LCOV - code coverage report
Current view: top level - tls - s2n_send.c (source / functions) Hit Total Coverage
Test: unit_test_coverage.info Lines: 145 149 97.3 %
Date: 2026-07-04 07:27:58 Functions: 7 7 100.0 %
Branches: 107 142 75.4 %

           Branch data     Line data    Source code
       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #include <errno.h>
      17                 :            : 
      18                 :            : #include "api/s2n.h"
      19                 :            : #include "crypto/s2n_cipher.h"
      20                 :            : #include "error/s2n_errno.h"
      21                 :            : #include "stuffer/s2n_stuffer.h"
      22                 :            : #include "tls/s2n_alerts.h"
      23                 :            : #include "tls/s2n_cipher_suites.h"
      24                 :            : #include "tls/s2n_connection.h"
      25                 :            : #include "tls/s2n_handshake.h"
      26                 :            : #include "tls/s2n_internal.h"
      27                 :            : #include "tls/s2n_ktls.h"
      28                 :            : #include "tls/s2n_post_handshake.h"
      29                 :            : #include "tls/s2n_record.h"
      30                 :            : #include "utils/s2n_blob.h"
      31                 :            : #include "utils/s2n_io.h"
      32                 :            : #include "utils/s2n_safety.h"
      33                 :            : 
      34                 :            : /*
      35                 :            :  * Determine whether there is currently sufficient space in the send buffer to construct
      36                 :            :  * another record, or if we need to flush now.
      37                 :            :  *
      38                 :            :  * We only buffer multiple records when sending application data, NOT when
      39                 :            :  * sending handshake messages or alerts. If the next record is a post-handshake message
      40                 :            :  * or an alert, then the send buffer will be flushed regardless of the result of this method.
      41                 :            :  * Therefore we don't need to consider the size of any potential KeyUpdate messages,
      42                 :            :  * NewSessionTicket messages, or Alerts.
      43                 :            :  */
      44                 :            : bool s2n_should_flush(struct s2n_connection *conn, ssize_t total_message_size)
      45                 :     146119 : {
      46                 :            :     /* Always flush if not buffering multiple records. */
      47         [ +  + ]:     146119 :     if (!conn->multirecord_send) {
      48                 :     146088 :         return true;
      49                 :     146088 :     }
      50                 :            : 
      51                 :            :     /* Flush if all data has been sent. */
      52                 :         31 :     ssize_t remaining_payload_size = total_message_size - conn->current_user_data_consumed;
      53         [ +  + ]:         31 :     if (remaining_payload_size <= 0) {
      54                 :         10 :         return true;
      55                 :         10 :     }
      56                 :            : 
      57                 :         21 :     uint16_t max_payload_size = 0;
      58         [ -  + ]:         21 :     if (!s2n_result_is_ok(s2n_record_max_write_payload_size(conn, &max_payload_size))) {
      59                 :            :         /* When in doubt, flush */
      60                 :          0 :         return true;
      61                 :          0 :     }
      62         [ +  + ]:         21 :     max_payload_size = S2N_MIN(max_payload_size, remaining_payload_size);
      63                 :            : 
      64                 :         21 :     uint16_t max_write_size = 0;
      65         [ -  + ]:         21 :     if (!s2n_result_is_ok(s2n_record_max_write_size(conn, max_payload_size, &max_write_size))) {
      66                 :            :         /* When in doubt, flush */
      67                 :          0 :         return true;
      68                 :          0 :     }
      69                 :            : 
      70                 :            :     /* Flush if the stuffer can't store the max possible record size without growing.
      71                 :            :      *
      72                 :            :      * However, the stuffer is allocated when the record is sent, so if the stuffer
      73                 :            :      * hasn't been allocated, assume it will have enough space.
      74                 :            :      */
      75                 :         21 :     uint32_t available_space = s2n_stuffer_space_remaining(&conn->out);
      76 [ +  + ][ +  + ]:         21 :     if (available_space < max_write_size && !s2n_stuffer_is_freed(&conn->out)) {
      77                 :          5 :         return true;
      78                 :          5 :     }
      79                 :            : 
      80                 :         16 :     return false;
      81                 :         21 : }
      82                 :            : 
      83                 :            : int s2n_flush(struct s2n_connection *conn, s2n_blocked_status *blocked)
      84                 :     762963 : {
      85 [ #  # ][ -  + ]:     762963 :     POSIX_ENSURE_REF(conn);
      86 [ #  # ][ -  + ]:     762963 :     POSIX_ENSURE_REF(blocked);
      87                 :     762963 :     *blocked = S2N_BLOCKED_ON_WRITE;
      88                 :            : 
      89                 :            :     /* Write any data that's already pending */
      90         [ +  + ]:    1019977 :     while (s2n_stuffer_data_available(&conn->out)) {
      91                 :     496704 :         errno = 0;
      92                 :     496704 :         int w = s2n_connection_send_stuffer(&conn->out, conn, s2n_stuffer_data_available(&conn->out));
      93         [ +  + ]:     496704 :         POSIX_GUARD_RESULT(s2n_io_check_write_result(w));
      94                 :     257014 :         conn->wire_bytes_out += w;
      95                 :     257014 :     }
      96         [ -  + ]:     523273 :     POSIX_GUARD(s2n_stuffer_rewrite(&conn->out));
      97                 :            : 
      98         [ +  + ]:     523273 :     if (conn->reader_warning_out) {
      99         [ -  + ]:          4 :         POSIX_GUARD_RESULT(s2n_alerts_write_warning(conn));
     100                 :          4 :         conn->reader_warning_out = 0;
     101         [ -  + ]:          4 :         POSIX_GUARD(s2n_flush(conn, blocked));
     102                 :          4 :     }
     103                 :            : 
     104                 :     523273 :     *blocked = S2N_NOT_BLOCKED;
     105                 :     523273 :     return 0;
     106                 :     523273 : }
     107                 :            : 
     108                 :            : S2N_RESULT s2n_sendv_with_offset_total_size(const struct iovec *bufs, ssize_t count,
     109                 :            :         ssize_t offs, ssize_t *total_size_out)
     110                 :      72480 : {
     111 [ +  + ][ +  - ]:      72480 :     RESULT_ENSURE_REF(total_size_out);
     112         [ +  + ]:      72479 :     if (count > 0) {
     113 [ +  + ][ +  - ]:      72472 :         RESULT_ENSURE_REF(bufs);
     114                 :      72472 :     }
     115                 :            : 
     116                 :      72476 :     size_t total_size = 0;
     117         [ +  + ]:    2013766 :     for (ssize_t i = 0; i < count; i++) {
     118                 :    1941291 :         size_t iov_len = bufs[i].iov_len;
     119                 :            :         /* Account for any offset */
     120         [ +  + ]:    1941291 :         if (offs > 0) {
     121         [ +  + ]:    1764050 :             size_t offs_consumed = S2N_MIN((size_t) offs, iov_len);
     122                 :    1764050 :             iov_len -= offs_consumed;
     123                 :    1764050 :             offs -= offs_consumed;
     124                 :    1764050 :         }
     125 [ +  - ][ +  + ]:    1941291 :         RESULT_ENSURE(S2N_ADD_IS_OVERFLOW_SAFE(total_size, iov_len, SIZE_MAX),
                 [ +  - ]
     126                 :    1941290 :                 S2N_ERR_INVALID_ARGUMENT);
     127                 :    1941290 :         total_size += iov_len;
     128                 :    1941290 :     }
     129                 :            : 
     130                 :            :     /* We must have fully accounted for the offset, or else the offset is larger
     131                 :            :      * than the available data and our inputs are invalid.
     132                 :            :      */
     133 [ +  + ][ +  - ]:      72475 :     RESULT_ENSURE(offs == 0, S2N_ERR_INVALID_ARGUMENT);
     134                 :            : 
     135 [ +  - ][ +  + ]:      72467 :     RESULT_ENSURE(total_size <= SSIZE_MAX, S2N_ERR_INVALID_ARGUMENT);
     136                 :      72466 :     *total_size_out = total_size;
     137                 :      72466 :     return S2N_RESULT_OK;
     138                 :      72467 : }
     139                 :            : 
     140                 :            : ssize_t s2n_sendv_with_offset_impl(struct s2n_connection *conn, const struct iovec *bufs,
     141                 :            :         ssize_t count, ssize_t offs, s2n_blocked_status *blocked)
     142                 :     234136 : {
     143                 :     234136 :     ssize_t user_data_sent = 0, total_size = 0;
     144                 :            : 
     145 [ +  + ][ +  - ]:     234136 :     POSIX_ENSURE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE), S2N_ERR_CLOSED);
     146 [ +  + ][ +  - ]:     232608 :     POSIX_ENSURE(!s2n_connection_is_quic_enabled(conn), S2N_ERR_UNSUPPORTED_WITH_QUIC);
     147                 :            : 
     148                 :            :     /* Flush any pending I/O */
     149         [ +  + ]:     232605 :     POSIX_GUARD(s2n_flush(conn, blocked));
     150                 :            : 
     151         [ +  + ]:      23290 :     if (conn->ktls_send_enabled) {
     152                 :         50 :         return s2n_ktls_sendv_with_offset(conn, bufs, count, offs, blocked);
     153                 :         50 :     }
     154                 :            : 
     155                 :            :     /* Acknowledge consumed and flushed user data as sent */
     156                 :      23240 :     user_data_sent = conn->current_user_data_consumed;
     157                 :            : 
     158                 :      23240 :     *blocked = S2N_BLOCKED_ON_WRITE;
     159                 :            : 
     160                 :      23240 :     uint16_t max_payload_size = 0;
     161         [ -  + ]:      23240 :     POSIX_GUARD_RESULT(s2n_record_max_write_payload_size(conn, &max_payload_size));
     162                 :            : 
     163                 :            :     /* TLS 1.0 and SSLv3 are vulnerable to the so-called Beast attack. Work
     164                 :            :      * around this by splitting messages into one byte records, and then
     165                 :            :      * the remainder can follow as usual.
     166                 :            :      */
     167                 :      23240 :     int cbcHackUsed = 0;
     168                 :            : 
     169                 :      23240 :     struct s2n_crypto_parameters *writer = conn->server;
     170         [ +  + ]:      23240 :     if (conn->mode == S2N_CLIENT) {
     171                 :      16202 :         writer = conn->client;
     172                 :      16202 :     }
     173                 :            : 
     174         [ -  + ]:      23240 :     POSIX_GUARD_RESULT(s2n_sendv_with_offset_total_size(bufs, count, offs, &total_size));
     175                 :            :     /* Defensive check against an invalid retry */
     176 [ +  + ][ +  - ]:      23240 :     POSIX_ENSURE(conn->current_user_data_consumed <= total_size, S2N_ERR_SEND_SIZE);
     177         [ +  + ]:      23239 :     POSIX_GUARD_RESULT(s2n_early_data_validate_send(conn, total_size));
     178                 :            : 
     179         [ +  + ]:      23232 :     if (conn->dynamic_record_timeout_threshold > 0) {
     180                 :       3284 :         uint64_t elapsed = 0;
     181         [ -  + ]:       3284 :         POSIX_GUARD_RESULT(s2n_timer_elapsed(conn->config, &conn->write_timer, &elapsed));
     182                 :            :         /* Reset record size back to a single segment after threshold seconds of inactivity */
     183         [ +  + ]:       3284 :         if (elapsed - conn->last_write_elapsed > (uint64_t) conn->dynamic_record_timeout_threshold * 1000000000) {
     184                 :          7 :             conn->active_application_bytes_consumed = 0;
     185                 :          7 :         }
     186                 :       3284 :         conn->last_write_elapsed = elapsed;
     187                 :       3284 :     }
     188                 :            : 
     189                 :            :     /* Now write the data we were asked to send this round */
     190         [ +  + ]:     169202 :     while (total_size - conn->current_user_data_consumed) {
     191         [ +  + ]:     147164 :         ssize_t to_write = S2N_MIN(total_size - conn->current_user_data_consumed, max_payload_size);
     192                 :            : 
     193                 :            :         /* If dynamic record size is enabled,
     194                 :            :          * use small TLS records that fit into a single TCP segment for the threshold bytes of data
     195                 :            :          */
     196         [ +  + ]:     147164 :         if (conn->active_application_bytes_consumed < (uint64_t) conn->dynamic_record_resize_threshold) {
     197                 :        317 :             uint16_t min_payload_size = 0;
     198         [ -  + ]:        317 :             POSIX_GUARD_RESULT(s2n_record_min_write_payload_size(conn, &min_payload_size));
     199         [ +  + ]:        317 :             to_write = S2N_MIN(min_payload_size, to_write);
     200                 :        317 :         }
     201                 :            : 
     202                 :            :         /* Don't split messages in server mode for interoperability with naive clients.
     203                 :            :          * Some clients may have expectations based on the amount of content in the first record.
     204                 :            :          */
     205         [ +  + ]:     147164 :         if (conn->actual_protocol_version < S2N_TLS11
     206 [ +  + ][ +  + ]:     147164 :                 && writer->cipher_suite->record_alg->cipher->type == S2N_CBC && conn->mode != S2N_SERVER) {
     207 [ +  - ][ +  + ]:         48 :             if (to_write > 1 && cbcHackUsed == 0) {
     208                 :         24 :                 to_write = 1;
     209                 :         24 :                 cbcHackUsed = 1;
     210                 :         24 :             }
     211                 :         48 :         }
     212                 :            : 
     213         [ +  + ]:     147164 :         POSIX_GUARD(s2n_post_handshake_send(conn, blocked));
     214                 :            : 
     215                 :            :         /* Write and encrypt the record */
     216                 :     146110 :         int written_to_record = s2n_record_writev(conn, TLS_APPLICATION_DATA, bufs, count,
     217                 :     146110 :                 conn->current_user_data_consumed + offs, to_write);
     218         [ -  + ]:     146110 :         POSIX_GUARD(written_to_record);
     219                 :     146110 :         conn->current_user_data_consumed += written_to_record;
     220                 :     146110 :         conn->active_application_bytes_consumed += written_to_record;
     221                 :            : 
     222                 :            :         /* Send it, unless we're waiting for more records */
     223         [ +  + ]:     146110 :         if (s2n_should_flush(conn, total_size)) {
     224         [ +  + ]:     146100 :             if (s2n_flush(conn, blocked) < 0) {
     225 [ +  + ][ +  + ]:        140 :                 if (s2n_errno == S2N_ERR_IO_BLOCKED && user_data_sent > 0) {
     226                 :            :                     /* We successfully sent >0 user bytes on the wire, but not the full requested payload
     227                 :            :                      * because we became blocked on I/O. Acknowledge the data sent. */
     228                 :            : 
     229                 :        111 :                     conn->current_user_data_consumed -= user_data_sent;
     230                 :        111 :                     return user_data_sent;
     231                 :        111 :                 } else {
     232                 :         29 :                     S2N_ERROR_PRESERVE_ERRNO();
     233                 :         29 :                 }
     234                 :        140 :             }
     235                 :            : 
     236                 :            :             /* Acknowledge consumed and flushed user data as sent */
     237                 :     145960 :             user_data_sent = conn->current_user_data_consumed;
     238                 :     145960 :         }
     239                 :     146110 :     }
     240                 :            : 
     241                 :            :     /* If everything has been written, then there's no user data pending */
     242                 :      22038 :     conn->current_user_data_consumed = 0;
     243                 :            : 
     244                 :      22038 :     *blocked = S2N_NOT_BLOCKED;
     245                 :      22038 :     return total_size;
     246                 :      23232 : }
     247                 :            : 
     248                 :            : ssize_t s2n_sendv_with_offset(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count,
     249                 :            :         ssize_t offs, s2n_blocked_status *blocked)
     250                 :     234138 : {
     251 [ -  + ][ #  # ]:     234138 :     POSIX_ENSURE_REF(conn);
     252 [ -  + ][ #  # ]:     234138 :     POSIX_ENSURE_REF(blocked);
     253                 :     234138 :     *blocked = S2N_BLOCKED_ON_WRITE;
     254                 :            : 
     255 [ +  + ][ +  - ]:     234138 :     POSIX_ENSURE(!conn->send_in_use, S2N_ERR_REENTRANCY);
     256                 :     234136 :     conn->send_in_use = true;
     257                 :            : 
     258                 :     234136 :     ssize_t result = s2n_sendv_with_offset_impl(conn, bufs, count, offs, blocked);
     259         [ -  + ]:     234136 :     POSIX_GUARD_RESULT(s2n_early_data_record_bytes(conn, result));
     260                 :            : 
     261         [ -  + ]:     234136 :     POSIX_GUARD_RESULT(s2n_connection_dynamic_free_out_buffer(conn));
     262                 :            : 
     263                 :     234136 :     conn->send_in_use = false;
     264                 :     234136 :     return result;
     265                 :     234136 : }
     266                 :            : 
     267                 :            : ssize_t s2n_sendv(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count, s2n_blocked_status *blocked)
     268                 :         15 : {
     269                 :         15 :     return s2n_sendv_with_offset(conn, bufs, count, 0, blocked);
     270                 :         15 : }
     271                 :            : 
     272                 :            : ssize_t s2n_send(struct s2n_connection *conn, const void *buf, ssize_t size, s2n_blocked_status *blocked)
     273                 :     177055 : {
     274                 :     177055 :     struct iovec iov;
     275                 :     177055 :     iov.iov_base = (void *) (uintptr_t) buf;
     276                 :     177055 :     iov.iov_len = size;
     277                 :     177055 :     return s2n_sendv_with_offset(conn, &iov, 1, 0, blocked);
     278                 :     177055 : }

Generated by: LCOV version 1.14