]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/record/tlsrecord.c
projects / thirdparty / openssl.git / blob
? search:


c262eefd19977a8ae6dfb0e790f257785ed21f64
[thirdparty/openssl.git] / ssl / record / tlsrecord.c
1 /*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/bio.h>
11 #include <openssl/ssl.h>
12 #include <openssl/err.h>
13 #include <openssl/core_names.h>
14 #include "internal/e_os.h"
15 #include "record.h"
16 #include "recordmethod.h"
17
18 struct ossl_record_layer_st
19 {
20 int isdtls;
21 int version;
22 int role;
23 int direction;
24 BIO *bio;
25 /* Types match the equivalent structures in the SSL object */
26 uint64_t options;
27 /*
28 * TODO(RECLAYER): Should we take the opportunity to make this uint64_t
29 * even though upper layer continue to use uint32_t?
30 */
31 uint32_t mode;
32
33 /* read IO goes into here */
34 SSL3_BUFFER rbuf;
35
36 /* used internally to point at a raw packet */
37 unsigned char *packet;
38 size_t packet_length;
39
40 int alert;
41
42 /*
43 * Read as many input bytes as possible (for
44 * non-blocking reads)
45 * TODO(RECLAYER): Why isn't this just an option?
46 */
47 int read_ahead;
48 };
49
50 static int tls_set1_bio(OSSL_RECORD_LAYER *rl, BIO *bio);
51
52 # define SSL_AD_NO_ALERT -1
53
54 static void rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
55 const char *fmt, ...)
56 {
57 va_list args;
58
59 va_start(args, fmt);
60 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
61 va_end(args);
62
63 rl->alert = al;
64 }
65
66
67 # define RLAYERfatal(rl, al, r) RLAYERfatal_data((rl), (al), (r), NULL)
68 # define RLAYERfatal_data \
69 (ERR_new(), \
70 ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
71 rlayer_fatal)
72
73 static int rlayer_allow_compression(OSSL_RECORD_LAYER *rl)
74 {
75 if (rl->options & SSL_OP_NO_COMPRESSION)
76 return 0;
77 #if 0
78 /* TODO(RECLAYER): Implement ssl_security inside the record layer */
79 return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL);
80 #else
81 return 1;
82 #endif
83 }
84
85 static int rlayer_setup_read_buffer(OSSL_RECORD_LAYER *rl)
86 {
87 unsigned char *p;
88 size_t len, align = 0, headerlen;
89 SSL3_BUFFER *b;
90
91 b = &rl->rbuf;
92
93 if (rl->isdtls)
94 headerlen = DTLS1_RT_HEADER_LENGTH;
95 else
96 headerlen = SSL3_RT_HEADER_LENGTH;
97
98 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
99 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
100 #endif
101
102 if (b->buf == NULL) {
103 len = SSL3_RT_MAX_PLAIN_LENGTH
104 + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
105 #ifndef OPENSSL_NO_COMP
106 if (rlayer_allow_compression(rl))
107 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
108 #endif
109 if (b->default_len > len)
110 len = b->default_len;
111 if ((p = OPENSSL_malloc(len)) == NULL) {
112 /*
113 * We've got a malloc failure, and we're still initialising buffers.
114 * We assume we're so doomed that we won't even be able to send an
115 * alert.
116 */
117 RLAYERfatal(rl, SSL_AD_NO_ALERT, ERR_R_MALLOC_FAILURE);
118 return 0;
119 }
120 b->buf = p;
121 b->len = len;
122 }
123
124 return 1;
125 }
126
127 static int rlayer_release_read_buffer(OSSL_RECORD_LAYER *rl)
128 {
129 SSL3_BUFFER *b;
130
131 b = &rl->rbuf;
132 if (rl->options & SSL_OP_CLEANSE_PLAINTEXT)
133 OPENSSL_cleanse(b->buf, b->len);
134 OPENSSL_free(b->buf);
135 b->buf = NULL;
136 return 1;
137 }
138
139 /*
140 * Return values are as per SSL_read()
141 */
142 static int tls_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
143 int clearold, size_t *readbytes)
144 {
145 /*
146 * If extend == 0, obtain new n-byte packet; if extend == 1, increase
147 * packet by another n bytes. The packet will be in the sub-array of
148 * s->rlayer.rbuf.buf specified by s->rlayer.packet and
149 * s->rlayer.packet_length. (If s->rlayer.read_ahead is set, 'max' bytes may
150 * be stored in rbuf [plus s->rlayer.packet_length bytes if extend == 1].)
151 * if clearold == 1, move the packet to the start of the buffer; if
152 * clearold == 0 then leave any old packets where they were
153 */
154 size_t len, left, align = 0;
155 unsigned char *pkt;
156 SSL3_BUFFER *rb;
157
158 if (n == 0)
159 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
160
161 rb = &rl->rbuf;
162 if (rb->buf == NULL) {
163 if (!rlayer_setup_read_buffer(rl)) {
164 /* RLAYERfatal() already called */
165 return OSSL_RECORD_RETURN_FATAL;
166 }
167 }
168
169 left = rb->left;
170 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
171 align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
172 align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
173 #endif
174
175 if (!extend) {
176 /* start with empty packet ... */
177 if (left == 0) {
178 rb->offset = align;
179 } else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
180 /*
181 * check if next packet length is large enough to justify payload
182 * alignment...
183 */
184 pkt = rb->buf + rb->offset;
185 if (pkt[0] == SSL3_RT_APPLICATION_DATA
186 && (pkt[3] << 8 | pkt[4]) >= 128) {
187 /*
188 * Note that even if packet is corrupted and its length field
189 * is insane, we can only be led to wrong decision about
190 * whether memmove will occur or not. Header values has no
191 * effect on memmove arguments and therefore no buffer
192 * overrun can be triggered.
193 */
194 memmove(rb->buf + align, pkt, left);
195 rb->offset = align;
196 }
197 }
198 rl->packet = rb->buf + rb->offset;
199 rl->packet_length = 0;
200 /* ... now we can act as if 'extend' was set */
201 }
202
203 len = rl->packet_length;
204 pkt = rb->buf + align;
205 /*
206 * Move any available bytes to front of buffer: 'len' bytes already
207 * pointed to by 'packet', 'left' extra ones at the end
208 */
209 if (rl->packet != pkt && clearold == 1) {
210 memmove(pkt, rl->packet, len + left);
211 rl->packet = pkt;
212 rb->offset = len + align;
213 }
214
215 /*
216 * For DTLS/UDP reads should not span multiple packets because the read
217 * operation returns the whole packet at once (as long as it fits into
218 * the buffer).
219 */
220 if (rl->isdtls) {
221 if (left == 0 && extend)
222 return 0;
223 if (left > 0 && n > left)
224 n = left;
225 }
226
227 /* if there is enough in the buffer from a previous read, take some */
228 if (left >= n) {
229 rl->packet_length += n;
230 rb->left = left - n;
231 rb->offset += n;
232 *readbytes = n;
233 return OSSL_RECORD_RETURN_SUCCESS;
234 }
235
236 /* else we need to read more data */
237
238 if (n > rb->len - rb->offset) {
239 /* does not happen */
240 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
241 return OSSL_RECORD_RETURN_FATAL;
242 }
243
244 /*
245 * Ktls always reads full records.
246 * Also, we always act like read_ahead is set for DTLS.
247 */
248 if (!BIO_get_ktls_recv(s->rbio) && !rl->read_ahead
249 && !rl->isdtls) {
250 /* ignore max parameter */
251 max = n;
252 } else {
253 if (max < n)
254 max = n;
255 if (max > rb->len - rb->offset)
256 max = rb->len - rb->offset;
257 }
258
259 while (left < n) {
260 size_t bioread = 0;
261 int ret;
262
263 /*
264 * Now we have len+left bytes at the front of s->s3.rbuf.buf and
265 * need to read in more until we have len+n (up to len+max if
266 * possible)
267 */
268
269 clear_sys_error();
270 if (rl->bio != NULL) {
271 ret = BIO_read(rl->bio, pkt + len + left, max - left);
272 if (ret > 0) {
273 bioread = ret;
274 ret = OSSL_RECORD_RETURN_SUCCESS;
275 } else if (BIO_should_retry(rl->bio)) {
276 ret = OSSL_RECORD_RETURN_RETRY;
277 } else if (BIO_eof(rl->bio)) {
278 ret = OSSL_RECORD_RETURN_EOF;
279 } else {
280 ret = OSSL_RECORD_RETURN_FATAL;
281 }
282 } else {
283 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_READ_BIO_NOT_SET);
284 ret = OSSL_RECORD_RETURN_FATAL;
285 }
286
287 if (ret <= OSSL_RECORD_RETURN_RETRY) {
288 rb->left = left;
289 if (rl->mode & SSL_MODE_RELEASE_BUFFERS && !rl->isdtls)
290 if (len + left == 0)
291 rlayer_release_read_buffer(rl);
292 return ret;
293 }
294 left += bioread;
295 /*
296 * reads should *never* span multiple packets for DTLS because the
297 * underlying transport protocol is message oriented as opposed to
298 * byte oriented as in the TLS case.
299 */
300 if (rl->isdtls) {
301 if (n > left)
302 n = left; /* makes the while condition false */
303 }
304 }
305
306 /* done reading, now the book-keeping */
307 rb->offset += n;
308 rb->left = left - n;
309 rl->packet_length += n;
310 *readbytes = n;
311 return OSSL_RECORD_RETURN_SUCCESS;
312 }
313
314 static OSSL_RECORD_LAYER *tls_new_record_layer(int vers, int role, int direction,
315 int level, unsigned char *secret,
316 size_t secretlen, SSL_CIPHER *c,
317 BIO *transport, BIO_ADDR *local,
318 BIO_ADDR *peer,
319 const OSSL_PARAM *settings,
320 const OSSL_PARAM *options)
321 {
322 OSSL_RECORD_LAYER *rl = OPENSSL_zalloc(sizeof(*rl));
323 const OSSL_PARAM *p;
324
325 if (rl == NULL) {
326 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
327 return NULL;
328 }
329
330 if (transport != NULL && !BIO_up_ref(transport)) {
331 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
332 goto err;
333 }
334
335 p = OSSL_PARAM_locate_const(options, OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS);
336 if (p != NULL && !OSSL_PARAM_get_uint64(p, &rl->options)) {
337 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
338 goto err;
339 }
340
341 p = OSSL_PARAM_locate_const(options, OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE);
342 if (p != NULL && !OSSL_PARAM_get_uint32(p, &rl->mode)) {
343 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
344 goto err;
345 }
346
347
348 p = OSSL_PARAM_locate_const(options, OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD);
349 if (p != NULL && !OSSL_PARAM_get_int(p, &rl->read_ahead)) {
350 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
351 goto err;
352 }
353
354 rl->version = vers;
355 rl->role = role;
356 rl->direction = direction;
357 if (!tls_set1_bio(rl, transport))
358 goto err;
359
360 return rl;
361 err:
362 OPENSSL_free(rl);
363 return NULL;
364 }
365
366 static OSSL_RECORD_LAYER *dtls_new_record_layer(int vers, int role, int direction,
367 int level, unsigned char *secret,
368 size_t secretlen, SSL_CIPHER *c,
369 BIO *transport, BIO_ADDR *local,
370 BIO_ADDR *peer,
371 const OSSL_PARAM *settings,
372 const OSSL_PARAM *options)
373 {
374 OSSL_RECORD_LAYER *rl = tls_new_record_layer(vers, role, direction, level,
375 secret, secretlen, c, transport,
376 local, peer, settings, options);
377
378 if (rl == NULL)
379 return NULL;
380
381 rl->isdtls = 1;
382
383 return rl;
384 }
385
386 static void tls_free(OSSL_RECORD_LAYER *rl)
387 {
388 BIO_free(rl->bio);
389 OPENSSL_free(rl);
390 }
391
392 static int tls_reset(OSSL_RECORD_LAYER *rl)
393 {
394 memset(rl, 0, sizeof(*rl));
395 return 1;
396 }
397
398 static int tls_unprocessed_read_pending(OSSL_RECORD_LAYER *rl)
399 {
400 return 0;
401 }
402
403 static int tls_processed_read_pending(OSSL_RECORD_LAYER *rl)
404 {
405 return 0;
406 }
407
408 static size_t tls_app_data_pending(OSSL_RECORD_LAYER *rl)
409 {
410 return 0;
411 }
412
413 static int tls_write_pending(OSSL_RECORD_LAYER *rl)
414 {
415 return 0;
416 }
417
418 static size_t tls_get_max_record_len(OSSL_RECORD_LAYER *rl)
419 {
420 return 0;
421 }
422
423 static size_t tls_get_max_records(OSSL_RECORD_LAYER *rl)
424 {
425 return 0;
426 }
427
428 static int tls_write_records(OSSL_RECORD_LAYER *rl,
429 OSSL_RECORD_TEMPLATE **templates, size_t numtempl,
430 size_t allowance, size_t *sent)
431 {
432 return 0;
433 }
434
435 static int tls_retry_write_records(OSSL_RECORD_LAYER *rl, size_t allowance,
436 size_t *sent)
437 {
438 return 0;
439 }
440
441 static int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle,
442 int *rversion, int *type, unsigned char **data,
443 size_t *datalen, uint16_t *epoch,
444 unsigned char *seq_num)
445 {
446 return 0;
447 }
448
449 static void tls_release_record(OSSL_RECORD_LAYER *rl, void *rechandle)
450 {
451 return;
452 }
453
454 static int tls_get_alert_code(OSSL_RECORD_LAYER *rl)
455 {
456 return rl->alert;
457 }
458
459 static int tls_set1_bio(OSSL_RECORD_LAYER *rl, BIO *bio)
460 {
461 if (bio != NULL && !BIO_up_ref(bio))
462 return 0;
463 BIO_free(rl->bio);
464 rl->bio = bio;
465
466 return 1;
467 }
468
469 static SSL3_BUFFER *tls_get0_rbuf(OSSL_RECORD_LAYER *rl)
470 {
471 return &rl->rbuf;
472 }
473
474 static unsigned char *tls_get0_packet(OSSL_RECORD_LAYER *rl)
475 {
476 return rl->packet;
477 }
478
479 static void tls_set0_packet(OSSL_RECORD_LAYER *rl, unsigned char *packet,
480 size_t packetlen)
481 {
482 rl->packet = packet;
483 rl->packet_length = packetlen;
484 }
485
486 static size_t tls_get_packet_length(OSSL_RECORD_LAYER *rl)
487 {
488 return rl->packet_length;
489 }
490
491 static void tls_reset_packet_length(OSSL_RECORD_LAYER *rl)
492 {
493 rl->packet_length = 0;
494 }
495
496 const OSSL_RECORD_METHOD ossl_tls_record_method = {
497 tls_new_record_layer,
498 tls_free,
499 tls_reset,
500 tls_unprocessed_read_pending,
501 tls_processed_read_pending,
502 tls_app_data_pending,
503 tls_write_pending,
504 tls_get_max_record_len,
505 tls_get_max_records,
506 tls_write_records,
507 tls_retry_write_records,
508 tls_read_record,
509 tls_release_record,
510 tls_get_alert_code,
511 tls_set1_bio,
512
513 /*
514 * TODO(RECLAYER): Remove these. These function pointers are temporary hacks
515 * during the record layer refactoring. They need to be removed before the
516 * refactor is complete.
517 */
518 tls_read_n,
519 tls_get0_rbuf,
520 tls_get0_packet,
521 tls_set0_packet,
522 tls_get_packet_length,
523 tls_reset_packet_length
524 };
525
526 const OSSL_RECORD_METHOD ossl_dtls_record_method = {
527 dtls_new_record_layer,
528 tls_free,
529 tls_reset,
530 tls_unprocessed_read_pending,
531 tls_processed_read_pending,
532 tls_app_data_pending,
533 tls_write_pending,
534 tls_get_max_record_len,
535 tls_get_max_records,
536 tls_write_records,
537 tls_retry_write_records,
538 tls_read_record,
539 tls_release_record,
540 tls_get_alert_code,
541 tls_set1_bio,
542
543 /*
544 * TODO(RECLAYER): Remove these. These function pointers are temporary hacks
545 * during the record layer refactoring. They need to be removed before the
546 * refactor is complete.
547 */
548 tls_read_n,
549 tls_get0_rbuf,
550 tls_get0_packet,
551 tls_set0_packet,
552 tls_get_packet_length,
553 tls_reset_packet_length
554 };
A mirror of the official openssl repository