Convert SSL BIO to use SSL_write_ex().

We also modify the SSL_get_error() function to handle the fact that with SSL_write_ex() the error return is 0 not -1, and fix some bugs in the SSL BIO reading. Reviewed-by: N Rich Salz <rsalz@openssl.org>

Convert SSL BIO to use SSL_write_ex().
We also modify the SSL_get_error() function to handle the fact that with SSL_write_ex() the error return is 0 not -1, and fix some bugs in the SSL BIO reading. Reviewed-by: N Rich Salz <rsalz@openssl.org>
8051ab2b · Matt Caswell · 8b0e934a · 8051ab2b · 8051ab2b
隐藏空白更改
内联并排

Showing with 61 addition and 72 deletion

ssl/bio_ssl.c ssl/bio_ssl.c +5 -13

ssl/ssl_lib.c ssl/ssl_lib.c +56 -59

未找到文件。
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -28,7 +28,7 @@ typedef struct bio_ssl_st {
    /* re-negotiate every time the total number of bytes is this size */
    int num_renegotiates;
    unsigned long renegotiate_count;
-    unsigned long byte_count;
+    size_t byte_count;
    unsigned long renegotiate_timeout;
    unsigned long last_time;
 } BIO_SSL;
@@ -112,7 +112,7 @@ static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes)
    switch (SSL_get_error(ssl, ret)) {
    case SSL_ERROR_NONE:
-        if (ret <= 0)
+        if (*readbytes == 0)
            break;
        if (sb->renegotiate_count > 0) {
            sb->byte_count += *readbytes;
@@ -179,17 +179,14 @@ static int ssl_write(BIO *b, const char *buf, size_t size, size_t *written)
    BIO_clear_retry_flags(b);
-    if (size > INT_MAX)
+    ret = SSL_write_ex(ssl, buf, size, written);
-        size = INT_MAX;
-    ret = SSL_write(ssl, buf, size);
    switch (SSL_get_error(ssl, ret)) {
    case SSL_ERROR_NONE:
-        if (ret <= 0)
+        if (*written == 0)
            break;
        if (bs->renegotiate_count > 0) {
-            bs->byte_count += ret;
+            bs->byte_count += *written;
            if (bs->byte_count > bs->renegotiate_count) {
                bs->byte_count = 0;
                bs->num_renegotiates++;
@@ -229,11 +226,6 @@ static int ssl_write(BIO *b, const char *buf, size_t size, size_t *written)
    BIO_set_retry_reason(b, retry_reason);
-    if (ret > 0) {
-        *written = ret;
-        ret = 1;
-    }
    return ret;
 }

--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3002,72 +3002,69 @@ int SSL_get_error(const SSL *s, int i)
            return (SSL_ERROR_SSL);
    }
-    if (i < 0) {
+    if (SSL_want_read(s)) {
-        if (SSL_want_read(s)) {
+        bio = SSL_get_rbio(s);
-            bio = SSL_get_rbio(s);
+        if (BIO_should_read(bio))
-            if (BIO_should_read(bio))
+            return (SSL_ERROR_WANT_READ);
-                return (SSL_ERROR_WANT_READ);
+        else if (BIO_should_write(bio))
-            else if (BIO_should_write(bio))
+            /*
-                /*
+             * This one doesn't make too much sense ... We never try to write
-                 * This one doesn't make too much sense ... We never try to write
+             * to the rbio, and an application program where rbio and wbio
-                 * to the rbio, and an application program where rbio and wbio
+             * are separate couldn't even know what it should wait for.
-                 * are separate couldn't even know what it should wait for.
+             * However if we ever set s->rwstate incorrectly (so that we have
-                 * However if we ever set s->rwstate incorrectly (so that we have
+             * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
-                 * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
+             * wbio *are* the same, this test works around that bug; so it
-                 * wbio *are* the same, this test works around that bug; so it
+             * might be safer to keep it.
-                 * might be safer to keep it.
+             */
-                 */
+            return (SSL_ERROR_WANT_WRITE);
-                return (SSL_ERROR_WANT_WRITE);
+        else if (BIO_should_io_special(bio)) {
-            else if (BIO_should_io_special(bio)) {
+            reason = BIO_get_retry_reason(bio);
-                reason = BIO_get_retry_reason(bio);
+            if (reason == BIO_RR_CONNECT)
-                if (reason == BIO_RR_CONNECT)
+                return (SSL_ERROR_WANT_CONNECT);
-                    return (SSL_ERROR_WANT_CONNECT);
+            else if (reason == BIO_RR_ACCEPT)
-                else if (reason == BIO_RR_ACCEPT)
+                return (SSL_ERROR_WANT_ACCEPT);
-                    return (SSL_ERROR_WANT_ACCEPT);
+            else
-                else
+                return (SSL_ERROR_SYSCALL); /* unknown */
-                    return (SSL_ERROR_SYSCALL); /* unknown */
-            }
        }
+    }
-        if (SSL_want_write(s)) {
+    if (SSL_want_write(s)) {
+        /*
+         * Access wbio directly - in order to use the buffered bio if
+         * present
+         */
+        bio = s->wbio;
+        if (BIO_should_write(bio))
+            return (SSL_ERROR_WANT_WRITE);
+        else if (BIO_should_read(bio))
            /*
-             * Access wbio directly - in order to use the buffered bio if
+             * See above (SSL_want_read(s) with BIO_should_write(bio))
-             * present
             */
-            bio = s->wbio;
+            return (SSL_ERROR_WANT_READ);
-            if (BIO_should_write(bio))
+        else if (BIO_should_io_special(bio)) {
-                return (SSL_ERROR_WANT_WRITE);
+            reason = BIO_get_retry_reason(bio);
-            else if (BIO_should_read(bio))
+            if (reason == BIO_RR_CONNECT)
-                /*
+                return (SSL_ERROR_WANT_CONNECT);
-                 * See above (SSL_want_read(s) with BIO_should_write(bio))
+            else if (reason == BIO_RR_ACCEPT)
-                 */
+                return (SSL_ERROR_WANT_ACCEPT);
-                return (SSL_ERROR_WANT_READ);
+            else
-            else if (BIO_should_io_special(bio)) {
+                return (SSL_ERROR_SYSCALL);
-                reason = BIO_get_retry_reason(bio);
-                if (reason == BIO_RR_CONNECT)
-                    return (SSL_ERROR_WANT_CONNECT);
-                else if (reason == BIO_RR_ACCEPT)
-                    return (SSL_ERROR_WANT_ACCEPT);
-                else
-                    return (SSL_ERROR_SYSCALL);
-            }
-        }
-        if (SSL_want_x509_lookup(s)) {
-            return (SSL_ERROR_WANT_X509_LOOKUP);
-        }
-        if (SSL_want_async(s)) {
-            return SSL_ERROR_WANT_ASYNC;
-        }
-        if (SSL_want_async_job(s)) {
-            return SSL_ERROR_WANT_ASYNC_JOB;
        }
    }
+    if (SSL_want_x509_lookup(s)) {
-    if (i == 0) {
+        return (SSL_ERROR_WANT_X509_LOOKUP);
-        if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
-            (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
-            return (SSL_ERROR_ZERO_RETURN);
    }
+    if (SSL_want_async(s)) {
+        return SSL_ERROR_WANT_ASYNC;
+    }
+    if (SSL_want_async_job(s)) {
+        return SSL_ERROR_WANT_ASYNC_JOB;
+    }
+    if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+        (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+        return (SSL_ERROR_ZERO_RETURN);
    return (SSL_ERROR_SYSCALL);
 }