LCOV - code coverage report
Current view: top level - tls - s2n_ktls_io.c (source / functions) Hit Total Coverage
Test: unit_test_coverage.info Lines: 219 231 94.8 %
Date: 2026-07-04 07:27:58 Functions: 14 14 100.0 %
Branches: 171 302 56.6 %

           Branch data     Line data    Source code
       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : /* kTLS I/O is not supported on Windows. */
      17                 :            : #ifndef _WIN32
      18                 :            : 
      19                 :            :     #if defined(__FreeBSD__) || defined(__APPLE__)
      20                 :            :         /* https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_socket.h.html
      21                 :            :      * The POSIX standard does not define the CMSG_LEN and CMSG_SPACE macros. FreeBSD
      22                 :            :      * and APPLE check and disable these macros if the _POSIX_C_SOURCE flag is set.
      23                 :            :      *
      24                 :            :      * Since s2n-tls already unsets the _POSIX_C_SOURCE in other files and is not
      25                 :            :      * POSIX compliant, we continue the pattern here.
      26                 :            :      */
      27                 :            :         #undef _POSIX_C_SOURCE
      28                 :            :     #endif
      29                 :            :     #include <sys/socket.h>
      30                 :            : 
      31                 :            :     #ifdef S2N_LINUX_SENDFILE
      32                 :            :         #include <sys/sendfile.h>
      33                 :            :     #endif
      34                 :            : 
      35                 :            :     #include "error/s2n_errno.h"
      36                 :            :     #include "tls/s2n_ktls.h"
      37                 :            :     #include "tls/s2n_tls.h"
      38                 :            :     #include "utils/s2n_io.h"
      39                 :            :     #include "utils/s2n_result.h"
      40                 :            :     #include "utils/s2n_safety.h"
      41                 :            :     #include "utils/s2n_socket.h"
      42                 :            : 
      43                 :            :     /* record_type is of type uint8_t */
      44                 :            :     #define S2N_KTLS_RECORD_TYPE_SIZE    (sizeof(uint8_t))
      45                 :            :     #define S2N_KTLS_CONTROL_BUFFER_SIZE (CMSG_SPACE(S2N_KTLS_RECORD_TYPE_SIZE))
      46                 :            : 
      47                 :            :     #define S2N_MAX_STACK_IOVECS     16
      48                 :            :     #define S2N_MAX_STACK_IOVECS_MEM (S2N_MAX_STACK_IOVECS * sizeof(struct iovec))
      49                 :            : 
      50                 :            : /* Used to override sendmsg and recvmsg for testing. */
      51                 :            : static ssize_t s2n_ktls_default_sendmsg(void *io_context, const struct msghdr *msg);
      52                 :            : static ssize_t s2n_ktls_default_recvmsg(void *io_context, struct msghdr *msg);
      53                 :            : s2n_ktls_sendmsg_fn s2n_sendmsg_fn = s2n_ktls_default_sendmsg;
      54                 :            : s2n_ktls_recvmsg_fn s2n_recvmsg_fn = s2n_ktls_default_recvmsg;
      55                 :            : 
      56                 :            : S2N_RESULT s2n_ktls_set_sendmsg_cb(struct s2n_connection *conn, s2n_ktls_sendmsg_fn send_cb,
      57                 :            :         void *send_ctx)
      58                 :      82007 : {
      59 [ -  + ][ #  # ]:      82007 :     RESULT_ENSURE_REF(conn);
      60 [ -  + ][ #  # ]:      82007 :     RESULT_ENSURE_REF(send_ctx);
      61 [ #  # ][ -  + ]:      82007 :     RESULT_ENSURE(s2n_in_test(), S2N_ERR_NOT_IN_TEST);
      62                 :      82007 :     conn->send_io_context = send_ctx;
      63                 :      82007 :     s2n_sendmsg_fn = send_cb;
      64                 :      82007 :     return S2N_RESULT_OK;
      65                 :      82007 : }
      66                 :            : 
      67                 :            : S2N_RESULT s2n_ktls_set_recvmsg_cb(struct s2n_connection *conn, s2n_ktls_recvmsg_fn recv_cb,
      68                 :            :         void *recv_ctx)
      69                 :      32833 : {
      70 [ -  + ][ #  # ]:      32833 :     RESULT_ENSURE_REF(conn);
      71 [ -  + ][ #  # ]:      32833 :     RESULT_ENSURE_REF(recv_ctx);
      72 [ -  + ][ #  # ]:      32833 :     RESULT_ENSURE(s2n_in_test(), S2N_ERR_NOT_IN_TEST);
      73                 :      32833 :     conn->recv_io_context = recv_ctx;
      74                 :      32833 :     s2n_recvmsg_fn = recv_cb;
      75                 :      32833 :     return S2N_RESULT_OK;
      76                 :      32833 : }
      77                 :            : 
      78                 :            : static ssize_t s2n_ktls_default_recvmsg(void *io_context, struct msghdr *msg)
      79                 :          1 : {
      80 [ +  - ][ +  - ]:          1 :     POSIX_ENSURE_REF(io_context);
      81 [ #  # ][ #  # ]:          0 :     POSIX_ENSURE_REF(msg);
      82                 :            : 
      83                 :          0 :     const struct s2n_socket_read_io_context *peer_socket_ctx = io_context;
      84 [ #  # ][ #  # ]:          0 :     POSIX_ENSURE_REF(peer_socket_ctx);
      85                 :          0 :     int fd = peer_socket_ctx->fd;
      86                 :            : 
      87                 :          0 :     return recvmsg(fd, msg, 0);
      88                 :          0 : }
      89                 :            : 
      90                 :            : static ssize_t s2n_ktls_default_sendmsg(void *io_context, const struct msghdr *msg)
      91                 :          1 : {
      92 [ +  - ][ +  - ]:          1 :     POSIX_ENSURE_REF(io_context);
      93 [ #  # ][ #  # ]:          0 :     POSIX_ENSURE_REF(msg);
      94                 :            : 
      95                 :          0 :     const struct s2n_socket_write_io_context *peer_socket_ctx = io_context;
      96 [ #  # ][ #  # ]:          0 :     POSIX_ENSURE_REF(peer_socket_ctx);
      97                 :          0 :     int fd = peer_socket_ctx->fd;
      98                 :            : 
      99                 :          0 :     return sendmsg(fd, msg, 0);
     100                 :          0 : }
     101                 :            : 
     102                 :            : S2N_RESULT s2n_ktls_set_control_data(struct msghdr *msg, char *buf, size_t buf_size,
     103                 :            :         int cmsg_type, uint8_t record_type)
     104                 :      82430 : {
     105 [ +  - ][ +  + ]:      82430 :     RESULT_ENSURE_REF(msg);
     106 [ +  + ][ +  - ]:      82429 :     RESULT_ENSURE_REF(buf);
     107                 :            : 
     108                 :            :     /*
     109                 :            :      * https://man7.org/linux/man-pages/man3/cmsg.3.html
     110                 :            :      * To create ancillary data, first initialize the msg_controllen
     111                 :            :      * member of the msghdr with the length of the control message
     112                 :            :      * buffer.
     113                 :            :      */
     114                 :      82428 :     msg->msg_control = buf;
     115                 :      82428 :     msg->msg_controllen = buf_size;
     116                 :            : 
     117                 :            :     /*
     118                 :            :      * https://man7.org/linux/man-pages/man3/cmsg.3.html
     119                 :            :      * Use CMSG_FIRSTHDR() on the msghdr to get the first
     120                 :            :      * control message and CMSG_NXTHDR() to get all subsequent ones.
     121                 :            :      */
     122                 :      82428 :     struct cmsghdr *hdr = CMSG_FIRSTHDR(msg);
     123 [ +  + ][ +  - ]:      82428 :     RESULT_ENSURE_REF(hdr);
     124                 :            : 
     125                 :            :     /*
     126                 :            :      * https://man7.org/linux/man-pages/man3/cmsg.3.html
     127                 :            :      * In each control message, initialize cmsg_len (with CMSG_LEN()), the
     128                 :            :      * other cmsghdr header fields, and the data portion using
     129                 :            :      * CMSG_DATA().
     130                 :            :      */
     131                 :      82427 :     hdr->cmsg_len = CMSG_LEN(S2N_KTLS_RECORD_TYPE_SIZE);
     132                 :      82427 :     hdr->cmsg_level = S2N_SOL_TLS;
     133                 :      82427 :     hdr->cmsg_type = cmsg_type;
     134                 :      82427 :     *CMSG_DATA(hdr) = record_type;
     135                 :            : 
     136                 :            :     /*
     137                 :            :      * https://man7.org/linux/man-pages/man3/cmsg.3.html
     138                 :            :      * Finally, the msg_controllen field of the msghdr
     139                 :            :      * should be set to the sum of the CMSG_SPACE() of the length of all
     140                 :            :      * control messages in the buffer
     141                 :            :      */
     142 [ -  + ][ #  # ]:      82427 :     RESULT_ENSURE_GTE(msg->msg_controllen, CMSG_SPACE(S2N_KTLS_RECORD_TYPE_SIZE));
     143                 :      82427 :     msg->msg_controllen = CMSG_SPACE(S2N_KTLS_RECORD_TYPE_SIZE);
     144                 :            : 
     145                 :      82427 :     return S2N_RESULT_OK;
     146                 :      82427 : }
     147                 :            : 
     148                 :            : /* Expect to receive a single cmsghdr containing the TLS record_type.
     149                 :            :  *
     150                 :            :  * s2n-tls allocates enough space to receive a single cmsghdr. Since this is
     151                 :            :  * used to get the record_type when receiving over kTLS (enabled via
     152                 :            :  * `s2n_connection_ktls_enable_recv`), the application should not configure
     153                 :            :  * the socket to receive additional control messages. In the event s2n-tls
     154                 :            :  * can not retrieve the record_type, it is safer to drop the record.
     155                 :            :  */
     156                 :            : S2N_RESULT s2n_ktls_get_control_data(struct msghdr *msg, int cmsg_type, uint8_t *record_type)
     157                 :      82387 : {
     158 [ +  + ][ +  - ]:      82387 :     RESULT_ENSURE_REF(msg);
     159 [ +  + ][ +  - ]:      82386 :     RESULT_ENSURE_REF(record_type);
     160                 :            : 
     161                 :            :     /* https://man7.org/linux/man-pages/man3/recvmsg.3p.html
     162                 :            :      * MSG_CTRUNC  Control data was truncated.
     163                 :            :      */
     164         [ +  + ]:      82385 :     if (msg->msg_flags & MSG_CTRUNC) {
     165         [ +  - ]:          1 :         RESULT_BAIL(S2N_ERR_KTLS_BAD_CMSG);
     166                 :          1 :     }
     167                 :            : 
     168                 :            :     /*
     169                 :            :      * https://man7.org/linux/man-pages/man3/cmsg.3.html
     170                 :            :      * To create ancillary data, first initialize the msg_controllen
     171                 :            :      * member of the msghdr with the length of the control message
     172                 :            :      * buffer.
     173                 :            :      */
     174 [ -  + ][ #  # ]:      82384 :     RESULT_ENSURE(msg->msg_control, S2N_ERR_SAFETY);
     175 [ -  + ][ #  # ]:      82384 :     RESULT_ENSURE(msg->msg_controllen >= CMSG_SPACE(S2N_KTLS_RECORD_TYPE_SIZE), S2N_ERR_SAFETY);
     176                 :            : 
     177                 :            :     /* https://man7.org/linux/man-pages/man3/cmsg.3.html
     178                 :            :      * Use CMSG_FIRSTHDR() on the msghdr to get the first
     179                 :            :      * control message and CMSG_NXTHDR() to get all subsequent ones.
     180                 :            :      */
     181                 :      82384 :     struct cmsghdr *hdr = CMSG_FIRSTHDR(msg);
     182 [ -  + ][ #  # ]:      82384 :     RESULT_ENSURE(hdr, S2N_ERR_KTLS_BAD_CMSG);
     183                 :            : 
     184                 :            :     /*
     185                 :            :      * https://man7.org/linux/man-pages/man3/cmsg.3.html
     186                 :            :      * In each control message, initialize cmsg_len (with CMSG_LEN()), the
     187                 :            :      * other cmsghdr header fields, and the data portion using
     188                 :            :      * CMSG_DATA().
     189                 :            :      */
     190 [ -  + ][ #  # ]:      82384 :     RESULT_ENSURE(hdr->cmsg_level == S2N_SOL_TLS, S2N_ERR_KTLS_BAD_CMSG);
     191 [ +  + ][ +  - ]:      82384 :     RESULT_ENSURE(hdr->cmsg_type == cmsg_type, S2N_ERR_KTLS_BAD_CMSG);
     192 [ -  + ][ #  # ]:      82383 :     RESULT_ENSURE(hdr->cmsg_len == CMSG_LEN(S2N_KTLS_RECORD_TYPE_SIZE), S2N_ERR_KTLS_BAD_CMSG);
     193                 :      82383 :     *record_type = *CMSG_DATA(hdr);
     194                 :            : 
     195                 :      82383 :     return S2N_RESULT_OK;
     196                 :      82383 : }
     197                 :            : 
     198                 :            : S2N_RESULT s2n_ktls_sendmsg(void *io_context, uint8_t record_type, const struct iovec *msg_iov,
     199                 :            :         size_t msg_iovlen, s2n_blocked_status *blocked, size_t *bytes_written)
     200                 :      49508 : {
     201 [ +  - ][ +  + ]:      49508 :     RESULT_ENSURE_REF(bytes_written);
     202 [ +  - ][ +  + ]:      49507 :     RESULT_ENSURE_REF(blocked);
     203 [ +  - ][ +  + ]:      49505 :     RESULT_ENSURE(msg_iov != NULL || msg_iovlen == 0, S2N_ERR_NULL);
                 [ +  + ]
     204                 :            : 
     205                 :      49504 :     *blocked = S2N_BLOCKED_ON_WRITE;
     206                 :      49504 :     *bytes_written = 0;
     207                 :            : 
     208                 :      49504 :     struct msghdr msg = {
     209                 :            :         /* msghdr requires a non-const iovec. This is safe because s2n-tls does
     210                 :            :          * not modify msg_iov after this point.
     211                 :            :          */
     212                 :      49504 :         .msg_iov = (struct iovec *) (uintptr_t) msg_iov,
     213                 :      49504 :         .msg_iovlen = msg_iovlen,
     214                 :      49504 :     };
     215                 :            : 
     216                 :      49504 :     char control_data[S2N_KTLS_CONTROL_BUFFER_SIZE] = { 0 };
     217         [ -  + ]:      49504 :     RESULT_GUARD(s2n_ktls_set_control_data(&msg, control_data, sizeof(control_data),
     218                 :      49504 :             S2N_TLS_SET_RECORD_TYPE, record_type));
     219                 :            : 
     220                 :      49504 :     ssize_t result = 0;
     221 [ +  + ][ -  + ]:      49504 :     S2N_IO_RETRY_EINTR(result, s2n_sendmsg_fn(io_context, &msg));
     222         [ +  + ]:      49504 :     RESULT_GUARD(s2n_io_check_write_result(result));
     223                 :            : 
     224                 :      49487 :     *blocked = S2N_NOT_BLOCKED;
     225                 :      49487 :     *bytes_written = result;
     226                 :      49487 :     return S2N_RESULT_OK;
     227                 :      49504 : }
     228                 :            : 
     229                 :            : S2N_RESULT s2n_ktls_recvmsg(void *io_context, uint8_t *record_type, uint8_t *buf,
     230                 :            :         size_t buf_len, s2n_blocked_status *blocked, size_t *bytes_read)
     231                 :        147 : {
     232 [ +  - ][ +  + ]:        147 :     RESULT_ENSURE_REF(record_type);
     233 [ +  - ][ +  + ]:        146 :     RESULT_ENSURE_REF(bytes_read);
     234 [ +  + ][ +  - ]:        145 :     RESULT_ENSURE_REF(blocked);
     235 [ +  + ][ +  - ]:        144 :     RESULT_ENSURE_REF(buf);
     236                 :            :     /* Ensure that buf_len is > 0 since trying to receive 0 bytes does not
     237                 :            :      * make sense and a return value of `0` from recvmsg is treated as EOF.
     238                 :            :      */
     239 [ +  + ][ +  - ]:        143 :     RESULT_ENSURE_GT(buf_len, 0);
     240                 :            : 
     241                 :        142 :     *blocked = S2N_BLOCKED_ON_READ;
     242                 :        142 :     *record_type = 0;
     243                 :        142 :     *bytes_read = 0;
     244                 :        142 :     struct iovec msg_iov = {
     245                 :        142 :         .iov_base = buf,
     246                 :        142 :         .iov_len = buf_len
     247                 :        142 :     };
     248                 :        142 :     struct msghdr msg = {
     249                 :        142 :         .msg_iov = &msg_iov,
     250                 :        142 :         .msg_iovlen = 1,
     251                 :        142 :     };
     252                 :            : 
     253                 :            :     /*
     254                 :            :      * https://man7.org/linux/man-pages/man3/cmsg.3.html
     255                 :            :      * To create ancillary data, first initialize the msg_controllen
     256                 :            :      * member of the msghdr with the length of the control message
     257                 :            :      * buffer.
     258                 :            :      */
     259                 :        142 :     char control_data[S2N_KTLS_CONTROL_BUFFER_SIZE] = { 0 };
     260                 :        142 :     msg.msg_controllen = sizeof(control_data);
     261                 :        142 :     msg.msg_control = control_data;
     262                 :            : 
     263                 :        142 :     ssize_t result = 0;
     264 [ +  + ][ -  + ]:        142 :     S2N_IO_RETRY_EINTR(result, s2n_recvmsg_fn(io_context, &msg));
     265         [ +  + ]:        142 :     RESULT_GUARD(s2n_io_check_read_result(result));
     266                 :            : 
     267         [ +  + ]:        122 :     RESULT_GUARD(s2n_ktls_get_control_data(&msg, S2N_TLS_GET_RECORD_TYPE, record_type));
     268                 :            : 
     269                 :        121 :     *blocked = S2N_NOT_BLOCKED;
     270                 :        121 :     *bytes_read = result;
     271                 :        121 :     return S2N_RESULT_OK;
     272                 :        122 : }
     273                 :            : 
     274                 :            : /* The iovec array `bufs` is constant and owned by the application.
     275                 :            :  *
     276                 :            :  * However, we need to apply the given offset to `bufs`. That may involve
     277                 :            :  * updating the iov_base and iov_len of entries in `bufs` to reflect the bytes
     278                 :            :  * already sent. Because `bufs` is constant, we need to instead copy `bufs` and
     279                 :            :  * modify the copy.
     280                 :            :  *
     281                 :            :  * Since one of the primary benefits of kTLS is that we avoid buffering application
     282                 :            :  * data and can pass application data as-is to the kernel, we try to limit the
     283                 :            :  * situations where we need to copy `bufs` and use stack memory where possible.
     284                 :            :  *
     285                 :            :  * Note: We are copying an array of iovecs here, NOT the scattered application
     286                 :            :  * data the iovecs reference. On Linux, the maximum data copied would be
     287                 :            :  * 1024 (IOV_MAX on Linux) * 16 (sizeof(struct iovec)) = ~16KB.
     288                 :            :  *
     289                 :            :  * To avoid any copies when using a large number of iovecs, applications should
     290                 :            :  * call s2n_sendv instead of s2n_sendv_with_offset.
     291                 :            :  */
     292                 :            : static S2N_RESULT s2n_ktls_update_bufs_with_offset(const struct iovec **bufs, size_t *count,
     293                 :            :         size_t offs, struct s2n_blob *mem)
     294                 :      32776 : {
     295 [ -  + ][ #  # ]:      32776 :     RESULT_ENSURE_REF(bufs);
     296 [ -  + ][ #  # ]:      32776 :     RESULT_ENSURE_REF(count);
     297 [ #  # ][ +  - ]:      32776 :     RESULT_ENSURE(*bufs != NULL || *count == 0, S2N_ERR_NULL);
                 [ #  # ]
     298 [ #  # ][ -  + ]:      32776 :     RESULT_ENSURE_REF(mem);
     299                 :            : 
     300                 :      32776 :     size_t skipped = 0;
     301         [ +  + ]:    1763849 :     while (offs > 0) {
     302                 :            :         /* If we need to skip more iovecs than actually exist,
     303                 :            :          * then the offset is too large and therefore invalid.
     304                 :            :          */
     305 [ -  + ][ #  # ]:    1763832 :         RESULT_ENSURE(skipped < *count, S2N_ERR_INVALID_ARGUMENT);
     306                 :            : 
     307                 :    1763832 :         size_t iov_len = (*bufs)[skipped].iov_len;
     308                 :            : 
     309                 :            :         /* This is the last iovec affected by the offset. */
     310         [ +  + ]:    1763832 :         if (offs < iov_len) {
     311                 :      32759 :             break;
     312                 :      32759 :         }
     313                 :            : 
     314                 :    1731073 :         offs -= iov_len;
     315                 :    1731073 :         skipped++;
     316                 :    1731073 :     }
     317                 :            : 
     318                 :      32776 :     *count = (*count) - skipped;
     319         [ +  + ]:      32776 :     if (*count == 0) {
     320                 :          2 :         return S2N_RESULT_OK;
     321                 :          2 :     }
     322                 :            : 
     323                 :      32774 :     *bufs = &(*bufs)[skipped];
     324         [ +  + ]:      32774 :     if (offs == 0) {
     325                 :         15 :         return S2N_RESULT_OK;
     326                 :         15 :     }
     327                 :            : 
     328                 :      32759 :     size_t size = (*count) * (sizeof(struct iovec));
     329                 :            :     /* If possible, use the existing stack memory in `mem` for the copy.
     330                 :            :      * Otherwise, we need to allocate sufficient new heap memory. */
     331         [ +  + ]:      32759 :     if (size > mem->size) {
     332         [ -  + ]:        222 :         RESULT_GUARD_POSIX(s2n_alloc(mem, size));
     333                 :        222 :     }
     334                 :            : 
     335                 :      32759 :     struct iovec *new_bufs = (struct iovec *) (void *) mem->data;
     336 [ #  # ][ -  + ]:      32759 :     RESULT_CHECKED_MEMCPY(new_bufs, *bufs, size);
                 [ +  - ]
     337                 :      32759 :     new_bufs[0].iov_base = (uint8_t *) new_bufs[0].iov_base + offs;
     338                 :      32759 :     new_bufs[0].iov_len = new_bufs[0].iov_len - offs;
     339                 :      32759 :     *bufs = new_bufs;
     340                 :            : 
     341                 :      32759 :     return S2N_RESULT_OK;
     342                 :      32759 : }
     343                 :            : 
     344                 :            : ssize_t s2n_ktls_sendv_with_offset(struct s2n_connection *conn, const struct iovec *bufs,
     345                 :            :         ssize_t count_in, ssize_t offs_in, s2n_blocked_status *blocked)
     346                 :      49224 : {
     347 [ +  + ][ +  - ]:      49224 :     POSIX_ENSURE_REF(conn);
     348 [ +  - ][ +  + ]:      49223 :     POSIX_ENSURE(count_in >= 0, S2N_ERR_INVALID_ARGUMENT);
     349                 :      49222 :     size_t count = count_in;
     350 [ +  + ][ +  - ]:      49222 :     POSIX_ENSURE(offs_in >= 0, S2N_ERR_INVALID_ARGUMENT);
     351                 :      49221 :     size_t offs = offs_in;
     352                 :            : 
     353                 :      49221 :     ssize_t total_bytes = 0;
     354         [ +  + ]:      49221 :     POSIX_GUARD_RESULT(s2n_sendv_with_offset_total_size(bufs, count_in, offs_in, &total_bytes));
     355         [ +  + ]:      49218 :     POSIX_GUARD_RESULT(s2n_ktls_key_update_send(conn, total_bytes));
     356                 :            : 
     357                 :            :     /* The order of new_bufs and new_bufs_mem matters. See https://github.com/aws/s2n-tls/issues/4354 */
     358                 :      49212 :     uint8_t new_bufs_mem[S2N_MAX_STACK_IOVECS_MEM] = { 0 };
     359                 :      49212 :     DEFER_CLEANUP(struct s2n_blob new_bufs = { 0 }, s2n_free_or_wipe);
     360         [ -  + ]:      49212 :     POSIX_GUARD(s2n_blob_init(&new_bufs, new_bufs_mem, sizeof(new_bufs_mem)));
     361         [ +  + ]:      49212 :     if (offs > 0) {
     362         [ -  + ]:      32776 :         POSIX_GUARD_RESULT(s2n_ktls_update_bufs_with_offset(&bufs, &count, offs, &new_bufs));
     363                 :      32776 :     }
     364                 :            : 
     365                 :      49212 :     size_t bytes_written = 0;
     366         [ +  + ]:      49212 :     POSIX_GUARD_RESULT(s2n_ktls_sendmsg(conn->send_io_context, TLS_APPLICATION_DATA,
     367                 :      49209 :             bufs, count, blocked, &bytes_written));
     368                 :            : 
     369         [ -  + ]:      49209 :     POSIX_GUARD_RESULT(s2n_ktls_set_estimated_sequence_number(conn, bytes_written));
     370                 :      49209 :     return bytes_written;
     371                 :      49209 : }
     372                 :            : 
     373                 :            : int s2n_ktls_send_cb(void *io_context, const uint8_t *buf, uint32_t len)
     374                 :         19 : {
     375 [ +  + ][ +  - ]:         19 :     POSIX_ENSURE_REF(io_context);
     376 [ +  + ][ +  - ]:         18 :     POSIX_ENSURE_REF(buf);
     377                 :            : 
     378                 :            :     /* For now, all control records are assumed to be alerts.
     379                 :            :      * We can set the record_type on the io_context in the future.
     380                 :            :      */
     381                 :         17 :     const uint8_t record_type = TLS_ALERT;
     382                 :            : 
     383                 :         17 :     const struct iovec iov = {
     384                 :         17 :         .iov_base = (void *) (uintptr_t) buf,
     385                 :         17 :         .iov_len = len,
     386                 :         17 :     };
     387                 :         17 :     s2n_blocked_status blocked = S2N_NOT_BLOCKED;
     388                 :         17 :     size_t bytes_written = 0;
     389                 :            : 
     390         [ +  + ]:         17 :     POSIX_GUARD_RESULT(s2n_ktls_sendmsg(io_context, record_type, &iov, 1,
     391                 :         11 :             &blocked, &bytes_written));
     392                 :            : 
     393 [ -  + ][ #  # ]:         11 :     POSIX_ENSURE_LTE(bytes_written, len);
     394                 :         11 :     return bytes_written;
     395                 :         11 : }
     396                 :            : 
     397                 :            : int s2n_ktls_record_writev(struct s2n_connection *conn, uint8_t content_type,
     398                 :            :         const struct iovec *in, int in_count, size_t offs, size_t to_write)
     399                 :         13 : {
     400 [ +  - ][ +  + ]:         13 :     POSIX_ENSURE_REF(conn);
     401 [ +  + ][ +  - ]:         12 :     POSIX_ENSURE(in_count > 0, S2N_ERR_INVALID_ARGUMENT);
     402                 :         11 :     size_t count = in_count;
     403 [ +  + ][ +  - ]:         11 :     POSIX_ENSURE_REF(in);
     404                 :            : 
     405                 :            :     /* Currently, ktls only supports sending alerts.
     406                 :            :      * To also support handshake messages, we would need a way to track record_type.
     407                 :            :      * We could add a field to the send io context.
     408                 :            :      */
     409 [ +  - ][ +  + ]:         10 :     POSIX_ENSURE(content_type == TLS_ALERT, S2N_ERR_UNIMPLEMENTED);
     410                 :            : 
     411                 :            :     /* When stuffers automatically resize, they allocate a potentially large
     412                 :            :      * chunk of memory to avoid repeated resizes.
     413                 :            :      * Since ktls only uses conn->out for control messages (alerts and eventually
     414                 :            :      * handshake messages), we expect infrequent small writes with conn->out
     415                 :            :      * freed in between. Since we're therefore more concerned with the size of
     416                 :            :      * the allocation than the frequency, use a more accurate size for each write.
     417                 :            :      */
     418         [ -  + ]:          9 :     POSIX_GUARD(s2n_stuffer_resize_if_empty(&conn->out, to_write));
     419                 :            : 
     420         [ -  + ]:          9 :     POSIX_GUARD(s2n_stuffer_writev_bytes(&conn->out, in, count, offs, to_write));
     421                 :          9 :     return to_write;
     422                 :          9 : }
     423                 :            : 
     424                 :            : int s2n_sendfile(struct s2n_connection *conn, int in_fd, off_t offset, size_t count,
     425                 :            :         size_t *bytes_written, s2n_blocked_status *blocked)
     426                 :       1488 : {
     427 [ +  - ][ +  + ]:       1488 :     POSIX_ENSURE_REF(blocked);
     428                 :       1487 :     *blocked = S2N_BLOCKED_ON_WRITE;
     429 [ +  + ][ +  - ]:       1487 :     POSIX_ENSURE_REF(bytes_written);
     430                 :       1486 :     *bytes_written = 0;
     431 [ +  - ][ +  + ]:       1486 :     POSIX_ENSURE_REF(conn);
     432 [ -  + ][ #  # ]:       1485 :     POSIX_ENSURE(conn->ktls_send_enabled, S2N_ERR_KTLS_UNSUPPORTED_CONN);
     433         [ +  + ]:       1485 :     POSIX_GUARD_RESULT(s2n_ktls_key_update_send(conn, count));
     434                 :            : 
     435                 :       1484 :     int out_fd = 0;
     436         [ -  + ]:       1484 :     POSIX_GUARD_RESULT(s2n_ktls_get_file_descriptor(conn, S2N_KTLS_MODE_SEND, &out_fd));
     437                 :            : 
     438                 :       1484 :     #ifdef S2N_LINUX_SENDFILE
     439                 :            :     /* https://man7.org/linux/man-pages/man2/sendfile.2.html */
     440                 :       1484 :     ssize_t result = 0;
     441 [ +  + ][ -  + ]:       1484 :     S2N_IO_RETRY_EINTR(result, sendfile(out_fd, in_fd, &offset, count));
     442         [ +  + ]:       1484 :     POSIX_GUARD_RESULT(s2n_io_check_write_result(result));
     443                 :       1482 :     *bytes_written = result;
     444                 :            :     #else
     445                 :            :     POSIX_BAIL(S2N_ERR_UNIMPLEMENTED);
     446                 :            :     #endif
     447                 :            : 
     448         [ -  + ]:       1482 :     POSIX_GUARD_RESULT(s2n_ktls_set_estimated_sequence_number(conn, *bytes_written));
     449                 :       1482 :     *blocked = S2N_NOT_BLOCKED;
     450                 :       1482 :     return S2N_SUCCESS;
     451                 :       1482 : }
     452                 :            : 
     453                 :            : int s2n_ktls_read_full_record(struct s2n_connection *conn, uint8_t *record_type)
     454                 :        128 : {
     455 [ +  - ][ +  + ]:        128 :     POSIX_ENSURE_REF(conn);
     456 [ +  - ][ +  + ]:        127 :     POSIX_ENSURE_REF(record_type);
     457                 :            : 
     458                 :            :     /* If any unread data remains in conn->in, it must be application data that
     459                 :            :      * couldn't be returned due to the size of the application's provided buffer.
     460                 :            :      */
     461         [ +  + ]:        126 :     if (s2n_stuffer_data_available(&conn->in)) {
     462                 :          2 :         *record_type = TLS_APPLICATION_DATA;
     463                 :          2 :         return S2N_SUCCESS;
     464                 :          2 :     }
     465                 :            : 
     466         [ -  + ]:        124 :     POSIX_GUARD(s2n_stuffer_resize_if_empty(&conn->buffer_in, S2N_DEFAULT_FRAGMENT_LENGTH));
     467                 :            : 
     468                 :        124 :     struct s2n_stuffer record_stuffer = conn->buffer_in;
     469                 :        124 :     size_t len = s2n_stuffer_space_remaining(&record_stuffer);
     470                 :        124 :     uint8_t *buf = s2n_stuffer_raw_write(&record_stuffer, len);
     471 [ -  + ][ #  # ]:        124 :     POSIX_ENSURE_REF(buf);
     472                 :            : 
     473                 :        124 :     s2n_blocked_status blocked = S2N_NOT_BLOCKED;
     474                 :        124 :     size_t bytes_read = 0;
     475                 :            : 
     476                 :            :     /* Since recvmsg is responsible for decrypting the record in ktls,
     477                 :            :      * we apply blinding to the recvmsg call.
     478                 :            :      */
     479                 :        124 :     s2n_result result = s2n_ktls_recvmsg(conn->recv_io_context, record_type,
     480                 :        124 :             buf, len, &blocked, &bytes_read);
     481 [ +  + ][ +  - ]:        124 :     WITH_ERROR_BLINDING(conn, POSIX_GUARD_RESULT(result));
     482                 :            : 
     483         [ -  + ]:        119 :     POSIX_GUARD(s2n_stuffer_skip_write(&conn->buffer_in, bytes_read));
     484                 :            : 
     485                 :            :     /* We don't care about returning a full fragment because we don't need to decrypt.
     486                 :            :      * kTLS handled decryption already.
     487                 :            :      * So we can always set conn->in equal to the full buffer_in.
     488                 :            :      */
     489         [ -  + ]:        119 :     POSIX_GUARD_RESULT(s2n_recv_in_init(conn, bytes_read, bytes_read));
     490                 :        119 :     return S2N_SUCCESS;
     491                 :        119 : }
     492                 :            : 
     493                 :            : #endif
     494                 :            : 
     495                 :            : /* Suppress empty translation unit warning when compiled on Windows. */
     496                 :            : #pragma clang diagnostic ignored "-Wempty-translation-unit"

Generated by: LCOV version 1.14