Fixes handling of short reads/writes for Mac SSL

runtime/bin/secure_socket_macos.cc

 // Copyright (c) 2016, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 #if !defined(DART_IO_SECURE_SOCKET_DISABLED)
 
 #include "platform/globals.h"
 #if defined(TARGET_OS_MACOS)
 
 #include "bin/secure_socket.h"
@@ skipping 38 matching lines @@
 // https://webkit.googlesource.com/WebKit/+/master/Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp
 extern "C" {
 SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator,
                                  SecCertificateRef certificate,
                                  SecKeyRef private_key);
 }
 
 namespace dart {
 namespace bin {
 
+static const int kSSLFilterNativeFieldIndex = 0;
+static const int kSecurityContextNativeFieldIndex = 0;
+static const int kX509NativeFieldIndex = 0;
+
+static const bool SSL_LOG_STATUS = false;
+static const bool SSL_LOG_DATA = false;
+static const bool SSL_LOG_CERTS = false;
+static const int SSL_ERROR_MESSAGE_BUFFER_SIZE = 1000;
+static const intptr_t PEM_BUFSIZE = 1024;
+
 // SSLCertContext wraps the certificates needed for a SecureTransport
 // connection. Fields are protected by the mutex_ field, and may only be set
 // once. This is to allow access by both the Dart thread and the IOService
 // thread. Setters return false if the field was already set.
 class SSLCertContext {
  public:
   SSLCertContext() :
       mutex_(new Mutex()),
       private_key_(NULL),
       keychain_(NULL),
@@ skipping 107 matching lines @@
   // CFArrays of SecCertificateRef.
   CFArrayRef cert_chain_;
   CFArrayRef trusted_certs_;
   CFArrayRef cert_authorities_;
 
   bool trust_builtin_;
 
   DISALLOW_COPY_AND_ASSIGN(SSLCertContext);
 };
 
-static const int kSSLFilterNativeFieldIndex = 0;
-static const int kSecurityContextNativeFieldIndex = 0;
-static const int kX509NativeFieldIndex = 0;
-
-static const bool SSL_LOG_STATUS = false;
-static const bool SSL_LOG_DATA = false;
-static const bool SSL_LOG_CERTS = false;
-static const int SSL_ERROR_MESSAGE_BUFFER_SIZE = 1000;
-static const intptr_t PEM_BUFSIZE = 1024;
 
 static char* CFStringRefToCString(CFStringRef cfstring) {
   CFIndex len = CFStringGetLength(cfstring);
   CFIndex max_len =
       CFStringGetMaximumSizeForEncoding(len, kCFStringEncodingUTF8) + 1;
   char* result = reinterpret_cast<char*>(Dart_ScopeAllocate(max_len));
   ASSERT(result != NULL);
   bool success =
       CFStringGetCString(cfstring, result, max_len, kCFStringEncodingUTF8);
   return success ? result : NULL;
@@ skipping 1630 matching lines @@
     Dart_DeletePersistentHandle(handshake_complete_);
     handshake_complete_ = NULL;
   }
   if (bad_certificate_callback_ != NULL) {
     Dart_DeletePersistentHandle(bad_certificate_callback_);
     bad_certificate_callback_ = NULL;
   }
 }
 
 
-static intptr_t AvailableToRead(intptr_t start, intptr_t end, intptr_t size) {
-  intptr_t data_available = 0;
-  if (end < start) {
-    // Data may be split into two segments.  In this case,
-    // the first is [start, size).
-    intptr_t buffer_end = (start == 0) ? size - 1 : size;
-    intptr_t available = buffer_end - start;
-    start += available;
-    data_available += available;
-    ASSERT(start <= size);
-    if (start == size) {
-      start = 0;
-    }
-  }
-  if (start < end) {
-    intptr_t available = end - start;
-    start += available;
-    data_available += available;
-    ASSERT(start <= end);
-  }
-  return data_available;
-}
-
-
 OSStatus SSLFilter::SSLReadCallback(SSLConnectionRef connection,
                                     void* data, size_t* data_requested) {
   // Copy at most `data_requested` bytes from `buffers_[kReadEncrypted]` into
   // `data`
   ASSERT(connection != NULL);
   ASSERT(data != NULL);
   ASSERT(data_requested != NULL);
 
   SSLFilter* filter =
       const_cast<SSLFilter*>(reinterpret_cast<const SSLFilter*>(connection));
   uint8_t* datap = reinterpret_cast<uint8_t*>(data);
   uint8_t* buffer = filter->buffers_[kReadEncrypted];
   intptr_t start = filter->GetBufferStart(kReadEncrypted);
   intptr_t end = filter->GetBufferEnd(kReadEncrypted);
   intptr_t size = filter->encrypted_buffer_size_;
   intptr_t requested = static_cast<intptr_t>(*data_requested);
   intptr_t data_read = 0;
 
-  if (AvailableToRead(start, end, size) < requested) {
-    *data_requested = 0;
-    return errSSLWouldBlock;
-  }
-
   if (end < start) {
     // Data may be split into two segments.  In this case,
     // the first is [start, size).
     intptr_t buffer_end = (start == 0) ? size - 1 : size;
     intptr_t available = buffer_end - start;
     intptr_t bytes = requested < available ? requested : available;
     memmove(datap, &buffer[start], bytes);
     start += bytes;
     datap += bytes;
     data_read += bytes;
@@ skipping 13 matching lines @@
     requested -= bytes;
     ASSERT(start <= end);
   }
 
   if (SSL_LOG_DATA) {
     Log::Print("SSLReadCallback: requested: %ld, read %ld bytes\n",
         *data_requested, data_read);
   }
 
   filter->SetBufferStart(kReadEncrypted, start);
+  bool short_read = data_read < static_cast<intptr_t>(*data_requested);
   *data_requested = data_read;
-  return noErr;
+  return short_read ? errSSLWouldBlock : noErr;
 }
 
 
 // Read decrypted data from the filter to the circular buffer.
 OSStatus SSLFilter::ProcessReadPlaintextBuffer(intptr_t start,
                                                intptr_t end,
                                                intptr_t* bytes_processed) {
   ASSERT(bytes_processed != NULL);
   intptr_t length = end - start;
   OSStatus status = noErr;
   size_t bytes = 0;
   if (length > 0) {
     status = SSLRead(
         ssl_context_,
         reinterpret_cast<void*>((buffers_[kReadPlaintext] + start)),
         length,
         &bytes);
+    if (SSL_LOG_STATUS) {
+      Log::Print("SSLRead: status = %ld\n", static_cast<intptr_t>(status));
+    }
     if ((status != noErr) && (status != errSSLWouldBlock)) {
       *bytes_processed = 0;
       return status;
     }
   }
   if (SSL_LOG_DATA) {
     Log::Print("ProcessReadPlaintextBuffer: requested: %ld, read %ld bytes\n",
         length, bytes);
   }
   *bytes_processed = static_cast<intptr_t>(bytes);
   return status;
 }
 
 
-intptr_t SpaceToWrite(intptr_t start, intptr_t end, intptr_t size) {
-  intptr_t writable_space = 0;
-
-  // is full, neither if statement is executed and nothing happens.
-  if (start <= end) {
-    // If the free space may be split into two segments,
-    // then the first is [end, size), unless start == 0.
-    // Then, since the last free byte is at position start - 2,
-    // the interval is [end, size - 1).
-    intptr_t buffer_end = (start == 0) ? size - 1 : size;
-    intptr_t available = buffer_end - end;
-    end += available;
-    writable_space += available;
-    ASSERT(end <= size);
-    if (end == size) {
-      end = 0;
-    }
-  }
-  if (start > end + 1) {
-    intptr_t available = (start - 1) - end;
-    end += available;
-    writable_space += available;
-    ASSERT(end < start);
-  }
-
-  return writable_space;
-}
-
-
 OSStatus SSLFilter::SSLWriteCallback(SSLConnectionRef connection,
                                      const void* data, size_t* data_provided) {
   // Copy at most `data_provided` bytes from data into
   // `buffers_[kWriteEncrypted]`.
   ASSERT(connection != NULL);
   ASSERT(data != NULL);
   ASSERT(data_provided != NULL);
 
   SSLFilter* filter =
     const_cast<SSLFilter*>(reinterpret_cast<const SSLFilter*>(connection));
   const uint8_t* datap = reinterpret_cast<const uint8_t*>(data);
   uint8_t* buffer = filter->buffers_[kWriteEncrypted];
   intptr_t start = filter->GetBufferStart(kWriteEncrypted);
   intptr_t end = filter->GetBufferEnd(kWriteEncrypted);
   intptr_t size = filter->encrypted_buffer_size_;
   intptr_t provided = static_cast<intptr_t>(*data_provided);
   intptr_t data_written = 0;
 
-  if (SpaceToWrite(start, end, size) < provided) {
-    *data_provided = 0;
-    return errSSLWouldBlock;
-  }
-
   // is full, neither if statement is executed and nothing happens.
   if (start <= end) {
     // If the free space may be split into two segments,
     // then the first is [end, size), unless start == 0.
     // Then, since the last free byte is at position start - 2,
     // the interval is [end, size - 1).
     intptr_t buffer_end = (start == 0) ? size - 1 : size;
     intptr_t available = buffer_end - end;
     intptr_t bytes = provided < available ? provided : available;
     memmove(&buffer[end], datap, bytes);
@@ skipping 17 matching lines @@
     ASSERT(end < start);
   }
 
   if (SSL_LOG_DATA) {
     Log::Print("SSLWriteCallback: provided: %ld, written %ld bytes\n",
         *data_provided, data_written);
   }
 
   filter->SetBufferEnd(kWriteEncrypted, end);
   *data_provided = data_written;
-  return noErr;
+  return (data_written == 0) ? errSSLWouldBlock : noErr;
 }
 
 
 OSStatus SSLFilter::ProcessWritePlaintextBuffer(intptr_t start,
                                                 intptr_t end,
                                                 intptr_t* bytes_processed) {
   ASSERT(bytes_processed != NULL);
   intptr_t length = end - start;
   OSStatus status = noErr;
   size_t bytes = 0;
   if (length > 0) {
     status = SSLWrite(
         ssl_context_,
         reinterpret_cast<void*>(buffers_[kWritePlaintext] + start),
         length,
         &bytes);
+    if (SSL_LOG_STATUS) {
+      Log::Print("SSLWrite: status = %ld\n", static_cast<intptr_t>(status));
+    }
     if ((status != noErr) && (status != errSSLWouldBlock)) {
       *bytes_processed = 0;
       return status;
     }
   }
+  if (SSL_LOG_DATA) {
+    Log::Print("ProcessWritePlaintextBuffer: requested: %ld, written: %ld\n",
+        length, bytes);
+  }
   *bytes_processed = static_cast<intptr_t>(bytes);
   return status;
 }
 
 }  // namespace bin
 }  // namespace dart
 
 #endif  // defined(TARGET_OS_MACOS)
 
 #endif  // !defined(DART_IO_SECURE_SOCKET_DISABLED)