]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/packet.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Use memcmp() instead of CRYPTO_memcmp() when fuzzing
[thirdparty/openssl.git] / ssl / packet.c
CommitLineData
b7273855
MC		 1/*
2 * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
c39609aa 10#include <assert.h>
b7273855
MC		 11#include "packet_locl.h"
12
871bc59b
MC		 13#define DEFAULT_BUF_SIZE 256
14
0217dd19 15int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
1ff84340
MC		 16{
17 if (!WPACKET_reserve_bytes(pkt, len, allocbytes))
18 return 0;
ff819477 19
1ff84340
MC		 20 pkt->written += len;
21 pkt->curr += len;
1ff84340
MC		 22 return 1;
23}
24
25int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
26 unsigned char **allocbytes, size_t lenbytes)
27{
28 if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
29 || !WPACKET_allocate_bytes(pkt, len, allocbytes)
30 || !WPACKET_close(pkt))
31 return 0;
32
33 return 1;
34}
35
9b36b7d9
MC		 36#define GETBUF(p) (((p)->staticbuf != NULL) \
37 ? (p)->staticbuf : (unsigned char *)(p)->buf->data)
38
1ff84340 39int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
b7273855 40{
c39609aa
MC		 41 /* Internal API, so should not fail */
42 assert(pkt->subs != NULL && len != 0);
0217dd19
MC		 43 if (pkt->subs == NULL || len == 0)
44 return 0;
b7273855 45
6ae4f5e0 46 if (pkt->maxsize - pkt->written < len)
b7273855
MC		 47 return 0;
48
9b36b7d9 49 if (pkt->staticbuf == NULL && (pkt->buf->length - pkt->written < len)) {
b7273855 50 size_t newlen;
f789b04f 51 size_t reflen;
b7273855 52
f789b04f
MC		 53 reflen = (len > pkt->buf->length) ? len : pkt->buf->length;
54
55 if (reflen > SIZE_MAX / 2) {
b7273855 56 newlen = SIZE_MAX;
871bc59b 57 } else {
f789b04f
MC		 58 newlen = reflen * 2;
59 if (newlen < DEFAULT_BUF_SIZE)
60 newlen = DEFAULT_BUF_SIZE;
871bc59b 61 }
0217dd19
MC		 62 if (BUF_MEM_grow(pkt->buf, newlen) == 0)
63 return 0;
b7273855 64 }
3171bad6 65 if (allocbytes != NULL)
829754a6 66 *allocbytes = WPACKET_get_curr(pkt);
b7273855 67
0217dd19 68 return 1;
b7273855
MC		 69}
70
1ff84340
MC		 71int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len,
72 unsigned char **allocbytes, size_t lenbytes)
b2b3024e 73{
1ff84340 74 if (!WPACKET_reserve_bytes(pkt, lenbytes + len, allocbytes))
b2b3024e
MC		 75 return 0;
76
1ff84340
MC		 77 *allocbytes += lenbytes;
78
b2b3024e
MC		 79 return 1;
80}
81
871bc59b
MC		 82static size_t maxmaxsize(size_t lenbytes)
83{
84 if (lenbytes >= sizeof(size_t) || lenbytes == 0)
85 return SIZE_MAX;
df065a2b
MC		 86
87 return ((size_t)1 << (lenbytes * 8)) - 1 + lenbytes;
871bc59b
MC		 88}
89
9b36b7d9 90static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes)
b7273855 91{
de451856
MC		 92 unsigned char *lenchars;
93
de451856 94 pkt->curr = 0;
0217dd19 95 pkt->written = 0;
b7273855 96
0217dd19
MC		 97 pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs));
98 if (pkt->subs == NULL)
99 return 0;
b7273855 100
0217dd19 101 if (lenbytes == 0)
b7273855 102 return 1;
b7273855 103
0217dd19
MC		 104 pkt->subs->pwritten = lenbytes;
105 pkt->subs->lenbytes = lenbytes;
106
de451856 107 if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) {
0217dd19
MC		 108 OPENSSL_free(pkt->subs);
109 pkt->subs = NULL;
b7273855
MC		 110 return 0;
111 }
9b36b7d9 112 pkt->subs->packet_len = lenchars - GETBUF(pkt);
b7273855
MC		 113
114 return 1;
115}
116
9b36b7d9
MC		 117int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len,
118 size_t lenbytes)
119{
120 size_t max = maxmaxsize(lenbytes);
121
122 /* Internal API, so should not fail */
123 assert(buf != NULL && len > 0);
124 if (buf == NULL || len == 0)
125 return 0;
126
127 pkt->staticbuf = buf;
128 pkt->buf = NULL;
129 pkt->maxsize = (max < len) ? max : len;
130
131 return wpacket_intern_init_len(pkt, lenbytes);
132}
133
134int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes)
135{
136 /* Internal API, so should not fail */
137 assert(buf != NULL);
138 if (buf == NULL)
139 return 0;
140
141 pkt->staticbuf = NULL;
142 pkt->buf = buf;
143 pkt->maxsize = maxmaxsize(lenbytes);
144
145 return wpacket_intern_init_len(pkt, lenbytes);
146}
147
ae2f7b37 148int WPACKET_init(WPACKET *pkt, BUF_MEM *buf)
b7273855 149{
ae2f7b37 150 return WPACKET_init_len(pkt, buf, 0);
b7273855
MC		 151}
152
ae2f7b37 153int WPACKET_set_flags(WPACKET *pkt, unsigned int flags)
b7273855 154{
c39609aa
MC		 155 /* Internal API, so should not fail */
156 assert(pkt->subs != NULL);
0217dd19
MC		 157 if (pkt->subs == NULL)
158 return 0;
159
160 pkt->subs->flags = flags;
b7273855
MC		 161
162 return 1;
163}
164
c0f9e23c
MC		 165/* Store the |value| of length |len| at location |data| */
166static int put_value(unsigned char *data, size_t value, size_t len)
82657355 167{
c0f9e23c 168 for (data += len - 1; len > 0; len--) {
82657355
MC		 169 *data = (unsigned char)(value & 0xff);
170 data--;
171 value >>= 8;
172 }
173
174 /* Check whether we could fit the value in the assigned number of bytes */
175 if (value > 0)
176 return 0;
177
178 return 1;
179}
180
0217dd19 181
b7273855 182/*
a2b7e655
MC		 183 * Internal helper function used by WPACKET_close(), WPACKET_finish() and
184 * WPACKET_fill_lengths() to close a sub-packet and write out its length if
185 * necessary. If |doclose| is 0 then it goes through the motions of closing
186 * (i.e. it fills in all the lengths), but doesn't actually close anything.
b7273855 187 */
a2b7e655 188static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose)
b7273855 189{
de451856 190 size_t packlen = pkt->written - sub->pwritten;
b7273855 191
0217dd19 192 if (packlen == 0
c0f9e23c 193 && (sub->flags & WPACKET_FLAGS_NON_ZERO_LENGTH) != 0)
b7273855
MC		 194 return 0;
195
196 if (packlen == 0
de451856 197 && sub->flags & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) {
a2b7e655
MC		 198 /* We can't handle this case. Return an error */
199 if (!doclose)
200 return 0;
201
ae2f7b37 202 /* Deallocate any bytes allocated for the length of the WPACKET */
0217dd19
MC		 203 if ((pkt->curr - sub->lenbytes) == sub->packet_len) {
204 pkt->written -= sub->lenbytes;
205 pkt->curr -= sub->lenbytes;
b7273855
MC		 206 }
207
208 /* Don't write out the packet length */
de451856
MC		 209 sub->packet_len = 0;
210 sub->lenbytes = 0;
b7273855
MC		 211 }
212
ae2f7b37 213 /* Write out the WPACKET length if needed */
609b0852 214 if (sub->lenbytes > 0
9b36b7d9
MC		 215 && !put_value(&GETBUF(pkt)[sub->packet_len], packlen,
216 sub->lenbytes))
b7273855 217 return 0;
b7273855 218
a2b7e655
MC		 219 if (doclose) {
220 pkt->subs = sub->parent;
221 OPENSSL_free(sub);
222 }
223
224 return 1;
225}
226
227int WPACKET_fill_lengths(WPACKET *pkt)
228{
229 WPACKET_SUB *sub;
230
231 assert(pkt->subs != NULL);
232 if (pkt->subs == NULL)
233 return 0;
234
fed60a78 235 for (sub = pkt->subs; sub != NULL; sub = sub->parent) {
a2b7e655
MC		 236 if (!wpacket_intern_close(pkt, sub, 0))
237 return 0;
fed60a78 238 }
b7273855
MC		 239
240 return 1;
241}
242
0217dd19 243int WPACKET_close(WPACKET *pkt)
b7273855 244{
c39609aa
MC		 245 /*
246 * Internal API, so should not fail - but we do negative testing of this
247 * so no assert (otherwise the tests fail)
248 */
0217dd19 249 if (pkt->subs == NULL || pkt->subs->parent == NULL)
b7273855
MC		 250 return 0;
251
a2b7e655 252 return wpacket_intern_close(pkt, pkt->subs, 1);
b7273855
MC		 253}
254
0217dd19 255int WPACKET_finish(WPACKET *pkt)
b7273855 256{
0217dd19
MC		 257 int ret;
258
c39609aa
MC		 259 /*
260 * Internal API, so should not fail - but we do negative testing of this
261 * so no assert (otherwise the tests fail)
262 */
0217dd19
MC		 263 if (pkt->subs == NULL || pkt->subs->parent != NULL)
264 return 0;
265
a2b7e655 266 ret = wpacket_intern_close(pkt, pkt->subs, 1);
871bc59b
MC		 267 if (ret) {
268 OPENSSL_free(pkt->subs);
269 pkt->subs = NULL;
270 }
de451856 271
0217dd19 272 return ret;
b7273855
MC		 273}
274
869d0a37 275int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes)
b7273855 276{
0217dd19 277 WPACKET_SUB *sub;
de451856 278 unsigned char *lenchars;
b7273855 279
c39609aa
MC		 280 /* Internal API, so should not fail */
281 assert(pkt->subs != NULL);
0217dd19 282 if (pkt->subs == NULL)
b7273855
MC		 283 return 0;
284
0217dd19
MC		 285 sub = OPENSSL_zalloc(sizeof(*sub));
286 if (sub == NULL)
b7273855
MC		 287 return 0;
288
0217dd19
MC		 289 sub->parent = pkt->subs;
290 pkt->subs = sub;
291 sub->pwritten = pkt->written + lenbytes;
292 sub->lenbytes = lenbytes;
293
294 if (lenbytes == 0) {
de451856 295 sub->packet_len = 0;
0217dd19
MC		 296 return 1;
297 }
298
de451856 299 if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars))
0217dd19 300 return 0;
4b0fc9fc 301 /* Convert to an offset in case the underlying BUF_MEM gets realloc'd */
9b36b7d9 302 sub->packet_len = lenchars - GETBUF(pkt);
b7273855
MC		 303
304 return 1;
305}
306
0217dd19
MC		 307int WPACKET_start_sub_packet(WPACKET *pkt)
308{
869d0a37 309 return WPACKET_start_sub_packet_len__(pkt, 0);
0217dd19
MC		 310}
311
08029dfa 312int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t size)
b7273855
MC		 313{
314 unsigned char *data;
315
c39609aa
MC		 316 /* Internal API, so should not fail */
317 assert(size <= sizeof(unsigned int));
c0f9e23c 318
de451856 319 if (size > sizeof(unsigned int)
82657355
MC		 320 || !WPACKET_allocate_bytes(pkt, size, &data)
321 || !put_value(data, val, size))
b7273855
MC		 322 return 0;
323
324 return 1;
325}
326
ae2f7b37 327int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize)
b7273855 328{
871bc59b
MC		 329 WPACKET_SUB *sub;
330 size_t lenbytes;
331
c39609aa
MC		 332 /* Internal API, so should not fail */
333 assert(pkt->subs != NULL);
871bc59b
MC		 334 if (pkt->subs == NULL)
335 return 0;
336
337 /* Find the WPACKET_SUB for the top level */
de451856
MC		 338 for (sub = pkt->subs; sub->parent != NULL; sub = sub->parent)
339 continue;
871bc59b
MC		 340
341 lenbytes = sub->lenbytes;
342 if (lenbytes == 0)
343 lenbytes = sizeof(pkt->maxsize);
344
345 if (maxmaxsize(lenbytes) < maxsize || maxsize < pkt->written)
346 return 0;
347
0217dd19 348 pkt->maxsize = maxsize;
b7273855
MC		 349
350 return 1;
351}
352
ae2f7b37 353int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len)
b7273855
MC		 354{
355 unsigned char *dest;
356
357 if (len == 0)
358 return 1;
359
ae2f7b37 360 if (!WPACKET_allocate_bytes(pkt, len, &dest))
b7273855
MC		 361 return 0;
362
363 memcpy(dest, src, len);
364
365 return 1;
366}
367
869d0a37
MC		 368int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len,
369 size_t lenbytes)
fb790f16 370{
869d0a37 371 if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
fb790f16
MC		 372 || !WPACKET_memcpy(pkt, src, len)
373 || !WPACKET_close(pkt))
374 return 0;
375
376 return 1;
377}
378
ae2f7b37 379int WPACKET_get_total_written(WPACKET *pkt, size_t *written)
b7273855 380{
c39609aa
MC		 381 /* Internal API, so should not fail */
382 assert(written != NULL);
871bc59b 383 if (written == NULL)
b7273855
MC		 384 return 0;
385
0217dd19 386 *written = pkt->written;
b7273855
MC		 387
388 return 1;
389}
390
ae2f7b37 391int WPACKET_get_length(WPACKET *pkt, size_t *len)
b7273855 392{
c39609aa
MC		 393 /* Internal API, so should not fail */
394 assert(pkt->subs != NULL && len != NULL);
0217dd19 395 if (pkt->subs == NULL || len == NULL)
b7273855
MC		 396 return 0;
397
0217dd19 398 *len = pkt->written - pkt->subs->pwritten;
b7273855
MC		 399
400 return 1;
401}
871bc59b 402
3171bad6
MC		 403unsigned char *WPACKET_get_curr(WPACKET *pkt)
404{
405 return GETBUF(pkt) + pkt->curr;
406}
407
871bc59b
MC		 408void WPACKET_cleanup(WPACKET *pkt)
409{
410 WPACKET_SUB *sub, *parent;
411
412 for (sub = pkt->subs; sub != NULL; sub = parent) {
413 parent = sub->parent;
414 OPENSSL_free(sub);
415 }
416 pkt->subs = NULL;
417}
A mirror of the official openssl repository