2 files changed, 86 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 09d68beb0b..1a0403c72b 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.211 2021/10/23 11:41:51 beck Exp $ */
+/* $OpenBSD: ssl.h,v 1.212 2021/10/23 15:30:44 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1289,6 +1289,11 @@ int	SSL_is_server(const SSL *s);
 int     SSL_read(SSL *ssl, void *buf, int num);
 int     SSL_peek(SSL *ssl, void *buf, int num);
 int     SSL_write(SSL *ssl, const void *buf, int num);
+#if defined(LIBRESSL_NEW_API)
+int     SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_read);
+int     SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_peeked);
+int     SSL_write_ex(SSL *ssl, const void *buf, size_t num, size_t *bytes_written);
+#endif
 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
 uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index c029b3716c..1363cd64fd 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.271 2021/10/23 15:02:27 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.272 2021/10/23 15:30:44 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -141,6 +141,7 @@
 */
 #include <arpa/inet.h>
+#include <sys/limits.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
@@ -995,6 +996,11 @@ SSL_get_default_timeout(const SSL *s)
 int
 SSL_read(SSL *s, void *buf, int num)
 {
+        if (num < 0) {
+                SSLerror(s, SSL_R_BAD_LENGTH);
+                return -1;
+        }
        if (s->internal->handshake_func == NULL) {
                SSLerror(s, SSL_R_UNINITIALIZED);
                return (-1);
@@ -1008,8 +1014,32 @@ SSL_read(SSL *s, void *buf, int num)
 }
 int
+SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read)
+{
+        int ret;
+        /* We simply don't bother supporting enormous reads */
+        if (num > INT_MAX) {
+                SSLerror(s, SSL_R_BAD_LENGTH);
+                return 0;
+        }
+        ret = SSL_read(s, buf, (int)num);
+        if (ret < 0)
+                ret = 0;
+        *bytes_read = ret;
+        return ret > 0;
+}
+int
 SSL_peek(SSL *s, void *buf, int num)
 {
+        if (num < 0) {
+                SSLerror(s, SSL_R_BAD_LENGTH);
+                return -1;
+        }
        if (s->internal->handshake_func == NULL) {
                SSLerror(s, SSL_R_UNINITIALIZED);
                return (-1);
@@ -1022,8 +1052,32 @@ SSL_peek(SSL *s, void *buf, int num)
 }
 int
+SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked)
+{
+        int ret;
+        /* We simply don't bother supporting enormous peeks */
+        if (num > INT_MAX) {
+                SSLerror(s, SSL_R_BAD_LENGTH);
+                return 0;
+        }
+        ret = SSL_peek(s, buf, (int)num);
+        if (ret < 0)
+                ret = 0;
+        *bytes_peeked = ret;
+        return ret > 0;
+}
+int
 SSL_write(SSL *s, const void *buf, int num)
 {
+        if (num < 0) {
+                SSLerror(s, SSL_R_BAD_LENGTH);
+                return -1;
+        }
        if (s->internal->handshake_func == NULL) {
                SSLerror(s, SSL_R_UNINITIALIZED);
                return (-1);
@@ -1037,6 +1091,31 @@ SSL_write(SSL *s, const void *buf, int num)
        return ssl3_write(s, buf, num);
 }
+int
+SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written)
+{
+        int ret;
+        /* We simply don't bother supporting enormous writes */
+        if (num > INT_MAX) {
+                SSLerror(s, SSL_R_BAD_LENGTH);
+                return 0;
+        }
+        if (num == 0) {
+                /* This API is special */
+                bytes_written = 0;
+                return 1;
+        }
+        ret = SSL_write(s, buf, (int)num);
+        if (ret < 0)
+                ret = 0;
+        *bytes_written = ret;
+        return ret > 0;
+}
 uint32_t
 SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
 {

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 09d68beb0b..1a0403c72b 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.211 2021/10/23 11:41:51 beck Exp $ */	1	/* $OpenBSD: ssl.h,v 1.212 2021/10/23 15:30:44 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1289,6 +1289,11 @@ int SSL_is_server(const SSL *s);
1289	int SSL_read(SSL ssl, void buf, int num);	1289	int SSL_read(SSL ssl, void buf, int num);
1290	int SSL_peek(SSL ssl, void buf, int num);	1290	int SSL_peek(SSL ssl, void buf, int num);
1291	int SSL_write(SSL ssl, const void buf, int num);	1291	int SSL_write(SSL ssl, const void buf, int num);
		1292	#if defined(LIBRESSL_NEW_API)
		1293	int SSL_read_ex(SSL ssl, void buf, size_t num, size_t *bytes_read);
		1294	int SSL_peek_ex(SSL ssl, void buf, size_t num, size_t *bytes_peeked);
		1295	int SSL_write_ex(SSL ssl, const void buf, size_t num, size_t *bytes_written);
		1296	#endif
1292		1297
1293	#if defined(LIBRESSL_HAS_TLS1_3) \|\| defined(LIBRESSL_INTERNAL)	1298	#if defined(LIBRESSL_HAS_TLS1_3) \|\| defined(LIBRESSL_INTERNAL)
1294	uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);	1299	uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);


diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index c029b3716c..1363cd64fd 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.271 2021/10/23 15:02:27 jsing Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.272 2021/10/23 15:30:44 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -141,6 +141,7 @@
141	*/	141	*/
142		142
143	#include <arpa/inet.h>	143	#include <arpa/inet.h>
		144	#include <sys/limits.h>
144	#include <sys/socket.h>	145	#include <sys/socket.h>
145	#include <netinet/in.h>	146	#include <netinet/in.h>
146		147
@@ -995,6 +996,11 @@ SSL_get_default_timeout(const SSL *s)
995	int	996	int
996	SSL_read(SSL s, void buf, int num)	997	SSL_read(SSL s, void buf, int num)
997	{	998	{
		999	if (num < 0) {
		1000	SSLerror(s, SSL_R_BAD_LENGTH);
		1001	return -1;
		1002	}
		1003
998	if (s->internal->handshake_func == NULL) {	1004	if (s->internal->handshake_func == NULL) {
999	SSLerror(s, SSL_R_UNINITIALIZED);	1005	SSLerror(s, SSL_R_UNINITIALIZED);
1000	return (-1);	1006	return (-1);
@@ -1008,8 +1014,32 @@ SSL_read(SSL s, void buf, int num)
1008	}	1014	}
1009		1015
1010	int	1016	int
		1017	SSL_read_ex(SSL s, void buf, size_t num, size_t *bytes_read)
		1018	{
		1019	int ret;
		1020
		1021	/* We simply don't bother supporting enormous reads */
		1022	if (num > INT_MAX) {
		1023	SSLerror(s, SSL_R_BAD_LENGTH);
		1024	return 0;
		1025	}
		1026
		1027	ret = SSL_read(s, buf, (int)num);
		1028	if (ret < 0)
		1029	ret = 0;
		1030	*bytes_read = ret;
		1031
		1032	return ret > 0;
		1033	}
		1034
		1035	int
1011	SSL_peek(SSL s, void buf, int num)	1036	SSL_peek(SSL s, void buf, int num)
1012	{	1037	{
		1038	if (num < 0) {
		1039	SSLerror(s, SSL_R_BAD_LENGTH);
		1040	return -1;
		1041	}
		1042
1013	if (s->internal->handshake_func == NULL) {	1043	if (s->internal->handshake_func == NULL) {
1014	SSLerror(s, SSL_R_UNINITIALIZED);	1044	SSLerror(s, SSL_R_UNINITIALIZED);
1015	return (-1);	1045	return (-1);
@@ -1022,8 +1052,32 @@ SSL_peek(SSL s, void buf, int num)
1022	}	1052	}
1023		1053
1024	int	1054	int
		1055	SSL_peek_ex(SSL s, void buf, size_t num, size_t *bytes_peeked)
		1056	{
		1057	int ret;
		1058
		1059	/* We simply don't bother supporting enormous peeks */
		1060	if (num > INT_MAX) {
		1061	SSLerror(s, SSL_R_BAD_LENGTH);
		1062	return 0;
		1063	}
		1064
		1065	ret = SSL_peek(s, buf, (int)num);
		1066	if (ret < 0)
		1067	ret = 0;
		1068	*bytes_peeked = ret;
		1069
		1070	return ret > 0;
		1071	}
		1072
		1073	int
1025	SSL_write(SSL s, const void buf, int num)	1074	SSL_write(SSL s, const void buf, int num)
1026	{	1075	{
		1076	if (num < 0) {
		1077	SSLerror(s, SSL_R_BAD_LENGTH);
		1078	return -1;
		1079	}
		1080
1027	if (s->internal->handshake_func == NULL) {	1081	if (s->internal->handshake_func == NULL) {
1028	SSLerror(s, SSL_R_UNINITIALIZED);	1082	SSLerror(s, SSL_R_UNINITIALIZED);
1029	return (-1);	1083	return (-1);
@@ -1037,6 +1091,31 @@ SSL_write(SSL s, const void buf, int num)
1037	return ssl3_write(s, buf, num);	1091	return ssl3_write(s, buf, num);
1038	}	1092	}
1039		1093
		1094	int
		1095	SSL_write_ex(SSL s, const void buf, size_t num, size_t *bytes_written)
		1096	{
		1097	int ret;
		1098
		1099	/* We simply don't bother supporting enormous writes */
		1100	if (num > INT_MAX) {
		1101	SSLerror(s, SSL_R_BAD_LENGTH);
		1102	return 0;
		1103	}
		1104
		1105	if (num == 0) {
		1106	/* This API is special */
		1107	bytes_written = 0;
		1108	return 1;
		1109	}
		1110
		1111	ret = SSL_write(s, buf, (int)num);
		1112	if (ret < 0)
		1113	ret = 0;
		1114	*bytes_written = ret;
		1115
		1116	return ret > 0;
		1117	}
		1118
1040	uint32_t	1119	uint32_t
1041	SSL_CTX_get_max_early_data(const SSL_CTX *ctx)	1120	SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
1042	{	1121	{