1*b1a5c5c8Sjsing /* $OpenBSD: tls_buffer.c,v 1.4 2022/11/10 18:06:37 jsing Exp $ */
2f6184395Sjsing /*
324c399e9Sjsing * Copyright (c) 2018, 2019, 2022 Joel Sing <jsing@openbsd.org>
4f6184395Sjsing *
5f6184395Sjsing * Permission to use, copy, modify, and distribute this software for any
6f6184395Sjsing * purpose with or without fee is hereby granted, provided that the above
7f6184395Sjsing * copyright notice and this permission notice appear in all copies.
8f6184395Sjsing *
9f6184395Sjsing * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10f6184395Sjsing * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11f6184395Sjsing * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12f6184395Sjsing * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13f6184395Sjsing * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14f6184395Sjsing * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15f6184395Sjsing * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16f6184395Sjsing */
17f6184395Sjsing
18f6184395Sjsing #include <stdlib.h>
19f6184395Sjsing #include <string.h>
20f6184395Sjsing
21f6184395Sjsing #include "bytestring.h"
22f6184395Sjsing #include "tls_internal.h"
23f6184395Sjsing
2424c399e9Sjsing #define TLS_BUFFER_CAPACITY_LIMIT (1024 * 1024)
2524c399e9Sjsing
26f6184395Sjsing struct tls_buffer {
27f6184395Sjsing size_t capacity;
2824c399e9Sjsing size_t capacity_limit;
29f6184395Sjsing uint8_t *data;
30f6184395Sjsing size_t len;
31f6184395Sjsing size_t offset;
32f6184395Sjsing };
33f6184395Sjsing
34f6184395Sjsing static int tls_buffer_resize(struct tls_buffer *buf, size_t capacity);
35f6184395Sjsing
36f6184395Sjsing struct tls_buffer *
tls_buffer_new(size_t init_size)37f6184395Sjsing tls_buffer_new(size_t init_size)
38f6184395Sjsing {
39f6184395Sjsing struct tls_buffer *buf = NULL;
40f6184395Sjsing
41f6184395Sjsing if ((buf = calloc(1, sizeof(struct tls_buffer))) == NULL)
42f6184395Sjsing goto err;
43f6184395Sjsing
4424c399e9Sjsing buf->capacity_limit = TLS_BUFFER_CAPACITY_LIMIT;
4524c399e9Sjsing
46f6184395Sjsing if (!tls_buffer_resize(buf, init_size))
47f6184395Sjsing goto err;
48f6184395Sjsing
49f6184395Sjsing return buf;
50f6184395Sjsing
51f6184395Sjsing err:
52f6184395Sjsing tls_buffer_free(buf);
53f6184395Sjsing
54f6184395Sjsing return NULL;
55f6184395Sjsing }
56f6184395Sjsing
57f6184395Sjsing void
tls_buffer_clear(struct tls_buffer * buf)5824c399e9Sjsing tls_buffer_clear(struct tls_buffer *buf)
5924c399e9Sjsing {
6024c399e9Sjsing freezero(buf->data, buf->capacity);
6124c399e9Sjsing
6224c399e9Sjsing buf->data = NULL;
6324c399e9Sjsing buf->capacity = 0;
6424c399e9Sjsing buf->len = 0;
6524c399e9Sjsing buf->offset = 0;
6624c399e9Sjsing }
6724c399e9Sjsing
6824c399e9Sjsing void
tls_buffer_free(struct tls_buffer * buf)69f6184395Sjsing tls_buffer_free(struct tls_buffer *buf)
70f6184395Sjsing {
71f6184395Sjsing if (buf == NULL)
72f6184395Sjsing return;
73f6184395Sjsing
7424c399e9Sjsing tls_buffer_clear(buf);
7524c399e9Sjsing
76f6184395Sjsing freezero(buf, sizeof(struct tls_buffer));
77f6184395Sjsing }
78f6184395Sjsing
79f6184395Sjsing static int
tls_buffer_grow(struct tls_buffer * buf,size_t capacity)8024c399e9Sjsing tls_buffer_grow(struct tls_buffer *buf, size_t capacity)
8124c399e9Sjsing {
8224c399e9Sjsing if (buf->capacity >= capacity)
8324c399e9Sjsing return 1;
8424c399e9Sjsing
8524c399e9Sjsing return tls_buffer_resize(buf, capacity);
8624c399e9Sjsing }
8724c399e9Sjsing
8824c399e9Sjsing static int
tls_buffer_resize(struct tls_buffer * buf,size_t capacity)89f6184395Sjsing tls_buffer_resize(struct tls_buffer *buf, size_t capacity)
90f6184395Sjsing {
91f6184395Sjsing uint8_t *data;
92f6184395Sjsing
9324c399e9Sjsing /*
9424c399e9Sjsing * XXX - Consider maintaining a minimum size and growing more
9524c399e9Sjsing * intelligently (rather than exactly).
9624c399e9Sjsing */
97f6184395Sjsing if (buf->capacity == capacity)
98f6184395Sjsing return 1;
99f6184395Sjsing
10024c399e9Sjsing if (capacity > buf->capacity_limit)
10124c399e9Sjsing return 0;
10224c399e9Sjsing
103f6184395Sjsing if ((data = recallocarray(buf->data, buf->capacity, capacity, 1)) == NULL)
104f6184395Sjsing return 0;
105f6184395Sjsing
106f6184395Sjsing buf->data = data;
107f6184395Sjsing buf->capacity = capacity;
108f6184395Sjsing
10924c399e9Sjsing /* Ensure that len and offset are valid if capacity decreased. */
11024c399e9Sjsing if (buf->len > buf->capacity)
11124c399e9Sjsing buf->len = buf->capacity;
11224c399e9Sjsing if (buf->offset > buf->len)
11324c399e9Sjsing buf->offset = buf->len;
11424c399e9Sjsing
115f6184395Sjsing return 1;
116f6184395Sjsing }
117f6184395Sjsing
11824c399e9Sjsing void
tls_buffer_set_capacity_limit(struct tls_buffer * buf,size_t limit)11924c399e9Sjsing tls_buffer_set_capacity_limit(struct tls_buffer *buf, size_t limit)
12024c399e9Sjsing {
12124c399e9Sjsing /*
12224c399e9Sjsing * XXX - do we want to force a resize if this limit is less than current
12324c399e9Sjsing * capacity... and what do we do with existing data? Force a clear?
12424c399e9Sjsing */
12524c399e9Sjsing buf->capacity_limit = limit;
12624c399e9Sjsing }
12724c399e9Sjsing
128f6184395Sjsing ssize_t
tls_buffer_extend(struct tls_buffer * buf,size_t len,tls_read_cb read_cb,void * cb_arg)129f6184395Sjsing tls_buffer_extend(struct tls_buffer *buf, size_t len,
130f6184395Sjsing tls_read_cb read_cb, void *cb_arg)
131f6184395Sjsing {
132f6184395Sjsing ssize_t ret;
133f6184395Sjsing
134f6184395Sjsing if (len == buf->len)
135f6184395Sjsing return buf->len;
136f6184395Sjsing
137f6184395Sjsing if (len < buf->len)
138f6184395Sjsing return TLS_IO_FAILURE;
139f6184395Sjsing
140f6184395Sjsing if (!tls_buffer_resize(buf, len))
141f6184395Sjsing return TLS_IO_FAILURE;
142f6184395Sjsing
143f6184395Sjsing for (;;) {
144f6184395Sjsing if ((ret = read_cb(&buf->data[buf->len],
145f6184395Sjsing buf->capacity - buf->len, cb_arg)) <= 0)
146f6184395Sjsing return ret;
147f6184395Sjsing
148f6184395Sjsing if (ret > buf->capacity - buf->len)
149f6184395Sjsing return TLS_IO_FAILURE;
150f6184395Sjsing
151f6184395Sjsing buf->len += ret;
152f6184395Sjsing
153f6184395Sjsing if (buf->len == buf->capacity)
154f6184395Sjsing return buf->len;
155f6184395Sjsing }
156f6184395Sjsing }
157f6184395Sjsing
158*b1a5c5c8Sjsing size_t
tls_buffer_remaining(struct tls_buffer * buf)159*b1a5c5c8Sjsing tls_buffer_remaining(struct tls_buffer *buf)
160*b1a5c5c8Sjsing {
161*b1a5c5c8Sjsing if (buf->offset > buf->len)
162*b1a5c5c8Sjsing return 0;
163*b1a5c5c8Sjsing
164*b1a5c5c8Sjsing return buf->len - buf->offset;
165*b1a5c5c8Sjsing }
166*b1a5c5c8Sjsing
16724c399e9Sjsing ssize_t
tls_buffer_read(struct tls_buffer * buf,uint8_t * rbuf,size_t n)16824c399e9Sjsing tls_buffer_read(struct tls_buffer *buf, uint8_t *rbuf, size_t n)
169f6184395Sjsing {
17024c399e9Sjsing if (buf->offset > buf->len)
17124c399e9Sjsing return TLS_IO_FAILURE;
17224c399e9Sjsing
17324c399e9Sjsing if (buf->offset == buf->len)
17424c399e9Sjsing return TLS_IO_WANT_POLLIN;
17524c399e9Sjsing
17624c399e9Sjsing if (n > buf->len - buf->offset)
17724c399e9Sjsing n = buf->len - buf->offset;
17824c399e9Sjsing
17924c399e9Sjsing memcpy(rbuf, &buf->data[buf->offset], n);
18024c399e9Sjsing
18124c399e9Sjsing buf->offset += n;
18224c399e9Sjsing
18324c399e9Sjsing return n;
18424c399e9Sjsing }
18524c399e9Sjsing
18624c399e9Sjsing ssize_t
tls_buffer_write(struct tls_buffer * buf,const uint8_t * wbuf,size_t n)18724c399e9Sjsing tls_buffer_write(struct tls_buffer *buf, const uint8_t *wbuf, size_t n)
18824c399e9Sjsing {
18924c399e9Sjsing if (buf->offset > buf->len)
19024c399e9Sjsing return TLS_IO_FAILURE;
19124c399e9Sjsing
19224c399e9Sjsing /*
19324c399e9Sjsing * To avoid continually growing the buffer, pull data up to the
19424c399e9Sjsing * start of the buffer. If all data has been read then we can simply
19524c399e9Sjsing * reset, otherwise wait until we're going to save at least 4KB of
19624c399e9Sjsing * memory to reduce overhead.
19724c399e9Sjsing */
19824c399e9Sjsing if (buf->offset == buf->len) {
19924c399e9Sjsing buf->len = 0;
20024c399e9Sjsing buf->offset = 0;
20124c399e9Sjsing }
20224c399e9Sjsing if (buf->offset >= 4096) {
20324c399e9Sjsing memmove(buf->data, &buf->data[buf->offset],
20424c399e9Sjsing buf->len - buf->offset);
20524c399e9Sjsing buf->len -= buf->offset;
20624c399e9Sjsing buf->offset = 0;
20724c399e9Sjsing }
20824c399e9Sjsing
20924c399e9Sjsing if (buf->len > SIZE_MAX - n)
21024c399e9Sjsing return TLS_IO_FAILURE;
21124c399e9Sjsing if (!tls_buffer_grow(buf, buf->len + n))
21224c399e9Sjsing return TLS_IO_FAILURE;
21324c399e9Sjsing
21424c399e9Sjsing memcpy(&buf->data[buf->len], wbuf, n);
21524c399e9Sjsing
21624c399e9Sjsing buf->len += n;
21724c399e9Sjsing
21824c399e9Sjsing return n;
21924c399e9Sjsing }
22024c399e9Sjsing
22124c399e9Sjsing int
tls_buffer_append(struct tls_buffer * buf,const uint8_t * wbuf,size_t n)22224c399e9Sjsing tls_buffer_append(struct tls_buffer *buf, const uint8_t *wbuf, size_t n)
22324c399e9Sjsing {
22424c399e9Sjsing return tls_buffer_write(buf, wbuf, n) == n;
22524c399e9Sjsing }
22624c399e9Sjsing
22724c399e9Sjsing int
tls_buffer_data(struct tls_buffer * buf,CBS * out_cbs)22824c399e9Sjsing tls_buffer_data(struct tls_buffer *buf, CBS *out_cbs)
22924c399e9Sjsing {
23024c399e9Sjsing CBS cbs;
23124c399e9Sjsing
23224c399e9Sjsing CBS_init(&cbs, buf->data, buf->len);
23324c399e9Sjsing
23424c399e9Sjsing if (!CBS_skip(&cbs, buf->offset))
23524c399e9Sjsing return 0;
23624c399e9Sjsing
23724c399e9Sjsing CBS_dup(&cbs, out_cbs);
23824c399e9Sjsing
23924c399e9Sjsing return 1;
240f6184395Sjsing }
241f6184395Sjsing
242f6184395Sjsing int
tls_buffer_finish(struct tls_buffer * buf,uint8_t ** out,size_t * out_len)243f6184395Sjsing tls_buffer_finish(struct tls_buffer *buf, uint8_t **out, size_t *out_len)
244f6184395Sjsing {
245f6184395Sjsing if (out == NULL || out_len == NULL)
246f6184395Sjsing return 0;
247f6184395Sjsing
248f6184395Sjsing *out = buf->data;
249f6184395Sjsing *out_len = buf->len;
250f6184395Sjsing
251f6184395Sjsing buf->data = NULL;
25224c399e9Sjsing buf->capacity = 0;
253f6184395Sjsing buf->len = 0;
25424c399e9Sjsing buf->offset = 0;
255f6184395Sjsing
256f6184395Sjsing return 1;
257f6184395Sjsing }
258