1/*
2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License").  You may not use
5 * this file except in compliance with the License.  You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include "../ssl_local.h"
11#include "record_local.h"
12
13void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n)
14{
15    if (d != NULL)
16        memcpy(b->buf, d, n);
17    b->left = n;
18    b->offset = 0;
19}
20
21/*
22 * Clear the contents of an SSL3_BUFFER but retain any memory allocated. Also
23 * retains the default_len setting
24 */
25void SSL3_BUFFER_clear(SSL3_BUFFER *b)
26{
27    b->offset = 0;
28    b->left = 0;
29}
30
31void SSL3_BUFFER_release(SSL3_BUFFER *b)
32{
33    OPENSSL_free(b->buf);
34    b->buf = NULL;
35}
36
37int ssl3_setup_read_buffer(SSL *s)
38{
39    unsigned char *p;
40    size_t len, align = 0, headerlen;
41    SSL3_BUFFER *b;
42
43    b = RECORD_LAYER_get_rbuf(&s->rlayer);
44
45    if (SSL_IS_DTLS(s))
46        headerlen = DTLS1_RT_HEADER_LENGTH;
47    else
48        headerlen = SSL3_RT_HEADER_LENGTH;
49
50#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
51    align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
52#endif
53
54    if (b->buf == NULL) {
55        len = SSL3_RT_MAX_PLAIN_LENGTH
56            + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
57#ifndef OPENSSL_NO_COMP
58        if (ssl_allow_compression(s))
59            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
60#endif
61
62        /* Ensure our buffer is large enough to support all our pipelines */
63        if (s->max_pipelines > 1)
64            len *= s->max_pipelines;
65
66        if (b->default_len > len)
67            len = b->default_len;
68        if ((p = OPENSSL_malloc(len)) == NULL) {
69            /*
70             * We've got a malloc failure, and we're still initialising buffers.
71             * We assume we're so doomed that we won't even be able to send an
72             * alert.
73             */
74            SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_MALLOC_FAILURE);
75            return 0;
76        }
77        b->buf = p;
78        b->len = len;
79    }
80
81    return 1;
82}
83
84int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
85{
86    unsigned char *p;
87    size_t align = 0, headerlen;
88    SSL3_BUFFER *wb;
89    size_t currpipe;
90
91    s->rlayer.numwpipes = numwpipes;
92
93    if (len == 0) {
94        if (SSL_IS_DTLS(s))
95            headerlen = DTLS1_RT_HEADER_LENGTH + 1;
96        else
97            headerlen = SSL3_RT_HEADER_LENGTH;
98
99#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
100        align = SSL3_ALIGN_PAYLOAD - 1;
101#endif
102
103        len = ssl_get_max_send_fragment(s)
104            + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align
105            + SSL_RT_MAX_CIPHER_BLOCK_SIZE /* Explicit IV allowance */;
106#ifndef OPENSSL_NO_COMP
107        if (ssl_allow_compression(s))
108            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
109#endif
110        /*
111         * We don't need to add an allowance for eivlen here since empty
112         * fragments only occur when we don't have an explicit IV
113         */
114        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
115            len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
116    }
117
118    wb = RECORD_LAYER_get_wbuf(&s->rlayer);
119    for (currpipe = 0; currpipe < numwpipes; currpipe++) {
120        SSL3_BUFFER *thiswb = &wb[currpipe];
121
122        if (thiswb->len != len) {
123            OPENSSL_free(thiswb->buf);
124            thiswb->buf = NULL;         /* force reallocation */
125        }
126
127        if (thiswb->buf == NULL) {
128            if (s->wbio == NULL || !BIO_get_ktls_send(s->wbio)) {
129                p = OPENSSL_malloc(len);
130                if (p == NULL) {
131                    s->rlayer.numwpipes = currpipe;
132                    /*
133                     * We've got a malloc failure, and we're still initialising
134                     * buffers. We assume we're so doomed that we won't even be able
135                     * to send an alert.
136                     */
137                    SSLfatal(s, SSL_AD_NO_ALERT, ERR_R_MALLOC_FAILURE);
138                    return 0;
139                }
140            } else {
141                p = NULL;
142            }
143            memset(thiswb, 0, sizeof(SSL3_BUFFER));
144            thiswb->buf = p;
145            thiswb->len = len;
146        }
147    }
148
149    return 1;
150}
151
152int ssl3_setup_buffers(SSL *s)
153{
154    if (!ssl3_setup_read_buffer(s)) {
155        /* SSLfatal() already called */
156        return 0;
157    }
158    if (!ssl3_setup_write_buffer(s, 1, 0)) {
159        /* SSLfatal() already called */
160        return 0;
161    }
162    return 1;
163}
164
165int ssl3_release_write_buffer(SSL *s)
166{
167    SSL3_BUFFER *wb;
168    size_t pipes;
169
170    pipes = s->rlayer.numwpipes;
171    while (pipes > 0) {
172        wb = &RECORD_LAYER_get_wbuf(&s->rlayer)[pipes - 1];
173
174        if (SSL3_BUFFER_is_app_buffer(wb))
175            SSL3_BUFFER_set_app_buffer(wb, 0);
176        else
177            OPENSSL_free(wb->buf);
178        wb->buf = NULL;
179        pipes--;
180    }
181    s->rlayer.numwpipes = 0;
182    return 1;
183}
184
185int ssl3_release_read_buffer(SSL *s)
186{
187    SSL3_BUFFER *b;
188
189    b = RECORD_LAYER_get_rbuf(&s->rlayer);
190    if (s->options & SSL_OP_CLEANSE_PLAINTEXT)
191        OPENSSL_cleanse(b->buf, b->len);
192    OPENSSL_free(b->buf);
193    b->buf = NULL;
194    s->rlayer.packet = NULL;
195    s->rlayer.packet_length = 0;
196    return 1;
197}
198