Make SSL_set_bio's ownership easier to reason about.
SSL_set_bio has some rather complex ownership story because whether rbio/wbio
are both owning depends on whether they are equal. Moreover, whether
SSL_set_bio(ssl, rbio, wbio) frees ssl->rbio depends on whether rbio is the
existing rbio or not. The current logic doesn't even get it right; see tests.
Simplify this. First, rbio and wbio are always owning. All the weird ownership
cases which we're stuck with for compatibility will live in SSL_set_bio. It
will internally BIO_up_ref if necessary and appropriately no-op the left or
right side as needed. It will then call more well-behaved ssl_set_rbio or
ssl_set_wbio functions as necessary.
Change-Id: I6b4b34e23ed01561a8c0aead8bb905363ee413bb
Reviewed-on: https://boringssl-review.googlesource.com/8240
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 03a4ea5..086aa9d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -237,7 +237,10 @@
* In DTLS, if |rbio| is blocking, it must handle
* |BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT| control requests to set read timeouts.
*
- * Calling this function on an already-configured |ssl| is deprecated. */
+ * If |rbio| (respectively, |wbio|) is the same as the currently configured
+ * |BIO| for reading (respectivly, writing), that side is left untouched and is
+ * not freed. Using this behavior and calling this function if |ssl| already has
+ * |BIO|s configured is deprecated. */
OPENSSL_EXPORT void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
/* SSL_get_rbio returns the |BIO| that |ssl| reads from. */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 7f7bf5a..0d95695 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -477,11 +477,8 @@
ssl_free_wbio_buffer(ssl);
assert(ssl->bbio == NULL);
- int free_wbio = ssl->wbio != ssl->rbio;
BIO_free_all(ssl->rbio);
- if (free_wbio) {
- BIO_free_all(ssl->wbio);
- }
+ BIO_free_all(ssl->wbio);
BUF_MEM_free(ssl->init_buf);
@@ -523,19 +520,18 @@
ssl->handshake_func = ssl3_accept;
}
-void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) {
+static void ssl_set_rbio(SSL *ssl, BIO *rbio) {
+ BIO_free_all(ssl->rbio);
+ ssl->rbio = rbio;
+}
+
+static void ssl_set_wbio(SSL *ssl, BIO *wbio) {
/* If the output buffering BIO is still in place, remove it. */
if (ssl->bbio != NULL) {
ssl->wbio = BIO_pop(ssl->wbio);
}
- if (ssl->rbio != rbio) {
- BIO_free_all(ssl->rbio);
- }
- if (ssl->wbio != wbio && ssl->rbio != ssl->wbio) {
- BIO_free_all(ssl->wbio);
- }
- ssl->rbio = rbio;
+ BIO_free_all(ssl->wbio);
ssl->wbio = wbio;
/* Re-attach |bbio| to the new |wbio|. */
@@ -544,6 +540,31 @@
}
}
+void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) {
+ /* For historical reasons, this function has many different cases in ownership
+ * handling. */
+
+ /* If the two arguments are equal, one fewer reference is granted than
+ * taken. */
+ if (rbio != NULL && rbio == wbio) {
+ BIO_up_ref(rbio);
+ }
+
+ /* If at most one of rbio or wbio is changed, only adopt one reference. */
+ if (rbio == SSL_get_rbio(ssl)) {
+ ssl_set_wbio(ssl, wbio);
+ return;
+ }
+ if (wbio == SSL_get_wbio(ssl)) {
+ ssl_set_rbio(ssl, rbio);
+ return;
+ }
+
+ /* Otherwise, adopt both references. */
+ ssl_set_rbio(ssl, rbio);
+ ssl_set_wbio(ssl, wbio);
+}
+
BIO *SSL_get_rbio(const SSL *ssl) { return ssl->rbio; }
BIO *SSL_get_wbio(const SSL *ssl) {
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 619b4b2..3e9cd1e 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -1309,8 +1309,6 @@
return false;
}
- // TODO(davidben): This one is broken.
-#if 0
// Test changing the read FD partway through.
ssl.reset(SSL_new(ctx.get()));
if (!ssl ||
@@ -1319,7 +1317,6 @@
!ExpectFDs(ssl.get(), 2, 1)) {
return false;
}
-#endif
// Test changing the write FD partway through.
ssl.reset(SSL_new(ctx.get()));