Branch data Line data Source code
1 : : /*
2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 : : *
4 : : * Licensed under the Apache License, Version 2.0 (the "License").
5 : : * You may not use this file except in compliance with the License.
6 : : * A copy of the License is located at
7 : : *
8 : : * http://aws.amazon.com/apache2.0
9 : : *
10 : : * or in the "license" file accompanying this file. This file is distributed
11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 : : * express or implied. See the License for the specific language governing
13 : : * permissions and limitations under the License.
14 : : */
15 : :
16 : : #include <errno.h>
17 : :
18 : : #include "api/s2n.h"
19 : : #include "crypto/s2n_cipher.h"
20 : : #include "error/s2n_errno.h"
21 : : #include "stuffer/s2n_stuffer.h"
22 : : #include "tls/s2n_alerts.h"
23 : : #include "tls/s2n_cipher_suites.h"
24 : : #include "tls/s2n_connection.h"
25 : : #include "tls/s2n_handshake.h"
26 : : #include "tls/s2n_internal.h"
27 : : #include "tls/s2n_ktls.h"
28 : : #include "tls/s2n_post_handshake.h"
29 : : #include "tls/s2n_record.h"
30 : : #include "utils/s2n_blob.h"
31 : : #include "utils/s2n_io.h"
32 : : #include "utils/s2n_safety.h"
33 : :
34 : : /*
35 : : * Determine whether there is currently sufficient space in the send buffer to construct
36 : : * another record, or if we need to flush now.
37 : : *
38 : : * We only buffer multiple records when sending application data, NOT when
39 : : * sending handshake messages or alerts. If the next record is a post-handshake message
40 : : * or an alert, then the send buffer will be flushed regardless of the result of this method.
41 : : * Therefore we don't need to consider the size of any potential KeyUpdate messages,
42 : : * NewSessionTicket messages, or Alerts.
43 : : */
44 : : bool s2n_should_flush(struct s2n_connection *conn, ssize_t total_message_size)
45 : 146119 : {
46 : : /* Always flush if not buffering multiple records. */
47 [ + + ]: 146119 : if (!conn->multirecord_send) {
48 : 146088 : return true;
49 : 146088 : }
50 : :
51 : : /* Flush if all data has been sent. */
52 : 31 : ssize_t remaining_payload_size = total_message_size - conn->current_user_data_consumed;
53 [ + + ]: 31 : if (remaining_payload_size <= 0) {
54 : 10 : return true;
55 : 10 : }
56 : :
57 : 21 : uint16_t max_payload_size = 0;
58 [ - + ]: 21 : if (!s2n_result_is_ok(s2n_record_max_write_payload_size(conn, &max_payload_size))) {
59 : : /* When in doubt, flush */
60 : 0 : return true;
61 : 0 : }
62 [ + + ]: 21 : max_payload_size = S2N_MIN(max_payload_size, remaining_payload_size);
63 : :
64 : 21 : uint16_t max_write_size = 0;
65 [ - + ]: 21 : if (!s2n_result_is_ok(s2n_record_max_write_size(conn, max_payload_size, &max_write_size))) {
66 : : /* When in doubt, flush */
67 : 0 : return true;
68 : 0 : }
69 : :
70 : : /* Flush if the stuffer can't store the max possible record size without growing.
71 : : *
72 : : * However, the stuffer is allocated when the record is sent, so if the stuffer
73 : : * hasn't been allocated, assume it will have enough space.
74 : : */
75 : 21 : uint32_t available_space = s2n_stuffer_space_remaining(&conn->out);
76 [ + + ][ + + ]: 21 : if (available_space < max_write_size && !s2n_stuffer_is_freed(&conn->out)) {
77 : 5 : return true;
78 : 5 : }
79 : :
80 : 16 : return false;
81 : 21 : }
82 : :
83 : : int s2n_flush(struct s2n_connection *conn, s2n_blocked_status *blocked)
84 : 762963 : {
85 [ # # ][ - + ]: 762963 : POSIX_ENSURE_REF(conn);
86 [ # # ][ - + ]: 762963 : POSIX_ENSURE_REF(blocked);
87 : 762963 : *blocked = S2N_BLOCKED_ON_WRITE;
88 : :
89 : : /* Write any data that's already pending */
90 [ + + ]: 1019977 : while (s2n_stuffer_data_available(&conn->out)) {
91 : 496704 : errno = 0;
92 : 496704 : int w = s2n_connection_send_stuffer(&conn->out, conn, s2n_stuffer_data_available(&conn->out));
93 [ + + ]: 496704 : POSIX_GUARD_RESULT(s2n_io_check_write_result(w));
94 : 257014 : conn->wire_bytes_out += w;
95 : 257014 : }
96 [ - + ]: 523273 : POSIX_GUARD(s2n_stuffer_rewrite(&conn->out));
97 : :
98 [ + + ]: 523273 : if (conn->reader_warning_out) {
99 [ - + ]: 4 : POSIX_GUARD_RESULT(s2n_alerts_write_warning(conn));
100 : 4 : conn->reader_warning_out = 0;
101 [ - + ]: 4 : POSIX_GUARD(s2n_flush(conn, blocked));
102 : 4 : }
103 : :
104 : 523273 : *blocked = S2N_NOT_BLOCKED;
105 : 523273 : return 0;
106 : 523273 : }
107 : :
108 : : S2N_RESULT s2n_sendv_with_offset_total_size(const struct iovec *bufs, ssize_t count,
109 : : ssize_t offs, ssize_t *total_size_out)
110 : 72480 : {
111 [ + + ][ + - ]: 72480 : RESULT_ENSURE_REF(total_size_out);
112 [ + + ]: 72479 : if (count > 0) {
113 [ + + ][ + - ]: 72472 : RESULT_ENSURE_REF(bufs);
114 : 72472 : }
115 : :
116 : 72476 : size_t total_size = 0;
117 [ + + ]: 2013766 : for (ssize_t i = 0; i < count; i++) {
118 : 1941291 : size_t iov_len = bufs[i].iov_len;
119 : : /* Account for any offset */
120 [ + + ]: 1941291 : if (offs > 0) {
121 [ + + ]: 1764050 : size_t offs_consumed = S2N_MIN((size_t) offs, iov_len);
122 : 1764050 : iov_len -= offs_consumed;
123 : 1764050 : offs -= offs_consumed;
124 : 1764050 : }
125 [ + - ][ + + ]: 1941291 : RESULT_ENSURE(S2N_ADD_IS_OVERFLOW_SAFE(total_size, iov_len, SIZE_MAX),
[ + - ]
126 : 1941290 : S2N_ERR_INVALID_ARGUMENT);
127 : 1941290 : total_size += iov_len;
128 : 1941290 : }
129 : :
130 : : /* We must have fully accounted for the offset, or else the offset is larger
131 : : * than the available data and our inputs are invalid.
132 : : */
133 [ + + ][ + - ]: 72475 : RESULT_ENSURE(offs == 0, S2N_ERR_INVALID_ARGUMENT);
134 : :
135 [ + - ][ + + ]: 72467 : RESULT_ENSURE(total_size <= SSIZE_MAX, S2N_ERR_INVALID_ARGUMENT);
136 : 72466 : *total_size_out = total_size;
137 : 72466 : return S2N_RESULT_OK;
138 : 72467 : }
139 : :
140 : : ssize_t s2n_sendv_with_offset_impl(struct s2n_connection *conn, const struct iovec *bufs,
141 : : ssize_t count, ssize_t offs, s2n_blocked_status *blocked)
142 : 234136 : {
143 : 234136 : ssize_t user_data_sent = 0, total_size = 0;
144 : :
145 [ + + ][ + - ]: 234136 : POSIX_ENSURE(s2n_connection_check_io_status(conn, S2N_IO_WRITABLE), S2N_ERR_CLOSED);
146 [ + + ][ + - ]: 232608 : POSIX_ENSURE(!s2n_connection_is_quic_enabled(conn), S2N_ERR_UNSUPPORTED_WITH_QUIC);
147 : :
148 : : /* Flush any pending I/O */
149 [ + + ]: 232605 : POSIX_GUARD(s2n_flush(conn, blocked));
150 : :
151 [ + + ]: 23290 : if (conn->ktls_send_enabled) {
152 : 50 : return s2n_ktls_sendv_with_offset(conn, bufs, count, offs, blocked);
153 : 50 : }
154 : :
155 : : /* Acknowledge consumed and flushed user data as sent */
156 : 23240 : user_data_sent = conn->current_user_data_consumed;
157 : :
158 : 23240 : *blocked = S2N_BLOCKED_ON_WRITE;
159 : :
160 : 23240 : uint16_t max_payload_size = 0;
161 [ - + ]: 23240 : POSIX_GUARD_RESULT(s2n_record_max_write_payload_size(conn, &max_payload_size));
162 : :
163 : : /* TLS 1.0 and SSLv3 are vulnerable to the so-called Beast attack. Work
164 : : * around this by splitting messages into one byte records, and then
165 : : * the remainder can follow as usual.
166 : : */
167 : 23240 : int cbcHackUsed = 0;
168 : :
169 : 23240 : struct s2n_crypto_parameters *writer = conn->server;
170 [ + + ]: 23240 : if (conn->mode == S2N_CLIENT) {
171 : 16202 : writer = conn->client;
172 : 16202 : }
173 : :
174 [ - + ]: 23240 : POSIX_GUARD_RESULT(s2n_sendv_with_offset_total_size(bufs, count, offs, &total_size));
175 : : /* Defensive check against an invalid retry */
176 [ + + ][ + - ]: 23240 : POSIX_ENSURE(conn->current_user_data_consumed <= total_size, S2N_ERR_SEND_SIZE);
177 [ + + ]: 23239 : POSIX_GUARD_RESULT(s2n_early_data_validate_send(conn, total_size));
178 : :
179 [ + + ]: 23232 : if (conn->dynamic_record_timeout_threshold > 0) {
180 : 3284 : uint64_t elapsed = 0;
181 [ - + ]: 3284 : POSIX_GUARD_RESULT(s2n_timer_elapsed(conn->config, &conn->write_timer, &elapsed));
182 : : /* Reset record size back to a single segment after threshold seconds of inactivity */
183 [ + + ]: 3284 : if (elapsed - conn->last_write_elapsed > (uint64_t) conn->dynamic_record_timeout_threshold * 1000000000) {
184 : 7 : conn->active_application_bytes_consumed = 0;
185 : 7 : }
186 : 3284 : conn->last_write_elapsed = elapsed;
187 : 3284 : }
188 : :
189 : : /* Now write the data we were asked to send this round */
190 [ + + ]: 169202 : while (total_size - conn->current_user_data_consumed) {
191 [ + + ]: 147164 : ssize_t to_write = S2N_MIN(total_size - conn->current_user_data_consumed, max_payload_size);
192 : :
193 : : /* If dynamic record size is enabled,
194 : : * use small TLS records that fit into a single TCP segment for the threshold bytes of data
195 : : */
196 [ + + ]: 147164 : if (conn->active_application_bytes_consumed < (uint64_t) conn->dynamic_record_resize_threshold) {
197 : 317 : uint16_t min_payload_size = 0;
198 [ - + ]: 317 : POSIX_GUARD_RESULT(s2n_record_min_write_payload_size(conn, &min_payload_size));
199 [ + + ]: 317 : to_write = S2N_MIN(min_payload_size, to_write);
200 : 317 : }
201 : :
202 : : /* Don't split messages in server mode for interoperability with naive clients.
203 : : * Some clients may have expectations based on the amount of content in the first record.
204 : : */
205 [ + + ]: 147164 : if (conn->actual_protocol_version < S2N_TLS11
206 [ + + ][ + + ]: 147164 : && writer->cipher_suite->record_alg->cipher->type == S2N_CBC && conn->mode != S2N_SERVER) {
207 [ + - ][ + + ]: 48 : if (to_write > 1 && cbcHackUsed == 0) {
208 : 24 : to_write = 1;
209 : 24 : cbcHackUsed = 1;
210 : 24 : }
211 : 48 : }
212 : :
213 [ + + ]: 147164 : POSIX_GUARD(s2n_post_handshake_send(conn, blocked));
214 : :
215 : : /* Write and encrypt the record */
216 : 146110 : int written_to_record = s2n_record_writev(conn, TLS_APPLICATION_DATA, bufs, count,
217 : 146110 : conn->current_user_data_consumed + offs, to_write);
218 [ - + ]: 146110 : POSIX_GUARD(written_to_record);
219 : 146110 : conn->current_user_data_consumed += written_to_record;
220 : 146110 : conn->active_application_bytes_consumed += written_to_record;
221 : :
222 : : /* Send it, unless we're waiting for more records */
223 [ + + ]: 146110 : if (s2n_should_flush(conn, total_size)) {
224 [ + + ]: 146100 : if (s2n_flush(conn, blocked) < 0) {
225 [ + + ][ + + ]: 140 : if (s2n_errno == S2N_ERR_IO_BLOCKED && user_data_sent > 0) {
226 : : /* We successfully sent >0 user bytes on the wire, but not the full requested payload
227 : : * because we became blocked on I/O. Acknowledge the data sent. */
228 : :
229 : 111 : conn->current_user_data_consumed -= user_data_sent;
230 : 111 : return user_data_sent;
231 : 111 : } else {
232 : 29 : S2N_ERROR_PRESERVE_ERRNO();
233 : 29 : }
234 : 140 : }
235 : :
236 : : /* Acknowledge consumed and flushed user data as sent */
237 : 145960 : user_data_sent = conn->current_user_data_consumed;
238 : 145960 : }
239 : 146110 : }
240 : :
241 : : /* If everything has been written, then there's no user data pending */
242 : 22038 : conn->current_user_data_consumed = 0;
243 : :
244 : 22038 : *blocked = S2N_NOT_BLOCKED;
245 : 22038 : return total_size;
246 : 23232 : }
247 : :
248 : : ssize_t s2n_sendv_with_offset(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count,
249 : : ssize_t offs, s2n_blocked_status *blocked)
250 : 234138 : {
251 [ - + ][ # # ]: 234138 : POSIX_ENSURE_REF(conn);
252 [ - + ][ # # ]: 234138 : POSIX_ENSURE_REF(blocked);
253 : 234138 : *blocked = S2N_BLOCKED_ON_WRITE;
254 : :
255 [ + + ][ + - ]: 234138 : POSIX_ENSURE(!conn->send_in_use, S2N_ERR_REENTRANCY);
256 : 234136 : conn->send_in_use = true;
257 : :
258 : 234136 : ssize_t result = s2n_sendv_with_offset_impl(conn, bufs, count, offs, blocked);
259 [ - + ]: 234136 : POSIX_GUARD_RESULT(s2n_early_data_record_bytes(conn, result));
260 : :
261 [ - + ]: 234136 : POSIX_GUARD_RESULT(s2n_connection_dynamic_free_out_buffer(conn));
262 : :
263 : 234136 : conn->send_in_use = false;
264 : 234136 : return result;
265 : 234136 : }
266 : :
267 : : ssize_t s2n_sendv(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count, s2n_blocked_status *blocked)
268 : 15 : {
269 : 15 : return s2n_sendv_with_offset(conn, bufs, count, 0, blocked);
270 : 15 : }
271 : :
272 : : ssize_t s2n_send(struct s2n_connection *conn, const void *buf, ssize_t size, s2n_blocked_status *blocked)
273 : 177055 : {
274 : 177055 : struct iovec iov;
275 : 177055 : iov.iov_base = (void *) (uintptr_t) buf;
276 : 177055 : iov.iov_len = size;
277 : 177055 : return s2n_sendv_with_offset(conn, &iov, 1, 0, blocked);
278 : 177055 : }
|