grpc 1.10.0 → 1.11.0.pre2

data/third_party/boringssl/ssl/d1_lib.cc

@@ -78,18 +78,24 @@ namespace bssl {
 // before failing the DTLS handshake.
 #define DTLS1_MAX_TIMEOUTS                     12
 
-int dtls1_new(SSL *ssl) {
+DTLS1_STATE::DTLS1_STATE()
+    : has_change_cipher_spec(false),
+      outgoing_messages_complete(false),
+      flight_has_reply(false) {}
+
+DTLS1_STATE::~DTLS1_STATE() {}
+
+bool dtls1_new(SSL *ssl) {
   if (!ssl3_new(ssl)) {
-    return 0;
+    return false;
   }
-  DTLS1_STATE *d1 = (DTLS1_STATE *)OPENSSL_malloc(sizeof *d1);
-  if (d1 == NULL) {
+  UniquePtr<DTLS1_STATE> d1 = MakeUnique<DTLS1_STATE>();
+  if (!d1) {
     ssl3_free(ssl);
-    return 0;
+    return false;
   }
-  OPENSSL_memset(d1, 0, sizeof *d1);
 
-  ssl->d1 = d1;
+  ssl->d1 = d1.release();
 
   // Set the version to the highest supported version.
   //
@@ -97,21 +103,17 @@ int dtls1_new(SSL *ssl) {
   // protocol version, and implement this pre-negotiation quirk in |SSL_version|
   // at the API boundary rather than in internal state.
   ssl->version = DTLS1_2_VERSION;
-  return 1;
+  return true;
 }
 
 void dtls1_free(SSL *ssl) {
   ssl3_free(ssl);
 
-  if (ssl == NULL || ssl->d1 == NULL) {
+  if (ssl == NULL) {
     return;
   }
 
-  dtls_clear_incoming_messages(ssl);
-  dtls_clear_outgoing_messages(ssl);
-  Delete(ssl->d1->last_aead_write_ctx);
-
-  OPENSSL_free(ssl->d1);
+  Delete(ssl->d1);
   ssl->d1 = NULL;
 }
 
@@ -133,21 +135,21 @@ void dtls1_start_timer(SSL *ssl) {
   }
 }
 
-int dtls1_is_timer_expired(SSL *ssl) {
+bool dtls1_is_timer_expired(SSL *ssl) {
   struct timeval timeleft;
 
   // Get time left until timeout, return false if no timer running
   if (!DTLSv1_get_timeout(ssl, &timeleft)) {
-    return 0;
+    return false;
   }
 
   // Return false if timer is not expired yet
   if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
-    return 0;
+    return false;
   }
 
   // Timer expired, so return true
-  return 1;
+  return true;
 }
 
 static void dtls1_double_timeout(SSL *ssl) {
@@ -163,7 +165,7 @@ void dtls1_stop_timer(SSL *ssl) {
   ssl->d1->timeout_duration_ms = ssl->initial_timeout_duration_ms;
 }
 
-int dtls1_check_timeout_num(SSL *ssl) {
+bool dtls1_check_timeout_num(SSL *ssl) {
   ssl->d1->num_timeouts++;
 
   // Reduce MTU after 2 unsuccessful retransmissions
@@ -178,10 +180,10 @@ int dtls1_check_timeout_num(SSL *ssl) {
   if (ssl->d1->num_timeouts > DTLS1_MAX_TIMEOUTS) {
     // fail the connection, enough alerts have been sent
     OPENSSL_PUT_ERROR(SSL, SSL_R_READ_TIMEOUT_EXPIRED);
-    return 0;
+    return false;
   }
 
-  return 1;
+  return true;
 }
 
 }  // namespace bssl

data/third_party/boringssl/ssl/d1_pkt.cc

@@ -128,107 +128,29 @@
 
 namespace bssl {
 
-int dtls1_get_record(SSL *ssl) {
-again:
-  switch (ssl->s3->read_shutdown) {
-    case ssl_shutdown_none:
-      break;
-    case ssl_shutdown_fatal_alert:
-      OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
-      return -1;
-    case ssl_shutdown_close_notify:
-      return 0;
-  }
-
-  // Read a new packet if there is no unconsumed one.
-  if (ssl_read_buffer(ssl).empty()) {
-    int read_ret = ssl_read_buffer_extend_to(ssl, 0 /* unused */);
-    if (read_ret < 0 && dtls1_is_timer_expired(ssl)) {
-      // Historically, timeouts were handled implicitly if the caller did not
-      // handle them.
-      //
-      // TODO(davidben): This was to support blocking sockets but affected
-      // non-blocking sockets. Can it be removed?
-      int timeout_ret = DTLSv1_handle_timeout(ssl);
-      if (timeout_ret <= 0) {
-        return timeout_ret;
-      }
-      goto again;
-    }
-    if (read_ret <= 0) {
-      return read_ret;
-    }
-  }
-  assert(!ssl_read_buffer(ssl).empty());
-
-  Span<uint8_t> body;
-  uint8_t type, alert;
-  size_t consumed;
-  enum ssl_open_record_t open_ret = dtls_open_record(
-      ssl, &type, &body, &consumed, &alert, ssl_read_buffer(ssl));
-  ssl_read_buffer_consume(ssl, consumed);
-  switch (open_ret) {
-    case ssl_open_record_partial:
-      // Impossible in DTLS.
-      break;
-
-    case ssl_open_record_success: {
-      if (body.size() > 0xffff) {
-        OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
-        return -1;
-      }
-
-      SSL3_RECORD *rr = &ssl->s3->rrec;
-      rr->type = type;
-      rr->length = static_cast<uint16_t>(body.size());
-      rr->data = body.data();
-      return 1;
-    }
-
-    case ssl_open_record_discard:
-      goto again;
-
-    case ssl_open_record_close_notify:
-      return 0;
-
-    case ssl_open_record_error:
-      if (alert != 0) {
-        ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
-      }
-      return -1;
-  }
-
-  assert(0);
-  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
-  return -1;
-}
-
-int dtls1_read_app_data(SSL *ssl, bool *out_got_handshake, uint8_t *buf,
-                        int len, int peek) {
+ssl_open_record_t dtls1_open_app_data(SSL *ssl, Span<uint8_t> *out,
+                                      size_t *out_consumed, uint8_t *out_alert,
+                                      Span<uint8_t> in) {
   assert(!SSL_in_init(ssl));
 
-  *out_got_handshake = false;
-  SSL3_RECORD *rr = &ssl->s3->rrec;
-
-again:
-  if (rr->length == 0) {
-    int ret = dtls1_get_record(ssl);
-    if (ret <= 0) {
-      return ret;
-    }
+  uint8_t type;
+  Span<uint8_t> record;
+  auto ret = dtls_open_record(ssl, &type, &record, out_consumed, out_alert, in);
+  if (ret != ssl_open_record_success) {
+    return ret;
   }
 
-  if (rr->type == SSL3_RT_HANDSHAKE) {
+  if (type == SSL3_RT_HANDSHAKE) {
     // Parse the first fragment header to determine if this is a pre-CCS or
     // post-CCS handshake record. DTLS resets handshake message numbers on each
     // handshake, so renegotiations and retransmissions are ambiguous.
     CBS cbs, body;
     struct hm_header_st msg_hdr;
-    CBS_init(&cbs, rr->data, rr->length);
+    CBS_init(&cbs, record.data(), record.size());
     if (!dtls1_parse_fragment(&cbs, &msg_hdr, &body)) {
-      ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
       OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HANDSHAKE_RECORD);
-      return -1;
+      *out_alert = SSL_AD_DECODE_ERROR;
+      return ssl_open_record_error;
     }
 
     if (msg_hdr.type == SSL3_MT_FINISHED &&
@@ -238,69 +160,43 @@ again:
         // Finished, they may not have received ours. Only do this for the
         // first fragment, in case the Finished was fragmented.
         if (!dtls1_check_timeout_num(ssl)) {
-          return -1;
+          *out_alert = 0;  // TODO(davidben): Send an alert?
+          return ssl_open_record_error;
         }
 
         dtls1_retransmit_outgoing_messages(ssl);
       }
-
-      rr->length = 0;
-      goto again;
+      return ssl_open_record_discard;
     }
 
     // Otherwise, this is a pre-CCS handshake message from an unsupported
     // renegotiation attempt. Fall through to the error path.
   }
 
-  if (rr->type != SSL3_RT_APPLICATION_DATA) {
-    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+  if (type != SSL3_RT_APPLICATION_DATA) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
-    return -1;
+    *out_alert = SSL_AD_UNEXPECTED_MESSAGE;
+    return ssl_open_record_error;
   }
 
-  // Discard empty records.
-  if (rr->length == 0) {
-    goto again;
+  if (record.empty()) {
+    return ssl_open_record_discard;
   }
 
-  if (len <= 0) {
-    return len;
-  }
-
-  if ((unsigned)len > rr->length) {
-    len = rr->length;
-  }
-
-  OPENSSL_memcpy(buf, rr->data, len);
-  if (!peek) {
-    // TODO(davidben): Should the record be truncated instead? This is a
-    // datagram transport. See https://crbug.com/boringssl/65.
-    rr->length -= len;
-    rr->data += len;
-    if (rr->length == 0) {
-      // The record has been consumed, so we may now clear the buffer.
-      ssl_read_buffer_discard(ssl);
-    }
-  }
-
-  return len;
+  *out = record;
+  return ssl_open_record_success;
 }
 
-void dtls1_read_close_notify(SSL *ssl) {
-  // Bidirectional shutdown doesn't make sense for an unordered transport. DTLS
-  // alerts also aren't delivered reliably, so we may even time out because the
-  // peer never received our close_notify. Report to the caller that the channel
-  // has fully shut down.
-  if (ssl->s3->read_shutdown == ssl_shutdown_none) {
-    ssl->s3->read_shutdown = ssl_shutdown_close_notify;
-  }
-}
-
-int dtls1_write_app_data(SSL *ssl, bool *out_needs_handshake,
-                         const uint8_t *buf, int len) {
+int dtls1_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *in,
+                         int len) {
   assert(!SSL_in_init(ssl));
   *out_needs_handshake = false;
 
+  if (ssl->s3->write_shutdown != ssl_shutdown_none) {
+    OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
+    return -1;
+  }
+
   if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_DTLS_MESSAGE_TOO_BIG);
     return -1;
@@ -315,7 +211,7 @@ int dtls1_write_app_data(SSL *ssl, bool *out_needs_handshake,
     return 0;
   }
 
-  int ret = dtls1_write_record(ssl, SSL3_RT_APPLICATION_DATA, buf, (size_t)len,
+  int ret = dtls1_write_record(ssl, SSL3_RT_APPLICATION_DATA, in, (size_t)len,
                                dtls1_use_current_epoch);
   if (ret <= 0) {
     return ret;
@@ -323,29 +219,29 @@ int dtls1_write_app_data(SSL *ssl, bool *out_needs_handshake,
   return len;
 }
 
-int dtls1_write_record(SSL *ssl, int type, const uint8_t *buf, size_t len,
+int dtls1_write_record(SSL *ssl, int type, const uint8_t *in, size_t len,
                        enum dtls1_use_epoch_t use_epoch) {
+  SSLBuffer *buf = &ssl->s3->write_buffer;
   assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
   // There should never be a pending write buffer in DTLS. One can't write half
   // a datagram, so the write buffer is always dropped in
   // |ssl_write_buffer_flush|.
-  assert(!ssl_write_buffer_is_pending(ssl));
+  assert(buf->empty());
 
   if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
     return -1;
   }
 
-  size_t max_out = len + SSL_max_seal_overhead(ssl);
-  uint8_t *out;
   size_t ciphertext_len;
-  if (!ssl_write_buffer_init(ssl, &out, max_out) ||
-      !dtls_seal_record(ssl, out, &ciphertext_len, max_out, type, buf, len,
-                        use_epoch)) {
-    ssl_write_buffer_clear(ssl);
+  if (!buf->EnsureCap(ssl_seal_align_prefix_len(ssl),
+                      len + SSL_max_seal_overhead(ssl)) ||
+      !dtls_seal_record(ssl, buf->remaining().data(), &ciphertext_len,
+                        buf->remaining().size(), type, in, len, use_epoch)) {
+    buf->Clear();
     return -1;
   }
-  ssl_write_buffer_set_len(ssl, ciphertext_len);
+  buf->DidWrite(ciphertext_len);
 
   int ret = ssl_write_buffer_flush(ssl);
   if (ret <= 0) {

data/third_party/boringssl/ssl/dtls_method.cc

@@ -68,10 +68,6 @@
 
 using namespace bssl;
 
-static int dtls1_supports_cipher(const SSL_CIPHER *cipher) {
-  return cipher->algorithm_enc != SSL_eNULL;
-}
-
 static void dtls1_on_handshake_complete(SSL *ssl) {
   // Stop the reply timer left by the last flight we sent.
   dtls1_stop_timer(ssl);
@@ -82,48 +78,45 @@ static void dtls1_on_handshake_complete(SSL *ssl) {
   }
 }
 
-static int dtls1_set_read_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) {
-  // Cipher changes are illegal when there are buffered incoming messages.
-  if (dtls_has_incoming_messages(ssl) || ssl->d1->has_change_cipher_spec) {
+static bool dtls1_set_read_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) {
+  // Cipher changes are forbidden if the current epoch has leftover data.
+  if (dtls_has_unprocessed_handshake_data(ssl)) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE);
-    ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-    return 0;
+    ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+    return false;
   }
 
   ssl->d1->r_epoch++;
   OPENSSL_memset(&ssl->d1->bitmap, 0, sizeof(ssl->d1->bitmap));
   OPENSSL_memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence));
 
-  Delete(ssl->s3->aead_read_ctx);
-  ssl->s3->aead_read_ctx = aead_ctx.release();
-  return 1;
+  ssl->s3->aead_read_ctx = std::move(aead_ctx);
+  return true;
 }
 
-static int dtls1_set_write_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) {
+static bool dtls1_set_write_state(SSL *ssl,
+                                  UniquePtr<SSLAEADContext> aead_ctx) {
   ssl->d1->w_epoch++;
   OPENSSL_memcpy(ssl->d1->last_write_sequence, ssl->s3->write_sequence,
                  sizeof(ssl->s3->write_sequence));
   OPENSSL_memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence));
 
-  Delete(ssl->d1->last_aead_write_ctx);
-  ssl->d1->last_aead_write_ctx = ssl->s3->aead_write_ctx;
-  ssl->s3->aead_write_ctx = aead_ctx.release();
-  return 1;
+  ssl->d1->last_aead_write_ctx = std::move(ssl->s3->aead_write_ctx);
+  ssl->s3->aead_write_ctx = std::move(aead_ctx);
+  return true;
 }
 
 static const SSL_PROTOCOL_METHOD kDTLSProtocolMethod = {
-    1 /* is_dtls */,
+    true /* is_dtls */,
     dtls1_new,
     dtls1_free,
     dtls1_get_message,
-    dtls1_read_message,
     dtls1_next_message,
-    dtls1_read_app_data,
-    dtls1_read_change_cipher_spec,
-    dtls1_read_close_notify,
+    dtls1_open_handshake,
+    dtls1_open_change_cipher_spec,
+    dtls1_open_app_data,
     dtls1_write_app_data,
     dtls1_dispatch_alert,
-    dtls1_supports_cipher,
     dtls1_init_message,
     dtls1_finish_message,
     dtls1_add_message,

data/third_party/boringssl/ssl/dtls_record.cc

@@ -179,6 +179,13 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
                                         size_t *out_consumed,
                                         uint8_t *out_alert, Span<uint8_t> in) {
   *out_consumed = 0;
+  if (ssl->s3->read_shutdown == ssl_shutdown_close_notify) {
+    return ssl_open_record_close_notify;
+  }
+
+  if (in.empty()) {
+    return ssl_open_record_partial;
+  }
 
   CBS cbs = CBS(in);
 
@@ -268,10 +275,10 @@ static const SSLAEADContext *get_write_aead(const SSL *ssl,
                                             enum dtls1_use_epoch_t use_epoch) {
   if (use_epoch == dtls1_use_previous_epoch) {
     assert(ssl->d1->w_epoch >= 1);
-    return ssl->d1->last_aead_write_ctx;
+    return ssl->d1->last_aead_write_ctx.get();
   }
 
-  return ssl->s3->aead_write_ctx;
+  return ssl->s3->aead_write_ctx.get();
 }
 
 size_t dtls_max_seal_overhead(const SSL *ssl,
@@ -296,12 +303,12 @@ int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
 
   // Determine the parameters for the current epoch.
   uint16_t epoch = ssl->d1->w_epoch;
-  SSLAEADContext *aead = ssl->s3->aead_write_ctx;
+  SSLAEADContext *aead = ssl->s3->aead_write_ctx.get();
   uint8_t *seq = ssl->s3->write_sequence;
   if (use_epoch == dtls1_use_previous_epoch) {
     assert(ssl->d1->w_epoch >= 1);
     epoch = ssl->d1->w_epoch - 1;
-    aead = ssl->d1->last_aead_write_ctx;
+    aead = ssl->d1->last_aead_write_ctx.get();
     seq = ssl->d1->last_write_sequence;
   }