[openssl-dev] Feedback on BIO API changes in 1.1

Timothy B. Terriberry tterribe at xiph.org
Mon Jun 27 20:56:50 UTC 2016 

Salz, Rich wrote:
> This feedback is very useful.
>
>> 1) There is no accessor for the "num" field in the BIO struct.
>> This is typically used to store a file descriptor or similar value. As can be seen
>> by its explicit access in BIO_dup_chain(), there may be legitimate reasons to
>> get at its value, even if you are not writing your own new BIO
>> implementation.
>
> Can you explain when/how/why you need it?

My old code was initializing this field to zero in the BIO's "create" 
method. I honestly don't remember why, or even if this is necessary, I 
just noticed the gap in the API when looking for a replacement.

>> 2) The API documentation for BIO_meth_new() says that "type" should be a
>> unique integer, but provides no way to ensure this is true.
>
> That sounds like a bug we need to fix.  Perhaps something like
> 	int BIO_meth_new_index([int flags?])
> ?

Something like that would probably work. However, with the new opaque 
struct approach, I now create a new BIO_METHOD from scratch for every 
connection attempt, and don't really have a convenient place to store 
this value, so this will get called rather a lot unless I restructure my 
code to cache a value somewhere. Because I am writing a library, which I 
intend to be re-entrant, but which does not have any explicit threading 
support (or dependencies), I don't have any convenient global place to 
cache it. I haven't needed one for anything else. See point #3.

If there was also some way to give these back when no longer needed, 
then at least I could ensure my code wouldn't use up the whole namespace 
and start failing after a few million connections.

But I think even just some advice on _how_ to pick a value here would be 
sufficient. As long as the space is sufficiently sparse, picking a 
static value with reasonably low probability of colliding with anything 
else would be good enough for me.

>> 3) I'm not sure the conversion of BIO_METHOD to an opaque struct is really a
>> good idea.
>
> Did you see BIO_meth_set_write etc ?

I did. I also saw that exactly no code in OpenSSL itself uses this API.

More information about the openssl-dev mailing list