From 066fe0a679e3ba01d857eed3cc3b77ae290caf64 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sat, 17 Oct 2015 21:11:33 -0400 Subject: [PATCH] Document fd-based SSL APIs. Also clean up the code slightly. Change-Id: I066a389242c46cdc7d41b1ae9537c4b7716c92a2 Reviewed-on: https://boringssl-review.googlesource.com/6302 Reviewed-by: Adam Langley --- include/openssl/ssl.h | 33 ++++++++++++---- ssl/ssl_lib.c | 89 +++++++++++++++---------------------------- 2 files changed, 57 insertions(+), 65 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index bfea258f..a975cb80 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -247,6 +247,32 @@ OPENSSL_EXPORT BIO *SSL_get_rbio(const SSL *ssl); /* SSL_get_wbio returns the |BIO| that |ssl| writes to. */ OPENSSL_EXPORT BIO *SSL_get_wbio(const SSL *ssl); +/* SSL_get_fd calls |SSL_get_rfd|. */ +OPENSSL_EXPORT int SSL_get_fd(const SSL *ssl); + +/* SSL_get_rfd returns the file descriptor that |ssl| is configured to read + * from. If |ssl|'s read |BIO| is not configured or doesn't wrap a file + * descriptor then it returns -1. */ +OPENSSL_EXPORT int SSL_get_rfd(const SSL *ssl); + +/* SSL_get_wfd returns the file descriptor that |ssl| is configured to write + * to. If |ssl|'s write |BIO| is not configured or doesn't wrap a file + * descriptor then it returns -1. */ +OPENSSL_EXPORT int SSL_get_wfd(const SSL *ssl); + +/* SSL_set_wfd configures |ssl| to read from and write to |fd|. It returns one + * on success and zero on allocation error. The caller retains ownership of + * |fd|. */ +OPENSSL_EXPORT int SSL_set_fd(SSL *ssl, int fd); + +/* SSL_set_rfd configures |ssl| to read from |fd|. It returns one on success and + * zero on allocation error. The caller retains ownership of |fd|. */ +OPENSSL_EXPORT int SSL_set_rfd(SSL *ssl, int fd); + +/* SSL_set_wfd configures |ssl| to write to |fd|. It returns one on success and + * zero on allocation error. The caller retains ownership of |fd|. */ +OPENSSL_EXPORT int SSL_set_wfd(SSL *ssl, int fd); + /* SSL_do_handshake continues the current handshake. If there is none or the * handshake has completed or False Started, it returns one. Otherwise, it * returns <= 0. The caller should pass the value into |SSL_get_error| to @@ -2835,13 +2861,6 @@ OPENSSL_EXPORT int SSL_in_false_start(const SSL *s); DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) -OPENSSL_EXPORT int SSL_get_fd(const SSL *s); -OPENSSL_EXPORT int SSL_get_rfd(const SSL *s); -OPENSSL_EXPORT int SSL_get_wfd(const SSL *s); -OPENSSL_EXPORT int SSL_set_fd(SSL *s, int fd); -OPENSSL_EXPORT int SSL_set_rfd(SSL *s, int fd); -OPENSSL_EXPORT int SSL_set_wfd(SSL *s, int fd); - OPENSSL_EXPORT const char *SSL_state_string(const SSL *ssl); OPENSSL_EXPORT const char *SSL_state_string_long(const SSL *ssl); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1baf355f..b6374c6d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1071,96 +1071,69 @@ X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) { return ssl->param; } void SSL_certs_clear(SSL *ssl) { ssl_cert_clear_certs(ssl->cert); } -int SSL_get_fd(const SSL *s) { return SSL_get_rfd(s); } +int SSL_get_fd(const SSL *ssl) { return SSL_get_rfd(ssl); } -int SSL_get_rfd(const SSL *s) { +int SSL_get_rfd(const SSL *ssl) { int ret = -1; - BIO *b, *r; - - b = SSL_get_rbio(s); - r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); - if (r != NULL) { - BIO_get_fd(r, &ret); + BIO *b = BIO_find_type(SSL_get_rbio(ssl), BIO_TYPE_DESCRIPTOR); + if (b != NULL) { + BIO_get_fd(b, &ret); } return ret; } -int SSL_get_wfd(const SSL *s) { +int SSL_get_wfd(const SSL *ssl) { int ret = -1; - BIO *b, *r; - - b = SSL_get_wbio(s); - r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); - if (r != NULL) { - BIO_get_fd(r, &ret); + BIO *b = BIO_find_type(SSL_get_wbio(ssl), BIO_TYPE_DESCRIPTOR); + if (b != NULL) { + BIO_get_fd(b, &ret); } - return ret; } -int SSL_set_fd(SSL *s, int fd) { - int ret = 0; - BIO *bio = NULL; - - bio = BIO_new(BIO_s_fd()); - +int SSL_set_fd(SSL *ssl, int fd) { + BIO *bio = BIO_new(BIO_s_fd()); if (bio == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); - goto err; + return 0; } BIO_set_fd(bio, fd, BIO_NOCLOSE); - SSL_set_bio(s, bio, bio); - ret = 1; - -err: - return ret; + SSL_set_bio(ssl, bio, bio); + return 1; } -int SSL_set_wfd(SSL *s, int fd) { - int ret = 0; - BIO *bio = NULL; - - if (s->rbio == NULL || BIO_method_type(s->rbio) != BIO_TYPE_FD || - BIO_get_fd(s->rbio, NULL) != fd) { - bio = BIO_new(BIO_s_fd()); - +int SSL_set_wfd(SSL *ssl, int fd) { + if (ssl->rbio == NULL || + BIO_method_type(ssl->rbio) != BIO_TYPE_FD || + BIO_get_fd(ssl->rbio, NULL) != fd) { + BIO *bio = BIO_new(BIO_s_fd()); if (bio == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); - goto err; + return 0; } BIO_set_fd(bio, fd, BIO_NOCLOSE); - SSL_set_bio(s, SSL_get_rbio(s), bio); + SSL_set_bio(ssl, SSL_get_rbio(ssl), bio); } else { - SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); + SSL_set_bio(ssl, SSL_get_rbio(ssl), SSL_get_rbio(ssl)); } - ret = 1; - -err: - return ret; + return 1; } -int SSL_set_rfd(SSL *s, int fd) { - int ret = 0; - BIO *bio = NULL; - - if (s->wbio == NULL || BIO_method_type(s->wbio) != BIO_TYPE_FD || - BIO_get_fd(s->wbio, NULL) != fd) { - bio = BIO_new(BIO_s_fd()); - +int SSL_set_rfd(SSL *ssl, int fd) { + if (ssl->wbio == NULL || BIO_method_type(ssl->wbio) != BIO_TYPE_FD || + BIO_get_fd(ssl->wbio, NULL) != fd) { + BIO *bio = BIO_new(BIO_s_fd()); if (bio == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); - goto err; + return 0; } BIO_set_fd(bio, fd, BIO_NOCLOSE); - SSL_set_bio(s, bio, SSL_get_wbio(s)); + SSL_set_bio(ssl, bio, SSL_get_wbio(ssl)); } else { - SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); + SSL_set_bio(ssl, SSL_get_wbio(ssl), SSL_get_wbio(ssl)); } - ret = 1; - -err: - return ret; + return 1; } size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {