1 /* Copyright (c) 2015, Google Inc. 2 * 3 * Permission to use, copy, modify, and/or distribute this software for any 4 * purpose with or without fee is hereby granted, provided that the above 5 * copyright notice and this permission notice appear in all copies. 6 * 7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15 #include <openssl/ssl.h> 16 17 #include <assert.h> 18 #include <limits.h> 19 #include <stdlib.h> 20 #include <string.h> 21 22 #include <openssl/bio.h> 23 #include <openssl/err.h> 24 #include <openssl/mem.h> 25 #include <openssl/type_check.h> 26 27 #include "internal.h" 28 29 30 OPENSSL_COMPILE_ASSERT(0xffff <= INT_MAX, uint16_fits_in_int); 31 32 OPENSSL_COMPILE_ASSERT((SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) == 0, 33 align_to_a_power_of_two); 34 35 /* setup_buffer initializes |buf| with capacity |cap|, aligned such that data 36 * written after |header_len| is aligned to a |SSL3_ALIGN_PAYLOAD|-byte 37 * boundary. It returns one on success and zero on error. */ 38 static int setup_buffer(SSL3_BUFFER *buf, size_t header_len, size_t cap) { 39 if (buf->buf != NULL || cap > 0xffff) { 40 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 41 return 0; 42 } 43 44 /* Add up to |SSL3_ALIGN_PAYLOAD| - 1 bytes of slack for alignment. */ 45 buf->buf = OPENSSL_malloc(cap + SSL3_ALIGN_PAYLOAD - 1); 46 if (buf->buf == NULL) { 47 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); 48 return 0; 49 } 50 51 /* Arrange the buffer such that the record body is aligned. */ 52 buf->offset = (0 - header_len - (uintptr_t)buf->buf) & 53 (SSL3_ALIGN_PAYLOAD - 1); 54 buf->len = 0; 55 buf->cap = cap; 56 return 1; 57 } 58 59 static void consume_buffer(SSL3_BUFFER *buf, size_t len) { 60 if (len > buf->len) { 61 abort(); 62 } 63 buf->offset += (uint16_t)len; 64 buf->len -= (uint16_t)len; 65 buf->cap -= (uint16_t)len; 66 } 67 68 static void clear_buffer(SSL3_BUFFER *buf) { 69 OPENSSL_free(buf->buf); 70 memset(buf, 0, sizeof(SSL3_BUFFER)); 71 } 72 73 OPENSSL_COMPILE_ASSERT(DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <= 74 0xffff, 75 maximum_read_buffer_too_large); 76 77 /* setup_read_buffer initializes the read buffer if not already initialized. It 78 * returns one on success and zero on failure. */ 79 static int setup_read_buffer(SSL *ssl) { 80 SSL3_BUFFER *buf = &ssl->s3->read_buffer; 81 82 if (buf->buf != NULL) { 83 return 1; 84 } 85 86 size_t header_len = ssl_record_prefix_len(ssl); 87 size_t cap = SSL3_RT_MAX_ENCRYPTED_LENGTH; 88 if (SSL_IS_DTLS(ssl)) { 89 cap += DTLS1_RT_HEADER_LENGTH; 90 } else { 91 cap += SSL3_RT_HEADER_LENGTH; 92 } 93 94 return setup_buffer(buf, header_len, cap); 95 } 96 97 uint8_t *ssl_read_buffer(SSL *ssl) { 98 return ssl->s3->read_buffer.buf + ssl->s3->read_buffer.offset; 99 } 100 101 size_t ssl_read_buffer_len(const SSL *ssl) { 102 return ssl->s3->read_buffer.len; 103 } 104 105 static int dtls_read_buffer_next_packet(SSL *ssl) { 106 SSL3_BUFFER *buf = &ssl->s3->read_buffer; 107 108 if (buf->len > 0) { 109 /* It is an error to call |dtls_read_buffer_extend| when the read buffer is 110 * not empty. */ 111 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 112 return -1; 113 } 114 115 /* Read a single packet from |ssl->rbio|. |buf->cap| must fit in an int. */ 116 ssl->rwstate = SSL_READING; 117 int ret = BIO_read(ssl->rbio, buf->buf + buf->offset, (int)buf->cap); 118 if (ret <= 0) { 119 return ret; 120 } 121 ssl->rwstate = SSL_NOTHING; 122 /* |BIO_read| was bound by |buf->cap|, so this cannot overflow. */ 123 buf->len = (uint16_t)ret; 124 return 1; 125 } 126 127 static int tls_read_buffer_extend_to(SSL *ssl, size_t len) { 128 SSL3_BUFFER *buf = &ssl->s3->read_buffer; 129 130 if (len > buf->cap) { 131 OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL); 132 return -1; 133 } 134 135 /* Read until the target length is reached. */ 136 while (buf->len < len) { 137 /* The amount of data to read is bounded by |buf->cap|, which must fit in an 138 * int. */ 139 ssl->rwstate = SSL_READING; 140 int ret = BIO_read(ssl->rbio, buf->buf + buf->offset + buf->len, 141 (int)(len - buf->len)); 142 if (ret <= 0) { 143 return ret; 144 } 145 ssl->rwstate = SSL_NOTHING; 146 /* |BIO_read| was bound by |buf->cap - buf->len|, so this cannot 147 * overflow. */ 148 buf->len += (uint16_t)ret; 149 } 150 151 return 1; 152 } 153 154 int ssl_read_buffer_extend_to(SSL *ssl, size_t len) { 155 /* |ssl_read_buffer_extend_to| implicitly discards any consumed data. */ 156 ssl_read_buffer_discard(ssl); 157 158 if (!setup_read_buffer(ssl)) { 159 return -1; 160 } 161 162 if (ssl->rbio == NULL) { 163 OPENSSL_PUT_ERROR(SSL, SSL_R_BIO_NOT_SET); 164 return -1; 165 } 166 167 ERR_clear_system_error(); 168 169 int ret; 170 if (SSL_IS_DTLS(ssl)) { 171 /* |len| is ignored for a datagram transport. */ 172 ret = dtls_read_buffer_next_packet(ssl); 173 } else { 174 ret = tls_read_buffer_extend_to(ssl, len); 175 } 176 177 if (ret <= 0) { 178 /* If the buffer was empty originally and remained empty after attempting to 179 * extend it, release the buffer until the next attempt. */ 180 ssl_read_buffer_discard(ssl); 181 } 182 return ret; 183 } 184 185 void ssl_read_buffer_consume(SSL *ssl, size_t len) { 186 SSL3_BUFFER *buf = &ssl->s3->read_buffer; 187 188 consume_buffer(buf, len); 189 if (!SSL_IS_DTLS(ssl)) { 190 /* The TLS stack never reads beyond the current record, so there will never 191 * be unconsumed data. If read-ahead is ever reimplemented, 192 * |ssl_read_buffer_discard| will require a |memcpy| to shift the excess 193 * back to the front of the buffer, to ensure there is enough space for the 194 * next record. */ 195 assert(buf->len == 0); 196 } 197 } 198 199 void ssl_read_buffer_discard(SSL *ssl) { 200 if (ssl->s3->read_buffer.len == 0) { 201 ssl_read_buffer_clear(ssl); 202 } 203 } 204 205 void ssl_read_buffer_clear(SSL *ssl) { 206 clear_buffer(&ssl->s3->read_buffer); 207 } 208 209 210 int ssl_write_buffer_is_pending(const SSL *ssl) { 211 return ssl->s3->write_buffer.len > 0; 212 } 213 214 OPENSSL_COMPILE_ASSERT(SSL3_RT_HEADER_LENGTH * 2 + 215 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD * 2 + 216 SSL3_RT_MAX_PLAIN_LENGTH <= 0xffff, 217 maximum_tls_write_buffer_too_large); 218 219 OPENSSL_COMPILE_ASSERT(DTLS1_RT_HEADER_LENGTH + 220 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + 221 SSL3_RT_MAX_PLAIN_LENGTH <= 0xffff, 222 maximum_dtls_write_buffer_too_large); 223 224 int ssl_write_buffer_init(SSL *ssl, uint8_t **out_ptr, size_t max_len) { 225 SSL3_BUFFER *buf = &ssl->s3->write_buffer; 226 227 if (buf->buf != NULL) { 228 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 229 return 0; 230 } 231 232 size_t header_len = ssl_seal_prefix_len(ssl); 233 234 /* TODO(davidben): This matches the original behavior in keeping the malloc 235 * size consistent. Does this matter? |cap| could just be |max_len|. */ 236 size_t cap = SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; 237 if (SSL_IS_DTLS(ssl)) { 238 cap += DTLS1_RT_HEADER_LENGTH; 239 } else { 240 cap += SSL3_RT_HEADER_LENGTH; 241 if (ssl->mode & SSL_MODE_CBC_RECORD_SPLITTING) { 242 cap += SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; 243 } 244 } 245 246 if (max_len > cap) { 247 OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL); 248 return 0; 249 } 250 251 if (!setup_buffer(buf, header_len, cap)) { 252 return 0; 253 } 254 *out_ptr = buf->buf + buf->offset; 255 return 1; 256 } 257 258 void ssl_write_buffer_set_len(SSL *ssl, size_t len) { 259 SSL3_BUFFER *buf = &ssl->s3->write_buffer; 260 261 if (len > buf->cap) { 262 abort(); 263 } 264 buf->len = len; 265 } 266 267 static int tls_write_buffer_flush(SSL *ssl) { 268 SSL3_BUFFER *buf = &ssl->s3->write_buffer; 269 270 while (buf->len > 0) { 271 ssl->rwstate = SSL_WRITING; 272 int ret = BIO_write(ssl->wbio, buf->buf + buf->offset, buf->len); 273 if (ret <= 0) { 274 return ret; 275 } 276 ssl->rwstate = SSL_NOTHING; 277 consume_buffer(buf, (size_t)ret); 278 } 279 ssl_write_buffer_clear(ssl); 280 return 1; 281 } 282 283 static int dtls_write_buffer_flush(SSL *ssl) { 284 SSL3_BUFFER *buf = &ssl->s3->write_buffer; 285 if (buf->len == 0) { 286 return 1; 287 } 288 289 ssl->rwstate = SSL_WRITING; 290 int ret = BIO_write(ssl->wbio, buf->buf + buf->offset, buf->len); 291 if (ret <= 0) { 292 /* If the write failed, drop the write buffer anyway. Datagram transports 293 * can't write half a packet, so the caller is expected to retry from the 294 * top. */ 295 ssl_write_buffer_clear(ssl); 296 return ret; 297 } 298 ssl->rwstate = SSL_NOTHING; 299 ssl_write_buffer_clear(ssl); 300 return 1; 301 } 302 303 int ssl_write_buffer_flush(SSL *ssl) { 304 if (ssl->wbio == NULL) { 305 OPENSSL_PUT_ERROR(SSL, SSL_R_BIO_NOT_SET); 306 return -1; 307 } 308 ERR_clear_system_error(); 309 310 if (SSL_IS_DTLS(ssl)) { 311 return dtls_write_buffer_flush(ssl); 312 } else { 313 return tls_write_buffer_flush(ssl); 314 } 315 } 316 317 void ssl_write_buffer_clear(SSL *ssl) { 318 clear_buffer(&ssl->s3->write_buffer); 319 } 320
