1 /* Copyright (c) 2015, Google Inc. 2 * 3 * Permission to use, copy, modify, and/or distribute this software for any 4 * purpose with or without fee is hereby granted, provided that the above 5 * copyright notice and this permission notice appear in all copies. 6 * 7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15 #include <openssl/ssl.h> 16 17 #include <assert.h> 18 #include <limits.h> 19 #include <stdlib.h> 20 #include <string.h> 21 22 #include <openssl/bio.h> 23 #include <openssl/err.h> 24 #include <openssl/mem.h> 25 26 #include "../crypto/internal.h" 27 #include "internal.h" 28 29 30 /* BIO uses int instead of size_t. No lengths will exceed uint16_t, so this will 31 * not overflow. */ 32 static_assert(0xffff <= INT_MAX, "uint16_t does not fit in int"); 33 34 static_assert((SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) == 0, 35 "SSL3_ALIGN_PAYLOAD must be a power of 2"); 36 37 /* ensure_buffer ensures |buf| has capacity at least |cap|, aligned such that 38 * data written after |header_len| is aligned to a |SSL3_ALIGN_PAYLOAD|-byte 39 * boundary. It returns one on success and zero on error. */ 40 static int ensure_buffer(SSL3_BUFFER *buf, size_t header_len, size_t cap) { 41 if (cap > 0xffff) { 42 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 43 return 0; 44 } 45 46 if (buf->cap >= cap) { 47 return 1; 48 } 49 50 /* Add up to |SSL3_ALIGN_PAYLOAD| - 1 bytes of slack for alignment. */ 51 uint8_t *new_buf = (uint8_t *)OPENSSL_malloc(cap + SSL3_ALIGN_PAYLOAD - 1); 52 if (new_buf == NULL) { 53 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); 54 return 0; 55 } 56 57 /* Offset the buffer such that the record body is aligned. */ 58 size_t new_offset = 59 (0 - header_len - (uintptr_t)new_buf) & (SSL3_ALIGN_PAYLOAD - 1); 60 61 if (buf->buf != NULL) { 62 OPENSSL_memcpy(new_buf + new_offset, buf->buf + buf->offset, buf->len); 63 OPENSSL_free(buf->buf); 64 } 65 66 buf->buf = new_buf; 67 buf->offset = new_offset; 68 buf->cap = cap; 69 return 1; 70 } 71 72 static void consume_buffer(SSL3_BUFFER *buf, size_t len) { 73 if (len > buf->len) { 74 abort(); 75 } 76 buf->offset += (uint16_t)len; 77 buf->len -= (uint16_t)len; 78 buf->cap -= (uint16_t)len; 79 } 80 81 static void clear_buffer(SSL3_BUFFER *buf) { 82 OPENSSL_free(buf->buf); 83 OPENSSL_memset(buf, 0, sizeof(SSL3_BUFFER)); 84 } 85 86 uint8_t *ssl_read_buffer(SSL *ssl) { 87 return ssl->s3->read_buffer.buf + ssl->s3->read_buffer.offset; 88 } 89 90 size_t ssl_read_buffer_len(const SSL *ssl) { 91 return ssl->s3->read_buffer.len; 92 } 93 94 static int dtls_read_buffer_next_packet(SSL *ssl) { 95 SSL3_BUFFER *buf = &ssl->s3->read_buffer; 96 97 if (buf->len > 0) { 98 /* It is an error to call |dtls_read_buffer_extend| when the read buffer is 99 * not empty. */ 100 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 101 return -1; 102 } 103 104 /* Read a single packet from |ssl->rbio|. |buf->cap| must fit in an int. */ 105 int ret = BIO_read(ssl->rbio, buf->buf + buf->offset, (int)buf->cap); 106 if (ret <= 0) { 107 ssl->rwstate = SSL_READING; 108 return ret; 109 } 110 /* |BIO_read| was bound by |buf->cap|, so this cannot overflow. */ 111 buf->len = (uint16_t)ret; 112 return 1; 113 } 114 115 static int tls_read_buffer_extend_to(SSL *ssl, size_t len) { 116 SSL3_BUFFER *buf = &ssl->s3->read_buffer; 117 118 if (len > buf->cap) { 119 OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL); 120 return -1; 121 } 122 123 /* Read until the target length is reached. */ 124 while (buf->len < len) { 125 /* The amount of data to read is bounded by |buf->cap|, which must fit in an 126 * int. */ 127 int ret = BIO_read(ssl->rbio, buf->buf + buf->offset + buf->len, 128 (int)(len - buf->len)); 129 if (ret <= 0) { 130 ssl->rwstate = SSL_READING; 131 return ret; 132 } 133 /* |BIO_read| was bound by |buf->cap - buf->len|, so this cannot 134 * overflow. */ 135 buf->len += (uint16_t)ret; 136 } 137 138 return 1; 139 } 140 141 int ssl_read_buffer_extend_to(SSL *ssl, size_t len) { 142 /* |ssl_read_buffer_extend_to| implicitly discards any consumed data. */ 143 ssl_read_buffer_discard(ssl); 144 145 if (SSL_is_dtls(ssl)) { 146 static_assert( 147 DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <= 0xffff, 148 "DTLS read buffer is too large"); 149 150 /* The |len| parameter is ignored in DTLS. */ 151 len = DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; 152 } 153 154 if (!ensure_buffer(&ssl->s3->read_buffer, ssl_record_prefix_len(ssl), len)) { 155 return -1; 156 } 157 158 if (ssl->rbio == NULL) { 159 OPENSSL_PUT_ERROR(SSL, SSL_R_BIO_NOT_SET); 160 return -1; 161 } 162 163 int ret; 164 if (SSL_is_dtls(ssl)) { 165 /* |len| is ignored for a datagram transport. */ 166 ret = dtls_read_buffer_next_packet(ssl); 167 } else { 168 ret = tls_read_buffer_extend_to(ssl, len); 169 } 170 171 if (ret <= 0) { 172 /* If the buffer was empty originally and remained empty after attempting to 173 * extend it, release the buffer until the next attempt. */ 174 ssl_read_buffer_discard(ssl); 175 } 176 return ret; 177 } 178 179 void ssl_read_buffer_consume(SSL *ssl, size_t len) { 180 SSL3_BUFFER *buf = &ssl->s3->read_buffer; 181 182 consume_buffer(buf, len); 183 184 /* The TLS stack never reads beyond the current record, so there will never be 185 * unconsumed data. If read-ahead is ever reimplemented, 186 * |ssl_read_buffer_discard| will require a |memcpy| to shift the excess back 187 * to the front of the buffer, to ensure there is enough space for the next 188 * record. */ 189 assert(SSL_is_dtls(ssl) || len == 0 || buf->len == 0); 190 } 191 192 void ssl_read_buffer_discard(SSL *ssl) { 193 if (ssl->s3->read_buffer.len == 0) { 194 ssl_read_buffer_clear(ssl); 195 } 196 } 197 198 void ssl_read_buffer_clear(SSL *ssl) { 199 clear_buffer(&ssl->s3->read_buffer); 200 } 201 202 203 int ssl_write_buffer_is_pending(const SSL *ssl) { 204 return ssl->s3->write_buffer.len > 0; 205 } 206 207 static_assert(SSL3_RT_HEADER_LENGTH * 2 + 208 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD * 2 + 209 SSL3_RT_MAX_PLAIN_LENGTH <= 210 0xffff, 211 "maximum TLS write buffer is too large"); 212 213 static_assert(DTLS1_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + 214 SSL3_RT_MAX_PLAIN_LENGTH <= 215 0xffff, 216 "maximum DTLS write buffer is too large"); 217 218 int ssl_write_buffer_init(SSL *ssl, uint8_t **out_ptr, size_t max_len) { 219 SSL3_BUFFER *buf = &ssl->s3->write_buffer; 220 221 if (buf->buf != NULL) { 222 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 223 return 0; 224 } 225 226 if (!ensure_buffer(buf, ssl_seal_align_prefix_len(ssl), max_len)) { 227 return 0; 228 } 229 *out_ptr = buf->buf + buf->offset; 230 return 1; 231 } 232 233 void ssl_write_buffer_set_len(SSL *ssl, size_t len) { 234 SSL3_BUFFER *buf = &ssl->s3->write_buffer; 235 236 if (len > buf->cap) { 237 abort(); 238 } 239 buf->len = len; 240 } 241 242 static int tls_write_buffer_flush(SSL *ssl) { 243 SSL3_BUFFER *buf = &ssl->s3->write_buffer; 244 245 while (buf->len > 0) { 246 int ret = BIO_write(ssl->wbio, buf->buf + buf->offset, buf->len); 247 if (ret <= 0) { 248 ssl->rwstate = SSL_WRITING; 249 return ret; 250 } 251 consume_buffer(buf, (size_t)ret); 252 } 253 ssl_write_buffer_clear(ssl); 254 return 1; 255 } 256 257 static int dtls_write_buffer_flush(SSL *ssl) { 258 SSL3_BUFFER *buf = &ssl->s3->write_buffer; 259 if (buf->len == 0) { 260 return 1; 261 } 262 263 int ret = BIO_write(ssl->wbio, buf->buf + buf->offset, buf->len); 264 if (ret <= 0) { 265 ssl->rwstate = SSL_WRITING; 266 /* If the write failed, drop the write buffer anyway. Datagram transports 267 * can't write half a packet, so the caller is expected to retry from the 268 * top. */ 269 ssl_write_buffer_clear(ssl); 270 return ret; 271 } 272 ssl_write_buffer_clear(ssl); 273 return 1; 274 } 275 276 int ssl_write_buffer_flush(SSL *ssl) { 277 if (ssl->wbio == NULL) { 278 OPENSSL_PUT_ERROR(SSL, SSL_R_BIO_NOT_SET); 279 return -1; 280 } 281 282 if (SSL_is_dtls(ssl)) { 283 return dtls_write_buffer_flush(ssl); 284 } else { 285 return tls_write_buffer_flush(ssl); 286 } 287 } 288 289 void ssl_write_buffer_clear(SSL *ssl) { 290 clear_buffer(&ssl->s3->write_buffer); 291 } 292