rework locking in SslStream to support TLS1.3 (#32925)

wfurt · web-flow · commit 4bdf4684ddf5 · 2020-03-20T09:31:49.000-04:00
* initial locking

* feedback from review

* update _handshakeWaiter

* feedback from review

* feedback from review

* feedback from review
diff --git a/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs b/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs
@@ -333,14 +333,11 @@ internal static int Encrypt(SafeSslHandle context, ReadOnlySpan<byte> input, ref
             int retVal;
             Exception? innerError = null;
 
-            lock (context)
-            {
-                retVal = Ssl.SslWrite(context, ref MemoryMarshal.GetReference(input), input.Length);
+            retVal = Ssl.SslWrite(context, ref MemoryMarshal.GetReference(input), input.Length);
 
-                if (retVal != input.Length)
-                {
-                    errorCode = GetSslError(context, retVal, out innerError);
-                }
+            if (retVal != input.Length)
+            {
+                errorCode = GetSslError(context, retVal, out innerError);
             }
 
             if (retVal != input.Length)
@@ -390,30 +387,27 @@ internal static int Decrypt(SafeSslHandle context, byte[] outBuffer, int offset,
             int retVal = BioWrite(context.InputBio!, outBuffer, offset, count);
             Exception? innerError = null;
 
-            lock (context)
+            if (retVal == count)
             {
-                if (retVal == count)
+                unsafe
                 {
-                    unsafe
+                    fixed (byte* fixedBuffer = outBuffer)
                     {
-                        fixed (byte* fixedBuffer = outBuffer)
-                        {
-                            retVal = Ssl.SslRead(context, fixedBuffer + offset, outBuffer.Length);
-                        }
-                    }
-
-                    if (retVal > 0)
-                    {
-                        count = retVal;
+                        retVal = Ssl.SslRead(context, fixedBuffer + offset, outBuffer.Length);
                     }
                 }
 
-                if (retVal != count)
+                if (retVal > 0)
                 {
-                    errorCode = GetSslError(context, retVal, out innerError);
+                        count = retVal;
                 }
             }
 
+            if (retVal != count)
+            {
+                errorCode = GetSslError(context, retVal, out innerError);
+            }
+
             if (retVal != count)
             {
                 retVal = 0;
diff --git a/src/libraries/Common/src/System/Net/SecurityStatusPal.cs b/src/libraries/Common/src/System/Net/SecurityStatusPal.cs
@@ -35,6 +35,7 @@ internal enum SecurityStatusPalErrorCode
         ContextExpired,
         CredentialsNeeded,
         Renegotiate,
+        TryAgain,
 
         // Errors
         OutOfMemory,
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.Adapters.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.Adapters.cs
@@ -12,9 +12,8 @@ public partial class SslStream
         private interface ISslIOAdapter
         {
             ValueTask<int> ReadAsync(Memory<byte> buffer);
-            ValueTask<int> ReadLockAsync(Memory<byte> buffer);
-            Task WriteLockAsync();
             ValueTask WriteAsync(byte[] buffer, int offset, int count);
+            Task WaitAsync(TaskCompletionSource<bool> waiter);
             CancellationToken CancellationToken { get; }
         }
 
@@ -31,12 +30,10 @@ public AsyncSslIOAdapter(SslStream sslStream, CancellationToken cancellationToke
 
             public ValueTask<int> ReadAsync(Memory<byte> buffer) => _sslStream.InnerStream.ReadAsync(buffer, _cancellationToken);
 
-            public ValueTask<int> ReadLockAsync(Memory<byte> buffer) => _sslStream.CheckEnqueueReadAsync(buffer);
-
-            public Task WriteLockAsync() => _sslStream.CheckEnqueueWriteAsync();
-
             public ValueTask WriteAsync(byte[] buffer, int offset, int count) => _sslStream.InnerStream.WriteAsync(new ReadOnlyMemory<byte>(buffer, offset, count), _cancellationToken);
 
+            public Task WaitAsync(TaskCompletionSource<bool> waiter) => waiter.Task;
+
             public CancellationToken CancellationToken => _cancellationToken;
         }
 
@@ -48,17 +45,15 @@ public AsyncSslIOAdapter(SslStream sslStream, CancellationToken cancellationToke
 
             public ValueTask<int> ReadAsync(Memory<byte> buffer) => new ValueTask<int>(_sslStream.InnerStream.Read(buffer.Span));
 
-            public ValueTask<int> ReadLockAsync(Memory<byte> buffer) => new ValueTask<int>(_sslStream.CheckEnqueueRead(buffer));
-
             public ValueTask WriteAsync(byte[] buffer, int offset, int count)
             {
                 _sslStream.InnerStream.Write(buffer, offset, count);
                 return default;
             }
 
-            public Task WriteLockAsync()
+            public Task WaitAsync(TaskCompletionSource<bool> waiter)
             {
-                _sslStream.CheckEnqueueWrite();
+                waiter.Task.Wait();
                 return Task.CompletedTask;
             }
 
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs

Original file line number	Diff line number	Diff line change
`@@ -333,14 +333,11 @@ internal static int Encrypt(SafeSslHandle context, ReadOnlySpan<byte> input, ref`
`333`	`333`	`int retVal;`
`334`	`334`	`Exception? innerError = null;`
`335`	`335`
`336`		`- lock (context)`
`337`		`- {`
`338`		`- retVal = Ssl.SslWrite(context, ref MemoryMarshal.GetReference(input), input.Length);`
	`336`	`+ retVal = Ssl.SslWrite(context, ref MemoryMarshal.GetReference(input), input.Length);`
`339`	`337`
`340`		`- if (retVal != input.Length)`
`341`		`- {`
`342`		`- errorCode = GetSslError(context, retVal, out innerError);`
`343`		`- }`
	`338`	`+ if (retVal != input.Length)`
	`339`	`+ {`
	`340`	`+ errorCode = GetSslError(context, retVal, out innerError);`
`344`	`341`	`}`
`345`	`342`
`346`	`343`	`if (retVal != input.Length)`
`@@ -390,30 +387,27 @@ internal static int Decrypt(SafeSslHandle context, byte[] outBuffer, int offset,`
`390`	`387`	`int retVal = BioWrite(context.InputBio!, outBuffer, offset, count);`
`391`	`388`	`Exception? innerError = null;`
`392`	`389`
`393`		`- lock (context)`
	`390`	`+ if (retVal == count)`
`394`	`391`	`{`
`395`		`- if (retVal == count)`
	`392`	`+ unsafe`
`396`	`393`	`{`
`397`		`- unsafe`
	`394`	`+ fixed (byte* fixedBuffer = outBuffer)`
`398`	`395`	`{`
`399`		`- fixed (byte* fixedBuffer = outBuffer)`
`400`		`- {`
`401`		`- retVal = Ssl.SslRead(context, fixedBuffer + offset, outBuffer.Length);`
`402`		`- }`
`403`		`- }`
`404`		`-`
`405`		`- if (retVal > 0)`
`406`		`- {`
`407`		`- count = retVal;`
	`396`	`+ retVal = Ssl.SslRead(context, fixedBuffer + offset, outBuffer.Length);`
`408`	`397`	`}`
`409`	`398`	`}`
`410`	`399`
`411`		`- if (retVal != count)`
	`400`	`+ if (retVal > 0)`
`412`	`401`	`{`
`413`		`- errorCode = GetSslError(context, retVal, out innerError);`
	`402`	`+ count = retVal;`
`414`	`403`	`}`
`415`	`404`	`}`
`416`	`405`
	`406`	`+ if (retVal != count)`
	`407`	`+ {`
	`408`	`+ errorCode = GetSslError(context, retVal, out innerError);`
	`409`	`+ }`
	`410`	`+`
`417`	`411`	`if (retVal != count)`
`418`	`412`	`{`
`419`	`413`	`retVal = 0;`
Original file line number	Diff line number	Diff line change
`@@ -12,9 +12,8 @@ public partial class SslStream`
`12`	`12`	`private interface ISslIOAdapter`
`13`	`13`	`{`
`14`	`14`	`ValueTask<int> ReadAsync(Memory<byte> buffer);`
`15`		`- ValueTask<int> ReadLockAsync(Memory<byte> buffer);`
`16`		`- Task WriteLockAsync();`
`17`	`15`	`ValueTask WriteAsync(byte[] buffer, int offset, int count);`
	`16`	`+ Task WaitAsync(TaskCompletionSource<bool> waiter);`
`18`	`17`	`CancellationToken CancellationToken { get; }`
`19`	`18`	`}`
`20`	`19`
`@@ -31,12 +30,10 @@ public AsyncSslIOAdapter(SslStream sslStream, CancellationToken cancellationToke`
`31`	`30`
`32`	`31`	`public ValueTask<int> ReadAsync(Memory<byte> buffer) => _sslStream.InnerStream.ReadAsync(buffer, _cancellationToken);`
`33`	`32`
`34`		`- public ValueTask<int> ReadLockAsync(Memory<byte> buffer) => _sslStream.CheckEnqueueReadAsync(buffer);`
`35`		`-`
`36`		`- public Task WriteLockAsync() => _sslStream.CheckEnqueueWriteAsync();`
`37`		`-`
`38`	`33`	`public ValueTask WriteAsync(byte[] buffer, int offset, int count) => _sslStream.InnerStream.WriteAsync(new ReadOnlyMemory<byte>(buffer, offset, count), _cancellationToken);`
`39`	`34`
	`35`	`+ public Task WaitAsync(TaskCompletionSource<bool> waiter) => waiter.Task;`
	`36`	`+`
`40`	`37`	`public CancellationToken CancellationToken => _cancellationToken;`
`41`	`38`	`}`
`42`	`39`
`@@ -48,17 +45,15 @@ public AsyncSslIOAdapter(SslStream sslStream, CancellationToken cancellationToke`
`48`	`45`
`49`	`46`	`public ValueTask<int> ReadAsync(Memory<byte> buffer) => new ValueTask<int>(_sslStream.InnerStream.Read(buffer.Span));`
`50`	`47`
`51`		`- public ValueTask<int> ReadLockAsync(Memory<byte> buffer) => new ValueTask<int>(_sslStream.CheckEnqueueRead(buffer));`
`52`		`-`
`53`	`48`	`public ValueTask WriteAsync(byte[] buffer, int offset, int count)`
`54`	`49`	`{`
`55`	`50`	`_sslStream.InnerStream.Write(buffer, offset, count);`
`56`	`51`	`return default;`
`57`	`52`	`}`
`58`	`53`
`59`		`- public Task WriteLockAsync()`
	`54`	`+ public Task WaitAsync(TaskCompletionSource<bool> waiter)`
`60`	`55`	`{`
`61`		`- _sslStream.CheckEnqueueWrite();`
	`56`	`+ waiter.Task.Wait();`
`62`	`57`	`return Task.CompletedTask;`
`63`	`58`	`}`
`64`	`59`