c673cae FG |
6 | // |
7 | // Distributed under the Boost Software License, Version 1.0. (See accompanying | |
8 | // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) | |
9 | // | |
10 | ||
11 | #ifndef BOOST_ASIO_SSL_DETAIL_IMPL_ENGINE_IPP | |
12 | #define BOOST_ASIO_SSL_DETAIL_IMPL_ENGINE_IPP | |
13 | ||
14 | #if defined(_MSC_VER) && (_MSC_VER >= 1200) | |
15 | # pragma once | |
16 | #endif // defined(_MSC_VER) && (_MSC_VER >= 1200) | |
17 | ||
18 | #include <boost/asio/detail/config.hpp> | |
19 | ||
b32b8144 FG |
20 | #include <boost/asio/detail/throw_error.hpp> |
21 | #include <boost/asio/error.hpp> | |
22 | #include <boost/asio/ssl/detail/engine.hpp> | |
23 | #include <boost/asio/ssl/error.hpp> | |
24 | #include <boost/asio/ssl/verify_context.hpp> | |
7c673cae FG |
25 | |
26 | #include <boost/asio/detail/push_options.hpp> | |
27 | ||
28 | namespace boost { | |
29 | namespace asio { | |
30 | namespace ssl { | |
31 | namespace detail { | |
32 | ||
7c673cae FG |
33 | engine::engine(SSL_CTX* context) |
34 | : ssl_(::SSL_new(context)) | |
35 | { | |
36 | if (!ssl_) | |
37 | { | |
38 | boost::system::error_code ec( | |
39 | static_cast<int>(::ERR_get_error()), | |
40 | boost::asio::error::get_ssl_category()); | |
41 | boost::asio::detail::throw_error(ec, "engine"); | |
42 | } | |
43 | ||
b32b8144 | 44 | #if (OPENSSL_VERSION_NUMBER < 0x10000000L) |
7c673cae | 45 | accept_mutex().init(); |
b32b8144 | 46 | #endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) |
7c673cae FG |
47 | |
48 | ::SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE); | |
49 | ::SSL_set_mode(ssl_, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); | |
50 | #if defined(SSL_MODE_RELEASE_BUFFERS) | |
51 | ::SSL_set_mode(ssl_, SSL_MODE_RELEASE_BUFFERS); | |
52 | #endif // defined(SSL_MODE_RELEASE_BUFFERS) | |
53 | ||
54 | ::BIO* int_bio = 0; | |
55 | ::BIO_new_bio_pair(&int_bio, 0, &ext_bio_, 0); | |
56 | ::SSL_set_bio(ssl_, int_bio, int_bio); | |
57 | } | |
58 | ||
59 | engine::~engine() | |
60 | { | |
61 | if (SSL_get_app_data(ssl_)) | |
62 | { | |
63 | delete static_cast<verify_callback_base*>(SSL_get_app_data(ssl_)); | |
64 | SSL_set_app_data(ssl_, 0); | |
65 | } | |
66 | ||
67 | ::BIO_free(ext_bio_); | |
68 | ::SSL_free(ssl_); | |
69 | } | |
70 | ||
71 | SSL* engine::native_handle() | |
72 | { | |
73 | return ssl_; | |
74 | } | |
75 | ||
76 | boost::system::error_code engine::set_verify_mode( | |
77 | verify_mode v, boost::system::error_code& ec) | |
78 | { | |
79 | ::SSL_set_verify(ssl_, v, ::SSL_get_verify_callback(ssl_)); | |
80 | ||
81 | ec = boost::system::error_code(); | |
82 | return ec; | |
83 | } | |
84 | ||
85 | boost::system::error_code engine::set_verify_depth( | |
86 | int depth, boost::system::error_code& ec) | |
87 | { | |
88 | ::SSL_set_verify_depth(ssl_, depth); | |
89 | ||
90 | ec = boost::system::error_code(); | |
91 | return ec; | |
92 | } | |
93 | ||
94 | boost::system::error_code engine::set_verify_callback( | |
95 | verify_callback_base* callback, boost::system::error_code& ec) | |
96 | { | |
97 | if (SSL_get_app_data(ssl_)) | |
98 | delete static_cast<verify_callback_base*>(SSL_get_app_data(ssl_)); | |
99 | ||
100 | SSL_set_app_data(ssl_, callback); | |
101 | ||
102 | ::SSL_set_verify(ssl_, ::SSL_get_verify_mode(ssl_), | |
103 | &engine::verify_callback_function); | |
104 | ||
105 | ec = boost::system::error_code(); | |
106 | return ec; | |
107 | } | |
108 | ||
109 | int engine::verify_callback_function(int preverified, X509_STORE_CTX* ctx) | |
110 | { | |
111 | if (ctx) | |
112 | { | |
113 | if (SSL* ssl = static_cast<SSL*>( | |
114 | ::X509_STORE_CTX_get_ex_data( | |
115 | ctx, ::SSL_get_ex_data_X509_STORE_CTX_idx()))) | |
116 | { | |
117 | if (SSL_get_app_data(ssl)) | |
118 | { | |
119 | verify_callback_base* callback = | |
120 | static_cast<verify_callback_base*>( | |
121 | SSL_get_app_data(ssl)); | |
122 | ||
123 | verify_context verify_ctx(ctx); | |
124 | return callback->call(preverified != 0, verify_ctx) ? 1 : 0; | |
125 | } | |
126 | } | |
127 | } | |
128 | ||
129 | return 0; | |
130 | } | |
131 | ||
132 | engine::want engine::handshake( | |
133 | stream_base::handshake_type type, boost::system::error_code& ec) | |
134 | { | |
135 | return perform((type == boost::asio::ssl::stream_base::client) | |
136 | ? &engine::do_connect : &engine::do_accept, 0, 0, ec, 0); | |
137 | } | |
138 | ||
139 | engine::want engine::shutdown(boost::system::error_code& ec) | |
140 | { | |
141 | return perform(&engine::do_shutdown, 0, 0, ec, 0); | |
142 | } | |
143 | ||
144 | engine::want engine::write(const boost::asio::const_buffer& data, | |
145 | boost::system::error_code& ec, std::size_t& bytes_transferred) | |
146 | { | |
b32b8144 | 147 | if (data.size() == 0) |
7c673cae FG |
148 | { |
149 | ec = boost::system::error_code(); | |
150 | return engine::want_nothing; | |
151 | } | |
152 | ||
153 | return perform(&engine::do_write, | |
b32b8144 FG |
154 | const_cast<void*>(data.data()), |
155 | data.size(), ec, &bytes_transferred); | |
7c673cae FG |
156 | } |
157 | ||
158 | engine::want engine::read(const boost::asio::mutable_buffer& data, | |
159 | boost::system::error_code& ec, std::size_t& bytes_transferred) | |
160 | { | |
b32b8144 | 161 | if (data.size() == 0) |
7c673cae FG |
162 | { |
163 | ec = boost::system::error_code(); | |
164 | return engine::want_nothing; | |
165 | } | |
166 | ||
b32b8144 FG |
167 | return perform(&engine::do_read, data.data(), |
168 | data.size(), ec, &bytes_transferred); | |
7c673cae FG |
169 | } |
170 | ||
b32b8144 | 171 | boost::asio::mutable_buffer engine::get_output( |
7c673cae FG |
172 | const boost::asio::mutable_buffer& data) |
173 | { | |
174 | int length = ::BIO_read(ext_bio_, | |
b32b8144 | 175 | data.data(), static_cast<int>(data.size())); |
7c673cae FG |
176 | |
177 | return boost::asio::buffer(data, | |
178 | length > 0 ? static_cast<std::size_t>(length) : 0); | |
179 | } | |
180 | ||
181 | boost::asio::const_buffer engine::put_input( | |
182 | const boost::asio::const_buffer& data) | |
183 | { | |
184 | int length = ::BIO_write(ext_bio_, | |
b32b8144 | 185 | data.data(), static_cast<int>(data.size())); |
7c673cae FG |
186 | |
187 | return boost::asio::buffer(data + | |
188 | (length > 0 ? static_cast<std::size_t>(length) : 0)); | |
189 | } | |
190 | ||
191 | const boost::system::error_code& engine::map_error_code( | |
192 | boost::system::error_code& ec) const | |
193 | { | |
194 | // We only want to map the error::eof code. | |
195 | if (ec != boost::asio::error::eof) | |
196 | return ec; | |
197 | ||
198 | // If there's data yet to be read, it's an error. | |
199 | if (BIO_wpending(ext_bio_)) | |
200 | { | |
201 | ec = boost::asio::ssl::error::stream_truncated; | |
202 | return ec; | |
203 | } | |
204 | ||
205 | // SSL v2 doesn't provide a protocol-level shutdown, so an eof on the | |
206 | // underlying transport is passed through. | |
207 | #if (OPENSSL_VERSION_NUMBER < 0x10100000L) | |
b32b8144 | 208 | if (SSL_version(ssl_) == SSL2_VERSION) |
7c673cae FG |
209 | return ec; |
210 | #endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) | |
211 | ||
212 | // Otherwise, the peer should have negotiated a proper shutdown. | |
213 | if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0) | |
214 | { | |
215 | ec = boost::asio::ssl::error::stream_truncated; | |
216 | } | |
217 | ||
218 | return ec; | |
219 | } | |
220 | ||
b32b8144 | 221 | #if (OPENSSL_VERSION_NUMBER < 0x10000000L) |
7c673cae FG |
222 | boost::asio::detail::static_mutex& engine::accept_mutex() |
223 | { | |
224 | static boost::asio::detail::static_mutex mutex = BOOST_ASIO_STATIC_MUTEX_INIT; | |
225 | return mutex; | |
226 | } | |
b32b8144 | 227 | #endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) |
7c673cae FG |
228 | |
229 | engine::want engine::perform(int (engine::* op)(void*, std::size_t), | |
230 | void* data, std::size_t length, boost::system::error_code& ec, | |
231 | std::size_t* bytes_transferred) | |
232 | { | |
233 | std::size_t pending_output_before = ::BIO_ctrl_pending(ext_bio_); | |
234 | ::ERR_clear_error(); | |
235 | int result = (this->*op)(data, length); | |
236 | int ssl_error = ::SSL_get_error(ssl_, result); | |
237 | int sys_error = static_cast<int>(::ERR_get_error()); | |
238 | std::size_t pending_output_after = ::BIO_ctrl_pending(ext_bio_); | |
239 | ||
240 | if (ssl_error == SSL_ERROR_SSL) | |
241 | { | |
242 | ec = boost::system::error_code(sys_error, | |
243 | boost::asio::error::get_ssl_category()); | |
92f5a8d4 TL |
244 | return pending_output_after > pending_output_before |
245 | ? want_output : want_nothing; | |
7c673cae FG |
246 | } |
247 | ||
248 | if (ssl_error == SSL_ERROR_SYSCALL) | |
249 | { | |
92f5a8d4 TL |
250 | if (sys_error == 0) |
251 | { | |
252 | ec = boost::asio::ssl::error::unspecified_system_error; | |
253 | } | |
254 | else | |
255 | { | |
256 | ec = boost::system::error_code(sys_error, | |
257 | boost::asio::error::get_ssl_category()); | |
258 | } | |
259 | return pending_output_after > pending_output_before | |
260 | ? want_output : want_nothing; | |
7c673cae FG |
261 | } |
262 | ||
263 | if (result > 0 && bytes_transferred) | |
264 | *bytes_transferred = static_cast<std::size_t>(result); | |
265 | ||
266 | if (ssl_error == SSL_ERROR_WANT_WRITE) | |
267 | { | |
268 | ec = boost::system::error_code(); | |
269 | return want_output_and_retry; | |
270 | } | |
271 | else if (pending_output_after > pending_output_before) | |
272 | { | |
273 | ec = boost::system::error_code(); | |
274 | return result > 0 ? want_output : want_output_and_retry; | |
275 | } | |
276 | else if (ssl_error == SSL_ERROR_WANT_READ) | |
277 | { | |
278 | ec = boost::system::error_code(); | |
279 | return want_input_and_retry; | |
280 | } | |
92f5a8d4 | 281 | else if (ssl_error == SSL_ERROR_ZERO_RETURN) |
7c673cae FG |
282 | { |
283 | ec = boost::asio::error::eof; | |
284 | return want_nothing; | |
285 | } | |
92f5a8d4 | 286 | else if (ssl_error == SSL_ERROR_NONE) |
7c673cae FG |
287 | { |
288 | ec = boost::system::error_code(); | |
289 | return want_nothing; | |
290 | } | |
92f5a8d4 TL |
291 | else |
292 | { | |
293 | ec = boost::asio::ssl::error::unexpected_result; | |
294 | return want_nothing; | |
295 | } | |
7c673cae FG |
296 | } |
297 | ||
298 | int engine::do_accept(void*, std::size_t) | |
299 | { | |
b32b8144 | 300 | #if (OPENSSL_VERSION_NUMBER < 0x10000000L) |
7c673cae | 301 | boost::asio::detail::static_mutex::scoped_lock lock(accept_mutex()); |
b32b8144 | 302 | #endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) |
7c673cae FG |
303 | return ::SSL_accept(ssl_); |
304 | } | |
305 | ||
306 | int engine::do_connect(void*, std::size_t) | |
307 | { | |
308 | return ::SSL_connect(ssl_); | |
309 | } | |
310 | ||
311 | int engine::do_shutdown(void*, std::size_t) | |
312 | { | |
313 | int result = ::SSL_shutdown(ssl_); | |
314 | if (result == 0) | |
315 | result = ::SSL_shutdown(ssl_); | |
316 | return result; | |
317 | } | |
318 | ||
319 | int engine::do_read(void* data, std::size_t length) | |
320 | { | |
321 | return ::SSL_read(ssl_, data, | |
322 | length < INT_MAX ? static_cast<int>(length) : INT_MAX); | |
323 | } | |
324 | ||
325 | int engine::do_write(void* data, std::size_t length) | |
326 | { | |
327 | return ::SSL_write(ssl_, data, | |
328 | length < INT_MAX ? static_cast<int>(length) : INT_MAX); | |
329 | } | |
330 | ||
7c673cae FG |
331 | } // namespace detail |
332 | } // namespace ssl | |
333 | } // namespace asio | |
334 | } // namespace boost | |
335 | ||
336 | #include <boost/asio/detail/pop_options.hpp> | |
337 | ||
338 | #endif // BOOST_ASIO_SSL_DETAIL_IMPL_ENGINE_IPP |