[ceph.git] / ceph / src / boost / boost / asio / ssl / detail / impl / engine.ipp

//
// ssl/detail/impl/engine.ipp
// ~~~~~~~~~~~~~~~~~~~~~~~~~~
//
// Copyright (c) 2003-2020 Christopher M. Kohlhoff (chris at kohlhoff dot com)
//
// Distributed under the Boost Software License, Version 1.0. (See accompanying
// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
//

#ifndef BOOST_ASIO_SSL_DETAIL_IMPL_ENGINE_IPP
#define BOOST_ASIO_SSL_DETAIL_IMPL_ENGINE_IPP

#if defined(_MSC_VER) && (_MSC_VER >= 1200)
# pragma once
#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)

#include <boost/asio/detail/config.hpp>

#include <boost/asio/detail/throw_error.hpp>
#include <boost/asio/error.hpp>
#include <boost/asio/ssl/detail/engine.hpp>
#include <boost/asio/ssl/error.hpp>
#include <boost/asio/ssl/verify_context.hpp>

#include <boost/asio/detail/push_options.hpp>

namespace boost {
namespace asio {
namespace ssl {
namespace detail {

engine::engine(SSL_CTX* context)
  : ssl_(::SSL_new(context))
{
  if (!ssl_)
  {
    boost::system::error_code ec(
        static_cast<int>(::ERR_get_error()),
        boost::asio::error::get_ssl_category());
    boost::asio::detail::throw_error(ec, "engine");
  }

#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
  accept_mutex().init();
#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L)

  ::SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE);
  ::SSL_set_mode(ssl_, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#if defined(SSL_MODE_RELEASE_BUFFERS)
  ::SSL_set_mode(ssl_, SSL_MODE_RELEASE_BUFFERS);
#endif // defined(SSL_MODE_RELEASE_BUFFERS)

  ::BIO* int_bio = 0;
  ::BIO_new_bio_pair(&int_bio, 0, &ext_bio_, 0);
  ::SSL_set_bio(ssl_, int_bio, int_bio);
}

engine::~engine()
{
  if (SSL_get_app_data(ssl_))
  {
    delete static_cast<verify_callback_base*>(SSL_get_app_data(ssl_));
    SSL_set_app_data(ssl_, 0);
  }

  ::BIO_free(ext_bio_);
  ::SSL_free(ssl_);
}

SSL* engine::native_handle()
{
  return ssl_;
}

boost::system::error_code engine::set_verify_mode(
    verify_mode v, boost::system::error_code& ec)
{
  ::SSL_set_verify(ssl_, v, ::SSL_get_verify_callback(ssl_));

  ec = boost::system::error_code();
  return ec;
}

boost::system::error_code engine::set_verify_depth(
    int depth, boost::system::error_code& ec)
{
  ::SSL_set_verify_depth(ssl_, depth);

  ec = boost::system::error_code();
  return ec;
}

boost::system::error_code engine::set_verify_callback(
    verify_callback_base* callback, boost::system::error_code& ec)
{
  if (SSL_get_app_data(ssl_))
    delete static_cast<verify_callback_base*>(SSL_get_app_data(ssl_));

  SSL_set_app_data(ssl_, callback);

  ::SSL_set_verify(ssl_, ::SSL_get_verify_mode(ssl_),
      &engine::verify_callback_function);

  ec = boost::system::error_code();
  return ec;
}

int engine::verify_callback_function(int preverified, X509_STORE_CTX* ctx)
{
  if (ctx)
  {
    if (SSL* ssl = static_cast<SSL*>(
          ::X509_STORE_CTX_get_ex_data(
            ctx, ::SSL_get_ex_data_X509_STORE_CTX_idx())))
    {
      if (SSL_get_app_data(ssl))
      {
        verify_callback_base* callback =
          static_cast<verify_callback_base*>(
              SSL_get_app_data(ssl));

        verify_context verify_ctx(ctx);
        return callback->call(preverified != 0, verify_ctx) ? 1 : 0;
      }
    }
  }

  return 0;
}

engine::want engine::handshake(
    stream_base::handshake_type type, boost::system::error_code& ec)
{
  return perform((type == boost::asio::ssl::stream_base::client)
      ? &engine::do_connect : &engine::do_accept, 0, 0, ec, 0);
}

engine::want engine::shutdown(boost::system::error_code& ec)
{
  return perform(&engine::do_shutdown, 0, 0, ec, 0);
}

engine::want engine::write(const boost::asio::const_buffer& data,
    boost::system::error_code& ec, std::size_t& bytes_transferred)
{
  if (data.size() == 0)
  {
    ec = boost::system::error_code();
    return engine::want_nothing;
  }

  return perform(&engine::do_write,
      const_cast<void*>(data.data()),
      data.size(), ec, &bytes_transferred);
}

engine::want engine::read(const boost::asio::mutable_buffer& data,
    boost::system::error_code& ec, std::size_t& bytes_transferred)
{
  if (data.size() == 0)
  {
    ec = boost::system::error_code();
    return engine::want_nothing;
  }

  return perform(&engine::do_read, data.data(),
      data.size(), ec, &bytes_transferred);
}

boost::asio::mutable_buffer engine::get_output(
    const boost::asio::mutable_buffer& data)
{
  int length = ::BIO_read(ext_bio_,
      data.data(), static_cast<int>(data.size()));

  return boost::asio::buffer(data,
      length > 0 ? static_cast<std::size_t>(length) : 0);
}

boost::asio::const_buffer engine::put_input(
    const boost::asio::const_buffer& data)
{
  int length = ::BIO_write(ext_bio_,
      data.data(), static_cast<int>(data.size()));

  return boost::asio::buffer(data +
      (length > 0 ? static_cast<std::size_t>(length) : 0));
}

const boost::system::error_code& engine::map_error_code(
    boost::system::error_code& ec) const
{
  // We only want to map the error::eof code.
  if (ec != boost::asio::error::eof)
    return ec;

  // If there's data yet to be read, it's an error.
  if (BIO_wpending(ext_bio_))
  {
    ec = boost::asio::ssl::error::stream_truncated;
    return ec;
  }

  // SSL v2 doesn't provide a protocol-level shutdown, so an eof on the
  // underlying transport is passed through.
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
  if (SSL_version(ssl_) == SSL2_VERSION)
    return ec;
#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L)

  // Otherwise, the peer should have negotiated a proper shutdown.
  if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0)
  {
    ec = boost::asio::ssl::error::stream_truncated;
  }

  return ec;
}

#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
boost::asio::detail::static_mutex& engine::accept_mutex()
{
  static boost::asio::detail::static_mutex mutex = BOOST_ASIO_STATIC_MUTEX_INIT;
  return mutex;
}
#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L)

engine::want engine::perform(int (engine::* op)(void*, std::size_t),
    void* data, std::size_t length, boost::system::error_code& ec,
    std::size_t* bytes_transferred)
{
  std::size_t pending_output_before = ::BIO_ctrl_pending(ext_bio_);
  ::ERR_clear_error();
  int result = (this->*op)(data, length);
  int ssl_error = ::SSL_get_error(ssl_, result);
  int sys_error = static_cast<int>(::ERR_get_error());
  std::size_t pending_output_after = ::BIO_ctrl_pending(ext_bio_);

  if (ssl_error == SSL_ERROR_SSL)
  {
    ec = boost::system::error_code(sys_error,
        boost::asio::error::get_ssl_category());
    return pending_output_after > pending_output_before
      ? want_output : want_nothing;
  }

  if (ssl_error == SSL_ERROR_SYSCALL)
  {
    if (sys_error == 0)
    {
      ec = boost::asio::ssl::error::unspecified_system_error;
    }
    else
    {
      ec = boost::system::error_code(sys_error,
          boost::asio::error::get_ssl_category());
    }
    return pending_output_after > pending_output_before
      ? want_output : want_nothing;
  }

  if (result > 0 && bytes_transferred)
    *bytes_transferred = static_cast<std::size_t>(result);

  if (ssl_error == SSL_ERROR_WANT_WRITE)
  {
    ec = boost::system::error_code();
    return want_output_and_retry;
  }
  else if (pending_output_after > pending_output_before)
  {
    ec = boost::system::error_code();
    return result > 0 ? want_output : want_output_and_retry;
  }
  else if (ssl_error == SSL_ERROR_WANT_READ)
  {
    ec = boost::system::error_code();
    return want_input_and_retry;
  }
  else if (ssl_error == SSL_ERROR_ZERO_RETURN)
  {
    ec = boost::asio::error::eof;
    return want_nothing;
  }
  else if (ssl_error == SSL_ERROR_NONE)
  {
    ec = boost::system::error_code();
    return want_nothing;
  }
  else
  {
    ec = boost::asio::ssl::error::unexpected_result;
    return want_nothing;
  }
}

int engine::do_accept(void*, std::size_t)
{
#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
  boost::asio::detail::static_mutex::scoped_lock lock(accept_mutex());
#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L)
  return ::SSL_accept(ssl_);
}

int engine::do_connect(void*, std::size_t)
{
  return ::SSL_connect(ssl_);
}

int engine::do_shutdown(void*, std::size_t)
{
  int result = ::SSL_shutdown(ssl_);
  if (result == 0)
    result = ::SSL_shutdown(ssl_);
  return result;
}

int engine::do_read(void* data, std::size_t length)
{
  return ::SSL_read(ssl_, data,
      length < INT_MAX ? static_cast<int>(length) : INT_MAX);
}

int engine::do_write(void* data, std::size_t length)
{
  return ::SSL_write(ssl_, data,
      length < INT_MAX ? static_cast<int>(length) : INT_MAX);
}

} // namespace detail
} // namespace ssl
} // namespace asio
} // namespace boost

#include <boost/asio/detail/pop_options.hpp>

#endif // BOOST_ASIO_SSL_DETAIL_IMPL_ENGINE_IPP
Commit	Line	Data
7c673cae FG	1	//
	2	// ssl/detail/impl/engine.ipp
	3	// ~~~~~~~~~~~~~~~~~~~~~~~~~~
	4	//
f67539c2	5	// Copyright (c) 2003-2020 Christopher M. Kohlhoff (chris at kohlhoff dot com)
7c673cae FG	6	//
	7	// Distributed under the Boost Software License, Version 1.0. (See accompanying
	8	// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
	9	//
	10
	11	#ifndef BOOST_ASIO_SSL_DETAIL_IMPL_ENGINE_IPP
	12	#define BOOST_ASIO_SSL_DETAIL_IMPL_ENGINE_IPP
	13
	14	#if defined(_MSC_VER) && (_MSC_VER >= 1200)
	15	# pragma once
	16	#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
	17
	18	#include <boost/asio/detail/config.hpp>
	19
b32b8144 FG	20	#include <boost/asio/detail/throw_error.hpp>
	21	#include <boost/asio/error.hpp>
	22	#include <boost/asio/ssl/detail/engine.hpp>
	23	#include <boost/asio/ssl/error.hpp>
	24	#include <boost/asio/ssl/verify_context.hpp>
7c673cae FG	25
	26	#include <boost/asio/detail/push_options.hpp>
	27
	28	namespace boost {
	29	namespace asio {
	30	namespace ssl {
	31	namespace detail {
	32
7c673cae FG	33	engine::engine(SSL_CTX* context)
	34	: ssl_(::SSL_new(context))
	35	{
	36	if (!ssl_)
	37	{
	38	boost::system::error_code ec(
	39	static_cast<int>(::ERR_get_error()),
	40	boost::asio::error::get_ssl_category());
	41	boost::asio::detail::throw_error(ec, "engine");
	42	}
	43
b32b8144	44	#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
7c673cae	45	accept_mutex().init();
b32b8144	46	#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L)
7c673cae FG	47
	48	::SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE);
	49	::SSL_set_mode(ssl_, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
	50	#if defined(SSL_MODE_RELEASE_BUFFERS)
	51	::SSL_set_mode(ssl_, SSL_MODE_RELEASE_BUFFERS);
	52	#endif // defined(SSL_MODE_RELEASE_BUFFERS)
	53
	54	::BIO* int_bio = 0;
	55	::BIO_new_bio_pair(&int_bio, 0, &ext_bio_, 0);
	56	::SSL_set_bio(ssl_, int_bio, int_bio);
	57	}
	58
	59	engine::~engine()
	60	{
	61	if (SSL_get_app_data(ssl_))
	62	{
	63	delete static_cast<verify_callback_base*>(SSL_get_app_data(ssl_));
	64	SSL_set_app_data(ssl_, 0);
	65	}
	66
	67	::BIO_free(ext_bio_);
	68	::SSL_free(ssl_);
	69	}
	70
	71	SSL* engine::native_handle()
	72	{
	73	return ssl_;
	74	}
	75
	76	boost::system::error_code engine::set_verify_mode(
	77	verify_mode v, boost::system::error_code& ec)
	78	{
	79	::SSL_set_verify(ssl_, v, ::SSL_get_verify_callback(ssl_));
	80
	81	ec = boost::system::error_code();
	82	return ec;
	83	}
	84
	85	boost::system::error_code engine::set_verify_depth(
	86	int depth, boost::system::error_code& ec)
	87	{
	88	::SSL_set_verify_depth(ssl_, depth);
	89
	90	ec = boost::system::error_code();
	91	return ec;
	92	}
	93
	94	boost::system::error_code engine::set_verify_callback(
	95	verify_callback_base* callback, boost::system::error_code& ec)
	96	{
	97	if (SSL_get_app_data(ssl_))
	98	delete static_cast<verify_callback_base*>(SSL_get_app_data(ssl_));
	99
	100	SSL_set_app_data(ssl_, callback);
	101
	102	::SSL_set_verify(ssl_, ::SSL_get_verify_mode(ssl_),
	103	&engine::verify_callback_function);
	104
	105	ec = boost::system::error_code();
	106	return ec;
	107	}
	108
	109	int engine::verify_callback_function(int preverified, X509_STORE_CTX* ctx)
	110	{
111	if (ctx)
112	{
113	if (SSL* ssl = static_cast<SSL*>(
114	::X509_STORE_CTX_get_ex_data(
115	ctx, ::SSL_get_ex_data_X509_STORE_CTX_idx())))
116	{
117	if (SSL_get_app_data(ssl))
118	{
119	verify_callback_base* callback =
120	static_cast<verify_callback_base*>(
121	SSL_get_app_data(ssl));
122
123	verify_context verify_ctx(ctx);
124	return callback->call(preverified != 0, verify_ctx) ? 1 : 0;
125	}
126	}
127	}
128
129	return 0;
130	}
131
132	engine::want engine::handshake(
133	stream_base::handshake_type type, boost::system::error_code& ec)
134	{
135	return perform((type == boost::asio::ssl::stream_base::client)
136	? &engine::do_connect : &engine::do_accept, 0, 0, ec, 0);
137	}
138
139	engine::want engine::shutdown(boost::system::error_code& ec)
140	{
141	return perform(&engine::do_shutdown, 0, 0, ec, 0);
142	}
143
144	engine::want engine::write(const boost::asio::const_buffer& data,
145	boost::system::error_code& ec, std::size_t& bytes_transferred)
146	{
b32b8144	147	if (data.size() == 0)
7c673cae FG	148	{
	149	ec = boost::system::error_code();
	150	return engine::want_nothing;
	151	}
	152
	153	return perform(&engine::do_write,
b32b8144 FG	154	const_cast<void*>(data.data()),
b32b8144 FG	155	data.size(), ec, &bytes_transferred);
7c673cae FG	156	}
	157
	158	engine::want engine::read(const boost::asio::mutable_buffer& data,
	159	boost::system::error_code& ec, std::size_t& bytes_transferred)
	160	{
b32b8144	161	if (data.size() == 0)
7c673cae FG	162	{
	163	ec = boost::system::error_code();
	164	return engine::want_nothing;
	165	}
	166
b32b8144 FG	167	return perform(&engine::do_read, data.data(),
b32b8144 FG	168	data.size(), ec, &bytes_transferred);
7c673cae FG	169	}
7c673cae FG	170
b32b8144	171	boost::asio::mutable_buffer engine::get_output(
7c673cae FG	172	const boost::asio::mutable_buffer& data)
	173	{
	174	int length = ::BIO_read(ext_bio_,
b32b8144	175	data.data(), static_cast<int>(data.size()));
7c673cae FG	176
	177	return boost::asio::buffer(data,
	178	length > 0 ? static_cast<std::size_t>(length) : 0);
	179	}
	180
	181	boost::asio::const_buffer engine::put_input(
	182	const boost::asio::const_buffer& data)
	183	{
	184	int length = ::BIO_write(ext_bio_,
b32b8144	185	data.data(), static_cast<int>(data.size()));
7c673cae FG	186
	187	return boost::asio::buffer(data +
	188	(length > 0 ? static_cast<std::size_t>(length) : 0));
	189	}
	190
	191	const boost::system::error_code& engine::map_error_code(
	192	boost::system::error_code& ec) const
	193	{
	194	// We only want to map the error::eof code.
	195	if (ec != boost::asio::error::eof)
	196	return ec;
	197
	198	// If there's data yet to be read, it's an error.
	199	if (BIO_wpending(ext_bio_))
	200	{
	201	ec = boost::asio::ssl::error::stream_truncated;
	202	return ec;
	203	}
	204
	205	// SSL v2 doesn't provide a protocol-level shutdown, so an eof on the
	206	// underlying transport is passed through.
	207	#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
b32b8144	208	if (SSL_version(ssl_) == SSL2_VERSION)
7c673cae FG	209	return ec;
	210	#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L)
	211
	212	// Otherwise, the peer should have negotiated a proper shutdown.
	213	if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0)
	214	{
	215	ec = boost::asio::ssl::error::stream_truncated;
	216	}
	217
	218	return ec;
	219	}
	220
b32b8144	221	#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
7c673cae FG	222	boost::asio::detail::static_mutex& engine::accept_mutex()
	223	{
	224	static boost::asio::detail::static_mutex mutex = BOOST_ASIO_STATIC_MUTEX_INIT;
	225	return mutex;
	226	}
b32b8144	227	#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L)
7c673cae FG	228
	229	engine::want engine::perform(int (engine::* op)(void*, std::size_t),
	230	void* data, std::size_t length, boost::system::error_code& ec,
	231	std::size_t* bytes_transferred)
	232	{
	233	std::size_t pending_output_before = ::BIO_ctrl_pending(ext_bio_);
	234	::ERR_clear_error();
	235	int result = (this->*op)(data, length);
	236	int ssl_error = ::SSL_get_error(ssl_, result);
	237	int sys_error = static_cast<int>(::ERR_get_error());
	238	std::size_t pending_output_after = ::BIO_ctrl_pending(ext_bio_);
	239
	240	if (ssl_error == SSL_ERROR_SSL)
	241	{
	242	ec = boost::system::error_code(sys_error,
	243	boost::asio::error::get_ssl_category());
92f5a8d4 TL	244	return pending_output_after > pending_output_before
92f5a8d4 TL	245	? want_output : want_nothing;
7c673cae FG	246	}
	247
	248	if (ssl_error == SSL_ERROR_SYSCALL)
	249	{
92f5a8d4 TL	250	if (sys_error == 0)
	251	{
	252	ec = boost::asio::ssl::error::unspecified_system_error;
	253	}
	254	else
	255	{
	256	ec = boost::system::error_code(sys_error,
	257	boost::asio::error::get_ssl_category());
	258	}
	259	return pending_output_after > pending_output_before
	260	? want_output : want_nothing;
7c673cae FG	261	}
	262
	263	if (result > 0 && bytes_transferred)
	264	*bytes_transferred = static_cast<std::size_t>(result);
	265
	266	if (ssl_error == SSL_ERROR_WANT_WRITE)
	267	{
	268	ec = boost::system::error_code();
	269	return want_output_and_retry;
	270	}
	271	else if (pending_output_after > pending_output_before)
	272	{
	273	ec = boost::system::error_code();
	274	return result > 0 ? want_output : want_output_and_retry;
	275	}
	276	else if (ssl_error == SSL_ERROR_WANT_READ)
	277	{
	278	ec = boost::system::error_code();
	279	return want_input_and_retry;
	280	}
92f5a8d4	281	else if (ssl_error == SSL_ERROR_ZERO_RETURN)
7c673cae FG	282	{
	283	ec = boost::asio::error::eof;
	284	return want_nothing;
	285	}
92f5a8d4	286	else if (ssl_error == SSL_ERROR_NONE)
7c673cae FG	287	{
	288	ec = boost::system::error_code();
	289	return want_nothing;
	290	}
92f5a8d4 TL	291	else
	292	{
	293	ec = boost::asio::ssl::error::unexpected_result;
	294	return want_nothing;
	295	}
7c673cae FG	296	}
	297
	298	int engine::do_accept(void*, std::size_t)
	299	{
b32b8144	300	#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
7c673cae	301	boost::asio::detail::static_mutex::scoped_lock lock(accept_mutex());
b32b8144	302	#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L)
7c673cae FG	303	return ::SSL_accept(ssl_);
	304	}
	305
	306	int engine::do_connect(void*, std::size_t)
	307	{
	308	return ::SSL_connect(ssl_);
	309	}
	310
	311	int engine::do_shutdown(void*, std::size_t)
	312	{
	313	int result = ::SSL_shutdown(ssl_);
	314	if (result == 0)
	315	result = ::SSL_shutdown(ssl_);
	316	return result;
	317	}
	318
	319	int engine::do_read(void* data, std::size_t length)
	320	{
	321	return ::SSL_read(ssl_, data,
	322	length < INT_MAX ? static_cast<int>(length) : INT_MAX);
	323	}
	324
	325	int engine::do_write(void* data, std::size_t length)
	326	{
	327	return ::SSL_write(ssl_, data,
	328	length < INT_MAX ? static_cast<int>(length) : INT_MAX);
	329	}
	330
7c673cae FG	331	} // namespace detail
	332	} // namespace ssl
	333	} // namespace asio
	334	} // namespace boost
	335
	336	#include <boost/asio/detail/pop_options.hpp>
	337
	338	#endif // BOOST_ASIO_SSL_DETAIL_IMPL_ENGINE_IPP