[openssl-dev] Feedback on BIO API changes in 1.1
Timothy B. Terriberry
tterribe at xiph.org
Mon Jun 27 20:56:50 UTC 2016
Salz, Rich wrote:
> This feedback is very useful.
>
>> 1) There is no accessor for the "num" field in the BIO struct.
>> This is typically used to store a file descriptor or similar value. As can be seen
>> by its explicit access in BIO_dup_chain(), there may be legitimate reasons to
>> get at its value, even if you are not writing your own new BIO
>> implementation.
>
> Can you explain when/how/why you need it?
My old code was initializing this field to zero in the BIO's "create"
method. I honestly don't remember why, or even if this is necessary, I
just noticed the gap in the API when looking for a replacement.
>> 2) The API documentation for BIO_meth_new() says that "type" should be a
>> unique integer, but provides no way to ensure this is true.
>
> That sounds like a bug we need to fix. Perhaps something like
> int BIO_meth_new_index([int flags?])
> ?
Something like that would probably work. However, with the new opaque
struct approach, I now create a new BIO_METHOD from scratch for every
connection attempt, and don't really have a convenient place to store
this value, so this will get called rather a lot unless I restructure my
code to cache a value somewhere. Because I am writing a library, which I
intend to be re-entrant, but which does not have any explicit threading
support (or dependencies), I don't have any convenient global place to
cache it. I haven't needed one for anything else. See point #3.
If there was also some way to give these back when no longer needed,
then at least I could ensure my code wouldn't use up the whole namespace
and start failing after a few million connections.
But I think even just some advice on _how_ to pick a value here would be
sufficient. As long as the space is sufficiently sparse, picking a
static value with reasonably low probability of colliding with anything
else would be good enough for me.
>> 3) I'm not sure the conversion of BIO_METHOD to an opaque struct is really a
>> good idea.
>
> Did you see BIO_meth_set_write etc ?
I did. I also saw that exactly no code in OpenSSL itself uses this API.
More information about the openssl-dev
mailing list