Google Git
Sign in
boringssl / boringssl.git / de0d05a0a8dc052900e525e4ddba78895e27f0fa / . / ssl / ssl_buffer.cc
blob: 2ca14efae5ea478f43794a81883b00dfdb1a37b0 [file] [log] [blame]
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]1/* Copyright (c) 2015, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <openssl/ssl.h>
16
17#include <assert.h>
18#include <limits.h>
19#include <stdlib.h>
20#include <string.h>
21
22#include <openssl/bio.h>
23#include <openssl/err.h>
24#include <openssl/mem.h>
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]25
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]26#include "../crypto/internal.h"
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]27#include "internal.h"
28
29
Joshua Liebow-Feeser8c7c6352018-08-26 18:53:36 -0700[diff] [blame]30BSSL_NAMESPACE_BEGIN
David Benjamin86e95b82017-07-18 16:34:25 -0400[diff] [blame]31
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]32// BIO uses int instead of size_t. No lengths will exceed uint16_t, so this will
33// not overflow.
David Benjamina3d76d02017-07-14 19:36:07 -0400[diff] [blame]34static_assert(0xffff <= INT_MAX, "uint16_t does not fit in int");
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]35
David Benjamina3d76d02017-07-14 19:36:07 -0400[diff] [blame]36static_assert((SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) == 0,
37 "SSL3_ALIGN_PAYLOAD must be a power of 2");
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]38
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]39void SSLBuffer::Clear() {
David Benjaminc7337542019-11-28 08:32:16 -0500[diff] [blame]40 if (buf_allocated_) {
41 free(buf_); // Allocated with malloc().
42 }
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]43 buf_ = nullptr;
David Benjaminc7337542019-11-28 08:32:16 -0500[diff] [blame]44 buf_allocated_ = false;
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]45 offset_ = 0;
46 size_ = 0;
47 cap_ = 0;
48}
49
50bool SSLBuffer::EnsureCap(size_t header_len, size_t new_cap) {
51 if (new_cap > 0xffff) {
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]52 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]53 return false;
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]54 }
55
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]56 if (cap_ >= new_cap) {
57 return true;
David Benjamin31209502017-06-22 18:07:15 -0400[diff] [blame]58 }
59
David Benjaminc7337542019-11-28 08:32:16 -0500[diff] [blame]60 uint8_t *new_buf;
61 bool new_buf_allocated;
62 size_t new_offset;
63 if (new_cap <= sizeof(inline_buf_)) {
64 // This function is called twice per TLS record, first for the five-byte
65 // header. To avoid allocating twice, use an inline buffer for short inputs.
66 new_buf = inline_buf_;
67 new_buf_allocated = false;
68 new_offset = 0;
69 } else {
70 // Add up to |SSL3_ALIGN_PAYLOAD| - 1 bytes of slack for alignment.
71 //
72 // Since this buffer gets allocated quite frequently and doesn't contain any
73 // sensitive data, we allocate with malloc rather than |OPENSSL_malloc| and
74 // avoid zeroing on free.
75 new_buf = (uint8_t *)malloc(new_cap + SSL3_ALIGN_PAYLOAD - 1);
76 if (new_buf == NULL) {
77 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
78 return false;
79 }
80 new_buf_allocated = true;
81
82 // Offset the buffer such that the record body is aligned.
83 new_offset =
84 (0 - header_len - (uintptr_t)new_buf) & (SSL3_ALIGN_PAYLOAD - 1);
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]85 }
86
David Benjaminc7337542019-11-28 08:32:16 -0500[diff] [blame]87 // Note if the both old and new buffer are inline, the source and destination
88 // may alias.
89 OPENSSL_memmove(new_buf + new_offset, buf_ + offset_, size_);
David Benjamin31209502017-06-22 18:07:15 -0400[diff] [blame]90
David Benjaminc7337542019-11-28 08:32:16 -0500[diff] [blame]91 if (buf_allocated_) {
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]92 free(buf_); // Allocated with malloc().
David Benjamin31209502017-06-22 18:07:15 -0400[diff] [blame]93 }
94
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]95 buf_ = new_buf;
David Benjaminc7337542019-11-28 08:32:16 -0500[diff] [blame]96 buf_allocated_ = new_buf_allocated;
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]97 offset_ = new_offset;
98 cap_ = new_cap;
99 return true;
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]100}
101
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]102void SSLBuffer::DidWrite(size_t new_size) {
103 if (new_size > cap() - size()) {
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]104 abort();
105 }
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]106 size_ += new_size;
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]107}
108
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]109void SSLBuffer::Consume(size_t len) {
110 if (len > size_) {
111 abort();
112 }
113 offset_ += (uint16_t)len;
114 size_ -= (uint16_t)len;
115 cap_ -= (uint16_t)len;
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]116}
117
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]118void SSLBuffer::DiscardConsumed() {
119 if (size_ == 0) {
120 Clear();
121 }
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]122}
123
124static int dtls_read_buffer_next_packet(SSL *ssl) {
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]125 SSLBuffer *buf = &ssl->s3->read_buffer;
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]126
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]127 if (!buf->empty()) {
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]128 // It is an error to call |dtls_read_buffer_extend| when the read buffer is
129 // not empty.
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]130 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
131 return -1;
132 }
133
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]134 // Read a single packet from |ssl->rbio|. |buf->cap()| must fit in an int.
David Benjamin50596f82018-07-02 19:47:27 -0400[diff] [blame]135 int ret =
136 BIO_read(ssl->rbio.get(), buf->data(), static_cast<int>(buf->cap()));
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]137 if (ret <= 0) {
David Benjaminf4928302019-08-21 16:04:53 -0400[diff] [blame]138 ssl->s3->rwstate = SSL_ERROR_WANT_READ;
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]139 return ret;
140 }
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]141 buf->DidWrite(static_cast<size_t>(ret));
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]142 return 1;
143}
144
145static int tls_read_buffer_extend_to(SSL *ssl, size_t len) {
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]146 SSLBuffer *buf = &ssl->s3->read_buffer;
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]147
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]148 if (len > buf->cap()) {
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]149 OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
150 return -1;
151 }
152
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]153 // Read until the target length is reached.
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]154 while (buf->size() < len) {
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]155 // The amount of data to read is bounded by |buf->cap|, which must fit in an
156 // int.
David Benjamin50596f82018-07-02 19:47:27 -0400[diff] [blame]157 int ret = BIO_read(ssl->rbio.get(), buf->data() + buf->size(),
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]158 static_cast<int>(len - buf->size()));
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]159 if (ret <= 0) {
David Benjaminf4928302019-08-21 16:04:53 -0400[diff] [blame]160 ssl->s3->rwstate = SSL_ERROR_WANT_READ;
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]161 return ret;
162 }
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]163 buf->DidWrite(static_cast<size_t>(ret));
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]164 }
165
166 return 1;
167}
168
169int ssl_read_buffer_extend_to(SSL *ssl, size_t len) {
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]170 // |ssl_read_buffer_extend_to| implicitly discards any consumed data.
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]171 ssl->s3->read_buffer.DiscardConsumed();
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]172
David Benjamin31209502017-06-22 18:07:15 -0400[diff] [blame]173 if (SSL_is_dtls(ssl)) {
David Benjamina3d76d02017-07-14 19:36:07 -0400[diff] [blame]174 static_assert(
David Benjamin31209502017-06-22 18:07:15 -0400[diff] [blame]175 DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <= 0xffff,
David Benjamina3d76d02017-07-14 19:36:07 -0400[diff] [blame]176 "DTLS read buffer is too large");
David Benjamin31209502017-06-22 18:07:15 -0400[diff] [blame]177
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]178 // The |len| parameter is ignored in DTLS.
David Benjamin31209502017-06-22 18:07:15 -0400[diff] [blame]179 len = DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
180 }
181
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]182 if (!ssl->s3->read_buffer.EnsureCap(ssl_record_prefix_len(ssl), len)) {
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]183 return -1;
184 }
185
David Benjamin50596f82018-07-02 19:47:27 -0400[diff] [blame]186 if (ssl->rbio == nullptr) {
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]187 OPENSSL_PUT_ERROR(SSL, SSL_R_BIO_NOT_SET);
188 return -1;
189 }
190
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]191 int ret;
David Benjamince079fd2016-08-02 16:22:34 -0400[diff] [blame]192 if (SSL_is_dtls(ssl)) {
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]193 // |len| is ignored for a datagram transport.
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]194 ret = dtls_read_buffer_next_packet(ssl);
195 } else {
196 ret = tls_read_buffer_extend_to(ssl, len);
197 }
198
199 if (ret <= 0) {
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]200 // If the buffer was empty originally and remained empty after attempting to
201 // extend it, release the buffer until the next attempt.
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]202 ssl->s3->read_buffer.DiscardConsumed();
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]203 }
204 return ret;
205}
206
David Benjamind9229f92017-10-06 17:36:20 -0400[diff] [blame]207int ssl_handle_open_record(SSL *ssl, bool *out_retry, ssl_open_record_t ret,
208 size_t consumed, uint8_t alert) {
209 *out_retry = false;
210 if (ret != ssl_open_record_partial) {
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]211 ssl->s3->read_buffer.Consume(consumed);
David Benjamind9229f92017-10-06 17:36:20 -0400[diff] [blame]212 }
213 if (ret != ssl_open_record_success) {
214 // Nothing was returned to the caller, so discard anything marked consumed.
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]215 ssl->s3->read_buffer.DiscardConsumed();
David Benjamind9229f92017-10-06 17:36:20 -0400[diff] [blame]216 }
217 switch (ret) {
218 case ssl_open_record_success:
219 return 1;
220
221 case ssl_open_record_partial: {
222 int read_ret = ssl_read_buffer_extend_to(ssl, consumed);
223 if (read_ret <= 0) {
224 return read_ret;
225 }
226 *out_retry = true;
227 return 1;
228 }
229
230 case ssl_open_record_discard:
231 *out_retry = true;
232 return 1;
233
234 case ssl_open_record_close_notify:
David Benjaminebd8b892022-07-27 18:41:51 -0700[diff] [blame]235 ssl->s3->rwstate = SSL_ERROR_ZERO_RETURN;
David Benjamind9229f92017-10-06 17:36:20 -0400[diff] [blame]236 return 0;
237
238 case ssl_open_record_error:
239 if (alert != 0) {
240 ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
241 }
242 return -1;
243 }
244 assert(0);
245 return -1;
246}
247
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]248
David Benjamina3d76d02017-07-14 19:36:07 -0400[diff] [blame]249static_assert(SSL3_RT_HEADER_LENGTH * 2 +
250 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD * 2 +
251 SSL3_RT_MAX_PLAIN_LENGTH <=
252 0xffff,
253 "maximum TLS write buffer is too large");
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]254
David Benjamina3d76d02017-07-14 19:36:07 -0400[diff] [blame]255static_assert(DTLS1_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD +
256 SSL3_RT_MAX_PLAIN_LENGTH <=
257 0xffff,
258 "maximum DTLS write buffer is too large");
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]259
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]260static int tls_write_buffer_flush(SSL *ssl) {
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]261 SSLBuffer *buf = &ssl->s3->write_buffer;
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]262
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]263 while (!buf->empty()) {
David Benjamin50596f82018-07-02 19:47:27 -0400[diff] [blame]264 int ret = BIO_write(ssl->wbio.get(), buf->data(), buf->size());
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]265 if (ret <= 0) {
David Benjaminf4928302019-08-21 16:04:53 -0400[diff] [blame]266 ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]267 return ret;
268 }
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]269 buf->Consume(static_cast<size_t>(ret));
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]270 }
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]271 buf->Clear();
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]272 return 1;
273}
274
275static int dtls_write_buffer_flush(SSL *ssl) {
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]276 SSLBuffer *buf = &ssl->s3->write_buffer;
277 if (buf->empty()) {
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]278 return 1;
279 }
280
David Benjamin50596f82018-07-02 19:47:27 -0400[diff] [blame]281 int ret = BIO_write(ssl->wbio.get(), buf->data(), buf->size());
David Benjamin13e81fc2015-11-02 17:16:13 -0500[diff] [blame]282 if (ret <= 0) {
David Benjaminf4928302019-08-21 16:04:53 -0400[diff] [blame]283 ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
David Benjaminc11ea9422017-08-29 16:33:21 -0400[diff] [blame]284 // If the write failed, drop the write buffer anyway. Datagram transports
285 // can't write half a packet, so the caller is expected to retry from the
286 // top.
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]287 buf->Clear();
David Benjamin13e81fc2015-11-02 17:16:13 -0500[diff] [blame]288 return ret;
289 }
David Benjaminea712e32017-10-13 16:50:39 -0400[diff] [blame]290 buf->Clear();
David Benjamin13e81fc2015-11-02 17:16:13 -0500[diff] [blame]291 return 1;
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]292}
293
294int ssl_write_buffer_flush(SSL *ssl) {
David Benjamin50596f82018-07-02 19:47:27 -0400[diff] [blame]295 if (ssl->wbio == nullptr) {
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]296 OPENSSL_PUT_ERROR(SSL, SSL_R_BIO_NOT_SET);
297 return -1;
298 }
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]299
David Benjamince079fd2016-08-02 16:22:34 -0400[diff] [blame]300 if (SSL_is_dtls(ssl)) {
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]301 return dtls_write_buffer_flush(ssl);
302 } else {
303 return tls_write_buffer_flush(ssl);
304 }
305}
306
Joshua Liebow-Feeser8c7c6352018-08-26 18:53:36 -0700[diff] [blame]307BSSL_NAMESPACE_END