• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include "internal/cryptlib.h"
11 #include "packet_local.h"
12 #include <openssl/sslerr.h>
13 
14 #define DEFAULT_BUF_SIZE    256
15 
WPACKET_allocate_bytes(WPACKET * pkt,size_t len,unsigned char ** allocbytes)16 int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
17 {
18     if (!WPACKET_reserve_bytes(pkt, len, allocbytes))
19         return 0;
20 
21     pkt->written += len;
22     pkt->curr += len;
23     return 1;
24 }
25 
WPACKET_sub_allocate_bytes__(WPACKET * pkt,size_t len,unsigned char ** allocbytes,size_t lenbytes)26 int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
27                                  unsigned char **allocbytes, size_t lenbytes)
28 {
29     if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
30             || !WPACKET_allocate_bytes(pkt, len, allocbytes)
31             || !WPACKET_close(pkt))
32         return 0;
33 
34     return 1;
35 }
36 
37 #define GETBUF(p)   (((p)->staticbuf != NULL) \
38                      ? (p)->staticbuf : (unsigned char *)(p)->buf->data)
39 
WPACKET_reserve_bytes(WPACKET * pkt,size_t len,unsigned char ** allocbytes)40 int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
41 {
42     /* Internal API, so should not fail */
43     if (!ossl_assert(pkt->subs != NULL && len != 0))
44         return 0;
45 
46     if (pkt->maxsize - pkt->written < len)
47         return 0;
48 
49     if (pkt->staticbuf == NULL && (pkt->buf->length - pkt->written < len)) {
50         size_t newlen;
51         size_t reflen;
52 
53         reflen = (len > pkt->buf->length) ? len : pkt->buf->length;
54 
55         if (reflen > SIZE_MAX / 2) {
56             newlen = SIZE_MAX;
57         } else {
58             newlen = reflen * 2;
59             if (newlen < DEFAULT_BUF_SIZE)
60                 newlen = DEFAULT_BUF_SIZE;
61         }
62         if (BUF_MEM_grow(pkt->buf, newlen) == 0)
63             return 0;
64     }
65     if (allocbytes != NULL)
66         *allocbytes = WPACKET_get_curr(pkt);
67 
68     return 1;
69 }
70 
WPACKET_sub_reserve_bytes__(WPACKET * pkt,size_t len,unsigned char ** allocbytes,size_t lenbytes)71 int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len,
72                                 unsigned char **allocbytes, size_t lenbytes)
73 {
74     if (!WPACKET_reserve_bytes(pkt, lenbytes + len, allocbytes))
75         return 0;
76 
77     *allocbytes += lenbytes;
78 
79     return 1;
80 }
81 
maxmaxsize(size_t lenbytes)82 static size_t maxmaxsize(size_t lenbytes)
83 {
84     if (lenbytes >= sizeof(size_t) || lenbytes == 0)
85         return SIZE_MAX;
86 
87     return ((size_t)1 << (lenbytes * 8)) - 1 + lenbytes;
88 }
89 
wpacket_intern_init_len(WPACKET * pkt,size_t lenbytes)90 static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes)
91 {
92     unsigned char *lenchars;
93 
94     pkt->curr = 0;
95     pkt->written = 0;
96 
97     if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) {
98         SSLerr(SSL_F_WPACKET_INTERN_INIT_LEN, ERR_R_MALLOC_FAILURE);
99         return 0;
100     }
101 
102     if (lenbytes == 0)
103         return 1;
104 
105     pkt->subs->pwritten = lenbytes;
106     pkt->subs->lenbytes = lenbytes;
107 
108     if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) {
109         OPENSSL_free(pkt->subs);
110         pkt->subs = NULL;
111         return 0;
112     }
113     pkt->subs->packet_len = lenchars - GETBUF(pkt);
114 
115     return 1;
116 }
117 
WPACKET_init_static_len(WPACKET * pkt,unsigned char * buf,size_t len,size_t lenbytes)118 int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len,
119                             size_t lenbytes)
120 {
121     size_t max = maxmaxsize(lenbytes);
122 
123     /* Internal API, so should not fail */
124     if (!ossl_assert(buf != NULL && len > 0))
125         return 0;
126 
127     pkt->staticbuf = buf;
128     pkt->buf = NULL;
129     pkt->maxsize = (max < len) ? max : len;
130 
131     return wpacket_intern_init_len(pkt, lenbytes);
132 }
133 
WPACKET_init_len(WPACKET * pkt,BUF_MEM * buf,size_t lenbytes)134 int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes)
135 {
136     /* Internal API, so should not fail */
137     if (!ossl_assert(buf != NULL))
138         return 0;
139 
140     pkt->staticbuf = NULL;
141     pkt->buf = buf;
142     pkt->maxsize = maxmaxsize(lenbytes);
143 
144     return wpacket_intern_init_len(pkt, lenbytes);
145 }
146 
WPACKET_init(WPACKET * pkt,BUF_MEM * buf)147 int WPACKET_init(WPACKET *pkt, BUF_MEM *buf)
148 {
149     return WPACKET_init_len(pkt, buf, 0);
150 }
151 
WPACKET_set_flags(WPACKET * pkt,unsigned int flags)152 int WPACKET_set_flags(WPACKET *pkt, unsigned int flags)
153 {
154     /* Internal API, so should not fail */
155     if (!ossl_assert(pkt->subs != NULL))
156         return 0;
157 
158     pkt->subs->flags = flags;
159 
160     return 1;
161 }
162 
163 /* Store the |value| of length |len| at location |data| */
put_value(unsigned char * data,size_t value,size_t len)164 static int put_value(unsigned char *data, size_t value, size_t len)
165 {
166     for (data += len - 1; len > 0; len--) {
167         *data = (unsigned char)(value & 0xff);
168         data--;
169         value >>= 8;
170     }
171 
172     /* Check whether we could fit the value in the assigned number of bytes */
173     if (value > 0)
174         return 0;
175 
176     return 1;
177 }
178 
179 
180 /*
181  * Internal helper function used by WPACKET_close(), WPACKET_finish() and
182  * WPACKET_fill_lengths() to close a sub-packet and write out its length if
183  * necessary. If |doclose| is 0 then it goes through the motions of closing
184  * (i.e. it fills in all the lengths), but doesn't actually close anything.
185  */
wpacket_intern_close(WPACKET * pkt,WPACKET_SUB * sub,int doclose)186 static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose)
187 {
188     size_t packlen = pkt->written - sub->pwritten;
189 
190     if (packlen == 0
191             && (sub->flags & WPACKET_FLAGS_NON_ZERO_LENGTH) != 0)
192         return 0;
193 
194     if (packlen == 0
195             && sub->flags & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) {
196         /* We can't handle this case. Return an error */
197         if (!doclose)
198             return 0;
199 
200         /* Deallocate any bytes allocated for the length of the WPACKET */
201         if ((pkt->curr - sub->lenbytes) == sub->packet_len) {
202             pkt->written -= sub->lenbytes;
203             pkt->curr -= sub->lenbytes;
204         }
205 
206         /* Don't write out the packet length */
207         sub->packet_len = 0;
208         sub->lenbytes = 0;
209     }
210 
211     /* Write out the WPACKET length if needed */
212     if (sub->lenbytes > 0
213                 && !put_value(&GETBUF(pkt)[sub->packet_len], packlen,
214                               sub->lenbytes))
215             return 0;
216 
217     if (doclose) {
218         pkt->subs = sub->parent;
219         OPENSSL_free(sub);
220     }
221 
222     return 1;
223 }
224 
WPACKET_fill_lengths(WPACKET * pkt)225 int WPACKET_fill_lengths(WPACKET *pkt)
226 {
227     WPACKET_SUB *sub;
228 
229     if (!ossl_assert(pkt->subs != NULL))
230         return 0;
231 
232     for (sub = pkt->subs; sub != NULL; sub = sub->parent) {
233         if (!wpacket_intern_close(pkt, sub, 0))
234             return 0;
235     }
236 
237     return 1;
238 }
239 
WPACKET_close(WPACKET * pkt)240 int WPACKET_close(WPACKET *pkt)
241 {
242     /*
243      * Internal API, so should not fail - but we do negative testing of this
244      * so no assert (otherwise the tests fail)
245      */
246     if (pkt->subs == NULL || pkt->subs->parent == NULL)
247         return 0;
248 
249     return wpacket_intern_close(pkt, pkt->subs, 1);
250 }
251 
WPACKET_finish(WPACKET * pkt)252 int WPACKET_finish(WPACKET *pkt)
253 {
254     int ret;
255 
256     /*
257      * Internal API, so should not fail - but we do negative testing of this
258      * so no assert (otherwise the tests fail)
259      */
260     if (pkt->subs == NULL || pkt->subs->parent != NULL)
261         return 0;
262 
263     ret = wpacket_intern_close(pkt, pkt->subs, 1);
264     if (ret) {
265         OPENSSL_free(pkt->subs);
266         pkt->subs = NULL;
267     }
268 
269     return ret;
270 }
271 
WPACKET_start_sub_packet_len__(WPACKET * pkt,size_t lenbytes)272 int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes)
273 {
274     WPACKET_SUB *sub;
275     unsigned char *lenchars;
276 
277     /* Internal API, so should not fail */
278     if (!ossl_assert(pkt->subs != NULL))
279         return 0;
280 
281     if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) {
282         SSLerr(SSL_F_WPACKET_START_SUB_PACKET_LEN__, ERR_R_MALLOC_FAILURE);
283         return 0;
284     }
285 
286     sub->parent = pkt->subs;
287     pkt->subs = sub;
288     sub->pwritten = pkt->written + lenbytes;
289     sub->lenbytes = lenbytes;
290 
291     if (lenbytes == 0) {
292         sub->packet_len = 0;
293         return 1;
294     }
295 
296     if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars))
297         return 0;
298     /* Convert to an offset in case the underlying BUF_MEM gets realloc'd */
299     sub->packet_len = lenchars - GETBUF(pkt);
300 
301     return 1;
302 }
303 
WPACKET_start_sub_packet(WPACKET * pkt)304 int WPACKET_start_sub_packet(WPACKET *pkt)
305 {
306     return WPACKET_start_sub_packet_len__(pkt, 0);
307 }
308 
WPACKET_put_bytes__(WPACKET * pkt,unsigned int val,size_t size)309 int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t size)
310 {
311     unsigned char *data;
312 
313     /* Internal API, so should not fail */
314     if (!ossl_assert(size <= sizeof(unsigned int))
315             || !WPACKET_allocate_bytes(pkt, size, &data)
316             || !put_value(data, val, size))
317         return 0;
318 
319     return 1;
320 }
321 
WPACKET_set_max_size(WPACKET * pkt,size_t maxsize)322 int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize)
323 {
324     WPACKET_SUB *sub;
325     size_t lenbytes;
326 
327     /* Internal API, so should not fail */
328     if (!ossl_assert(pkt->subs != NULL))
329         return 0;
330 
331     /* Find the WPACKET_SUB for the top level */
332     for (sub = pkt->subs; sub->parent != NULL; sub = sub->parent)
333         continue;
334 
335     lenbytes = sub->lenbytes;
336     if (lenbytes == 0)
337         lenbytes = sizeof(pkt->maxsize);
338 
339     if (maxmaxsize(lenbytes) < maxsize || maxsize < pkt->written)
340         return 0;
341 
342     pkt->maxsize = maxsize;
343 
344     return 1;
345 }
346 
WPACKET_memset(WPACKET * pkt,int ch,size_t len)347 int WPACKET_memset(WPACKET *pkt, int ch, size_t len)
348 {
349     unsigned char *dest;
350 
351     if (len == 0)
352         return 1;
353 
354     if (!WPACKET_allocate_bytes(pkt, len, &dest))
355         return 0;
356 
357     memset(dest, ch, len);
358 
359     return 1;
360 }
361 
WPACKET_memcpy(WPACKET * pkt,const void * src,size_t len)362 int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len)
363 {
364     unsigned char *dest;
365 
366     if (len == 0)
367         return 1;
368 
369     if (!WPACKET_allocate_bytes(pkt, len, &dest))
370         return 0;
371 
372     memcpy(dest, src, len);
373 
374     return 1;
375 }
376 
WPACKET_sub_memcpy__(WPACKET * pkt,const void * src,size_t len,size_t lenbytes)377 int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len,
378                          size_t lenbytes)
379 {
380     if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
381             || !WPACKET_memcpy(pkt, src, len)
382             || !WPACKET_close(pkt))
383         return 0;
384 
385     return 1;
386 }
387 
WPACKET_get_total_written(WPACKET * pkt,size_t * written)388 int WPACKET_get_total_written(WPACKET *pkt, size_t *written)
389 {
390     /* Internal API, so should not fail */
391     if (!ossl_assert(written != NULL))
392         return 0;
393 
394     *written = pkt->written;
395 
396     return 1;
397 }
398 
WPACKET_get_length(WPACKET * pkt,size_t * len)399 int WPACKET_get_length(WPACKET *pkt, size_t *len)
400 {
401     /* Internal API, so should not fail */
402     if (!ossl_assert(pkt->subs != NULL && len != NULL))
403         return 0;
404 
405     *len = pkt->written - pkt->subs->pwritten;
406 
407     return 1;
408 }
409 
WPACKET_get_curr(WPACKET * pkt)410 unsigned char *WPACKET_get_curr(WPACKET *pkt)
411 {
412     return GETBUF(pkt) + pkt->curr;
413 }
414 
WPACKET_cleanup(WPACKET * pkt)415 void WPACKET_cleanup(WPACKET *pkt)
416 {
417     WPACKET_SUB *sub, *parent;
418 
419     for (sub = pkt->subs; sub != NULL; sub = parent) {
420         parent = sub->parent;
421         OPENSSL_free(sub);
422     }
423     pkt->subs = NULL;
424 }
425