2 * Copyright 2017 Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include <folly/io/async/AsyncSSLSocket.h>
19 #include <folly/io/async/EventBase.h>
20 #include <folly/portability/Sockets.h>
22 #include <boost/noncopyable.hpp>
25 #include <openssl/asn1.h>
26 #include <openssl/err.h>
27 #include <openssl/ssl.h>
28 #include <sys/types.h>
31 #include <folly/Bits.h>
32 #include <folly/SocketAddress.h>
33 #include <folly/SpinLock.h>
34 #include <folly/io/Cursor.h>
35 #include <folly/io/IOBuf.h>
36 #include <folly/portability/OpenSSL.h>
37 #include <folly/portability/Unistd.h>
39 using folly::SocketAddress;
40 using folly::SSLContext;
42 using std::shared_ptr;
46 using folly::SpinLock;
47 using folly::SpinLockGuard;
48 using folly::io::Cursor;
49 using std::unique_ptr;
53 using folly::AsyncSocket;
54 using folly::AsyncSocketException;
55 using folly::AsyncSSLSocket;
56 using folly::Optional;
57 using folly::SSLContext;
58 // For OpenSSL portability API
59 using namespace folly::ssl;
60 using folly::ssl::OpenSSLUtils;
62 // We have one single dummy SSL context so that we can implement attach
63 // and detach methods in a thread safe fashion without modifying opnessl.
64 static SSLContext *dummyCtx = nullptr;
65 static SpinLock dummyCtxLock;
67 // If given min write size is less than this, buffer will be allocated on
68 // stack, otherwise it is allocated on heap
69 const size_t MAX_STACK_BUF_SIZE = 2048;
71 // This converts "illegal" shutdowns into ZERO_RETURN
72 inline bool zero_return(int error, int rc) {
73 return (error == SSL_ERROR_ZERO_RETURN || (rc == 0 && errno == 0));
76 class AsyncSSLSocketConnector: public AsyncSocket::ConnectCallback,
77 public AsyncSSLSocket::HandshakeCB {
80 AsyncSSLSocket *sslSocket_;
81 AsyncSSLSocket::ConnectCallback *callback_;
86 ~AsyncSSLSocketConnector() override {}
89 AsyncSSLSocketConnector(AsyncSSLSocket *sslSocket,
90 AsyncSocket::ConnectCallback *callback,
92 sslSocket_(sslSocket),
95 startTime_(std::chrono::duration_cast<std::chrono::milliseconds>(
96 std::chrono::steady_clock::now().time_since_epoch()).count()) {
99 void connectSuccess() noexcept override {
100 VLOG(7) << "client socket connected";
102 int64_t timeoutLeft = 0;
104 auto curTime = std::chrono::duration_cast<std::chrono::milliseconds>(
105 std::chrono::steady_clock::now().time_since_epoch()).count();
107 timeoutLeft = timeout_ - (curTime - startTime_);
108 if (timeoutLeft <= 0) {
109 AsyncSocketException ex(AsyncSocketException::TIMED_OUT,
110 "SSL connect timed out");
116 sslSocket_->sslConn(this, std::chrono::milliseconds(timeoutLeft));
119 void connectErr(const AsyncSocketException& ex) noexcept override {
120 VLOG(1) << "TCP connect failed: " << ex.what();
125 void handshakeSuc(AsyncSSLSocket* /* sock */) noexcept override {
126 VLOG(7) << "client handshake success";
128 callback_->connectSuccess();
133 void handshakeErr(AsyncSSLSocket* /* socket */,
134 const AsyncSocketException& ex) noexcept override {
135 VLOG(1) << "client handshakeErr: " << ex.what();
140 void fail(const AsyncSocketException &ex) {
141 // fail is a noop if called twice
143 AsyncSSLSocket::ConnectCallback *cb = callback_;
147 sslSocket_->closeNow();
148 // closeNow can call handshakeErr if it hasn't been called already.
149 // So this may have been deleted, no member variable access beyond this
151 // Note that closeNow may invoke writeError callbacks if the socket had
152 // write data pending connection completion.
157 void setup_SSL_CTX(SSL_CTX *ctx) {
158 #ifdef SSL_MODE_RELEASE_BUFFERS
159 SSL_CTX_set_mode(ctx,
160 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
161 SSL_MODE_ENABLE_PARTIAL_WRITE
162 | SSL_MODE_RELEASE_BUFFERS
165 SSL_CTX_set_mode(ctx,
166 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
167 SSL_MODE_ENABLE_PARTIAL_WRITE
170 // SSL_CTX_set_mode is a Macro
171 #ifdef SSL_MODE_WRITE_IOVEC
172 SSL_CTX_set_mode(ctx,
173 SSL_CTX_get_mode(ctx)
174 | SSL_MODE_WRITE_IOVEC);
179 BIO_METHOD sslBioMethod;
181 void* initsslBioMethod(void) {
182 memcpy(&sslBioMethod, BIO_s_socket(), sizeof(sslBioMethod));
183 // override the bwrite method for MSG_EOR support
184 OpenSSLUtils::setCustomBioWriteMethod(
185 &sslBioMethod, AsyncSSLSocket::bioWrite);
186 OpenSSLUtils::setCustomBioReadMethod(&sslBioMethod, AsyncSSLSocket::bioRead);
188 // Note that the sslBioMethod.type and sslBioMethod.name are not
189 // set here. openssl code seems to be checking ".type == BIO_TYPE_SOCKET" and
190 // then have specific handlings. The sslWriteBioWrite should be compatible
191 // with the one in openssl.
193 // Return something here to enable AsyncSSLSocket to call this method using
194 // a function-scoped static.
198 } // anonymous namespace
203 * Create a client AsyncSSLSocket
205 AsyncSSLSocket::AsyncSSLSocket(const shared_ptr<SSLContext> &ctx,
206 EventBase* evb, bool deferSecurityNegotiation) :
209 handshakeTimeout_(this, evb),
210 connectionTimeout_(this, evb) {
212 if (deferSecurityNegotiation) {
213 sslState_ = STATE_UNENCRYPTED;
218 * Create a server/client AsyncSSLSocket
220 AsyncSSLSocket::AsyncSSLSocket(const shared_ptr<SSLContext>& ctx,
221 EventBase* evb, int fd, bool server,
222 bool deferSecurityNegotiation) :
223 AsyncSocket(evb, fd),
226 handshakeTimeout_(this, evb),
227 connectionTimeout_(this, evb) {
228 noTransparentTls_ = true;
231 SSL_CTX_set_info_callback(ctx_->getSSLCtx(),
232 AsyncSSLSocket::sslInfoCallback);
234 if (deferSecurityNegotiation) {
235 sslState_ = STATE_UNENCRYPTED;
239 #if FOLLY_OPENSSL_HAS_SNI
241 * Create a client AsyncSSLSocket and allow tlsext_hostname
242 * to be sent in Client Hello.
244 AsyncSSLSocket::AsyncSSLSocket(const shared_ptr<SSLContext> &ctx,
246 const std::string& serverName,
247 bool deferSecurityNegotiation) :
248 AsyncSSLSocket(ctx, evb, deferSecurityNegotiation) {
249 tlsextHostname_ = serverName;
253 * Create a client AsyncSSLSocket from an already connected fd
254 * and allow tlsext_hostname to be sent in Client Hello.
256 AsyncSSLSocket::AsyncSSLSocket(const shared_ptr<SSLContext>& ctx,
257 EventBase* evb, int fd,
258 const std::string& serverName,
259 bool deferSecurityNegotiation) :
260 AsyncSSLSocket(ctx, evb, fd, false, deferSecurityNegotiation) {
261 tlsextHostname_ = serverName;
263 #endif // FOLLY_OPENSSL_HAS_SNI
265 AsyncSSLSocket::~AsyncSSLSocket() {
266 VLOG(3) << "actual destruction of AsyncSSLSocket(this=" << this
267 << ", evb=" << eventBase_ << ", fd=" << fd_
268 << ", state=" << int(state_) << ", sslState="
269 << sslState_ << ", events=" << eventFlags_ << ")";
272 void AsyncSSLSocket::init() {
273 // Do this here to ensure we initialize this once before any use of
274 // AsyncSSLSocket instances and not as part of library load.
275 static const auto sslBioMethodInitializer = initsslBioMethod();
276 (void)sslBioMethodInitializer;
278 setup_SSL_CTX(ctx_->getSSLCtx());
281 void AsyncSSLSocket::closeNow() {
282 // Close the SSL connection.
283 if (ssl_ != nullptr && fd_ != -1) {
284 int rc = SSL_shutdown(ssl_);
286 rc = SSL_shutdown(ssl_);
293 if (sslSession_ != nullptr) {
294 SSL_SESSION_free(sslSession_);
295 sslSession_ = nullptr;
298 sslState_ = STATE_CLOSED;
300 if (handshakeTimeout_.isScheduled()) {
301 handshakeTimeout_.cancelTimeout();
304 DestructorGuard dg(this);
307 AsyncSocketException(
308 AsyncSocketException::END_OF_FILE,
309 "SSL connection closed locally"));
311 if (ssl_ != nullptr) {
317 AsyncSocket::closeNow();
320 void AsyncSSLSocket::shutdownWrite() {
321 // SSL sockets do not support half-shutdown, so just perform a full shutdown.
323 // (Performing a full shutdown here is more desirable than doing nothing at
324 // all. The purpose of shutdownWrite() is normally to notify the other end
325 // of the connection that no more data will be sent. If we do nothing, the
326 // other end will never know that no more data is coming, and this may result
327 // in protocol deadlock.)
331 void AsyncSSLSocket::shutdownWriteNow() {
335 bool AsyncSSLSocket::good() const {
336 return (AsyncSocket::good() &&
337 (sslState_ == STATE_ACCEPTING || sslState_ == STATE_CONNECTING ||
338 sslState_ == STATE_ESTABLISHED || sslState_ == STATE_UNENCRYPTED));
341 // The TAsyncTransport definition of 'good' states that the transport is
342 // ready to perform reads and writes, so sslState_ == UNINIT must report !good.
343 // connecting can be true when the sslState_ == UNINIT because the AsyncSocket
344 // is connected but we haven't initiated the call to SSL_connect.
345 bool AsyncSSLSocket::connecting() const {
347 (AsyncSocket::connecting() ||
348 (AsyncSocket::good() && (sslState_ == STATE_UNINIT ||
349 sslState_ == STATE_CONNECTING))));
352 std::string AsyncSSLSocket::getApplicationProtocol() noexcept {
353 const unsigned char* protoName = nullptr;
354 unsigned protoLength;
355 if (getSelectedNextProtocolNoThrow(&protoName, &protoLength)) {
356 return std::string(reinterpret_cast<const char*>(protoName), protoLength);
361 void AsyncSSLSocket::setEorTracking(bool track) {
362 if (isEorTrackingEnabled() != track) {
363 AsyncSocket::setEorTracking(track);
365 minEorRawByteNo_ = 0;
369 size_t AsyncSSLSocket::getRawBytesWritten() const {
370 // The bio(s) in the write path are in a chain
371 // each bio flushes to the next and finally written into the socket
372 // to get the rawBytesWritten on the socket,
373 // get the write bytes of the last bio
375 if (!ssl_ || !(b = SSL_get_wbio(ssl_))) {
378 BIO* next = BIO_next(b);
379 while (next != NULL) {
384 return BIO_number_written(b);
387 size_t AsyncSSLSocket::getRawBytesReceived() const {
389 if (!ssl_ || !(b = SSL_get_rbio(ssl_))) {
393 return BIO_number_read(b);
397 void AsyncSSLSocket::invalidState(HandshakeCB* callback) {
398 LOG(ERROR) << "AsyncSSLSocket(this=" << this << ", fd=" << fd_
399 << ", state=" << int(state_) << ", sslState=" << sslState_ << ", "
400 << "events=" << eventFlags_ << ", server=" << short(server_)
401 << "): " << "sslAccept/Connect() called in invalid "
402 << "state, handshake callback " << handshakeCallback_
403 << ", new callback " << callback;
404 assert(!handshakeTimeout_.isScheduled());
405 sslState_ = STATE_ERROR;
407 AsyncSocketException ex(AsyncSocketException::INVALID_STATE,
408 "sslAccept() called with socket in invalid state");
410 handshakeEndTime_ = std::chrono::steady_clock::now();
412 callback->handshakeErr(this, ex);
415 failHandshake(__func__, ex);
418 void AsyncSSLSocket::sslAccept(
419 HandshakeCB* callback,
420 std::chrono::milliseconds timeout,
421 const SSLContext::SSLVerifyPeerEnum& verifyPeer) {
422 DestructorGuard dg(this);
423 assert(eventBase_->isInEventBaseThread());
424 verifyPeer_ = verifyPeer;
426 // Make sure we're in the uninitialized state
427 if (!server_ || (sslState_ != STATE_UNINIT &&
428 sslState_ != STATE_UNENCRYPTED) ||
429 handshakeCallback_ != nullptr) {
430 return invalidState(callback);
433 // Cache local and remote socket addresses to keep them available
434 // after socket file descriptor is closed.
435 if (cacheAddrOnFailure_ && -1 != getFd()) {
436 cacheLocalPeerAddr();
439 handshakeStartTime_ = std::chrono::steady_clock::now();
440 // Make end time at least >= start time.
441 handshakeEndTime_ = handshakeStartTime_;
443 sslState_ = STATE_ACCEPTING;
444 handshakeCallback_ = callback;
446 if (timeout > std::chrono::milliseconds::zero()) {
447 handshakeTimeout_.scheduleTimeout(timeout);
450 /* register for a read operation (waiting for CLIENT HELLO) */
451 updateEventRegistration(EventHandler::READ, EventHandler::WRITE);
453 if (preReceivedData_) {
458 #if OPENSSL_VERSION_NUMBER >= 0x009080bfL
459 void AsyncSSLSocket::attachSSLContext(
460 const std::shared_ptr<SSLContext>& ctx) {
462 // Check to ensure we are in client mode. Changing a server's ssl
463 // context doesn't make sense since clients of that server would likely
464 // become confused when the server's context changes.
468 DCHECK(ctx->getSSLCtx());
471 // It's possible this could be attached before ssl_ is set up
476 // In order to call attachSSLContext, detachSSLContext must have been
477 // previously called.
478 // We need to update the initial_ctx if necessary
479 auto sslCtx = ctx->getSSLCtx();
480 SSL_CTX_up_ref(sslCtx);
481 #ifndef OPENSSL_NO_TLSEXT
482 // note that detachSSLContext has already freed ssl_->initial_ctx
483 ssl_->initial_ctx = sslCtx;
485 // Detach sets the socket's context to the dummy context. Thus we must acquire
487 SpinLockGuard guard(dummyCtxLock);
488 SSL_set_SSL_CTX(ssl_, sslCtx);
491 void AsyncSSLSocket::detachSSLContext() {
494 // It's possible for this to be called before ssl_ has been
499 // Detach the initial_ctx as well. Internally w/ OPENSSL_NO_TLSEXT
500 // it is used for session info. It will be reattached in attachSSLContext
501 #ifndef OPENSSL_NO_TLSEXT
502 if (ssl_->initial_ctx) {
503 SSL_CTX_free(ssl_->initial_ctx);
504 ssl_->initial_ctx = nullptr;
507 SpinLockGuard guard(dummyCtxLock);
508 if (nullptr == dummyCtx) {
509 // We need to lazily initialize the dummy context so we don't
510 // accidentally override any programmatic settings to openssl
511 dummyCtx = new SSLContext;
513 // We must remove this socket's references to its context right now
514 // since this socket could get passed to any thread. If the context has
515 // had its locking disabled, just doing a set in attachSSLContext()
516 // would not be thread safe.
517 SSL_set_SSL_CTX(ssl_, dummyCtx->getSSLCtx());
521 #if FOLLY_OPENSSL_HAS_SNI
522 void AsyncSSLSocket::switchServerSSLContext(
523 const std::shared_ptr<SSLContext>& handshakeCtx) {
525 if (sslState_ != STATE_ACCEPTING) {
526 // We log it here and allow the switch.
527 // It should not affect our re-negotiation support (which
528 // is not supported now).
529 VLOG(6) << "fd=" << getFd()
530 << " renegotation detected when switching SSL_CTX";
533 setup_SSL_CTX(handshakeCtx->getSSLCtx());
534 SSL_CTX_set_info_callback(handshakeCtx->getSSLCtx(),
535 AsyncSSLSocket::sslInfoCallback);
536 handshakeCtx_ = handshakeCtx;
537 SSL_set_SSL_CTX(ssl_, handshakeCtx->getSSLCtx());
540 bool AsyncSSLSocket::isServerNameMatch() const {
547 SSL_SESSION *ss = SSL_get_session(ssl_);
552 if(!ss->tlsext_hostname) {
555 return (tlsextHostname_.compare(ss->tlsext_hostname) ? false : true);
558 void AsyncSSLSocket::setServerName(std::string serverName) noexcept {
559 tlsextHostname_ = std::move(serverName);
562 #endif // FOLLY_OPENSSL_HAS_SNI
564 void AsyncSSLSocket::timeoutExpired() noexcept {
565 if (state_ == StateEnum::ESTABLISHED &&
566 (sslState_ == STATE_CACHE_LOOKUP ||
567 sslState_ == STATE_ASYNC_PENDING)) {
568 sslState_ = STATE_ERROR;
569 // We are expecting a callback in restartSSLAccept. The cache lookup
570 // and rsa-call necessarily have pointers to this ssl socket, so delay
571 // the cleanup until he calls us back.
572 } else if (state_ == StateEnum::CONNECTING) {
573 assert(sslState_ == STATE_CONNECTING);
574 DestructorGuard dg(this);
575 AsyncSocketException ex(AsyncSocketException::TIMED_OUT,
576 "Fallback connect timed out during TFO");
577 failHandshake(__func__, ex);
579 assert(state_ == StateEnum::ESTABLISHED &&
580 (sslState_ == STATE_CONNECTING || sslState_ == STATE_ACCEPTING));
581 DestructorGuard dg(this);
582 AsyncSocketException ex(AsyncSocketException::TIMED_OUT,
583 (sslState_ == STATE_CONNECTING) ?
584 "SSL connect timed out" : "SSL accept timed out");
585 failHandshake(__func__, ex);
589 int AsyncSSLSocket::getSSLExDataIndex() {
590 static auto index = SSL_get_ex_new_index(
591 0, (void*)"AsyncSSLSocket data index", nullptr, nullptr, nullptr);
595 AsyncSSLSocket* AsyncSSLSocket::getFromSSL(const SSL *ssl) {
596 return static_cast<AsyncSSLSocket *>(SSL_get_ex_data(ssl,
597 getSSLExDataIndex()));
600 void AsyncSSLSocket::failHandshake(const char* /* fn */,
601 const AsyncSocketException& ex) {
603 if (handshakeTimeout_.isScheduled()) {
604 handshakeTimeout_.cancelTimeout();
606 invokeHandshakeErr(ex);
610 void AsyncSSLSocket::invokeHandshakeErr(const AsyncSocketException& ex) {
611 handshakeEndTime_ = std::chrono::steady_clock::now();
612 if (handshakeCallback_ != nullptr) {
613 HandshakeCB* callback = handshakeCallback_;
614 handshakeCallback_ = nullptr;
615 callback->handshakeErr(this, ex);
619 void AsyncSSLSocket::invokeHandshakeCB() {
620 handshakeEndTime_ = std::chrono::steady_clock::now();
621 if (handshakeTimeout_.isScheduled()) {
622 handshakeTimeout_.cancelTimeout();
624 if (handshakeCallback_) {
625 HandshakeCB* callback = handshakeCallback_;
626 handshakeCallback_ = nullptr;
627 callback->handshakeSuc(this);
631 void AsyncSSLSocket::cacheLocalPeerAddr() {
632 SocketAddress address;
634 getLocalAddress(&address);
635 getPeerAddress(&address);
636 } catch (const std::system_error& e) {
637 // The handle can be still valid while the connection is already closed.
638 if (e.code() != std::error_code(ENOTCONN, std::system_category())) {
644 void AsyncSSLSocket::connect(ConnectCallback* callback,
645 const folly::SocketAddress& address,
647 const OptionMap &options,
648 const folly::SocketAddress& bindAddr)
651 assert(state_ == StateEnum::UNINIT);
652 assert(sslState_ == STATE_UNINIT);
653 noTransparentTls_ = true;
654 AsyncSSLSocketConnector *connector =
655 new AsyncSSLSocketConnector(this, callback, timeout);
656 AsyncSocket::connect(connector, address, timeout, options, bindAddr);
659 void AsyncSSLSocket::applyVerificationOptions(SSL * ssl) {
660 // apply the settings specified in verifyPeer_
661 if (verifyPeer_ == SSLContext::SSLVerifyPeerEnum::USE_CTX) {
662 if(ctx_->needsPeerVerification()) {
663 SSL_set_verify(ssl, ctx_->getVerificationMode(),
664 AsyncSSLSocket::sslVerifyCallback);
667 if (verifyPeer_ == SSLContext::SSLVerifyPeerEnum::VERIFY ||
668 verifyPeer_ == SSLContext::SSLVerifyPeerEnum::VERIFY_REQ_CLIENT_CERT) {
669 SSL_set_verify(ssl, SSLContext::getVerificationMode(verifyPeer_),
670 AsyncSSLSocket::sslVerifyCallback);
675 bool AsyncSSLSocket::setupSSLBio() {
676 auto sslBio = BIO_new(&sslBioMethod);
682 OpenSSLUtils::setBioAppData(sslBio, this);
683 OpenSSLUtils::setBioFd(sslBio, fd_, BIO_NOCLOSE);
684 SSL_set_bio(ssl_, sslBio, sslBio);
688 void AsyncSSLSocket::sslConn(
689 HandshakeCB* callback,
690 std::chrono::milliseconds timeout,
691 const SSLContext::SSLVerifyPeerEnum& verifyPeer) {
692 DestructorGuard dg(this);
693 assert(eventBase_->isInEventBaseThread());
695 // Cache local and remote socket addresses to keep them available
696 // after socket file descriptor is closed.
697 if (cacheAddrOnFailure_ && -1 != getFd()) {
698 cacheLocalPeerAddr();
701 verifyPeer_ = verifyPeer;
703 // Make sure we're in the uninitialized state
704 if (server_ || (sslState_ != STATE_UNINIT && sslState_ !=
705 STATE_UNENCRYPTED) ||
706 handshakeCallback_ != nullptr) {
707 return invalidState(callback);
710 sslState_ = STATE_CONNECTING;
711 handshakeCallback_ = callback;
714 ssl_ = ctx_->createSSL();
715 } catch (std::exception &e) {
716 sslState_ = STATE_ERROR;
717 AsyncSocketException ex(AsyncSocketException::INTERNAL_ERROR,
718 "error calling SSLContext::createSSL()");
719 LOG(ERROR) << "AsyncSSLSocket::sslConn(this=" << this << ", fd="
720 << fd_ << "): " << e.what();
721 return failHandshake(__func__, ex);
724 if (!setupSSLBio()) {
725 sslState_ = STATE_ERROR;
726 AsyncSocketException ex(
727 AsyncSocketException::INTERNAL_ERROR, "error creating SSL bio");
728 return failHandshake(__func__, ex);
731 applyVerificationOptions(ssl_);
733 if (sslSession_ != nullptr) {
734 sessionResumptionAttempted_ = true;
735 SSL_set_session(ssl_, sslSession_);
736 SSL_SESSION_free(sslSession_);
737 sslSession_ = nullptr;
739 #if FOLLY_OPENSSL_HAS_SNI
740 if (tlsextHostname_.size()) {
741 SSL_set_tlsext_host_name(ssl_, tlsextHostname_.c_str());
745 SSL_set_ex_data(ssl_, getSSLExDataIndex(), this);
747 handshakeConnectTimeout_ = timeout;
751 // This could be called multiple times, during normal ssl connections
752 // and after TFO fallback.
753 void AsyncSSLSocket::startSSLConnect() {
754 handshakeStartTime_ = std::chrono::steady_clock::now();
755 // Make end time at least >= start time.
756 handshakeEndTime_ = handshakeStartTime_;
757 if (handshakeConnectTimeout_ > std::chrono::milliseconds::zero()) {
758 handshakeTimeout_.scheduleTimeout(handshakeConnectTimeout_);
763 SSL_SESSION *AsyncSSLSocket::getSSLSession() {
764 if (ssl_ != nullptr && sslState_ == STATE_ESTABLISHED) {
765 return SSL_get1_session(ssl_);
771 const SSL* AsyncSSLSocket::getSSL() const {
775 void AsyncSSLSocket::setSSLSession(SSL_SESSION *session, bool takeOwnership) {
776 sslSession_ = session;
777 if (!takeOwnership && session != nullptr) {
778 // Increment the reference count
779 // This API exists in BoringSSL and OpenSSL 1.1.0
780 SSL_SESSION_up_ref(session);
784 void AsyncSSLSocket::getSelectedNextProtocol(
785 const unsigned char** protoName,
787 SSLContext::NextProtocolType* protoType) const {
788 if (!getSelectedNextProtocolNoThrow(protoName, protoLen, protoType)) {
789 throw AsyncSocketException(AsyncSocketException::NOT_SUPPORTED,
790 "NPN not supported");
794 bool AsyncSSLSocket::getSelectedNextProtocolNoThrow(
795 const unsigned char** protoName,
797 SSLContext::NextProtocolType* protoType) const {
798 *protoName = nullptr;
800 #if FOLLY_OPENSSL_HAS_ALPN
801 SSL_get0_alpn_selected(ssl_, protoName, protoLen);
804 *protoType = SSLContext::NextProtocolType::ALPN;
809 #ifdef OPENSSL_NPN_NEGOTIATED
810 SSL_get0_next_proto_negotiated(ssl_, protoName, protoLen);
812 *protoType = SSLContext::NextProtocolType::NPN;
821 bool AsyncSSLSocket::getSSLSessionReused() const {
822 if (ssl_ != nullptr && sslState_ == STATE_ESTABLISHED) {
823 return SSL_session_reused(ssl_);
828 const char *AsyncSSLSocket::getNegotiatedCipherName() const {
829 return (ssl_ != nullptr) ? SSL_get_cipher_name(ssl_) : nullptr;
833 const char* AsyncSSLSocket::getSSLServerNameFromSSL(SSL* ssl) {
834 if (ssl == nullptr) {
837 #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
838 return SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
844 const char *AsyncSSLSocket::getSSLServerName() const {
845 #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
846 return getSSLServerNameFromSSL(ssl_);
848 throw AsyncSocketException(AsyncSocketException::NOT_SUPPORTED,
849 "SNI not supported");
853 const char *AsyncSSLSocket::getSSLServerNameNoThrow() const {
854 return getSSLServerNameFromSSL(ssl_);
857 int AsyncSSLSocket::getSSLVersion() const {
858 return (ssl_ != nullptr) ? SSL_version(ssl_) : 0;
861 const char *AsyncSSLSocket::getSSLCertSigAlgName() const {
862 X509 *cert = (ssl_ != nullptr) ? SSL_get_certificate(ssl_) : nullptr;
864 int nid = OBJ_obj2nid(cert->sig_alg->algorithm);
865 return OBJ_nid2ln(nid);
870 int AsyncSSLSocket::getSSLCertSize() const {
872 X509 *cert = (ssl_ != nullptr) ? SSL_get_certificate(ssl_) : nullptr;
874 EVP_PKEY *key = X509_get_pubkey(cert);
875 certSize = EVP_PKEY_bits(key);
881 const X509* AsyncSSLSocket::getSelfCert() const {
882 return (ssl_ != nullptr) ? SSL_get_certificate(ssl_) : nullptr;
885 bool AsyncSSLSocket::willBlock(int ret,
887 unsigned long* errErrorOut) noexcept {
889 int error = *sslErrorOut = SSL_get_error(ssl_, ret);
890 if (error == SSL_ERROR_WANT_READ) {
891 // Register for read event if not already.
892 updateEventRegistration(EventHandler::READ, EventHandler::WRITE);
894 } else if (error == SSL_ERROR_WANT_WRITE) {
895 VLOG(3) << "AsyncSSLSocket(fd=" << fd_
896 << ", state=" << int(state_) << ", sslState="
897 << sslState_ << ", events=" << eventFlags_ << "): "
898 << "SSL_ERROR_WANT_WRITE";
899 // Register for write event if not already.
900 updateEventRegistration(EventHandler::WRITE, EventHandler::READ);
902 #ifdef SSL_ERROR_WANT_SESS_CACHE_LOOKUP
903 } else if (error == SSL_ERROR_WANT_SESS_CACHE_LOOKUP) {
904 // We will block but we can't register our own socket. The callback that
905 // triggered this code will re-call handleAccept at the appropriate time.
907 // We can only get here if the linked libssl.so has support for this feature
908 // as well, otherwise SSL_get_error cannot return our error code.
909 sslState_ = STATE_CACHE_LOOKUP;
911 // Unregister for all events while blocked here
912 updateEventRegistration(EventHandler::NONE,
913 EventHandler::READ | EventHandler::WRITE);
915 // The timeout (if set) keeps running here
919 #ifdef SSL_ERROR_WANT_RSA_ASYNC_PENDING
920 || error == SSL_ERROR_WANT_RSA_ASYNC_PENDING
922 #ifdef SSL_ERROR_WANT_ECDSA_ASYNC_PENDING
923 || error == SSL_ERROR_WANT_ECDSA_ASYNC_PENDING
926 // Our custom openssl function has kicked off an async request to do
927 // rsa/ecdsa private key operation. When that call returns, a callback will
928 // be invoked that will re-call handleAccept.
929 sslState_ = STATE_ASYNC_PENDING;
931 // Unregister for all events while blocked here
932 updateEventRegistration(
934 EventHandler::READ | EventHandler::WRITE
937 // The timeout (if set) keeps running here
940 unsigned long lastError = *errErrorOut = ERR_get_error();
941 VLOG(6) << "AsyncSSLSocket(fd=" << fd_ << ", "
942 << "state=" << state_ << ", "
943 << "sslState=" << sslState_ << ", "
944 << "events=" << std::hex << eventFlags_ << "): "
945 << "SSL error: " << error << ", "
946 << "errno: " << errno << ", "
947 << "ret: " << ret << ", "
948 << "read: " << BIO_number_read(SSL_get_rbio(ssl_)) << ", "
949 << "written: " << BIO_number_written(SSL_get_wbio(ssl_)) << ", "
950 << "func: " << ERR_func_error_string(lastError) << ", "
951 << "reason: " << ERR_reason_error_string(lastError);
956 void AsyncSSLSocket::checkForImmediateRead() noexcept {
957 // openssl may have buffered data that it read from the socket already.
958 // In this case we have to process it immediately, rather than waiting for
959 // the socket to become readable again.
960 if (ssl_ != nullptr && SSL_pending(ssl_) > 0) {
961 AsyncSocket::handleRead();
966 AsyncSSLSocket::restartSSLAccept()
968 VLOG(3) << "AsyncSSLSocket::restartSSLAccept() this=" << this
969 << ", fd=" << fd_ << ", state=" << int(state_) << ", "
970 << "sslState=" << sslState_ << ", events=" << eventFlags_;
971 DestructorGuard dg(this);
973 sslState_ == STATE_CACHE_LOOKUP ||
974 sslState_ == STATE_ASYNC_PENDING ||
975 sslState_ == STATE_ERROR ||
976 sslState_ == STATE_CLOSED);
977 if (sslState_ == STATE_CLOSED) {
978 // I sure hope whoever closed this socket didn't delete it already,
979 // but this is not strictly speaking an error
982 if (sslState_ == STATE_ERROR) {
983 // go straight to fail if timeout expired during lookup
984 AsyncSocketException ex(AsyncSocketException::TIMED_OUT,
985 "SSL accept timed out");
986 failHandshake(__func__, ex);
989 sslState_ = STATE_ACCEPTING;
990 this->handleAccept();
994 AsyncSSLSocket::handleAccept() noexcept {
995 VLOG(3) << "AsyncSSLSocket::handleAccept() this=" << this
996 << ", fd=" << fd_ << ", state=" << int(state_) << ", "
997 << "sslState=" << sslState_ << ", events=" << eventFlags_;
999 assert(state_ == StateEnum::ESTABLISHED &&
1000 sslState_ == STATE_ACCEPTING);
1002 /* lazily create the SSL structure */
1004 ssl_ = ctx_->createSSL();
1005 } catch (std::exception &e) {
1006 sslState_ = STATE_ERROR;
1007 AsyncSocketException ex(AsyncSocketException::INTERNAL_ERROR,
1008 "error calling SSLContext::createSSL()");
1009 LOG(ERROR) << "AsyncSSLSocket::handleAccept(this=" << this
1010 << ", fd=" << fd_ << "): " << e.what();
1011 return failHandshake(__func__, ex);
1014 if (!setupSSLBio()) {
1015 sslState_ = STATE_ERROR;
1016 AsyncSocketException ex(
1017 AsyncSocketException::INTERNAL_ERROR, "error creating write bio");
1018 return failHandshake(__func__, ex);
1021 SSL_set_ex_data(ssl_, getSSLExDataIndex(), this);
1023 applyVerificationOptions(ssl_);
1026 if (server_ && parseClientHello_) {
1027 SSL_set_msg_callback(ssl_, &AsyncSSLSocket::clientHelloParsingCallback);
1028 SSL_set_msg_callback_arg(ssl_, this);
1031 clearOpenSSLErrors();
1032 int ret = SSL_accept(ssl_);
1035 unsigned long errError;
1036 int errnoCopy = errno;
1037 if (willBlock(ret, &sslError, &errError)) {
1040 sslState_ = STATE_ERROR;
1041 SSLException ex(sslError, errError, ret, errnoCopy);
1042 return failHandshake(__func__, ex);
1046 handshakeComplete_ = true;
1047 updateEventRegistration(0, EventHandler::READ | EventHandler::WRITE);
1049 // Move into STATE_ESTABLISHED in the normal case that we are in
1051 sslState_ = STATE_ESTABLISHED;
1053 VLOG(3) << "AsyncSSLSocket " << this << ": fd " << fd_
1054 << " successfully accepted; state=" << int(state_)
1055 << ", sslState=" << sslState_ << ", events=" << eventFlags_;
1057 // Remember the EventBase we are attached to, before we start invoking any
1058 // callbacks (since the callbacks may call detachEventBase()).
1059 EventBase* originalEventBase = eventBase_;
1061 // Call the accept callback.
1062 invokeHandshakeCB();
1064 // Note that the accept callback may have changed our state.
1065 // (set or unset the read callback, called write(), closed the socket, etc.)
1066 // The following code needs to handle these situations correctly.
1068 // If the socket has been closed, readCallback_ and writeReqHead_ will
1069 // always be nullptr, so that will prevent us from trying to read or write.
1071 // The main thing to check for is if eventBase_ is still originalEventBase.
1072 // If not, we have been detached from this event base, so we shouldn't
1073 // perform any more operations.
1074 if (eventBase_ != originalEventBase) {
1078 AsyncSocket::handleInitialReadWrite();
1081 void AsyncSSLSocket::clearOpenSSLErrors() {
1082 // Normally clearing out the error before calling into an openssl method
1083 // is a bad idea. However there might be other code that we don't control
1084 // calling into openssl in the same thread, which doesn't use openssl
1085 // correctly. We want to safe-guard ourselves from that code.
1086 // However touching the ERR stack each and every time has a cost of taking
1087 // a lock, so we only do this when we've opted in.
1088 if (clearOpenSSLErrors_) {
1094 AsyncSSLSocket::handleConnect() noexcept {
1095 VLOG(3) << "AsyncSSLSocket::handleConnect() this=" << this
1096 << ", fd=" << fd_ << ", state=" << int(state_) << ", "
1097 << "sslState=" << sslState_ << ", events=" << eventFlags_;
1099 if (state_ < StateEnum::ESTABLISHED) {
1100 return AsyncSocket::handleConnect();
1104 (state_ == StateEnum::FAST_OPEN || state_ == StateEnum::ESTABLISHED) &&
1105 sslState_ == STATE_CONNECTING);
1108 clearOpenSSLErrors();
1109 auto originalState = state_;
1110 int ret = SSL_connect(ssl_);
1113 unsigned long errError;
1114 int errnoCopy = errno;
1115 if (willBlock(ret, &sslError, &errError)) {
1116 // We fell back to connecting state due to TFO
1117 if (state_ == StateEnum::CONNECTING) {
1118 DCHECK_EQ(StateEnum::FAST_OPEN, originalState);
1119 if (handshakeTimeout_.isScheduled()) {
1120 handshakeTimeout_.cancelTimeout();
1125 sslState_ = STATE_ERROR;
1126 SSLException ex(sslError, errError, ret, errnoCopy);
1127 return failHandshake(__func__, ex);
1131 handshakeComplete_ = true;
1132 updateEventRegistration(0, EventHandler::READ | EventHandler::WRITE);
1134 // Move into STATE_ESTABLISHED in the normal case that we are in
1135 // STATE_CONNECTING.
1136 sslState_ = STATE_ESTABLISHED;
1138 VLOG(3) << "AsyncSSLSocket " << this << ": "
1139 << "fd " << fd_ << " successfully connected; "
1140 << "state=" << int(state_) << ", sslState=" << sslState_
1141 << ", events=" << eventFlags_;
1143 // Remember the EventBase we are attached to, before we start invoking any
1144 // callbacks (since the callbacks may call detachEventBase()).
1145 EventBase* originalEventBase = eventBase_;
1147 // Call the handshake callback.
1148 invokeHandshakeCB();
1150 // Note that the connect callback may have changed our state.
1151 // (set or unset the read callback, called write(), closed the socket, etc.)
1152 // The following code needs to handle these situations correctly.
1154 // If the socket has been closed, readCallback_ and writeReqHead_ will
1155 // always be nullptr, so that will prevent us from trying to read or write.
1157 // The main thing to check for is if eventBase_ is still originalEventBase.
1158 // If not, we have been detached from this event base, so we shouldn't
1159 // perform any more operations.
1160 if (eventBase_ != originalEventBase) {
1164 AsyncSocket::handleInitialReadWrite();
1167 void AsyncSSLSocket::invokeConnectErr(const AsyncSocketException& ex) {
1168 connectionTimeout_.cancelTimeout();
1169 AsyncSocket::invokeConnectErr(ex);
1170 if (sslState_ == SSLStateEnum::STATE_CONNECTING) {
1171 if (handshakeTimeout_.isScheduled()) {
1172 handshakeTimeout_.cancelTimeout();
1174 // If we fell back to connecting state during TFO and the connection
1175 // failed, it would be an SSL failure as well.
1176 invokeHandshakeErr(ex);
1180 void AsyncSSLSocket::invokeConnectSuccess() {
1181 connectionTimeout_.cancelTimeout();
1182 if (sslState_ == SSLStateEnum::STATE_CONNECTING) {
1183 assert(tfoAttempted_);
1184 // If we failed TFO, we'd fall back to trying to connect the socket,
1185 // to setup things like timeouts.
1188 // still invoke the base class since it re-sets the connect time.
1189 AsyncSocket::invokeConnectSuccess();
1192 void AsyncSSLSocket::scheduleConnectTimeout() {
1193 if (sslState_ == SSLStateEnum::STATE_CONNECTING) {
1194 // We fell back from TFO, and need to set the timeouts.
1195 // We will not have a connect callback in this case, thus if the timer
1196 // expires we would have no-one to notify.
1197 // Thus we should reset even the connect timers to point to the handshake
1199 assert(connectCallback_ == nullptr);
1200 // We use a different connect timeout here than the handshake timeout, so
1201 // that we can disambiguate the 2 timers.
1202 if (connectTimeout_.count() > 0) {
1203 if (!connectionTimeout_.scheduleTimeout(connectTimeout_)) {
1204 throw AsyncSocketException(
1205 AsyncSocketException::INTERNAL_ERROR,
1206 withAddr("failed to schedule AsyncSSLSocket connect timeout"));
1211 AsyncSocket::scheduleConnectTimeout();
1214 void AsyncSSLSocket::setReadCB(ReadCallback *callback) {
1215 #ifdef SSL_MODE_MOVE_BUFFER_OWNERSHIP
1216 // turn on the buffer movable in openssl
1217 if (bufferMovableEnabled_ && ssl_ != nullptr && !isBufferMovable_ &&
1218 callback != nullptr && callback->isBufferMovable()) {
1219 SSL_set_mode(ssl_, SSL_get_mode(ssl_) | SSL_MODE_MOVE_BUFFER_OWNERSHIP);
1220 isBufferMovable_ = true;
1224 AsyncSocket::setReadCB(callback);
1227 void AsyncSSLSocket::setBufferMovableEnabled(bool enabled) {
1228 bufferMovableEnabled_ = enabled;
1231 void AsyncSSLSocket::prepareReadBuffer(void** buf, size_t* buflen) {
1232 CHECK(readCallback_);
1233 if (isBufferMovable_) {
1237 // buf is necessary for SSLSocket without SSL_MODE_MOVE_BUFFER_OWNERSHIP
1238 readCallback_->getReadBuffer(buf, buflen);
1243 AsyncSSLSocket::handleRead() noexcept {
1244 VLOG(5) << "AsyncSSLSocket::handleRead() this=" << this << ", fd=" << fd_
1245 << ", state=" << int(state_) << ", "
1246 << "sslState=" << sslState_ << ", events=" << eventFlags_;
1247 if (state_ < StateEnum::ESTABLISHED) {
1248 return AsyncSocket::handleRead();
1252 if (sslState_ == STATE_ACCEPTING) {
1257 else if (sslState_ == STATE_CONNECTING) {
1264 AsyncSocket::handleRead();
1267 AsyncSocket::ReadResult
1268 AsyncSSLSocket::performRead(void** buf, size_t* buflen, size_t* offset) {
1269 VLOG(4) << "AsyncSSLSocket::performRead() this=" << this << ", buf=" << *buf
1270 << ", buflen=" << *buflen;
1272 if (sslState_ == STATE_UNENCRYPTED) {
1273 return AsyncSocket::performRead(buf, buflen, offset);
1276 clearOpenSSLErrors();
1278 if (!isBufferMovable_) {
1279 bytes = SSL_read(ssl_, *buf, int(*buflen));
1281 #ifdef SSL_MODE_MOVE_BUFFER_OWNERSHIP
1283 bytes = SSL_read_buf(ssl_, buf, (int *) offset, (int *) buflen);
1287 if (server_ && renegotiateAttempted_) {
1288 LOG(ERROR) << "AsyncSSLSocket(fd=" << fd_ << ", state=" << int(state_)
1289 << ", sslstate=" << sslState_ << ", events=" << eventFlags_
1290 << "): client intitiated SSL renegotiation not permitted";
1293 folly::make_unique<SSLException>(SSLError::CLIENT_RENEGOTIATION));
1296 int error = SSL_get_error(ssl_, bytes);
1297 if (error == SSL_ERROR_WANT_READ) {
1298 // The caller will register for read event if not already.
1299 if (errno == EWOULDBLOCK || errno == EAGAIN) {
1300 return ReadResult(READ_BLOCKING);
1302 return ReadResult(READ_ERROR);
1304 } else if (error == SSL_ERROR_WANT_WRITE) {
1305 // TODO: Even though we are attempting to read data, SSL_read() may
1306 // need to write data if renegotiation is being performed. We currently
1307 // don't support this and just fail the read.
1308 LOG(ERROR) << "AsyncSSLSocket(fd=" << fd_ << ", state=" << int(state_)
1309 << ", sslState=" << sslState_ << ", events=" << eventFlags_
1310 << "): unsupported SSL renegotiation during read";
1313 folly::make_unique<SSLException>(SSLError::INVALID_RENEGOTIATION));
1315 if (zero_return(error, bytes)) {
1316 return ReadResult(bytes);
1318 long errError = ERR_get_error();
1319 VLOG(6) << "AsyncSSLSocket(fd=" << fd_ << ", "
1320 << "state=" << state_ << ", "
1321 << "sslState=" << sslState_ << ", "
1322 << "events=" << std::hex << eventFlags_ << "): "
1323 << "bytes: " << bytes << ", "
1324 << "error: " << error << ", "
1325 << "errno: " << errno << ", "
1326 << "func: " << ERR_func_error_string(errError) << ", "
1327 << "reason: " << ERR_reason_error_string(errError);
1330 folly::make_unique<SSLException>(error, errError, bytes, errno));
1333 appBytesReceived_ += bytes;
1334 return ReadResult(bytes);
1338 void AsyncSSLSocket::handleWrite() noexcept {
1339 VLOG(5) << "AsyncSSLSocket::handleWrite() this=" << this << ", fd=" << fd_
1340 << ", state=" << int(state_) << ", "
1341 << "sslState=" << sslState_ << ", events=" << eventFlags_;
1342 if (state_ < StateEnum::ESTABLISHED) {
1343 return AsyncSocket::handleWrite();
1346 if (sslState_ == STATE_ACCEPTING) {
1352 if (sslState_ == STATE_CONNECTING) {
1359 AsyncSocket::handleWrite();
1362 AsyncSocket::WriteResult AsyncSSLSocket::interpretSSLError(int rc, int error) {
1363 if (error == SSL_ERROR_WANT_READ) {
1364 // Even though we are attempting to write data, SSL_write() may
1365 // need to read data if renegotiation is being performed. We currently
1366 // don't support this and just fail the write.
1367 LOG(ERROR) << "AsyncSSLSocket(fd=" << fd_ << ", state=" << int(state_)
1368 << ", sslState=" << sslState_ << ", events=" << eventFlags_
1370 << "unsupported SSL renegotiation during write";
1373 folly::make_unique<SSLException>(SSLError::INVALID_RENEGOTIATION));
1375 if (zero_return(error, rc)) {
1376 return WriteResult(0);
1378 auto errError = ERR_get_error();
1379 VLOG(3) << "ERROR: AsyncSSLSocket(fd=" << fd_ << ", state=" << int(state_)
1380 << ", sslState=" << sslState_ << ", events=" << eventFlags_ << "): "
1381 << "SSL error: " << error << ", errno: " << errno
1382 << ", func: " << ERR_func_error_string(errError)
1383 << ", reason: " << ERR_reason_error_string(errError);
1386 folly::make_unique<SSLException>(error, errError, rc, errno));
1390 AsyncSocket::WriteResult AsyncSSLSocket::performWrite(
1394 uint32_t* countWritten,
1395 uint32_t* partialWritten) {
1396 if (sslState_ == STATE_UNENCRYPTED) {
1397 return AsyncSocket::performWrite(
1398 vec, count, flags, countWritten, partialWritten);
1400 if (sslState_ != STATE_ESTABLISHED) {
1401 LOG(ERROR) << "AsyncSSLSocket(fd=" << fd_ << ", state=" << int(state_)
1402 << ", sslState=" << sslState_
1403 << ", events=" << eventFlags_ << "): "
1404 << "TODO: AsyncSSLSocket currently does not support calling "
1405 << "write() before the handshake has fully completed";
1407 WRITE_ERROR, folly::make_unique<SSLException>(SSLError::EARLY_WRITE));
1410 // Declare a buffer used to hold small write requests. It could point to a
1411 // memory block either on stack or on heap. If it is on heap, we release it
1412 // manually when scope exits
1413 char* combinedBuf{nullptr};
1415 // Note, always keep this check consistent with what we do below
1416 if (combinedBuf != nullptr && minWriteSize_ > MAX_STACK_BUF_SIZE) {
1417 delete[] combinedBuf;
1422 *partialWritten = 0;
1423 ssize_t totalWritten = 0;
1424 size_t bytesStolenFromNextBuffer = 0;
1425 for (uint32_t i = 0; i < count; i++) {
1426 const iovec* v = vec + i;
1427 size_t offset = bytesStolenFromNextBuffer;
1428 bytesStolenFromNextBuffer = 0;
1429 size_t len = v->iov_len - offset;
1435 buf = ((const char*)v->iov_base) + offset;
1438 uint32_t buffersStolen = 0;
1439 auto sslWriteBuf = buf;
1440 if ((len < minWriteSize_) && ((i + 1) < count)) {
1441 // Combine this buffer with part or all of the next buffers in
1442 // order to avoid really small-grained calls to SSL_write().
1443 // Each call to SSL_write() produces a separate record in
1444 // the egress SSL stream, and we've found that some low-end
1445 // mobile clients can't handle receiving an HTTP response
1446 // header and the first part of the response body in two
1447 // separate SSL records (even if those two records are in
1448 // the same TCP packet).
1450 if (combinedBuf == nullptr) {
1451 if (minWriteSize_ > MAX_STACK_BUF_SIZE) {
1452 // Allocate the buffer on heap
1453 combinedBuf = new char[minWriteSize_];
1455 // Allocate the buffer on stack
1456 combinedBuf = (char*)alloca(minWriteSize_);
1459 assert(combinedBuf != nullptr);
1460 sslWriteBuf = combinedBuf;
1462 memcpy(combinedBuf, buf, len);
1464 // INVARIANT: i + buffersStolen == complete chunks serialized
1465 uint32_t nextIndex = i + buffersStolen + 1;
1466 bytesStolenFromNextBuffer = std::min(vec[nextIndex].iov_len,
1467 minWriteSize_ - len);
1468 memcpy(combinedBuf + len, vec[nextIndex].iov_base,
1469 bytesStolenFromNextBuffer);
1470 len += bytesStolenFromNextBuffer;
1471 if (bytesStolenFromNextBuffer < vec[nextIndex].iov_len) {
1472 // couldn't steal the whole buffer
1475 bytesStolenFromNextBuffer = 0;
1478 } while ((i + buffersStolen + 1) < count && (len < minWriteSize_));
1481 // Advance any empty buffers immediately after.
1482 if (bytesStolenFromNextBuffer == 0) {
1483 while ((i + buffersStolen + 1) < count &&
1484 vec[i + buffersStolen + 1].iov_len == 0) {
1490 isSet(flags, WriteFlags::CORK) || (i + buffersStolen + 1 < count);
1491 bytes = eorAwareSSLWrite(
1495 (isSet(flags, WriteFlags::EOR) && i + buffersStolen + 1 == count));
1498 int error = SSL_get_error(ssl_, int(bytes));
1499 if (error == SSL_ERROR_WANT_WRITE) {
1500 // The caller will register for write event if not already.
1501 *partialWritten = uint32_t(offset);
1502 return WriteResult(totalWritten);
1504 auto writeResult = interpretSSLError(int(bytes), error);
1505 if (writeResult.writeReturn < 0) {
1507 } // else fall through to below to correctly record totalWritten
1510 totalWritten += bytes;
1512 if (bytes == (ssize_t)len) {
1513 // The full iovec is written.
1514 (*countWritten) += 1 + buffersStolen;
1518 bytes += offset; // adjust bytes to account for all of v
1519 while (bytes >= (ssize_t)v->iov_len) {
1520 // We combined this buf with part or all of the next one, and
1521 // we managed to write all of this buf but not all of the bytes
1522 // from the next one that we'd hoped to write.
1523 bytes -= v->iov_len;
1527 *partialWritten = uint32_t(bytes);
1528 return WriteResult(totalWritten);
1532 return WriteResult(totalWritten);
1535 int AsyncSSLSocket::eorAwareSSLWrite(SSL *ssl, const void *buf, int n,
1537 if (eor && isEorTrackingEnabled()) {
1538 if (appEorByteNo_) {
1539 // cannot track for more than one app byte EOR
1540 CHECK(appEorByteNo_ == appBytesWritten_ + n);
1542 appEorByteNo_ = appBytesWritten_ + n;
1545 // 1. It is fine to keep updating minEorRawByteNo_.
1546 // 2. It is _min_ in the sense that SSL record will add some overhead.
1547 minEorRawByteNo_ = getRawBytesWritten() + n;
1550 n = sslWriteImpl(ssl, buf, n);
1552 appBytesWritten_ += n;
1553 if (appEorByteNo_) {
1554 if (getRawBytesWritten() >= minEorRawByteNo_) {
1555 minEorRawByteNo_ = 0;
1557 if(appBytesWritten_ == appEorByteNo_) {
1560 CHECK(appBytesWritten_ < appEorByteNo_);
1567 void AsyncSSLSocket::sslInfoCallback(const SSL* ssl, int where, int ret) {
1568 AsyncSSLSocket *sslSocket = AsyncSSLSocket::getFromSSL(ssl);
1569 if (sslSocket->handshakeComplete_ && (where & SSL_CB_HANDSHAKE_START)) {
1570 sslSocket->renegotiateAttempted_ = true;
1572 if (where & SSL_CB_READ_ALERT) {
1573 const char* type = SSL_alert_type_string(ret);
1575 const char* desc = SSL_alert_desc_string(ret);
1576 sslSocket->alertsReceived_.emplace_back(
1577 *type, StringPiece(desc, std::strlen(desc)));
1582 int AsyncSSLSocket::bioWrite(BIO* b, const char* in, int inl) {
1586 AsyncSSLSocket* tsslSock;
1588 iov.iov_base = const_cast<char*>(in);
1590 memset(&msg, 0, sizeof(msg));
1594 auto appData = OpenSSLUtils::getBioAppData(b);
1597 tsslSock = reinterpret_cast<AsyncSSLSocket*>(appData);
1600 if (tsslSock->isEorTrackingEnabled() && tsslSock->minEorRawByteNo_ &&
1601 tsslSock->minEorRawByteNo_ <= BIO_number_written(b) + inl) {
1606 flags |= MSG_NOSIGNAL;
1610 if (tsslSock->corkCurrentWrite_) {
1615 auto result = tsslSock->sendSocketMessage(
1616 OpenSSLUtils::getBioFd(b, nullptr), &msg, flags);
1617 BIO_clear_retry_flags(b);
1618 if (!result.exception && result.writeReturn <= 0) {
1619 if (OpenSSLUtils::getBioShouldRetryWrite(int(result.writeReturn))) {
1620 BIO_set_retry_write(b);
1623 return int(result.writeReturn);
1626 int AsyncSSLSocket::bioRead(BIO* b, char* out, int outl) {
1630 BIO_clear_retry_flags(b);
1632 auto appData = OpenSSLUtils::getBioAppData(b);
1634 auto sslSock = reinterpret_cast<AsyncSSLSocket*>(appData);
1636 if (sslSock->preReceivedData_ && !sslSock->preReceivedData_->empty()) {
1637 VLOG(5) << "AsyncSSLSocket::bioRead() this=" << sslSock
1638 << ", reading pre-received data";
1640 Cursor cursor(sslSock->preReceivedData_.get());
1641 auto len = cursor.pullAtMost(out, outl);
1644 queue.append(std::move(sslSock->preReceivedData_));
1645 queue.trimStart(len);
1646 sslSock->preReceivedData_ = queue.move();
1649 auto result = recv(OpenSSLUtils::getBioFd(b, nullptr), out, outl, 0);
1650 if (result <= 0 && OpenSSLUtils::getBioShouldRetryWrite(result)) {
1651 BIO_set_retry_read(b);
1657 int AsyncSSLSocket::sslVerifyCallback(
1659 X509_STORE_CTX* x509Ctx) {
1660 SSL* ssl = (SSL*) X509_STORE_CTX_get_ex_data(
1661 x509Ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
1662 AsyncSSLSocket* self = AsyncSSLSocket::getFromSSL(ssl);
1664 VLOG(3) << "AsyncSSLSocket::sslVerifyCallback() this=" << self << ", "
1665 << "fd=" << self->fd_ << ", preverifyOk=" << preverifyOk;
1666 return (self->handshakeCallback_) ?
1667 self->handshakeCallback_->handshakeVer(self, preverifyOk, x509Ctx) :
1671 void AsyncSSLSocket::setPreReceivedData(std::unique_ptr<IOBuf> data) {
1672 CHECK(sslState_ == STATE_UNINIT || sslState_ == STATE_UNENCRYPTED);
1673 CHECK(!preReceivedData_);
1674 preReceivedData_ = std::move(data);
1677 void AsyncSSLSocket::enableClientHelloParsing() {
1678 parseClientHello_ = true;
1679 clientHelloInfo_.reset(new ssl::ClientHelloInfo());
1682 void AsyncSSLSocket::resetClientHelloParsing(SSL *ssl) {
1683 SSL_set_msg_callback(ssl, nullptr);
1684 SSL_set_msg_callback_arg(ssl, nullptr);
1685 clientHelloInfo_->clientHelloBuf_.clear();
1688 void AsyncSSLSocket::clientHelloParsingCallback(int written,
1695 AsyncSSLSocket *sock = static_cast<AsyncSSLSocket*>(arg);
1697 sock->resetClientHelloParsing(ssl);
1700 if (contentType != SSL3_RT_HANDSHAKE) {
1707 auto& clientHelloBuf = sock->clientHelloInfo_->clientHelloBuf_;
1708 clientHelloBuf.append(IOBuf::wrapBuffer(buf, len));
1710 Cursor cursor(clientHelloBuf.front());
1711 if (cursor.read<uint8_t>() != SSL3_MT_CLIENT_HELLO) {
1712 sock->resetClientHelloParsing(ssl);
1716 if (cursor.totalLength() < 3) {
1717 clientHelloBuf.trimEnd(len);
1718 clientHelloBuf.append(IOBuf::copyBuffer(buf, len));
1722 uint32_t messageLength = cursor.read<uint8_t>();
1723 messageLength <<= 8;
1724 messageLength |= cursor.read<uint8_t>();
1725 messageLength <<= 8;
1726 messageLength |= cursor.read<uint8_t>();
1727 if (cursor.totalLength() < messageLength) {
1728 clientHelloBuf.trimEnd(len);
1729 clientHelloBuf.append(IOBuf::copyBuffer(buf, len));
1733 sock->clientHelloInfo_->clientHelloMajorVersion_ = cursor.read<uint8_t>();
1734 sock->clientHelloInfo_->clientHelloMinorVersion_ = cursor.read<uint8_t>();
1736 cursor.skip(4); // gmt_unix_time
1737 cursor.skip(28); // random_bytes
1739 cursor.skip(cursor.read<uint8_t>()); // session_id
1741 uint16_t cipherSuitesLength = cursor.readBE<uint16_t>();
1742 for (int i = 0; i < cipherSuitesLength; i += 2) {
1743 sock->clientHelloInfo_->
1744 clientHelloCipherSuites_.push_back(cursor.readBE<uint16_t>());
1747 uint8_t compressionMethodsLength = cursor.read<uint8_t>();
1748 for (int i = 0; i < compressionMethodsLength; ++i) {
1749 sock->clientHelloInfo_->
1750 clientHelloCompressionMethods_.push_back(cursor.readBE<uint8_t>());
1753 if (cursor.totalLength() > 0) {
1754 uint16_t extensionsLength = cursor.readBE<uint16_t>();
1755 while (extensionsLength) {
1756 ssl::TLSExtension extensionType =
1757 static_cast<ssl::TLSExtension>(cursor.readBE<uint16_t>());
1758 sock->clientHelloInfo_->
1759 clientHelloExtensions_.push_back(extensionType);
1760 extensionsLength -= 2;
1761 uint16_t extensionDataLength = cursor.readBE<uint16_t>();
1762 extensionsLength -= 2;
1763 extensionsLength -= extensionDataLength;
1765 if (extensionType == ssl::TLSExtension::SIGNATURE_ALGORITHMS) {
1767 extensionDataLength -= 2;
1768 while (extensionDataLength) {
1769 ssl::HashAlgorithm hashAlg =
1770 static_cast<ssl::HashAlgorithm>(cursor.readBE<uint8_t>());
1771 ssl::SignatureAlgorithm sigAlg =
1772 static_cast<ssl::SignatureAlgorithm>(cursor.readBE<uint8_t>());
1773 extensionDataLength -= 2;
1774 sock->clientHelloInfo_->
1775 clientHelloSigAlgs_.emplace_back(hashAlg, sigAlg);
1777 } else if (extensionType == ssl::TLSExtension::SUPPORTED_VERSIONS) {
1779 extensionDataLength -= 1;
1780 while (extensionDataLength) {
1781 sock->clientHelloInfo_->clientHelloSupportedVersions_.push_back(
1782 cursor.readBE<uint16_t>());
1783 extensionDataLength -= 2;
1786 cursor.skip(extensionDataLength);
1790 } catch (std::out_of_range&) {
1791 // we'll use what we found and cleanup below.
1792 VLOG(4) << "AsyncSSLSocket::clientHelloParsingCallback(): "
1793 << "buffer finished unexpectedly." << " AsyncSSLSocket socket=" << sock;
1796 sock->resetClientHelloParsing(ssl);
1799 void AsyncSSLSocket::getSSLClientCiphers(
1800 std::string& clientCiphers,
1801 bool convertToString) const {
1802 std::string ciphers;
1804 if (parseClientHello_ == false
1805 || clientHelloInfo_->clientHelloCipherSuites_.empty()) {
1811 for (auto originalCipherCode : clientHelloInfo_->clientHelloCipherSuites_)
1819 bool nameFound = convertToString;
1821 if (convertToString) {
1822 const auto& name = OpenSSLUtils::getCipherName(originalCipherCode);
1832 std::array<uint8_t, 2>{{
1833 static_cast<uint8_t>((originalCipherCode >> 8) & 0xffL),
1834 static_cast<uint8_t>(originalCipherCode & 0x00ffL) }},
1836 /* append to ciphers = */ true);
1840 clientCiphers = std::move(ciphers);
1843 std::string AsyncSSLSocket::getSSLClientComprMethods() const {
1844 if (!parseClientHello_) {
1847 return folly::join(":", clientHelloInfo_->clientHelloCompressionMethods_);
1850 std::string AsyncSSLSocket::getSSLClientExts() const {
1851 if (!parseClientHello_) {
1854 return folly::join(":", clientHelloInfo_->clientHelloExtensions_);
1857 std::string AsyncSSLSocket::getSSLClientSigAlgs() const {
1858 if (!parseClientHello_) {
1862 std::string sigAlgs;
1863 sigAlgs.reserve(clientHelloInfo_->clientHelloSigAlgs_.size() * 4);
1864 for (size_t i = 0; i < clientHelloInfo_->clientHelloSigAlgs_.size(); i++) {
1866 sigAlgs.push_back(':');
1868 sigAlgs.append(folly::to<std::string>(
1869 clientHelloInfo_->clientHelloSigAlgs_[i].first));
1870 sigAlgs.push_back(',');
1871 sigAlgs.append(folly::to<std::string>(
1872 clientHelloInfo_->clientHelloSigAlgs_[i].second));
1878 std::string AsyncSSLSocket::getSSLClientSupportedVersions() const {
1879 if (!parseClientHello_) {
1882 return folly::join(":", clientHelloInfo_->clientHelloSupportedVersions_);
1885 std::string AsyncSSLSocket::getSSLAlertsReceived() const {
1888 for (const auto& alert : alertsReceived_) {
1892 ret.append(folly::to<std::string>(alert.first, ": ", alert.second));
1898 void AsyncSSLSocket::getSSLSharedCiphers(std::string& sharedCiphers) const {
1899 char ciphersBuffer[1024];
1900 ciphersBuffer[0] = '\0';
1901 SSL_get_shared_ciphers(ssl_, ciphersBuffer, sizeof(ciphersBuffer) - 1);
1902 sharedCiphers = ciphersBuffer;
1905 void AsyncSSLSocket::getSSLServerCiphers(std::string& serverCiphers) const {
1906 serverCiphers = SSL_get_cipher_list(ssl_, 0);
1909 while ((cipher = SSL_get_cipher_list(ssl_, i)) != nullptr) {
1910 serverCiphers.append(":");
1911 serverCiphers.append(cipher);