kris
/
boringssl
1
0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 0 Wiki Aktivita
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
5126 Revize
12 Větve
38 MiB
Strom: 3f8074c2de
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „3f8074c2de“
${ noResults }
boringssl/ssl/test/packeted_bio.cc

packeted_bio.cc 6.4 KiB
Surový Normální zobrazení Historie

Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Account for partial reads in PacketedBio. This fixes test flakiness on Windows. BUG=467767 Change-Id: Ie69b5b43ddd524aadb15c53705f6ec860e928786 Reviewed-on: https://boringssl-review.googlesource.com/4001 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Remove string.h from base.h. Including string.h in base.h causes any file that includes a BoringSSL header to include string.h. Generally this wouldn't be a problem, although string.h might slow down the compile if it wasn't otherwise needed. However, it also causes problems for ipsec-tools in Android because OpenSSL didn't have this behaviour. This change removes string.h from base.h and, instead, adds it to each .c file that requires it. Change-Id: I5968e50b0e230fd3adf9b72dd2836e6f52d6fb37 Reviewed-on: https://boringssl-review.googlesource.com/3200 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Work around language and compiler bug in memcpy, etc. Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
před 7 roky
Remove string.h from base.h. Including string.h in base.h causes any file that includes a BoringSSL header to include string.h. Generally this wouldn't be a problem, although string.h might slow down the compile if it wasn't otherwise needed. However, it also causes problems for ipsec-tools in Android because OpenSSL didn't have this behaviour. This change removes string.h from base.h and, instead, adds it to each .c file that requires it. Change-Id: I5968e50b0e230fd3adf9b72dd2836e6f52d6fb37 Reviewed-on: https://boringssl-review.googlesource.com/3200 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Use just one style for the shim. It's currently a mix of GoogleCPlusPlusStyle and unix_hacker_style. Since it's now been thoroughly C++-ified, let's go with the former. This also matches the tool, our other bit of C++ code. Change-Id: Ie90a166006aae3b8f41628dbb35fcd64e99205df Reviewed-on: https://boringssl-review.googlesource.com/3348 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Add DTLS timeout and retransmit tests. This extends the packet adaptor protocol to send three commands: type command = | Packet of []byte | Timeout of time.Duration | TimeoutAck When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the BIO_read, returns out of the SSL stack, advances the clock, calls DTLSv1_handle_timeout, and continues. If the Go side sends Timeout right between sending handshake flight N and reading flight N+1, the shim won't read the Timeout until it has sent flight N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes after N+1. Go then drops all packets before the TimeoutAck, thus dropping one transmit of flight N+1 without having to actually process the packets to determine the end of the flight. The shim then sees the updated clock, calls DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real. When dropping packets, Go checks the epoch and increments sequence numbers so that we can continue to be strict here. This requires tracking the initial sequence number of the next epoch. The final Finished message takes an additional special-case to test. DTLS triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only implements the former which should be sufficient (and is necessary) EXCEPT for the final Finished message. If the peer's final Finished message is lost, it won't be waiting for a message from us, so it won't time out anything. That retransmit must be triggered on stale message, so we retransmit the Finished message in Go. Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c Reviewed-on: https://boringssl-review.googlesource.com/3212 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Test both synchronous and asynchronous DTLS retransmit. The two modes are quite different. One of them requires the BIO honor an extra BIO_ctrl. Also add an explanation at the top of addDTLSRetransmitTests for how these tests work. The description is scattered across many different places. BUG=63 Change-Id: Iff4cdd1fbf4f4439ae0c293f565eb6780c7c84f9 Reviewed-on: https://boringssl-review.googlesource.com/8121 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Remove support for blocking DTLS timeout handling. The DTLS stack has two very different APIs for handling timeouts. In non-blocking mode, timeouts are driven externally by the caller with DTLSv1_get_timeout. In blocking mode, timeouts are driven by the BIO by calling a BIO_ctrl with BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT. The latter is never used by consumers, so remove support for it. BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT implicitly depends on struct timeval being used for timestamps, which we would like to remove. Without this, the only public API which relies on this is the testing-only SSL_CTX_set_current_time_cb which is BoringSSL-only and we can change at our leisure. BUG=155 Change-Id: Ic68fa70afab2fa9e6286b84d010eac8ddc9d2ef4 Reviewed-on: https://boringssl-review.googlesource.com/13945 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 7 roky
Work around language and compiler bug in memcpy, etc. Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
před 7 roky
Test both synchronous and asynchronous DTLS retransmit. The two modes are quite different. One of them requires the BIO honor an extra BIO_ctrl. Also add an explanation at the top of addDTLSRetransmitTests for how these tests work. The description is scattered across many different places. BUG=63 Change-Id: Iff4cdd1fbf4f4439ae0c293f565eb6780c7c84f9 Reviewed-on: https://boringssl-review.googlesource.com/8121 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Reject tickets from the future. This shouldn't happen, but it is good to check to avoid the potential underflow in ssl_session_is_time_valid. This required tweaking the mock clock in bssl_shim to stop going back in time. Change-Id: Id3ab8755139e989190d0b53d4bf90fe1ac203022 Reviewed-on: https://boringssl-review.googlesource.com/11841 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Test both synchronous and asynchronous DTLS retransmit. The two modes are quite different. One of them requires the BIO honor an extra BIO_ctrl. Also add an explanation at the top of addDTLSRetransmitTests for how these tests work. The description is scattered across many different places. BUG=63 Change-Id: Iff4cdd1fbf4f4439ae0c293f565eb6780c7c84f9 Reviewed-on: https://boringssl-review.googlesource.com/8121 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Account for partial reads in PacketedBio. This fixes test flakiness on Windows. BUG=467767 Change-Id: Ie69b5b43ddd524aadb15c53705f6ec860e928786 Reviewed-on: https://boringssl-review.googlesource.com/4001 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Use just one style for the shim. It's currently a mix of GoogleCPlusPlusStyle and unix_hacker_style. Since it's now been thoroughly C++-ified, let's go with the former. This also matches the tool, our other bit of C++ code. Change-Id: Ie90a166006aae3b8f41628dbb35fcd64e99205df Reviewed-on: https://boringssl-review.googlesource.com/3348 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Add DTLS timeout and retransmit tests. This extends the packet adaptor protocol to send three commands: type command = | Packet of []byte | Timeout of time.Duration | TimeoutAck When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the BIO_read, returns out of the SSL stack, advances the clock, calls DTLSv1_handle_timeout, and continues. If the Go side sends Timeout right between sending handshake flight N and reading flight N+1, the shim won't read the Timeout until it has sent flight N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes after N+1. Go then drops all packets before the TimeoutAck, thus dropping one transmit of flight N+1 without having to actually process the packets to determine the end of the flight. The shim then sees the updated clock, calls DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real. When dropping packets, Go checks the epoch and increments sequence numbers so that we can continue to be strict here. This requires tracking the initial sequence number of the next epoch. The final Finished message takes an additional special-case to test. DTLS triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only implements the former which should be sufficient (and is necessary) EXCEPT for the final Finished message. If the peer's final Finished message is lost, it won't be waiting for a message from us, so it won't time out anything. That retransmit must be triggered on stale message, so we retransmit the Finished message in Go. Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c Reviewed-on: https://boringssl-review.googlesource.com/3212 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Use TCP sockets rather than socketpairs in the SSL tests. This involves more synchronization with child exits as the kernel no longer closes the pre-created pipes for free, but it works on Windows. As long as TCP_NODELAY is set, the performance seems comparable. Though it does involve dealing with graceful socket shutdown. I couldn't get that to work on Windows without draining the socket; not even SO_LINGER worked. Current (untested) theory is that Windows refuses to gracefully shutdown a socket if the peer sends data after we've stopped reading. cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in CreateProcess.) We can instead use the syscall module directly and mark handles as inheritable (and then pass the numerical values out-of-band), but that requires synchronizing all of our shim.Start() calls and assuming no other thread is spawning a process. PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires wrapping more syscalls. exec.Cmd also doesn't let us launch the process ourselves. Plus it still requires every handle in the list be marked inheritable, so it doesn't help if some other thread is launching a process with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST. (Like Go, though we can take syscall.ForkLock there.) http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx The more natively Windows option seems to be named pipes, but that too requires wrapping more system calls. (To be fair, that isn't too painful.) They also involve a listening server, so we'd still have to synchronize with shim.Wait() a la net.TCPListener. Then there's DuplicateHandle, but then we need an out-of-band signal. All in all, one cross-platform implementation with a TCP sockets seems simplest. Change-Id: I38233e309a0fa6814baf61e806732138902347c0 Reviewed-on: https://boringssl-review.googlesource.com/3563 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Use TCP sockets rather than socketpairs in the SSL tests. This involves more synchronization with child exits as the kernel no longer closes the pre-created pipes for free, but it works on Windows. As long as TCP_NODELAY is set, the performance seems comparable. Though it does involve dealing with graceful socket shutdown. I couldn't get that to work on Windows without draining the socket; not even SO_LINGER worked. Current (untested) theory is that Windows refuses to gracefully shutdown a socket if the peer sends data after we've stopped reading. cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in CreateProcess.) We can instead use the syscall module directly and mark handles as inheritable (and then pass the numerical values out-of-band), but that requires synchronizing all of our shim.Start() calls and assuming no other thread is spawning a process. PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires wrapping more syscalls. exec.Cmd also doesn't let us launch the process ourselves. Plus it still requires every handle in the list be marked inheritable, so it doesn't help if some other thread is launching a process with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST. (Like Go, though we can take syscall.ForkLock there.) http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx The more natively Windows option seems to be named pipes, but that too requires wrapping more system calls. (To be fair, that isn't too painful.) They also involve a listening server, so we'd still have to synchronize with shim.Wait() a la net.TCPListener. Then there's DuplicateHandle, but then we need an out-of-band signal. All in all, one cross-platform implementation with a TCP sockets seems simplest. Change-Id: I38233e309a0fa6814baf61e806732138902347c0 Reviewed-on: https://boringssl-review.googlesource.com/3563 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Use just one style for the shim. It's currently a mix of GoogleCPlusPlusStyle and unix_hacker_style. Since it's now been thoroughly C++-ified, let's go with the former. This also matches the tool, our other bit of C++ code. Change-Id: Ie90a166006aae3b8f41628dbb35fcd64e99205df Reviewed-on: https://boringssl-review.googlesource.com/3348 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Test both synchronous and asynchronous DTLS retransmit. The two modes are quite different. One of them requires the BIO honor an extra BIO_ctrl. Also add an explanation at the top of addDTLSRetransmitTests for how these tests work. The description is scattered across many different places. BUG=63 Change-Id: Iff4cdd1fbf4f4439ae0c293f565eb6780c7c84f9 Reviewed-on: https://boringssl-review.googlesource.com/8121 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Remove support for blocking DTLS timeout handling. The DTLS stack has two very different APIs for handling timeouts. In non-blocking mode, timeouts are driven externally by the caller with DTLSv1_get_timeout. In blocking mode, timeouts are driven by the BIO by calling a BIO_ctrl with BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT. The latter is never used by consumers, so remove support for it. BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT implicitly depends on struct timeval being used for timestamps, which we would like to remove. Without this, the only public API which relies on this is the testing-only SSL_CTX_set_current_time_cb which is BoringSSL-only and we can change at our leisure. BUG=155 Change-Id: Ic68fa70afab2fa9e6286b84d010eac8ddc9d2ef4 Reviewed-on: https://boringssl-review.googlesource.com/13945 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 7 roky
Test both synchronous and asynchronous DTLS retransmit. The two modes are quite different. One of them requires the BIO honor an extra BIO_ctrl. Also add an explanation at the top of addDTLSRetransmitTests for how these tests work. The description is scattered across many different places. BUG=63 Change-Id: Iff4cdd1fbf4f4439ae0c293f565eb6780c7c84f9 Reviewed-on: https://boringssl-review.googlesource.com/8121 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Add DTLS timeout and retransmit tests. This extends the packet adaptor protocol to send three commands: type command = | Packet of []byte | Timeout of time.Duration | TimeoutAck When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the BIO_read, returns out of the SSL stack, advances the clock, calls DTLSv1_handle_timeout, and continues. If the Go side sends Timeout right between sending handshake flight N and reading flight N+1, the shim won't read the Timeout until it has sent flight N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes after N+1. Go then drops all packets before the TimeoutAck, thus dropping one transmit of flight N+1 without having to actually process the packets to determine the end of the flight. The shim then sees the updated clock, calls DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real. When dropping packets, Go checks the epoch and increments sequence numbers so that we can continue to be strict here. This requires tracking the initial sequence number of the next epoch. The final Finished message takes an additional special-case to test. DTLS triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only implements the former which should be sufficient (and is necessary) EXCEPT for the final Finished message. If the peer's final Finished message is lost, it won't be waiting for a message from us, so it won't time out anything. That retransmit must be triggered on stale message, so we retransmit the Finished message in Go. Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c Reviewed-on: https://boringssl-review.googlesource.com/3212 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Remove support for blocking DTLS timeout handling. The DTLS stack has two very different APIs for handling timeouts. In non-blocking mode, timeouts are driven externally by the caller with DTLSv1_get_timeout. In blocking mode, timeouts are driven by the BIO by calling a BIO_ctrl with BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT. The latter is never used by consumers, so remove support for it. BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT implicitly depends on struct timeval being used for timestamps, which we would like to remove. Without this, the only public API which relies on this is the testing-only SSL_CTX_set_current_time_cb which is BoringSSL-only and we can change at our leisure. BUG=155 Change-Id: Ic68fa70afab2fa9e6286b84d010eac8ddc9d2ef4 Reviewed-on: https://boringssl-review.googlesource.com/13945 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 7 roky
Add DTLS timeout and retransmit tests. This extends the packet adaptor protocol to send three commands: type command = | Packet of []byte | Timeout of time.Duration | TimeoutAck When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the BIO_read, returns out of the SSL stack, advances the clock, calls DTLSv1_handle_timeout, and continues. If the Go side sends Timeout right between sending handshake flight N and reading flight N+1, the shim won't read the Timeout until it has sent flight N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes after N+1. Go then drops all packets before the TimeoutAck, thus dropping one transmit of flight N+1 without having to actually process the packets to determine the end of the flight. The shim then sees the updated clock, calls DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real. When dropping packets, Go checks the epoch and increments sequence numbers so that we can continue to be strict here. This requires tracking the initial sequence number of the next epoch. The final Finished message takes an additional special-case to test. DTLS triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only implements the former which should be sufficient (and is necessary) EXCEPT for the final Finished message. If the peer's final Finished message is lost, it won't be waiting for a message from us, so it won't time out anything. That retransmit must be triggered on stale message, so we retransmit the Finished message in Go. Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c Reviewed-on: https://boringssl-review.googlesource.com/3212 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Remove support for blocking DTLS timeout handling. The DTLS stack has two very different APIs for handling timeouts. In non-blocking mode, timeouts are driven externally by the caller with DTLSv1_get_timeout. In blocking mode, timeouts are driven by the BIO by calling a BIO_ctrl with BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT. The latter is never used by consumers, so remove support for it. BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT implicitly depends on struct timeval being used for timestamps, which we would like to remove. Without this, the only public API which relies on this is the testing-only SSL_CTX_set_current_time_cb which is BoringSSL-only and we can change at our leisure. BUG=155 Change-Id: Ic68fa70afab2fa9e6286b84d010eac8ddc9d2ef4 Reviewed-on: https://boringssl-review.googlesource.com/13945 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 7 roky
Test both synchronous and asynchronous DTLS retransmit. The two modes are quite different. One of them requires the BIO honor an extra BIO_ctrl. Also add an explanation at the top of addDTLSRetransmitTests for how these tests work. The description is scattered across many different places. BUG=63 Change-Id: Iff4cdd1fbf4f4439ae0c293f565eb6780c7c84f9 Reviewed-on: https://boringssl-review.googlesource.com/8121 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Remove support for blocking DTLS timeout handling. The DTLS stack has two very different APIs for handling timeouts. In non-blocking mode, timeouts are driven externally by the caller with DTLSv1_get_timeout. In blocking mode, timeouts are driven by the BIO by calling a BIO_ctrl with BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT. The latter is never used by consumers, so remove support for it. BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT implicitly depends on struct timeval being used for timestamps, which we would like to remove. Without this, the only public API which relies on this is the testing-only SSL_CTX_set_current_time_cb which is BoringSSL-only and we can change at our leisure. BUG=155 Change-Id: Ic68fa70afab2fa9e6286b84d010eac8ddc9d2ef4 Reviewed-on: https://boringssl-review.googlesource.com/13945 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 7 roky
Test both synchronous and asynchronous DTLS retransmit. The two modes are quite different. One of them requires the BIO honor an extra BIO_ctrl. Also add an explanation at the top of addDTLSRetransmitTests for how these tests work. The description is scattered across many different places. BUG=63 Change-Id: Iff4cdd1fbf4f4439ae0c293f565eb6780c7c84f9 Reviewed-on: https://boringssl-review.googlesource.com/8121 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Remove support for blocking DTLS timeout handling. The DTLS stack has two very different APIs for handling timeouts. In non-blocking mode, timeouts are driven externally by the caller with DTLSv1_get_timeout. In blocking mode, timeouts are driven by the BIO by calling a BIO_ctrl with BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT. The latter is never used by consumers, so remove support for it. BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT implicitly depends on struct timeval being used for timestamps, which we would like to remove. Without this, the only public API which relies on this is the testing-only SSL_CTX_set_current_time_cb which is BoringSSL-only and we can change at our leisure. BUG=155 Change-Id: Ic68fa70afab2fa9e6286b84d010eac8ddc9d2ef4 Reviewed-on: https://boringssl-review.googlesource.com/13945 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 7 roky
Test both synchronous and asynchronous DTLS retransmit. The two modes are quite different. One of them requires the BIO honor an extra BIO_ctrl. Also add an explanation at the top of addDTLSRetransmitTests for how these tests work. The description is scattered across many different places. BUG=63 Change-Id: Iff4cdd1fbf4f4439ae0c293f565eb6780c7c84f9 Reviewed-on: https://boringssl-review.googlesource.com/8121 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Remove support for blocking DTLS timeout handling. The DTLS stack has two very different APIs for handling timeouts. In non-blocking mode, timeouts are driven externally by the caller with DTLSv1_get_timeout. In blocking mode, timeouts are driven by the BIO by calling a BIO_ctrl with BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT. The latter is never used by consumers, so remove support for it. BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT implicitly depends on struct timeval being used for timestamps, which we would like to remove. Without this, the only public API which relies on this is the testing-only SSL_CTX_set_current_time_cb which is BoringSSL-only and we can change at our leisure. BUG=155 Change-Id: Ic68fa70afab2fa9e6286b84d010eac8ddc9d2ef4 Reviewed-on: https://boringssl-review.googlesource.com/13945 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 7 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Remove support for blocking DTLS timeout handling. The DTLS stack has two very different APIs for handling timeouts. In non-blocking mode, timeouts are driven externally by the caller with DTLSv1_get_timeout. In blocking mode, timeouts are driven by the BIO by calling a BIO_ctrl with BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT. The latter is never used by consumers, so remove support for it. BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT implicitly depends on struct timeval being used for timestamps, which we would like to remove. Without this, the only public API which relies on this is the testing-only SSL_CTX_set_current_time_cb which is BoringSSL-only and we can change at our leisure. BUG=155 Change-Id: Ic68fa70afab2fa9e6286b84d010eac8ddc9d2ef4 Reviewed-on: https://boringssl-review.googlesource.com/13945 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 7 roky
Test both synchronous and asynchronous DTLS retransmit. The two modes are quite different. One of them requires the BIO honor an extra BIO_ctrl. Also add an explanation at the top of addDTLSRetransmitTests for how these tests work. The description is scattered across many different places. BUG=63 Change-Id: Iff4cdd1fbf4f4439ae0c293f565eb6780c7c84f9 Reviewed-on: https://boringssl-review.googlesource.com/8121 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Remove support for blocking DTLS timeout handling. The DTLS stack has two very different APIs for handling timeouts. In non-blocking mode, timeouts are driven externally by the caller with DTLSv1_get_timeout. In blocking mode, timeouts are driven by the BIO by calling a BIO_ctrl with BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT. The latter is never used by consumers, so remove support for it. BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT implicitly depends on struct timeval being used for timestamps, which we would like to remove. Without this, the only public API which relies on this is the testing-only SSL_CTX_set_current_time_cb which is BoringSSL-only and we can change at our leisure. BUG=155 Change-Id: Ic68fa70afab2fa9e6286b84d010eac8ddc9d2ef4 Reviewed-on: https://boringssl-review.googlesource.com/13945 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 7 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Remove support for blocking DTLS timeout handling. The DTLS stack has two very different APIs for handling timeouts. In non-blocking mode, timeouts are driven externally by the caller with DTLSv1_get_timeout. In blocking mode, timeouts are driven by the BIO by calling a BIO_ctrl with BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT. The latter is never used by consumers, so remove support for it. BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT implicitly depends on struct timeval being used for timestamps, which we would like to remove. Without this, the only public API which relies on this is the testing-only SSL_CTX_set_current_time_cb which is BoringSSL-only and we can change at our leisure. BUG=155 Change-Id: Ic68fa70afab2fa9e6286b84d010eac8ddc9d2ef4 Reviewed-on: https://boringssl-review.googlesource.com/13945 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 7 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Use just one style for the shim. It's currently a mix of GoogleCPlusPlusStyle and unix_hacker_style. Since it's now been thoroughly C++-ified, let's go with the former. This also matches the tool, our other bit of C++ code. Change-Id: Ie90a166006aae3b8f41628dbb35fcd64e99205df Reviewed-on: https://boringssl-review.googlesource.com/3348 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Use just one style for the shim. It's currently a mix of GoogleCPlusPlusStyle and unix_hacker_style. Since it's now been thoroughly C++-ified, let's go with the former. This also matches the tool, our other bit of C++ code. Change-Id: Ie90a166006aae3b8f41628dbb35fcd64e99205df Reviewed-on: https://boringssl-review.googlesource.com/3348 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Test both synchronous and asynchronous DTLS retransmit. The two modes are quite different. One of them requires the BIO honor an extra BIO_ctrl. Also add an explanation at the top of addDTLSRetransmitTests for how these tests work. The description is scattered across many different places. BUG=63 Change-Id: Iff4cdd1fbf4f4439ae0c293f565eb6780c7c84f9 Reviewed-on: https://boringssl-review.googlesource.com/8121 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Use just one style for the shim. It's currently a mix of GoogleCPlusPlusStyle and unix_hacker_style. Since it's now been thoroughly C++-ified, let's go with the former. This also matches the tool, our other bit of C++ code. Change-Id: Ie90a166006aae3b8f41628dbb35fcd64e99205df Reviewed-on: https://boringssl-review.googlesource.com/3348 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Use just one style for the shim. It's currently a mix of GoogleCPlusPlusStyle and unix_hacker_style. Since it's now been thoroughly C++-ified, let's go with the former. This also matches the tool, our other bit of C++ code. Change-Id: Ie90a166006aae3b8f41628dbb35fcd64e99205df Reviewed-on: https://boringssl-review.googlesource.com/3348 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Use just one style for the shim. It's currently a mix of GoogleCPlusPlusStyle and unix_hacker_style. Since it's now been thoroughly C++-ified, let's go with the former. This also matches the tool, our other bit of C++ code. Change-Id: Ie90a166006aae3b8f41628dbb35fcd64e99205df Reviewed-on: https://boringssl-review.googlesource.com/3348 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Use just one style for the shim. It's currently a mix of GoogleCPlusPlusStyle and unix_hacker_style. Since it's now been thoroughly C++-ified, let's go with the former. This also matches the tool, our other bit of C++ code. Change-Id: Ie90a166006aae3b8f41628dbb35fcd64e99205df Reviewed-on: https://boringssl-review.googlesource.com/3348 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Remove support for blocking DTLS timeout handling. The DTLS stack has two very different APIs for handling timeouts. In non-blocking mode, timeouts are driven externally by the caller with DTLSv1_get_timeout. In blocking mode, timeouts are driven by the BIO by calling a BIO_ctrl with BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT. The latter is never used by consumers, so remove support for it. BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT implicitly depends on struct timeval being used for timestamps, which we would like to remove. Without this, the only public API which relies on this is the testing-only SSL_CTX_set_current_time_cb which is BoringSSL-only and we can change at our leisure. BUG=155 Change-Id: Ic68fa70afab2fa9e6286b84d010eac8ddc9d2ef4 Reviewed-on: https://boringssl-review.googlesource.com/13945 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 7 roky
Replace Scoped* heap types with bssl::UniquePtr. Unlike the Scoped* types, bssl::UniquePtr is available to C++ users, and offered for a large variety of types. The 'extern "C++"' trick is used to make the C++ bits digestible to C callers that wrap header files in 'extern "C"'. Change-Id: Ifbca4c2997d6628e33028c7d7620c72aff0f862e Reviewed-on: https://boringssl-review.googlesource.com/10521 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 8 roky
Add some missing error failure checks. Found while diagnosing some crashes and hangs in the malloc tests. This (and the follow-up) get us further but does not quite let the malloc tests pass quietly, even without valgrind. DTLS silently ignores some malloc failures (confusion with silently dropping bad packets) which then translate to hangs. Change-Id: Ief06a671e0973d09d2883432b89a86259e346653 Reviewed-on: https://boringssl-review.googlesource.com/3482 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Remove support for blocking DTLS timeout handling. The DTLS stack has two very different APIs for handling timeouts. In non-blocking mode, timeouts are driven externally by the caller with DTLSv1_get_timeout. In blocking mode, timeouts are driven by the BIO by calling a BIO_ctrl with BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT. The latter is never used by consumers, so remove support for it. BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT implicitly depends on struct timeval being used for timestamps, which we would like to remove. Without this, the only public API which relies on this is the testing-only SSL_CTX_set_current_time_cb which is BoringSSL-only and we can change at our leisure. BUG=155 Change-Id: Ic68fa70afab2fa9e6286b84d010eac8ddc9d2ef4 Reviewed-on: https://boringssl-review.googlesource.com/13945 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 7 roky
Add DTLS timeout and retransmit tests. This extends the packet adaptor protocol to send three commands: type command = | Packet of []byte | Timeout of time.Duration | TimeoutAck When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the BIO_read, returns out of the SSL stack, advances the clock, calls DTLSv1_handle_timeout, and continues. If the Go side sends Timeout right between sending handshake flight N and reading flight N+1, the shim won't read the Timeout until it has sent flight N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes after N+1. Go then drops all packets before the TimeoutAck, thus dropping one transmit of flight N+1 without having to actually process the packets to determine the end of the flight. The shim then sees the updated clock, calls DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real. When dropping packets, Go checks the epoch and increments sequence numbers so that we can continue to be strict here. This requires tracking the initial sequence number of the next epoch. The final Finished message takes an additional special-case to test. DTLS triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only implements the former which should be sufficient (and is necessary) EXCEPT for the final Finished message. If the peer's final Finished message is lost, it won't be waiting for a message from us, so it won't time out anything. That retransmit must be triggered on stale message, so we retransmit the Finished message in Go. Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c Reviewed-on: https://boringssl-review.googlesource.com/3212 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Add initial DTLS tests. Change-Id: I7407261bdb2d788c879f2e67e617a615d9ff8f8b Reviewed-on: https://boringssl-review.googlesource.com/1505 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Test both synchronous and asynchronous DTLS retransmit. The two modes are quite different. One of them requires the BIO honor an extra BIO_ctrl. Also add an explanation at the top of addDTLSRetransmitTests for how these tests work. The description is scattered across many different places. BUG=63 Change-Id: Iff4cdd1fbf4f4439ae0c293f565eb6780c7c84f9 Reviewed-on: https://boringssl-review.googlesource.com/8121 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Reject tickets from the future. This shouldn't happen, but it is good to check to avoid the potential underflow in ssl_session_is_time_valid. This required tweaking the mock clock in bssl_shim to stop going back in time. Change-Id: Id3ab8755139e989190d0b53d4bf90fe1ac203022 Reviewed-on: https://boringssl-review.googlesource.com/11841 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Work around language and compiler bug in memcpy, etc. Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
před 7 roky
Test both synchronous and asynchronous DTLS retransmit. The two modes are quite different. One of them requires the BIO honor an extra BIO_ctrl. Also add an explanation at the top of addDTLSRetransmitTests for how these tests work. The description is scattered across many different places. BUG=63 Change-Id: Iff4cdd1fbf4f4439ae0c293f565eb6780c7c84f9 Reviewed-on: https://boringssl-review.googlesource.com/8121 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265 
  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include "packeted_bio.h"

  16. 

  17. #include <assert.h>

  18. #include <limits.h>

  19. #include <stdio.h>

  20. #include <string.h>

  21. 

  22. #include <openssl/mem.h>

  23. 

  24. #include "../../crypto/internal.h"

  25. 

  26. 

  27. namespace {

  28. 

  29. extern const BIO_METHOD g_packeted_bio_method;

  30. 

  31. const uint8_t kOpcodePacket = 'P';

  32. const uint8_t kOpcodeTimeout = 'T';

  33. const uint8_t kOpcodeTimeoutAck = 't';

  34. 

  35. struct PacketedBio {

  36.   explicit PacketedBio(timeval *clock_arg)

  37.       : clock(clock_arg) {

  38.     OPENSSL_memset(&timeout, 0, sizeof(timeout));

  39.   }

  40. 

  41.   bool HasTimeout() const {

  42.     return timeout.tv_sec != 0 || timeout.tv_usec != 0;

  43.   }

  44. 

  45.   timeval timeout;

  46.   timeval *clock;

  47. };

  48. 

  49. PacketedBio *GetData(BIO *bio) {

  50.   if (bio->method != &g_packeted_bio_method) {

  51.     return NULL;

  52.   }

  53.   return (PacketedBio *)bio->ptr;

  54. }

  55. 

  56. // ReadAll reads |len| bytes from |bio| into |out|. It returns 1 on success and

  57. // 0 or -1 on error.

  58. static int ReadAll(BIO *bio, uint8_t *out, size_t len) {

  59.   while (len > 0) {

  60.     int chunk_len = INT_MAX;

  61.     if (len <= INT_MAX) {

  62.       chunk_len = (int)len;

  63.     }

  64.     int ret = BIO_read(bio, out, chunk_len);

  65.     if (ret <= 0) {

  66.       return ret;

  67.     }

  68.     out += ret;

  69.     len -= ret;

  70.   }

  71.   return 1;

  72. }

  73. 

  74. static int PacketedWrite(BIO *bio, const char *in, int inl) {

  75.   if (bio->next_bio == NULL) {

  76.     return 0;

  77.   }

  78. 

  79.   BIO_clear_retry_flags(bio);

  80. 

  81.   // Write the header.

  82.   uint8_t header[5];

  83.   header[0] = kOpcodePacket;

  84.   header[1] = (inl >> 24) & 0xff;

  85.   header[2] = (inl >> 16) & 0xff;

  86.   header[3] = (inl >> 8) & 0xff;

  87.   header[4] = inl & 0xff;

  88.   int ret = BIO_write(bio->next_bio, header, sizeof(header));

  89.   if (ret <= 0) {

  90.     BIO_copy_next_retry(bio);

  91.     return ret;

  92.   }

  93. 

  94.   // Write the buffer.

  95.   ret = BIO_write(bio->next_bio, in, inl);

  96.   if (ret < 0 || (inl > 0 && ret == 0)) {

  97.     BIO_copy_next_retry(bio);

  98.     return ret;

  99.   }

  100.   assert(ret == inl);

  101.   return ret;

  102. }

  103. 

  104. static int PacketedRead(BIO *bio, char *out, int outl) {

  105.   PacketedBio *data = GetData(bio);

  106.   if (bio->next_bio == NULL) {

  107.     return 0;

  108.   }

  109. 

  110.   BIO_clear_retry_flags(bio);

  111. 

  112.   // Read the opcode.

  113.   uint8_t opcode;

  114.   int ret = ReadAll(bio->next_bio, &opcode, sizeof(opcode));

  115.   if (ret <= 0) {

  116.     BIO_copy_next_retry(bio);

  117.     return ret;

  118.   }

  119. 

  120.   if (opcode == kOpcodeTimeout) {

  121.     // The caller is required to advance any pending timeouts before continuing.

  122.     if (data->HasTimeout()) {

  123.       fprintf(stderr, "Unprocessed timeout!\n");

  124.       return -1;

  125.     }

  126. 

  127.     // Process the timeout.

  128.     uint8_t buf[8];

  129.     ret = ReadAll(bio->next_bio, buf, sizeof(buf));

  130.     if (ret <= 0) {

  131.       BIO_copy_next_retry(bio);

  132.       return ret;

  133.     }

  134.     uint64_t timeout = (static_cast<uint64_t>(buf[0]) << 56) |

  135.                        (static_cast<uint64_t>(buf[1]) << 48) |

  136.                        (static_cast<uint64_t>(buf[2]) << 40) |

  137.                        (static_cast<uint64_t>(buf[3]) << 32) |

  138.                        (static_cast<uint64_t>(buf[4]) << 24) |

  139.                        (static_cast<uint64_t>(buf[5]) << 16) |

  140.                        (static_cast<uint64_t>(buf[6]) << 8) |

  141.                        static_cast<uint64_t>(buf[7]);

  142.     timeout /= 1000;  // Convert nanoseconds to microseconds.

  143. 

  144.     data->timeout.tv_usec = timeout % 1000000;

  145.     data->timeout.tv_sec = timeout / 1000000;

  146. 

  147.     // Send an ACK to the peer.

  148.     ret = BIO_write(bio->next_bio, &kOpcodeTimeoutAck, 1);

  149.     if (ret <= 0) {

  150.       return ret;

  151.     }

  152.     assert(ret == 1);

  153. 

  154.     // Signal to the caller to retry the read, after advancing the clock.

  155.     BIO_set_retry_read(bio);

  156.     return -1;

  157.   }

  158. 

  159.   if (opcode != kOpcodePacket) {

  160.     fprintf(stderr, "Unknown opcode, %u\n", opcode);

  161.     return -1;

  162.   }

  163. 

  164.   // Read the length prefix.

  165.   uint8_t len_bytes[4];

  166.   ret = ReadAll(bio->next_bio, len_bytes, sizeof(len_bytes));

  167.   if (ret <= 0) {

  168.     BIO_copy_next_retry(bio);

  169.     return ret;

  170.   }

  171. 

  172.   uint32_t len = (len_bytes[0] << 24) | (len_bytes[1] << 16) |

  173.                  (len_bytes[2] << 8) | len_bytes[3];

  174.   uint8_t *buf = (uint8_t *)OPENSSL_malloc(len);

  175.   if (buf == NULL) {

  176.     return -1;

  177.   }

  178.   ret = ReadAll(bio->next_bio, buf, len);

  179.   if (ret <= 0) {

  180.     fprintf(stderr, "Packeted BIO was truncated\n");

  181.     return -1;

  182.   }

  183. 

  184.   if (outl > (int)len) {

  185.     outl = len;

  186.   }

  187.   OPENSSL_memcpy(out, buf, outl);

  188.   OPENSSL_free(buf);

  189.   return outl;

  190. }

  191. 

  192. static long PacketedCtrl(BIO *bio, int cmd, long num, void *ptr) {

  193.   if (bio->next_bio == NULL) {

  194.     return 0;

  195.   }

  196. 

  197.   BIO_clear_retry_flags(bio);

  198.   int ret = BIO_ctrl(bio->next_bio, cmd, num, ptr);

  199.   BIO_copy_next_retry(bio);

  200.   return ret;

  201. }

  202. 

  203. static int PacketedNew(BIO *bio) {

  204.   bio->init = 1;

  205.   return 1;

  206. }

  207. 

  208. static int PacketedFree(BIO *bio) {

  209.   if (bio == NULL) {

  210.     return 0;

  211.   }

  212. 

  213.   delete GetData(bio);

  214.   bio->init = 0;

  215.   return 1;

  216. }

  217. 

  218. static long PacketedCallbackCtrl(BIO *bio, int cmd, bio_info_cb fp) {

  219.   if (bio->next_bio == NULL) {

  220.     return 0;

  221.   }

  222.   return BIO_callback_ctrl(bio->next_bio, cmd, fp);

  223. }

  224. 

  225. const BIO_METHOD g_packeted_bio_method = {

  226.   BIO_TYPE_FILTER,

  227.   "packeted bio",

  228.   PacketedWrite,

  229.   PacketedRead,

  230.   NULL /* puts */,

  231.   NULL /* gets */,

  232.   PacketedCtrl,

  233.   PacketedNew,

  234.   PacketedFree,

  235.   PacketedCallbackCtrl,

  236. };

  237. 

  238. }  // namespace

  239. 

  240. bssl::UniquePtr<BIO> PacketedBioCreate(timeval *clock) {

  241.   bssl::UniquePtr<BIO> bio(BIO_new(&g_packeted_bio_method));

  242.   if (!bio) {

  243.     return nullptr;

  244.   }

  245.   bio->ptr = new PacketedBio(clock);

  246.   return bio;

  247. }

  248. 

  249. bool PacketedBioAdvanceClock(BIO *bio) {

  250.   PacketedBio *data = GetData(bio);

  251.   if (data == nullptr) {

  252.     return false;

  253.   }

  254. 

  255.   if (!data->HasTimeout()) {

  256.     return false;

  257.   }

  258. 

  259.   data->clock->tv_usec += data->timeout.tv_usec;

  260.   data->clock->tv_sec += data->clock->tv_usec / 1000000;

  261.   data->clock->tv_usec %= 1000000;

  262.   data->clock->tv_sec += data->timeout.tv_sec;

  263.   OPENSSL_memset(&data->timeout, 0, sizeof(data->timeout));

  264.   return true;

  265. }