diff options
| author | Matt Caswell <matt@openssl.org> | 2016-06-17 13:59:59 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-07-20 13:08:08 +0100 |
| commit | 2e7dc7cd6886b8006386e9f37e1defef66cbab55 (patch) | |
| tree | f6347ef8fff1c421735ffa6999670c9faf0f64eb /ssl/statem/statem_dtls.c | |
| parent | 590ed3d7ea555b877859f6b491020112588fe1be (diff) | |
| download | openssl-2e7dc7cd6886b8006386e9f37e1defef66cbab55.zip openssl-2e7dc7cd6886b8006386e9f37e1defef66cbab55.tar.gz openssl-2e7dc7cd6886b8006386e9f37e1defef66cbab55.tar.bz2 | |
Never expose ssl->bbio in the public API.
This is adapted from BoringSSL commit 2f87112b963.
This fixes a number of bugs where the existence of bbio was leaked in the
public API and broke things.
- SSL_get_wbio returned the bbio during the handshake. It must always return
the BIO the consumer configured. In doing so, some internal accesses of
SSL_get_wbio should be switched to ssl->wbio since those want to see bbio.
- The logic in SSL_set_rfd, etc. (which I doubt is quite right since
SSL_set_bio's lifetime is unclear) would get confused once wbio got
wrapped. Those want to compare to SSL_get_wbio.
- If SSL_set_bio was called mid-handshake, bbio would get disconnected and
lose state. It forgets to reattach the bbio afterwards. Unfortunately,
Conscrypt does this a lot. It just never ended up calling it at a point
where the bbio would cause problems.
- Make more explicit the invariant that any bbio's which exist are always
attached. Simplify a few things as part of that.
RT#4572
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl/statem/statem_dtls.c')
| -rw-r--r-- | ssl/statem/statem_dtls.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 5929113..31ae1cb 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -182,7 +182,7 @@ int dtls1_do_write(SSL *s, int type) } } - used_len = BIO_wpending(SSL_get_wbio(s)) + DTLS1_RT_HEADER_LENGTH + used_len = BIO_wpending(s->wbio) + DTLS1_RT_HEADER_LENGTH + mac_size + blocksize; if (s->d1->mtu > used_len) curr_mtu = s->d1->mtu - used_len; @@ -193,7 +193,7 @@ int dtls1_do_write(SSL *s, int type) /* * grr.. we could get an error if MTU picked was wrong */ - ret = BIO_flush(SSL_get_wbio(s)); + ret = BIO_flush(s->wbio); if (ret <= 0) { s->rwstate = SSL_WRITING; return ret; @@ -1120,7 +1120,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, int *found) s->d1->retransmitting = 0; - (void)BIO_flush(SSL_get_wbio(s)); + (void)BIO_flush(s->wbio); return ret; } |