From a2ca189e273584a7af3fcb90d893df9439e96659 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 24 Jul 2023 17:13:15 +0200
Subject: bio_ssl.c: Support most ctrls with QUIC based BIO_SSL

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21539)
---
 ssl/bio_ssl.c | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

(limited to 'ssl/bio_ssl.c')

diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index 64d1849c7e..ea72b394a1 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -25,7 +25,11 @@ static int ssl_free(BIO *data);
 static long ssl_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
 typedef struct bio_ssl_st {
     SSL *ssl;                   /* The ssl handle :-) */
-    /* re-negotiate every time the total number of bytes is this size */
+    /*
+     * Re-negotiate every time the total number of bytes is this size
+     * or when timeout expires.
+     * There is no proper support for TLS-1.3 or QUIC yet.
+     */
     int num_renegotiates;
     unsigned long renegotiate_count;
     size_t byte_count;
@@ -230,13 +234,14 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
     bs = BIO_get_data(b);
     next = BIO_next(b);
     ssl = bs->ssl;
-    if ((ssl == NULL
-         || (sc = SSL_CONNECTION_FROM_SSL(ssl)) == NULL)
-        && cmd != BIO_C_SET_SSL)
+    if (ssl == NULL && cmd != BIO_C_SET_SSL)
         return 0;
-    /* TODO(QUIC): The rbio/wbio might be from QUIC_CONNECTION instead */
     switch (cmd) {
     case BIO_CTRL_RESET:
+        /* TODO(QUIC FUTURE): Add support when SSL_clear() is supported */
+        if ((sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl)) == NULL)
+            return 0;
+
         SSL_shutdown(ssl);
 
         if (sc->handshake_func == ssl->method->ssl_connect)
@@ -313,20 +318,20 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
         BIO_set_shutdown(b, (int)num);
         break;
     case BIO_CTRL_WPENDING:
-        ret = BIO_ctrl(sc->wbio, cmd, num, ptr);
+        ret = BIO_ctrl(SSL_get_wbio(ssl), cmd, num, ptr);
         break;
     case BIO_CTRL_PENDING:
         ret = SSL_pending(ssl);
         if (ret == 0)
-            ret = BIO_pending(sc->rbio);
+            ret = BIO_pending(SSL_get_rbio(ssl));
         break;
     case BIO_CTRL_FLUSH:
         BIO_clear_retry_flags(b);
-        ret = BIO_ctrl(sc->wbio, cmd, num, ptr);
+        ret = BIO_ctrl(SSL_get_wbio(ssl), cmd, num, ptr);
         BIO_copy_next_retry(b);
         break;
     case BIO_CTRL_PUSH:
-        if ((next != NULL) && (next != sc->rbio)) {
+        if ((next != NULL) && (next != SSL_get_rbio(ssl))) {
             /*
              * We are going to pass ownership of next to the SSL object...but
              * we don't own a reference to pass yet - so up ref
@@ -380,7 +385,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
         ret = (dbs->ssl != NULL);
         break;
     case BIO_C_GET_FD:
-        ret = BIO_ctrl(sc->rbio, cmd, num, ptr);
+        ret = BIO_ctrl(SSL_get_rbio(ssl), cmd, num, ptr);
         break;
     case BIO_CTRL_SET_CALLBACK:
         ret = 0; /* use callback ctrl */
@@ -394,7 +399,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
             ret = 0;
         break;
     default:
-        ret = BIO_ctrl(sc->rbio, cmd, num, ptr);
+        ret = BIO_ctrl(SSL_get_rbio(ssl), cmd, num, ptr);
         break;
     }
     return ret;
-- 
cgit v1.2.3