|
Packit |
c4476c |
=pod
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NAME
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr,
|
|
Packit |
c4476c |
BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair,
|
|
Packit |
c4476c |
BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request,
|
|
Packit |
c4476c |
BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SYNOPSIS
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#include <openssl/bio.h>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
const BIO_METHOD *BIO_s_bio(void);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int BIO_make_bio_pair(BIO *b1, BIO *b2);
|
|
Packit |
c4476c |
int BIO_destroy_bio_pair(BIO *b);
|
|
Packit |
c4476c |
int BIO_shutdown_wr(BIO *b);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int BIO_set_write_buf_size(BIO *b, long size);
|
|
Packit |
c4476c |
size_t BIO_get_write_buf_size(BIO *b, long size);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int BIO_get_write_guarantee(BIO *b);
|
|
Packit |
c4476c |
size_t BIO_ctrl_get_write_guarantee(BIO *b);
|
|
Packit |
c4476c |
int BIO_get_read_request(BIO *b);
|
|
Packit |
c4476c |
size_t BIO_ctrl_get_read_request(BIO *b);
|
|
Packit |
c4476c |
int BIO_ctrl_reset_read_request(BIO *b);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 DESCRIPTION
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_s_bio() returns the method for a BIO pair. A BIO pair is a pair of source/sink
|
|
Packit |
c4476c |
BIOs where data written to either half of the pair is buffered and can be read from
|
|
Packit |
c4476c |
the other half. Both halves must usually by handled by the same application thread
|
|
Packit |
c4476c |
since no locking is done on the internal data structures.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Since BIO chains typically end in a source/sink BIO it is possible to make this
|
|
Packit |
c4476c |
one half of a BIO pair and have all the data processed by the chain under application
|
|
Packit |
c4476c |
control.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
One typical use of BIO pairs is to place TLS/SSL I/O under application control, this
|
|
Packit |
c4476c |
can be used when the application wishes to use a non standard transport for
|
|
Packit |
c4476c |
TLS/SSL or the normal socket routines are inappropriate.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Calls to BIO_read_ex() will read data from the buffer or request a retry if no
|
|
Packit |
c4476c |
data is available.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Calls to BIO_write_ex() will place data in the buffer or request a retry if the
|
|
Packit |
c4476c |
buffer is full.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The standard calls BIO_ctrl_pending() and BIO_ctrl_wpending() can be used to
|
|
Packit |
c4476c |
determine the amount of pending data in the read or write buffer.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_reset() clears any data in the write buffer.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_make_bio_pair() joins two separate BIOs into a connected pair.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_destroy_pair() destroys the association between two connected BIOs. Freeing
|
|
Packit |
c4476c |
up any half of the pair will automatically destroy the association.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_shutdown_wr() is used to close down a BIO B. After this call no further
|
|
Packit |
c4476c |
writes on BIO B are allowed (they will return an error). Reads on the other
|
|
Packit |
c4476c |
half of the pair will return any pending data or EOF when all pending data has
|
|
Packit |
c4476c |
been read.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_set_write_buf_size() sets the write buffer size of BIO B to B<size>.
|
|
Packit |
c4476c |
If the size is not initialized a default value is used. This is currently
|
|
Packit |
c4476c |
17K, sufficient for a maximum size TLS record.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_get_write_buf_size() returns the size of the write buffer.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_new_bio_pair() combines the calls to BIO_new(), BIO_make_bio_pair() and
|
|
Packit |
c4476c |
BIO_set_write_buf_size() to create a connected pair of BIOs B<bio1>, B<bio2>
|
|
Packit |
c4476c |
with write buffer sizes B<writebuf1> and B<writebuf2>. If either size is
|
|
Packit |
c4476c |
zero then the default size is used. BIO_new_bio_pair() does not check whether
|
|
Packit |
c4476c |
B<bio1> or B<bio2> do point to some other BIO, the values are overwritten,
|
|
Packit |
c4476c |
BIO_free() is not called.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_get_write_guarantee() and BIO_ctrl_get_write_guarantee() return the maximum
|
|
Packit |
c4476c |
length of data that can be currently written to the BIO. Writes larger than this
|
|
Packit |
c4476c |
value will return a value from BIO_write_ex() less than the amount requested or
|
|
Packit |
c4476c |
if the buffer is full request a retry. BIO_ctrl_get_write_guarantee() is a
|
|
Packit |
c4476c |
function whereas BIO_get_write_guarantee() is a macro.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_get_read_request() and BIO_ctrl_get_read_request() return the
|
|
Packit |
c4476c |
amount of data requested, or the buffer size if it is less, if the
|
|
Packit |
c4476c |
last read attempt at the other half of the BIO pair failed due to an
|
|
Packit |
c4476c |
empty buffer. This can be used to determine how much data should be
|
|
Packit |
c4476c |
written to the BIO so the next read will succeed: this is most useful
|
|
Packit |
c4476c |
in TLS/SSL applications where the amount of data read is usually
|
|
Packit |
c4476c |
meaningful rather than just a buffer size. After a successful read
|
|
Packit |
c4476c |
this call will return zero. It also will return zero once new data
|
|
Packit |
c4476c |
has been written satisfying the read request or part of it.
|
|
Packit |
c4476c |
Note that BIO_get_read_request() never returns an amount larger
|
|
Packit |
c4476c |
than that returned by BIO_get_write_guarantee().
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_ctrl_reset_read_request() can also be used to reset the value returned by
|
|
Packit |
c4476c |
BIO_get_read_request() to zero.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NOTES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Both halves of a BIO pair should be freed. That is even if one half is implicit
|
|
Packit |
c4476c |
freed due to a BIO_free_all() or SSL_free() call the other half needs to be freed.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
When used in bidirectional applications (such as TLS/SSL) care should be taken to
|
|
Packit |
c4476c |
flush any data in the write buffer. This can be done by calling BIO_pending()
|
|
Packit |
c4476c |
on the other half of the pair and, if any data is pending, reading it and sending
|
|
Packit |
c4476c |
it to the underlying transport. This must be done before any normal processing
|
|
Packit |
c4476c |
(such as calling select() ) due to a request and BIO_should_read() being true.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
To see why this is important consider a case where a request is sent using
|
|
Packit |
c4476c |
BIO_write_ex() and a response read with BIO_read_ex(), this can occur during an
|
|
Packit |
c4476c |
TLS/SSL handshake for example. BIO_write_ex() will succeed and place data in the
|
|
Packit |
c4476c |
write buffer. BIO_read_ex() will initially fail and BIO_should_read() will be
|
|
Packit |
c4476c |
true. If the application then waits for data to be available on the underlying
|
|
Packit |
c4476c |
transport before flushing the write buffer it will never succeed because the
|
|
Packit |
c4476c |
request was never sent!
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_eof() is true if no data is in the peer BIO and the peer BIO has been
|
|
Packit |
c4476c |
shutdown.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_make_bio_pair(), BIO_destroy_bio_pair(), BIO_shutdown_wr(),
|
|
Packit |
c4476c |
BIO_set_write_buf_size(), BIO_get_write_buf_size(),
|
|
Packit |
c4476c |
BIO_get_write_guarantee(), and BIO_get_read_request() are implemented
|
|
Packit |
c4476c |
as macros.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 RETURN VALUES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO_new_bio_pair() returns 1 on success, with the new BIOs available in
|
|
Packit |
c4476c |
B<bio1> and B<bio2>, or 0 on failure, with NULL pointers stored into the
|
|
Packit |
c4476c |
locations for B<bio1> and B<bio2>. Check the error stack for more information.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
[XXXXX: More return values need to be added here]
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 EXAMPLES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The BIO pair can be used to have full control over the network access of an
|
|
Packit |
c4476c |
application. The application can call select() on the socket as required
|
|
Packit |
c4476c |
without having to go through the SSL-interface.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
BIO *internal_bio, *network_bio;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
...
|
|
Packit |
c4476c |
BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0);
|
|
Packit |
c4476c |
SSL_set_bio(ssl, internal_bio, internal_bio);
|
|
Packit |
c4476c |
SSL_operations(); /* e.g SSL_read and SSL_write */
|
|
Packit |
c4476c |
...
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
application | TLS-engine
|
|
Packit |
c4476c |
| |
|
|
Packit |
c4476c |
+----------> SSL_operations()
|
|
Packit |
c4476c |
| /\ ||
|
|
Packit |
c4476c |
| || \/
|
|
Packit |
c4476c |
| BIO-pair (internal_bio)
|
|
Packit |
c4476c |
| BIO-pair (network_bio)
|
|
Packit |
c4476c |
| || /\
|
|
Packit |
c4476c |
| \/ ||
|
|
Packit |
c4476c |
+-----------< BIO_operations()
|
|
Packit |
c4476c |
| |
|
|
Packit |
c4476c |
| |
|
|
Packit |
c4476c |
socket
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
...
|
|
Packit |
c4476c |
SSL_free(ssl); /* implicitly frees internal_bio */
|
|
Packit |
c4476c |
BIO_free(network_bio);
|
|
Packit |
c4476c |
...
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
As the BIO pair will only buffer the data and never directly access the
|
|
Packit |
c4476c |
connection, it behaves non-blocking and will return as soon as the write
|
|
Packit |
c4476c |
buffer is full or the read buffer is drained. Then the application has to
|
|
Packit |
c4476c |
flush the write buffer and/or fill the read buffer.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Use the BIO_ctrl_pending(), to find out whether data is buffered in the BIO
|
|
Packit |
c4476c |
and must be transferred to the network. Use BIO_ctrl_get_read_request() to
|
|
Packit |
c4476c |
find out, how many bytes must be written into the buffer before the
|
|
Packit |
c4476c |
SSL_operation() can successfully be continued.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 WARNINGS
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
As the data is buffered, SSL_operation() may return with an ERROR_SSL_WANT_READ
|
|
Packit |
c4476c |
condition, but there is still data in the write buffer. An application must
|
|
Packit |
c4476c |
not rely on the error value of SSL_operation() but must assure that the
|
|
Packit |
c4476c |
write buffer is always flushed first. Otherwise a deadlock may occur as
|
|
Packit |
c4476c |
the peer might be waiting for the data before being able to continue.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SEE ALSO
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
L<SSL_set_bio(3)>, L<ssl(7)>, L<bio(7)>,
|
|
Packit |
c4476c |
L<BIO_should_retry(3)>, L<BIO_read_ex(3)>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 COPYRIGHT
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit |
c4476c |
this file except in compliance with the License. You can obtain a copy
|
|
Packit |
c4476c |
in the file LICENSE in the source distribution or at
|
|
Packit |
c4476c |
L<https://www.openssl.org/source/license.html>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=cut
|