1 /* Copyright (c) 2015, Google Inc. 2 * 3 * Permission to use, copy, modify, and/or distribute this software for any 4 * purpose with or without fee is hereby granted, provided that the above 5 * copyright notice and this permission notice appear in all copies. 6 * 7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15 #include <openssl/ssl.h> 16 17 #include <assert.h> 18 #include <limits.h> 19 #include <stdlib.h> 20 #include <string.h> 21 22 #include <openssl/bio.h> 23 #include <openssl/err.h> 24 #include <openssl/mem.h> 25 #include <openssl/type_check.h> 26 27 #include "../crypto/internal.h" 28 #include "internal.h" 29 30 31 OPENSSL_COMPILE_ASSERT(0xffff <= INT_MAX, uint16_fits_in_int); 32 33 OPENSSL_COMPILE_ASSERT((SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) == 0, 34 align_to_a_power_of_two); 35 36 /* setup_buffer initializes |buf| with capacity |cap|, aligned such that data 37 * written after |header_len| is aligned to a |SSL3_ALIGN_PAYLOAD|-byte 38 * boundary. It returns one on success and zero on error. */ 39 static int setup_buffer(SSL3_BUFFER *buf, size_t header_len, size_t cap) { 40 if (buf->buf != NULL || cap > 0xffff) { 41 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 42 return 0; 43 } 44 45 /* Add up to |SSL3_ALIGN_PAYLOAD| - 1 bytes of slack for alignment. */ 46 buf->buf = OPENSSL_malloc(cap + SSL3_ALIGN_PAYLOAD - 1); 47 if (buf->buf == NULL) { 48 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); 49 return 0; 50 } 51 52 /* Arrange the buffer such that the record body is aligned. */ 53 buf->offset = (0 - header_len - (uintptr_t)buf->buf) & 54 (SSL3_ALIGN_PAYLOAD - 1); 55 buf->len = 0; 56 buf->cap = cap; 57 return 1; 58 } 59 60 static void consume_buffer(SSL3_BUFFER *buf, size_t len) { 61 if (len > buf->len) { 62 abort(); 63 } 64 buf->offset += (uint16_t)len; 65 buf->len -= (uint16_t)len; 66 buf->cap -= (uint16_t)len; 67 } 68 69 static void clear_buffer(SSL3_BUFFER *buf) { 70 OPENSSL_free(buf->buf); 71 OPENSSL_memset(buf, 0, sizeof(SSL3_BUFFER)); 72 } 73 74 OPENSSL_COMPILE_ASSERT(DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <= 75 0xffff, 76 maximum_read_buffer_too_large); 77 78 /* setup_read_buffer initializes the read buffer if not already initialized. It 79 * returns one on success and zero on failure. */ 80 static int setup_read_buffer(SSL *ssl) { 81 SSL3_BUFFER *buf = &ssl->s3->read_buffer; 82 83 if (buf->buf != NULL) { 84 return 1; 85 } 86 87 size_t header_len = ssl_record_prefix_len(ssl); 88 size_t cap = SSL3_RT_MAX_ENCRYPTED_LENGTH; 89 if (SSL_is_dtls(ssl)) { 90 cap += DTLS1_RT_HEADER_LENGTH; 91 } else { 92 cap += SSL3_RT_HEADER_LENGTH; 93 } 94 95 return setup_buffer(buf, header_len, cap); 96 } 97 98 uint8_t *ssl_read_buffer(SSL *ssl) { 99 return ssl->s3->read_buffer.buf + ssl->s3->read_buffer.offset; 100 } 101 102 size_t ssl_read_buffer_len(const SSL *ssl) { 103 return ssl->s3->read_buffer.len; 104 } 105 106 static int dtls_read_buffer_next_packet(SSL *ssl) { 107 SSL3_BUFFER *buf = &ssl->s3->read_buffer; 108 109 if (buf->len > 0) { 110 /* It is an error to call |dtls_read_buffer_extend| when the read buffer is 111 * not empty. */ 112 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 113 return -1; 114 } 115 116 /* Read a single packet from |ssl->rbio|. |buf->cap| must fit in an int. */ 117 int ret = BIO_read(ssl->rbio, buf->buf + buf->offset, (int)buf->cap); 118 if (ret <= 0) { 119 ssl->rwstate = SSL_READING; 120 return ret; 121 } 122 /* |BIO_read| was bound by |buf->cap|, so this cannot overflow. */ 123 buf->len = (uint16_t)ret; 124 return 1; 125 } 126 127 static int tls_read_buffer_extend_to(SSL *ssl, size_t len) { 128 SSL3_BUFFER *buf = &ssl->s3->read_buffer; 129 130 if (len > buf->cap) { 131 OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL); 132 return -1; 133 } 134 135 /* Read until the target length is reached. */ 136 while (buf->len < len) { 137 /* The amount of data to read is bounded by |buf->cap|, which must fit in an 138 * int. */ 139 int ret = BIO_read(ssl->rbio, buf->buf + buf->offset + buf->len, 140 (int)(len - buf->len)); 141 if (ret <= 0) { 142 ssl->rwstate = SSL_READING; 143 return ret; 144 } 145 /* |BIO_read| was bound by |buf->cap - buf->len|, so this cannot 146 * overflow. */ 147 buf->len += (uint16_t)ret; 148 } 149 150 return 1; 151 } 152 153 int ssl_read_buffer_extend_to(SSL *ssl, size_t len) { 154 /* |ssl_read_buffer_extend_to| implicitly discards any consumed data. */ 155 ssl_read_buffer_discard(ssl); 156 157 if (!setup_read_buffer(ssl)) { 158 return -1; 159 } 160 161 if (ssl->rbio == NULL) { 162 OPENSSL_PUT_ERROR(SSL, SSL_R_BIO_NOT_SET); 163 return -1; 164 } 165 166 int ret; 167 if (SSL_is_dtls(ssl)) { 168 /* |len| is ignored for a datagram transport. */ 169 ret = dtls_read_buffer_next_packet(ssl); 170 } else { 171 ret = tls_read_buffer_extend_to(ssl, len); 172 } 173 174 if (ret <= 0) { 175 /* If the buffer was empty originally and remained empty after attempting to 176 * extend it, release the buffer until the next attempt. */ 177 ssl_read_buffer_discard(ssl); 178 } 179 return ret; 180 } 181 182 void ssl_read_buffer_consume(SSL *ssl, size_t len) { 183 SSL3_BUFFER *buf = &ssl->s3->read_buffer; 184 185 consume_buffer(buf, len); 186 187 /* The TLS stack never reads beyond the current record, so there will never be 188 * unconsumed data. If read-ahead is ever reimplemented, 189 * |ssl_read_buffer_discard| will require a |memcpy| to shift the excess back 190 * to the front of the buffer, to ensure there is enough space for the next 191 * record. */ 192 assert(SSL_is_dtls(ssl) || len == 0 || buf->len == 0); 193 } 194 195 void ssl_read_buffer_discard(SSL *ssl) { 196 if (ssl->s3->read_buffer.len == 0) { 197 ssl_read_buffer_clear(ssl); 198 } 199 } 200 201 void ssl_read_buffer_clear(SSL *ssl) { 202 clear_buffer(&ssl->s3->read_buffer); 203 } 204 205 206 int ssl_write_buffer_is_pending(const SSL *ssl) { 207 return ssl->s3->write_buffer.len > 0; 208 } 209 210 OPENSSL_COMPILE_ASSERT(SSL3_RT_HEADER_LENGTH * 2 + 211 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD * 2 + 212 SSL3_RT_MAX_PLAIN_LENGTH <= 0xffff, 213 maximum_tls_write_buffer_too_large); 214 215 OPENSSL_COMPILE_ASSERT(DTLS1_RT_HEADER_LENGTH + 216 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + 217 SSL3_RT_MAX_PLAIN_LENGTH <= 0xffff, 218 maximum_dtls_write_buffer_too_large); 219 220 int ssl_write_buffer_init(SSL *ssl, uint8_t **out_ptr, size_t max_len) { 221 SSL3_BUFFER *buf = &ssl->s3->write_buffer; 222 223 if (buf->buf != NULL) { 224 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 225 return 0; 226 } 227 228 size_t header_len = ssl_seal_align_prefix_len(ssl); 229 230 /* TODO(davidben): This matches the original behavior in keeping the malloc 231 * size consistent. Does this matter? |cap| could just be |max_len|. */ 232 size_t cap = SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; 233 if (SSL_is_dtls(ssl)) { 234 cap += DTLS1_RT_HEADER_LENGTH; 235 } else { 236 cap += SSL3_RT_HEADER_LENGTH; 237 if (ssl->mode & SSL_MODE_CBC_RECORD_SPLITTING) { 238 cap += SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; 239 } 240 } 241 242 if (max_len > cap) { 243 OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL); 244 return 0; 245 } 246 247 if (!setup_buffer(buf, header_len, cap)) { 248 return 0; 249 } 250 *out_ptr = buf->buf + buf->offset; 251 return 1; 252 } 253 254 void ssl_write_buffer_set_len(SSL *ssl, size_t len) { 255 SSL3_BUFFER *buf = &ssl->s3->write_buffer; 256 257 if (len > buf->cap) { 258 abort(); 259 } 260 buf->len = len; 261 } 262 263 static int tls_write_buffer_flush(SSL *ssl) { 264 SSL3_BUFFER *buf = &ssl->s3->write_buffer; 265 266 while (buf->len > 0) { 267 int ret = BIO_write(ssl->wbio, buf->buf + buf->offset, buf->len); 268 if (ret <= 0) { 269 ssl->rwstate = SSL_WRITING; 270 return ret; 271 } 272 consume_buffer(buf, (size_t)ret); 273 } 274 ssl_write_buffer_clear(ssl); 275 return 1; 276 } 277 278 static int dtls_write_buffer_flush(SSL *ssl) { 279 SSL3_BUFFER *buf = &ssl->s3->write_buffer; 280 if (buf->len == 0) { 281 return 1; 282 } 283 284 int ret = BIO_write(ssl->wbio, buf->buf + buf->offset, buf->len); 285 if (ret <= 0) { 286 ssl->rwstate = SSL_WRITING; 287 /* If the write failed, drop the write buffer anyway. Datagram transports 288 * can't write half a packet, so the caller is expected to retry from the 289 * top. */ 290 ssl_write_buffer_clear(ssl); 291 return ret; 292 } 293 ssl_write_buffer_clear(ssl); 294 return 1; 295 } 296 297 int ssl_write_buffer_flush(SSL *ssl) { 298 if (ssl->wbio == NULL) { 299 OPENSSL_PUT_ERROR(SSL, SSL_R_BIO_NOT_SET); 300 return -1; 301 } 302 303 if (SSL_is_dtls(ssl)) { 304 return dtls_write_buffer_flush(ssl); 305 } else { 306 return tls_write_buffer_flush(ssl); 307 } 308 } 309 310 void ssl_write_buffer_clear(SSL *ssl) { 311 clear_buffer(&ssl->s3->write_buffer); 312 } 313