Abstract away BIO_flush calls in the handshake.

This is the first part to removing the buffer BIO. The eventual end
state is the SSL_PROTOCOL_METHOD is responsible for maintaining one
flight's worth of messages. In TLS, it will just be a buffer containing
the flight's ciphertext. In DTLS, it's the existing structure for
retransmit purposes. There will be hooks:

- add_message (synchronous)
- add_change_cipher_spec (synchronous)
- add_warning_alert (synchronous; needed until we lose SSLv3 client auth
  and TLS 1.3 draft 18; draft 19 will switch end_of_early_data to a
  handshake message)
- write_flight (BIO; flush_flight will be renamed to this)

This also preserves the exact return value of BIO_flush. Eventually all
the BIO_write calls will be hidden behind BIO_flush to, to be consistent
with other BIO-based calls, preserve the return value.

BUG=72

Change-Id: I74cd23759a17356aab3bb475a8ea42bd2cd115c9
Reviewed-on: https://boringssl-review.googlesource.com/13222
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2017-01-01 17:41:30 -05:00 committed by Adam Langley
parent 44c1a65760
commit 8d5f9da2e3
6 changed files with 26 additions and 8 deletions

View File

@ -99,6 +99,14 @@ static int dtls1_supports_cipher(const SSL_CIPHER *cipher) {
return cipher->algorithm_enc != SSL_eNULL; return cipher->algorithm_enc != SSL_eNULL;
} }
static int dtls1_flush_flight(SSL *ssl) {
int ret = BIO_flush(ssl->wbio);
if (ret <= 0) {
ssl->rwstate = SSL_WRITING;
}
return ret;
}
static void dtls1_expect_flight(SSL *ssl) { dtls1_start_timer(ssl); } static void dtls1_expect_flight(SSL *ssl) { dtls1_start_timer(ssl); }
static void dtls1_received_flight(SSL *ssl) { dtls1_stop_timer(ssl); } static void dtls1_received_flight(SSL *ssl) { dtls1_stop_timer(ssl); }
@ -154,6 +162,7 @@ static const SSL_PROTOCOL_METHOD kDTLSProtocolMethod = {
dtls1_queue_message, dtls1_queue_message,
dtls1_write_message, dtls1_write_message,
dtls1_send_change_cipher_spec, dtls1_send_change_cipher_spec,
dtls1_flush_flight,
dtls1_expect_flight, dtls1_expect_flight,
dtls1_received_flight, dtls1_received_flight,
dtls1_set_read_state, dtls1_set_read_state,

View File

@ -482,9 +482,8 @@ int ssl3_connect(SSL_HANDSHAKE *hs) {
break; break;
case SSL3_ST_CW_FLUSH: case SSL3_ST_CW_FLUSH:
if (BIO_flush(ssl->wbio) <= 0) { ret = ssl->method->flush_flight(ssl);
ssl->rwstate = SSL_WRITING; if (ret <= 0) {
ret = -1;
goto end; goto end;
} }
hs->state = hs->next_state; hs->state = hs->next_state;

View File

@ -451,9 +451,8 @@ int ssl3_accept(SSL_HANDSHAKE *hs) {
break; break;
case SSL3_ST_SW_FLUSH: case SSL3_ST_SW_FLUSH:
if (BIO_flush(ssl->wbio) <= 0) { ret = ssl->method->flush_flight(ssl);
ssl->rwstate = SSL_WRITING; if (ret <= 0) {
ret = -1;
goto end; goto end;
} }

View File

@ -1346,6 +1346,9 @@ struct ssl_protocol_method_st {
int (*write_message)(SSL *ssl); int (*write_message)(SSL *ssl);
/* send_change_cipher_spec sends a ChangeCipherSpec message. */ /* send_change_cipher_spec sends a ChangeCipherSpec message. */
int (*send_change_cipher_spec)(SSL *ssl); int (*send_change_cipher_spec)(SSL *ssl);
/* flush_flight flushes the current flight to the transport. It returns one on
* success and <= 0 on error. */
int (*flush_flight)(SSL *ssl);
/* expect_flight is called when the handshake expects a flight of messages from /* expect_flight is called when the handshake expects a flight of messages from
* the peer. */ * the peer. */
void (*expect_flight)(SSL *ssl); void (*expect_flight)(SSL *ssl);

View File

@ -45,9 +45,8 @@ int tls13_handshake(SSL_HANDSHAKE *hs) {
case ssl_hs_flush: case ssl_hs_flush:
case ssl_hs_flush_and_read_message: { case ssl_hs_flush_and_read_message: {
int ret = BIO_flush(ssl->wbio); int ret = ssl->method->flush_flight(ssl);
if (ret <= 0) { if (ret <= 0) {
ssl->rwstate = SSL_WRITING;
return ret; return ret;
} }
if (hs->wait != ssl_hs_flush_and_read_message) { if (hs->wait != ssl_hs_flush_and_read_message) {

View File

@ -100,6 +100,14 @@ static uint16_t ssl3_version_to_wire(uint16_t version) {
static int ssl3_supports_cipher(const SSL_CIPHER *cipher) { return 1; } static int ssl3_supports_cipher(const SSL_CIPHER *cipher) { return 1; }
static int ssl3_flush_flight(SSL *ssl) {
int ret = BIO_flush(ssl->wbio);
if (ret <= 0) {
ssl->rwstate = SSL_WRITING;
}
return ret;
}
static void ssl3_expect_flight(SSL *ssl) {} static void ssl3_expect_flight(SSL *ssl) {}
static void ssl3_received_flight(SSL *ssl) {} static void ssl3_received_flight(SSL *ssl) {}
@ -150,6 +158,7 @@ static const SSL_PROTOCOL_METHOD kTLSProtocolMethod = {
ssl3_queue_message, ssl3_queue_message,
ssl3_write_message, ssl3_write_message,
ssl3_send_change_cipher_spec, ssl3_send_change_cipher_spec,
ssl3_flush_flight,
ssl3_expect_flight, ssl3_expect_flight,
ssl3_received_flight, ssl3_received_flight,
ssl3_set_read_state, ssl3_set_read_state,