diff options
| author | Matt Caswell <matt@openssl.org> | 2016-06-17 13:59:59 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-07-20 13:08:08 +0100 |
| commit | 2e7dc7cd6886b8006386e9f37e1defef66cbab55 (patch) | |
| tree | f6347ef8fff1c421735ffa6999670c9faf0f64eb /Configurations | |
| parent | 590ed3d7ea555b877859f6b491020112588fe1be (diff) | |
Never expose ssl->bbio in the public API.
This is adapted from BoringSSL commit 2f87112b963.
This fixes a number of bugs where the existence of bbio was leaked in the
public API and broke things.
- SSL_get_wbio returned the bbio during the handshake. It must always return
the BIO the consumer configured. In doing so, some internal accesses of
SSL_get_wbio should be switched to ssl->wbio since those want to see bbio.
- The logic in SSL_set_rfd, etc. (which I doubt is quite right since
SSL_set_bio's lifetime is unclear) would get confused once wbio got
wrapped. Those want to compare to SSL_get_wbio.
- If SSL_set_bio was called mid-handshake, bbio would get disconnected and
lose state. It forgets to reattach the bbio afterwards. Unfortunately,
Conscrypt does this a lot. It just never ended up calling it at a point
where the bbio would cause problems.
- Make more explicit the invariant that any bbio's which exist are always
attached. Simplify a few things as part of that.
RT#4572
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'Configurations')
0 files changed, 0 insertions, 0 deletions