Add new OpenSSL api SSL_write_ex, SSL_read_ex and SSL_peek_ex

As these still meet the usual expectations for special, I will leave
it up to ingo to decide to either document separately or in one man
page like OpenSSL did.

Will also need Symbols.list additions by tb@ when he starts the rapture

ok tb@ jsing@

2 files changed, 86 insertions, 2 deletions

diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 09d68beb0b9..1a0403c72b1 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.211 2021/10/23 11:41:51 beck Exp $ */
+/* $OpenBSD: ssl.h,v 1.212 2021/10/23 15:30:44 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1289,6 +1289,11 @@ int	SSL_is_server(const SSL *s);
 int 	SSL_read(SSL *ssl, void *buf, int num);
 int 	SSL_peek(SSL *ssl, void *buf, int num);
 int 	SSL_write(SSL *ssl, const void *buf, int num);
+#if defined(LIBRESSL_NEW_API)
+int 	SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_read);
+int 	SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_peeked);
+int 	SSL_write_ex(SSL *ssl, const void *buf, size_t num, size_t *bytes_written);
+#endif
 
 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
 uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index c029b3716c2..1363cd64fd8 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.271 2021/10/23 15:02:27 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.272 2021/10/23 15:30:44 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -141,6 +141,7 @@
  */
 
 #include <arpa/inet.h>
+#include <sys/limits.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 
@@ -995,6 +996,11 @@ SSL_get_default_timeout(const SSL *s)
 int
 SSL_read(SSL *s, void *buf, int num)
 {
+	if (num < 0) {
+		SSLerror(s, SSL_R_BAD_LENGTH);
+		return -1;
+	}
+
 	if (s->internal->handshake_func == NULL) {
 		SSLerror(s, SSL_R_UNINITIALIZED);
 		return (-1);
@@ -1008,8 +1014,32 @@ SSL_read(SSL *s, void *buf, int num)
 }
 
 int
+SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read)
+{
+	int ret;
+
+	/* We simply don't bother supporting enormous reads */
+	if (num > INT_MAX) {
+		SSLerror(s, SSL_R_BAD_LENGTH);
+		return 0;
+	}
+
+	ret = SSL_read(s, buf, (int)num);
+	if (ret < 0)
+		ret = 0;
+	*bytes_read = ret;
+
+	return ret > 0;
+}
+
+int
 SSL_peek(SSL *s, void *buf, int num)
 {
+	if (num < 0) {
+		SSLerror(s, SSL_R_BAD_LENGTH);
+		return -1;
+	}
+
 	if (s->internal->handshake_func == NULL) {
 		SSLerror(s, SSL_R_UNINITIALIZED);
 		return (-1);
@@ -1022,8 +1052,32 @@ SSL_peek(SSL *s, void *buf, int num)
 }
 
 int
+SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked)
+{
+	int ret;
+
+	/* We simply don't bother supporting enormous peeks */
+	if (num > INT_MAX) {
+		SSLerror(s, SSL_R_BAD_LENGTH);
+		return 0;
+	}
+
+	ret = SSL_peek(s, buf, (int)num);
+	if (ret < 0)
+		ret = 0;
+	*bytes_peeked = ret;
+
+	return ret > 0;
+}
+
+int
 SSL_write(SSL *s, const void *buf, int num)
 {
+	if (num < 0) {
+		SSLerror(s, SSL_R_BAD_LENGTH);
+		return -1;
+	}
+
 	if (s->internal->handshake_func == NULL) {
 		SSLerror(s, SSL_R_UNINITIALIZED);
 		return (-1);
@@ -1037,6 +1091,31 @@ SSL_write(SSL *s, const void *buf, int num)
 	return ssl3_write(s, buf, num);
 }
 
+int
+SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written)
+{
+	int ret;
+
+	/* We simply don't bother supporting enormous writes */
+	if (num > INT_MAX) {
+		SSLerror(s, SSL_R_BAD_LENGTH);
+		return 0;
+	}
+
+	if (num == 0) {
+		/* This API is special */
+		bytes_written = 0;
+		return 1;
+	}
+
+	ret = SSL_write(s, buf, (int)num);
+	if (ret < 0)
+		ret = 0;
+	*bytes_written = ret;
+
+	return ret > 0;
+}
+
 uint32_t
 SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
 {