2014-08-11 23:43:38 +01:00
|
|
|
/* Copyright (c) 2014, Google Inc.
|
|
|
|
*
|
|
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
|
|
|
|
|
|
#include "packeted_bio.h"
|
|
|
|
|
|
|
|
#include <assert.h>
|
2015-03-18 22:59:36 +00:00
|
|
|
#include <limits.h>
|
|
|
|
#include <stdio.h>
|
2015-01-31 01:08:37 +00:00
|
|
|
#include <string.h>
|
|
|
|
|
2014-08-11 23:43:38 +01:00
|
|
|
#include <openssl/mem.h>
|
|
|
|
|
2015-01-31 01:08:37 +00:00
|
|
|
|
2014-08-11 23:43:38 +01:00
|
|
|
namespace {
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
extern const BIO_METHOD g_packeted_bio_method;
|
2014-08-11 23:43:38 +01:00
|
|
|
|
Add DTLS timeout and retransmit tests.
This extends the packet adaptor protocol to send three commands:
type command =
| Packet of []byte
| Timeout of time.Duration
| TimeoutAck
When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the
BIO_read, returns out of the SSL stack, advances the clock, calls
DTLSv1_handle_timeout, and continues.
If the Go side sends Timeout right between sending handshake flight N and
reading flight N+1, the shim won't read the Timeout until it has sent flight
N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes
after N+1. Go then drops all packets before the TimeoutAck, thus dropping one
transmit of flight N+1 without having to actually process the packets to
determine the end of the flight. The shim then sees the updated clock, calls
DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real.
When dropping packets, Go checks the epoch and increments sequence numbers so
that we can continue to be strict here. This requires tracking the initial
sequence number of the next epoch.
The final Finished message takes an additional special-case to test. DTLS
triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only
implements the former which should be sufficient (and is necessary) EXCEPT for
the final Finished message. If the peer's final Finished message is lost, it
won't be waiting for a message from us, so it won't time out anything. That
retransmit must be triggered on stale message, so we retransmit the Finished
message in Go.
Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c
Reviewed-on: https://boringssl-review.googlesource.com/3212
Reviewed-by: Adam Langley <agl@google.com>
2015-01-27 06:09:43 +00:00
|
|
|
const uint8_t kOpcodePacket = 'P';
|
|
|
|
const uint8_t kOpcodeTimeout = 'T';
|
|
|
|
const uint8_t kOpcodeTimeoutAck = 't';
|
|
|
|
|
2016-06-02 19:58:00 +01:00
|
|
|
struct PacketedBio {
|
2016-10-27 21:36:32 +01:00
|
|
|
PacketedBio(timeval *clock_arg, bool advance_clock_arg)
|
|
|
|
: clock(clock_arg), advance_clock(advance_clock_arg) {
|
2016-06-02 19:58:00 +01:00
|
|
|
memset(&timeout, 0, sizeof(timeout));
|
|
|
|
memset(&read_deadline, 0, sizeof(read_deadline));
|
|
|
|
}
|
|
|
|
|
|
|
|
bool HasTimeout() const {
|
|
|
|
return timeout.tv_sec != 0 || timeout.tv_usec != 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool CanRead() const {
|
|
|
|
if (read_deadline.tv_sec == 0 && read_deadline.tv_usec == 0) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2016-10-27 21:36:32 +01:00
|
|
|
if (clock->tv_sec == read_deadline.tv_sec) {
|
|
|
|
return clock->tv_usec < read_deadline.tv_usec;
|
2016-06-02 19:58:00 +01:00
|
|
|
}
|
2016-10-27 21:36:32 +01:00
|
|
|
return clock->tv_sec < read_deadline.tv_sec;
|
2016-06-02 19:58:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
timeval timeout;
|
2016-10-27 21:36:32 +01:00
|
|
|
timeval *clock;
|
2016-06-02 19:58:00 +01:00
|
|
|
timeval read_deadline;
|
|
|
|
bool advance_clock;
|
|
|
|
};
|
|
|
|
|
|
|
|
PacketedBio *GetData(BIO *bio) {
|
|
|
|
if (bio->method != &g_packeted_bio_method) {
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
return (PacketedBio *)bio->ptr;
|
|
|
|
}
|
|
|
|
|
2015-03-18 22:59:36 +00:00
|
|
|
// ReadAll reads |len| bytes from |bio| into |out|. It returns 1 on success and
|
|
|
|
// 0 or -1 on error.
|
|
|
|
static int ReadAll(BIO *bio, uint8_t *out, size_t len) {
|
|
|
|
while (len > 0) {
|
|
|
|
int chunk_len = INT_MAX;
|
|
|
|
if (len <= INT_MAX) {
|
|
|
|
chunk_len = (int)len;
|
|
|
|
}
|
|
|
|
int ret = BIO_read(bio, out, chunk_len);
|
|
|
|
if (ret <= 0) {
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
out += ret;
|
|
|
|
len -= ret;
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
static int PacketedWrite(BIO *bio, const char *in, int inl) {
|
2014-08-11 23:43:38 +01:00
|
|
|
if (bio->next_bio == NULL) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
BIO_clear_retry_flags(bio);
|
|
|
|
|
Add DTLS timeout and retransmit tests.
This extends the packet adaptor protocol to send three commands:
type command =
| Packet of []byte
| Timeout of time.Duration
| TimeoutAck
When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the
BIO_read, returns out of the SSL stack, advances the clock, calls
DTLSv1_handle_timeout, and continues.
If the Go side sends Timeout right between sending handshake flight N and
reading flight N+1, the shim won't read the Timeout until it has sent flight
N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes
after N+1. Go then drops all packets before the TimeoutAck, thus dropping one
transmit of flight N+1 without having to actually process the packets to
determine the end of the flight. The shim then sees the updated clock, calls
DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real.
When dropping packets, Go checks the epoch and increments sequence numbers so
that we can continue to be strict here. This requires tracking the initial
sequence number of the next epoch.
The final Finished message takes an additional special-case to test. DTLS
triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only
implements the former which should be sufficient (and is necessary) EXCEPT for
the final Finished message. If the peer's final Finished message is lost, it
won't be waiting for a message from us, so it won't time out anything. That
retransmit must be triggered on stale message, so we retransmit the Finished
message in Go.
Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c
Reviewed-on: https://boringssl-review.googlesource.com/3212
Reviewed-by: Adam Langley <agl@google.com>
2015-01-27 06:09:43 +00:00
|
|
|
// Write the header.
|
|
|
|
uint8_t header[5];
|
|
|
|
header[0] = kOpcodePacket;
|
|
|
|
header[1] = (inl >> 24) & 0xff;
|
|
|
|
header[2] = (inl >> 16) & 0xff;
|
|
|
|
header[3] = (inl >> 8) & 0xff;
|
|
|
|
header[4] = inl & 0xff;
|
|
|
|
int ret = BIO_write(bio->next_bio, header, sizeof(header));
|
2014-08-11 23:43:38 +01:00
|
|
|
if (ret <= 0) {
|
|
|
|
BIO_copy_next_retry(bio);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
Use TCP sockets rather than socketpairs in the SSL tests.
This involves more synchronization with child exits as the kernel no longer
closes the pre-created pipes for free, but it works on Windows. As long as
TCP_NODELAY is set, the performance seems comparable. Though it does involve
dealing with graceful socket shutdown. I couldn't get that to work on Windows
without draining the socket; not even SO_LINGER worked. Current (untested)
theory is that Windows refuses to gracefully shutdown a socket if the peer
sends data after we've stopped reading.
cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you
can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in
CreateProcess.) We can instead use the syscall module directly and mark handles
as inheritable (and then pass the numerical values out-of-band), but that
requires synchronizing all of our shim.Start() calls and assuming no other
thread is spawning a process.
PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires
wrapping more syscalls. exec.Cmd also doesn't let us launch the process
ourselves. Plus it still requires every handle in the list be marked
inheritable, so it doesn't help if some other thread is launching a process
with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
(Like Go, though we can take syscall.ForkLock there.)
http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
The more natively Windows option seems to be named pipes, but that too requires
wrapping more system calls. (To be fair, that isn't too painful.) They also
involve a listening server, so we'd still have to synchronize with shim.Wait()
a la net.TCPListener.
Then there's DuplicateHandle, but then we need an out-of-band signal.
All in all, one cross-platform implementation with a TCP sockets seems
simplest.
Change-Id: I38233e309a0fa6814baf61e806732138902347c0
Reviewed-on: https://boringssl-review.googlesource.com/3563
Reviewed-by: Adam Langley <agl@google.com>
2015-02-21 06:54:29 +00:00
|
|
|
// Write the buffer.
|
2014-08-11 23:43:38 +01:00
|
|
|
ret = BIO_write(bio->next_bio, in, inl);
|
Use TCP sockets rather than socketpairs in the SSL tests.
This involves more synchronization with child exits as the kernel no longer
closes the pre-created pipes for free, but it works on Windows. As long as
TCP_NODELAY is set, the performance seems comparable. Though it does involve
dealing with graceful socket shutdown. I couldn't get that to work on Windows
without draining the socket; not even SO_LINGER worked. Current (untested)
theory is that Windows refuses to gracefully shutdown a socket if the peer
sends data after we've stopped reading.
cmd.ExtraFiles doesn't work on Windows; it doesn't use fds natively, so you
can't pass fds 4 and 5. (stdin/stdout/stderr are special slots in
CreateProcess.) We can instead use the syscall module directly and mark handles
as inheritable (and then pass the numerical values out-of-band), but that
requires synchronizing all of our shim.Start() calls and assuming no other
thread is spawning a process.
PROC_THREAD_ATTRIBUTE_HANDLE_LIST fixes threading problems, but requires
wrapping more syscalls. exec.Cmd also doesn't let us launch the process
ourselves. Plus it still requires every handle in the list be marked
inheritable, so it doesn't help if some other thread is launching a process
with bInheritHandles TRUE but NOT using PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
(Like Go, though we can take syscall.ForkLock there.)
http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
The more natively Windows option seems to be named pipes, but that too requires
wrapping more system calls. (To be fair, that isn't too painful.) They also
involve a listening server, so we'd still have to synchronize with shim.Wait()
a la net.TCPListener.
Then there's DuplicateHandle, but then we need an out-of-band signal.
All in all, one cross-platform implementation with a TCP sockets seems
simplest.
Change-Id: I38233e309a0fa6814baf61e806732138902347c0
Reviewed-on: https://boringssl-review.googlesource.com/3563
Reviewed-by: Adam Langley <agl@google.com>
2015-02-21 06:54:29 +00:00
|
|
|
if (ret < 0 || (inl > 0 && ret == 0)) {
|
|
|
|
BIO_copy_next_retry(bio);
|
|
|
|
return ret;
|
|
|
|
}
|
2014-08-11 23:43:38 +01:00
|
|
|
assert(ret == inl);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
static int PacketedRead(BIO *bio, char *out, int outl) {
|
2016-06-02 19:58:00 +01:00
|
|
|
PacketedBio *data = GetData(bio);
|
2014-08-11 23:43:38 +01:00
|
|
|
if (bio->next_bio == NULL) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
BIO_clear_retry_flags(bio);
|
|
|
|
|
2016-06-02 19:58:00 +01:00
|
|
|
for (;;) {
|
|
|
|
// Check if the read deadline has passed.
|
|
|
|
if (!data->CanRead()) {
|
|
|
|
BIO_set_retry_read(bio);
|
|
|
|
return -1;
|
|
|
|
}
|
Add DTLS timeout and retransmit tests.
This extends the packet adaptor protocol to send three commands:
type command =
| Packet of []byte
| Timeout of time.Duration
| TimeoutAck
When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the
BIO_read, returns out of the SSL stack, advances the clock, calls
DTLSv1_handle_timeout, and continues.
If the Go side sends Timeout right between sending handshake flight N and
reading flight N+1, the shim won't read the Timeout until it has sent flight
N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes
after N+1. Go then drops all packets before the TimeoutAck, thus dropping one
transmit of flight N+1 without having to actually process the packets to
determine the end of the flight. The shim then sees the updated clock, calls
DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real.
When dropping packets, Go checks the epoch and increments sequence numbers so
that we can continue to be strict here. This requires tracking the initial
sequence number of the next epoch.
The final Finished message takes an additional special-case to test. DTLS
triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only
implements the former which should be sufficient (and is necessary) EXCEPT for
the final Finished message. If the peer's final Finished message is lost, it
won't be waiting for a message from us, so it won't time out anything. That
retransmit must be triggered on stale message, so we retransmit the Finished
message in Go.
Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c
Reviewed-on: https://boringssl-review.googlesource.com/3212
Reviewed-by: Adam Langley <agl@google.com>
2015-01-27 06:09:43 +00:00
|
|
|
|
2016-06-02 19:58:00 +01:00
|
|
|
// Read the opcode.
|
|
|
|
uint8_t opcode;
|
|
|
|
int ret = ReadAll(bio->next_bio, &opcode, sizeof(opcode));
|
Add DTLS timeout and retransmit tests.
This extends the packet adaptor protocol to send three commands:
type command =
| Packet of []byte
| Timeout of time.Duration
| TimeoutAck
When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the
BIO_read, returns out of the SSL stack, advances the clock, calls
DTLSv1_handle_timeout, and continues.
If the Go side sends Timeout right between sending handshake flight N and
reading flight N+1, the shim won't read the Timeout until it has sent flight
N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes
after N+1. Go then drops all packets before the TimeoutAck, thus dropping one
transmit of flight N+1 without having to actually process the packets to
determine the end of the flight. The shim then sees the updated clock, calls
DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real.
When dropping packets, Go checks the epoch and increments sequence numbers so
that we can continue to be strict here. This requires tracking the initial
sequence number of the next epoch.
The final Finished message takes an additional special-case to test. DTLS
triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only
implements the former which should be sufficient (and is necessary) EXCEPT for
the final Finished message. If the peer's final Finished message is lost, it
won't be waiting for a message from us, so it won't time out anything. That
retransmit must be triggered on stale message, so we retransmit the Finished
message in Go.
Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c
Reviewed-on: https://boringssl-review.googlesource.com/3212
Reviewed-by: Adam Langley <agl@google.com>
2015-01-27 06:09:43 +00:00
|
|
|
if (ret <= 0) {
|
|
|
|
BIO_copy_next_retry(bio);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2016-06-02 19:58:00 +01:00
|
|
|
if (opcode == kOpcodeTimeout) {
|
|
|
|
// The caller is required to advance any pending timeouts before
|
|
|
|
// continuing.
|
|
|
|
if (data->HasTimeout()) {
|
|
|
|
fprintf(stderr, "Unprocessed timeout!\n");
|
|
|
|
return -1;
|
|
|
|
}
|
Add DTLS timeout and retransmit tests.
This extends the packet adaptor protocol to send three commands:
type command =
| Packet of []byte
| Timeout of time.Duration
| TimeoutAck
When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the
BIO_read, returns out of the SSL stack, advances the clock, calls
DTLSv1_handle_timeout, and continues.
If the Go side sends Timeout right between sending handshake flight N and
reading flight N+1, the shim won't read the Timeout until it has sent flight
N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes
after N+1. Go then drops all packets before the TimeoutAck, thus dropping one
transmit of flight N+1 without having to actually process the packets to
determine the end of the flight. The shim then sees the updated clock, calls
DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real.
When dropping packets, Go checks the epoch and increments sequence numbers so
that we can continue to be strict here. This requires tracking the initial
sequence number of the next epoch.
The final Finished message takes an additional special-case to test. DTLS
triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only
implements the former which should be sufficient (and is necessary) EXCEPT for
the final Finished message. If the peer's final Finished message is lost, it
won't be waiting for a message from us, so it won't time out anything. That
retransmit must be triggered on stale message, so we retransmit the Finished
message in Go.
Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c
Reviewed-on: https://boringssl-review.googlesource.com/3212
Reviewed-by: Adam Langley <agl@google.com>
2015-01-27 06:09:43 +00:00
|
|
|
|
2016-06-02 19:58:00 +01:00
|
|
|
// Process the timeout.
|
|
|
|
uint8_t buf[8];
|
|
|
|
ret = ReadAll(bio->next_bio, buf, sizeof(buf));
|
|
|
|
if (ret <= 0) {
|
|
|
|
BIO_copy_next_retry(bio);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
uint64_t timeout = (static_cast<uint64_t>(buf[0]) << 56) |
|
|
|
|
(static_cast<uint64_t>(buf[1]) << 48) |
|
|
|
|
(static_cast<uint64_t>(buf[2]) << 40) |
|
|
|
|
(static_cast<uint64_t>(buf[3]) << 32) |
|
|
|
|
(static_cast<uint64_t>(buf[4]) << 24) |
|
|
|
|
(static_cast<uint64_t>(buf[5]) << 16) |
|
|
|
|
(static_cast<uint64_t>(buf[6]) << 8) |
|
|
|
|
static_cast<uint64_t>(buf[7]);
|
|
|
|
timeout /= 1000; // Convert nanoseconds to microseconds.
|
Add DTLS timeout and retransmit tests.
This extends the packet adaptor protocol to send three commands:
type command =
| Packet of []byte
| Timeout of time.Duration
| TimeoutAck
When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the
BIO_read, returns out of the SSL stack, advances the clock, calls
DTLSv1_handle_timeout, and continues.
If the Go side sends Timeout right between sending handshake flight N and
reading flight N+1, the shim won't read the Timeout until it has sent flight
N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes
after N+1. Go then drops all packets before the TimeoutAck, thus dropping one
transmit of flight N+1 without having to actually process the packets to
determine the end of the flight. The shim then sees the updated clock, calls
DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real.
When dropping packets, Go checks the epoch and increments sequence numbers so
that we can continue to be strict here. This requires tracking the initial
sequence number of the next epoch.
The final Finished message takes an additional special-case to test. DTLS
triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only
implements the former which should be sufficient (and is necessary) EXCEPT for
the final Finished message. If the peer's final Finished message is lost, it
won't be waiting for a message from us, so it won't time out anything. That
retransmit must be triggered on stale message, so we retransmit the Finished
message in Go.
Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c
Reviewed-on: https://boringssl-review.googlesource.com/3212
Reviewed-by: Adam Langley <agl@google.com>
2015-01-27 06:09:43 +00:00
|
|
|
|
2016-06-02 19:58:00 +01:00
|
|
|
data->timeout.tv_usec = timeout % 1000000;
|
|
|
|
data->timeout.tv_sec = timeout / 1000000;
|
2014-08-11 23:43:38 +01:00
|
|
|
|
2016-06-02 19:58:00 +01:00
|
|
|
// Send an ACK to the peer.
|
|
|
|
ret = BIO_write(bio->next_bio, &kOpcodeTimeoutAck, 1);
|
|
|
|
if (ret <= 0) {
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
assert(ret == 1);
|
2014-08-11 23:43:38 +01:00
|
|
|
|
2016-06-02 19:58:00 +01:00
|
|
|
if (!data->advance_clock) {
|
|
|
|
// Signal to the caller to retry the read, after advancing the clock.
|
|
|
|
BIO_set_retry_read(bio);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
PacketedBioAdvanceClock(bio);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (opcode != kOpcodePacket) {
|
|
|
|
fprintf(stderr, "Unknown opcode, %u\n", opcode);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Read the length prefix.
|
|
|
|
uint8_t len_bytes[4];
|
|
|
|
ret = ReadAll(bio->next_bio, len_bytes, sizeof(len_bytes));
|
|
|
|
if (ret <= 0) {
|
|
|
|
BIO_copy_next_retry(bio);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
uint32_t len = (len_bytes[0] << 24) | (len_bytes[1] << 16) |
|
|
|
|
(len_bytes[2] << 8) | len_bytes[3];
|
|
|
|
uint8_t *buf = (uint8_t *)OPENSSL_malloc(len);
|
|
|
|
if (buf == NULL) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
ret = ReadAll(bio->next_bio, buf, len);
|
|
|
|
if (ret <= 0) {
|
|
|
|
fprintf(stderr, "Packeted BIO was truncated\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (outl > (int)len) {
|
|
|
|
outl = len;
|
|
|
|
}
|
|
|
|
memcpy(out, buf, outl);
|
|
|
|
OPENSSL_free(buf);
|
|
|
|
return outl;
|
2014-08-11 23:43:38 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
static long PacketedCtrl(BIO *bio, int cmd, long num, void *ptr) {
|
2016-06-02 19:58:00 +01:00
|
|
|
if (cmd == BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT) {
|
|
|
|
memcpy(&GetData(bio)->read_deadline, ptr, sizeof(timeval));
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2014-08-11 23:43:38 +01:00
|
|
|
if (bio->next_bio == NULL) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
BIO_clear_retry_flags(bio);
|
|
|
|
int ret = BIO_ctrl(bio->next_bio, cmd, num, ptr);
|
|
|
|
BIO_copy_next_retry(bio);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
static int PacketedNew(BIO *bio) {
|
2014-08-11 23:43:38 +01:00
|
|
|
bio->init = 1;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
static int PacketedFree(BIO *bio) {
|
2014-08-11 23:43:38 +01:00
|
|
|
if (bio == NULL) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2016-06-02 19:58:00 +01:00
|
|
|
delete GetData(bio);
|
2014-08-11 23:43:38 +01:00
|
|
|
bio->init = 0;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
static long PacketedCallbackCtrl(BIO *bio, int cmd, bio_info_cb fp) {
|
2014-08-11 23:43:38 +01:00
|
|
|
if (bio->next_bio == NULL) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return BIO_callback_ctrl(bio->next_bio, cmd, fp);
|
|
|
|
}
|
|
|
|
|
2015-02-09 17:59:46 +00:00
|
|
|
const BIO_METHOD g_packeted_bio_method = {
|
2014-08-11 23:43:38 +01:00
|
|
|
BIO_TYPE_FILTER,
|
|
|
|
"packeted bio",
|
2015-02-09 17:59:46 +00:00
|
|
|
PacketedWrite,
|
|
|
|
PacketedRead,
|
2014-08-11 23:43:38 +01:00
|
|
|
NULL /* puts */,
|
|
|
|
NULL /* gets */,
|
2015-02-09 17:59:46 +00:00
|
|
|
PacketedCtrl,
|
|
|
|
PacketedNew,
|
|
|
|
PacketedFree,
|
|
|
|
PacketedCallbackCtrl,
|
2014-08-11 23:43:38 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace
|
|
|
|
|
2016-10-27 21:36:32 +01:00
|
|
|
bssl::UniquePtr<BIO> PacketedBioCreate(timeval *clock, bool advance_clock) {
|
2016-08-18 04:10:28 +01:00
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new(&g_packeted_bio_method));
|
2015-02-16 08:57:55 +00:00
|
|
|
if (!bio) {
|
|
|
|
return nullptr;
|
|
|
|
}
|
2016-10-27 21:36:32 +01:00
|
|
|
bio->ptr = new PacketedBio(clock, advance_clock);
|
Add DTLS timeout and retransmit tests.
This extends the packet adaptor protocol to send three commands:
type command =
| Packet of []byte
| Timeout of time.Duration
| TimeoutAck
When the shim processes a Timeout in BIO_read, it sends TimeoutAck, fails the
BIO_read, returns out of the SSL stack, advances the clock, calls
DTLSv1_handle_timeout, and continues.
If the Go side sends Timeout right between sending handshake flight N and
reading flight N+1, the shim won't read the Timeout until it has sent flight
N+1 (it only processes packet commands in BIO_read), so the TimeoutAck comes
after N+1. Go then drops all packets before the TimeoutAck, thus dropping one
transmit of flight N+1 without having to actually process the packets to
determine the end of the flight. The shim then sees the updated clock, calls
DTLSv1_handle_timeout, and re-sends flight N+1 for Go to process for real.
When dropping packets, Go checks the epoch and increments sequence numbers so
that we can continue to be strict here. This requires tracking the initial
sequence number of the next epoch.
The final Finished message takes an additional special-case to test. DTLS
triggers retransmits on either a timeout or seeing a stale flight. OpenSSL only
implements the former which should be sufficient (and is necessary) EXCEPT for
the final Finished message. If the peer's final Finished message is lost, it
won't be waiting for a message from us, so it won't time out anything. That
retransmit must be triggered on stale message, so we retransmit the Finished
message in Go.
Change-Id: I3ffbdb1de525beb2ee831b304670a3387877634c
Reviewed-on: https://boringssl-review.googlesource.com/3212
Reviewed-by: Adam Langley <agl@google.com>
2015-01-27 06:09:43 +00:00
|
|
|
return bio;
|
2014-08-11 23:43:38 +01:00
|
|
|
}
|
2016-06-02 19:58:00 +01:00
|
|
|
|
|
|
|
bool PacketedBioAdvanceClock(BIO *bio) {
|
|
|
|
PacketedBio *data = GetData(bio);
|
|
|
|
if (data == nullptr) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!data->HasTimeout()) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2016-10-27 21:36:32 +01:00
|
|
|
data->clock->tv_usec += data->timeout.tv_usec;
|
|
|
|
data->clock->tv_sec += data->clock->tv_usec / 1000000;
|
|
|
|
data->clock->tv_usec %= 1000000;
|
|
|
|
data->clock->tv_sec += data->timeout.tv_sec;
|
2016-06-02 19:58:00 +01:00
|
|
|
memset(&data->timeout, 0, sizeof(data->timeout));
|
|
|
|
return true;
|
|
|
|
}
|