diff options
| author | David Benjamin <davidben@google.com> | 2016-05-20 21:27:17 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2016-05-23 21:15:03 +0300 |
| commit | 2f87112b963fe9dee6a75b23a8dae45000001063 (patch) | |
| tree | acd4587d5c860842ec3619a325db59465ae105b5 /include/openssl/ssl.h | |
| parent | 7e7a82d962d84b5dea95bb5dfe82616b3551e3bc (diff) | |
Never expose ssl->bbio in the public API.
OpenSSL's bbio logic is kind of crazy. It would be good to eventually do the
buffering in a better way (notably, bbio is fragile, if not outright broken,
for DTLS). In the meantime, this fixes a number of bugs where the existence of
bbio was leaked in the public API and broke things.
- SSL_get_wbio returned the bbio during the handshake. It must always return
the BIO the consumer configured. In doing so, internal accesses of
SSL_get_wbio should be switched to ssl->wbio since those want to see bbio.
For consistency, do the same with rbio.
- The logic in SSL_set_rfd, etc. (which I doubt is quite right since
SSL_set_bio's lifetime is unclear) would get confused once wbio got wrapped.
Those want to compare to SSL_get_wbio.
- If SSL_set_bio was called mid-handshake, bbio would get disconnected and lose
state. It forgets to reattach the bbio afterwards. Unfortunately, Conscrypt
does this a lot. It just never ended up calling it at a point where the bbio
would cause problems.
- Make more explicit the invariant that any bbio's which exist are always
attached. Simplify a few things as part of that.
Change-Id: Ia02d6bdfb9aeb1e3021a8f82dcbd0629f5c7fb8d
Reviewed-on: https://boringssl-review.googlesource.com/8023
Reviewed-by: Kenny Root <kroot@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'include/openssl/ssl.h')
| -rw-r--r-- | include/openssl/ssl.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 3e7fad83..bd583e8e 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -3863,7 +3863,9 @@ struct ssl_st { BIO *wbio; /* used by SSL_write */ /* bbio, if non-NULL, is a buffer placed in front of |wbio| to pack handshake - * messages within one flight into a single |BIO_write|. + * messages within one flight into a single |BIO_write|. In this case, |wbio| + * and |bbio| are equal and the true caller-configured BIO is + * |bbio->next_bio|. * * TODO(davidben): This does not work right for DTLS. It assumes the MTU is * smaller than the buffer size so that the buffer's internal flushing never |