From b5b7f1d2e021c1f41a554ad9366a06918f76f0b8 Mon Sep 17 00:00:00 2001 From: beck Date: Sat, 23 Oct 2021 15:30:44 +0000 Subject: [PATCH] Add new OpenSSL api SSL_write_ex, SSL_read_ex and SSL_peek_ex As these still meet the usual expectations for special, I will leave it up to ingo to decide to either document separately or in one man page like OpenSSL did. Will also need Symbols.list additions by tb@ when he starts the rapture ok tb@ jsing@ --- lib/libssl/ssl.h | 7 +++- lib/libssl/ssl_lib.c | 81 +++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 86 insertions(+), 2 deletions(-) diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 09d68beb0b9..1a0403c72b1 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.211 2021/10/23 11:41:51 beck Exp $ */ +/* $OpenBSD: ssl.h,v 1.212 2021/10/23 15:30:44 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1289,6 +1289,11 @@ int SSL_is_server(const SSL *s); int SSL_read(SSL *ssl, void *buf, int num); int SSL_peek(SSL *ssl, void *buf, int num); int SSL_write(SSL *ssl, const void *buf, int num); +#if defined(LIBRESSL_NEW_API) +int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_read); +int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_peeked); +int SSL_write_ex(SSL *ssl, const void *buf, size_t num, size_t *bytes_written); +#endif #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index c029b3716c2..1363cd64fd8 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.271 2021/10/23 15:02:27 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.272 2021/10/23 15:30:44 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -141,6 +141,7 @@ */ #include +#include #include #include @@ -995,6 +996,11 @@ SSL_get_default_timeout(const SSL *s) int SSL_read(SSL *s, void *buf, int num) { + if (num < 0) { + SSLerror(s, SSL_R_BAD_LENGTH); + return -1; + } + if (s->internal->handshake_func == NULL) { SSLerror(s, SSL_R_UNINITIALIZED); return (-1); @@ -1007,9 +1013,33 @@ SSL_read(SSL *s, void *buf, int num) return ssl3_read(s, buf, num); } +int +SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read) +{ + int ret; + + /* We simply don't bother supporting enormous reads */ + if (num > INT_MAX) { + SSLerror(s, SSL_R_BAD_LENGTH); + return 0; + } + + ret = SSL_read(s, buf, (int)num); + if (ret < 0) + ret = 0; + *bytes_read = ret; + + return ret > 0; +} + int SSL_peek(SSL *s, void *buf, int num) { + if (num < 0) { + SSLerror(s, SSL_R_BAD_LENGTH); + return -1; + } + if (s->internal->handshake_func == NULL) { SSLerror(s, SSL_R_UNINITIALIZED); return (-1); @@ -1021,9 +1051,33 @@ SSL_peek(SSL *s, void *buf, int num) return ssl3_peek(s, buf, num); } +int +SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked) +{ + int ret; + + /* We simply don't bother supporting enormous peeks */ + if (num > INT_MAX) { + SSLerror(s, SSL_R_BAD_LENGTH); + return 0; + } + + ret = SSL_peek(s, buf, (int)num); + if (ret < 0) + ret = 0; + *bytes_peeked = ret; + + return ret > 0; +} + int SSL_write(SSL *s, const void *buf, int num) { + if (num < 0) { + SSLerror(s, SSL_R_BAD_LENGTH); + return -1; + } + if (s->internal->handshake_func == NULL) { SSLerror(s, SSL_R_UNINITIALIZED); return (-1); @@ -1037,6 +1091,31 @@ SSL_write(SSL *s, const void *buf, int num) return ssl3_write(s, buf, num); } +int +SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written) +{ + int ret; + + /* We simply don't bother supporting enormous writes */ + if (num > INT_MAX) { + SSLerror(s, SSL_R_BAD_LENGTH); + return 0; + } + + if (num == 0) { + /* This API is special */ + bytes_written = 0; + return 1; + } + + ret = SSL_write(s, buf, (int)num); + if (ret < 0) + ret = 0; + *bytes_written = ret; + + return ret > 0; +} + uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx) { -- 2.20.1