* https://www.openssl.org/source/license.html
*/
+#include <assert.h>
#include "packet_locl.h"
-/*
- * Allocate bytes in the WPACKET for the output. This reserves the bytes
- * and count them as "written", but doesn't actually do the writing.
- */
+#define DEFAULT_BUF_SIZE 256
+
int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
{
- if (pkt->subs == NULL || len == 0)
+ if (!WPACKET_reserve_bytes(pkt, len, allocbytes))
+ return 0;
+
+ pkt->written += len;
+ pkt->curr += len;
+ return 1;
+}
+
+int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
+ unsigned char **allocbytes, size_t lenbytes)
+{
+ if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
+ || !WPACKET_allocate_bytes(pkt, len, allocbytes)
+ || !WPACKET_close(pkt))
return 0;
- if (SIZE_MAX - pkt->written < len)
+ return 1;
+}
+
+#define GETBUF(p) (((p)->staticbuf != NULL) \
+ ? (p)->staticbuf : (unsigned char *)(p)->buf->data)
+
+int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
+{
+ /* Internal API, so should not fail */
+ assert(pkt->subs != NULL && len != 0);
+ if (pkt->subs == NULL || len == 0)
return 0;
- if (pkt->maxsize > 0 && pkt->written + len > pkt->maxsize)
+ if (pkt->maxsize - pkt->written < len)
return 0;
- if (pkt->buf->length - pkt->written < len) {
+ if (pkt->staticbuf == NULL && (pkt->buf->length - pkt->written < len)) {
size_t newlen;
+ size_t reflen;
- if (pkt->buf->length > SIZE_MAX / 2)
+ reflen = (len > pkt->buf->length) ? len : pkt->buf->length;
+
+ if (reflen > SIZE_MAX / 2) {
newlen = SIZE_MAX;
- else
- newlen = pkt->buf->length * 2;
+ } else {
+ newlen = reflen * 2;
+ if (newlen < DEFAULT_BUF_SIZE)
+ newlen = DEFAULT_BUF_SIZE;
+ }
if (BUF_MEM_grow(pkt->buf, newlen) == 0)
return 0;
}
- pkt->written += len;
- *allocbytes = pkt->curr;
- pkt->curr += len;
+ if (allocbytes != NULL)
+ *allocbytes = WPACKET_get_curr(pkt);
return 1;
}
-/*
- * Initialise a WPACKET with the buffer in |buf|. The buffer must exist
- * for the whole time that the WPACKET is being used. Additionally |lenbytes| of
- * data is preallocated at the start of the buffer to store the length of the
- * WPACKET once we know it.
- */
-int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes)
+int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len,
+ unsigned char **allocbytes, size_t lenbytes)
{
- /* Sanity check */
- if (buf == NULL)
+ if (!WPACKET_reserve_bytes(pkt, lenbytes + len, allocbytes))
return 0;
- pkt->buf = buf;
- pkt->curr = (unsigned char *)buf->data;
+ *allocbytes += lenbytes;
+
+ return 1;
+}
+
+static size_t maxmaxsize(size_t lenbytes)
+{
+ if (lenbytes >= sizeof(size_t) || lenbytes == 0)
+ return SIZE_MAX;
+
+ return ((size_t)1 << (lenbytes * 8)) - 1 + lenbytes;
+}
+
+static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes)
+{
+ unsigned char *lenchars;
+
+ pkt->curr = 0;
pkt->written = 0;
- pkt->maxsize = 0;
pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs));
if (pkt->subs == NULL)
pkt->subs->pwritten = lenbytes;
pkt->subs->lenbytes = lenbytes;
- if (!WPACKET_allocate_bytes(pkt, lenbytes, &(pkt->subs->packet_len))) {
+ if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) {
OPENSSL_free(pkt->subs);
pkt->subs = NULL;
return 0;
}
+ pkt->subs->packet_len = lenchars - GETBUF(pkt);
return 1;
}
-/*
- * Same as WPACKET_init_len except there is no preallocation of the WPACKET
- * length.
- */
-int WPACKET_init(WPACKET *pkt, BUF_MEM *buf)
+int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len,
+ size_t lenbytes)
{
- return WPACKET_init_len(pkt, buf, 0);
+ size_t max = maxmaxsize(lenbytes);
+
+ /* Internal API, so should not fail */
+ assert(buf != NULL && len > 0);
+ if (buf == NULL || len == 0)
+ return 0;
+
+ pkt->staticbuf = buf;
+ pkt->buf = NULL;
+ pkt->maxsize = (max < len) ? max : len;
+
+ return wpacket_intern_init_len(pkt, lenbytes);
}
-/*
- * Set the WPACKET length, and the location for where we should write that
- * length. Normally this will be at the start of the WPACKET, and therefore
- * the WPACKET would have been initialised via WPACKET_init_len(). However there
- * is the possibility that the length needs to be written to some other location
- * other than the start of the WPACKET. In that case init via WPACKET_init() and
- * then set the location for the length using this function.
- */
-int WPACKET_set_packet_len(WPACKET *pkt, unsigned char *packet_len,
- size_t lenbytes)
+int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes)
{
- /* We only allow this to be set once */
- if (pkt->subs == NULL)
+ /* Internal API, so should not fail */
+ assert(buf != NULL);
+ if (buf == NULL)
return 0;
- pkt->subs->lenbytes = lenbytes;
- pkt->subs->packet_len = packet_len;
+ pkt->staticbuf = NULL;
+ pkt->buf = buf;
+ pkt->maxsize = maxmaxsize(lenbytes);
- return 1;
+ return wpacket_intern_init_len(pkt, lenbytes);
+}
+
+int WPACKET_init(WPACKET *pkt, BUF_MEM *buf)
+{
+ return WPACKET_init_len(pkt, buf, 0);
}
int WPACKET_set_flags(WPACKET *pkt, unsigned int flags)
{
+ /* Internal API, so should not fail */
+ assert(pkt->subs != NULL);
if (pkt->subs == NULL)
return 0;
return 1;
}
+/* Store the |value| of length |len| at location |data| */
+static int put_value(unsigned char *data, size_t value, size_t len)
+{
+ for (data += len - 1; len > 0; len--) {
+ *data = (unsigned char)(value & 0xff);
+ data--;
+ value >>= 8;
+ }
+
+ /* Check whether we could fit the value in the assigned number of bytes */
+ if (value > 0)
+ return 0;
+
+ return 1;
+}
+
/*
- * Internal helper function used by WPACKET_close() and WPACKET_finish() to
- * close a sub-packet and write out its length if necessary.
+ * Internal helper function used by WPACKET_close(), WPACKET_finish() and
+ * WPACKET_fill_lengths() to close a sub-packet and write out its length if
+ * necessary. If |doclose| is 0 then it goes through the motions of closing
+ * (i.e. it fills in all the lengths), but doesn't actually close anything.
*/
-static int wpacket_intern_close(WPACKET *pkt)
+static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose)
{
- size_t packlen;
- WPACKET_SUB *sub = pkt->subs;
+ size_t packlen = pkt->written - sub->pwritten;
- packlen = pkt->written - sub->pwritten;
if (packlen == 0
- && sub->flags & OPENSSL_WPACKET_FLAGS_NON_ZERO_LENGTH)
+ && (sub->flags & WPACKET_FLAGS_NON_ZERO_LENGTH) != 0)
return 0;
if (packlen == 0
- && sub->flags & OPENSSL_WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) {
+ && sub->flags & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) {
+ /* We can't handle this case. Return an error */
+ if (!doclose)
+ return 0;
+
/* Deallocate any bytes allocated for the length of the WPACKET */
if ((pkt->curr - sub->lenbytes) == sub->packet_len) {
pkt->written -= sub->lenbytes;
}
/* Don't write out the packet length */
- sub->packet_len = NULL;
+ sub->packet_len = 0;
+ sub->lenbytes = 0;
}
/* Write out the WPACKET length if needed */
- if (sub->packet_len != NULL) {
- size_t lenbytes;
+ if (sub->lenbytes > 0
+ && !put_value(&GETBUF(pkt)[sub->packet_len], packlen,
+ sub->lenbytes))
+ return 0;
- lenbytes = sub->lenbytes;
+ if (doclose) {
+ pkt->subs = sub->parent;
+ OPENSSL_free(sub);
+ }
- for (; lenbytes > 0; lenbytes--) {
- sub->packet_len[lenbytes - 1]
- = (unsigned char)(packlen & 0xff);
- packlen >>= 8;
- }
- if (packlen > 0) {
- /*
- * We've extended beyond the max allowed for the number of len bytes
- */
+ return 1;
+}
+
+int WPACKET_fill_lengths(WPACKET *pkt)
+{
+ WPACKET_SUB *sub;
+
+ assert(pkt->subs != NULL);
+ if (pkt->subs == NULL)
+ return 0;
+
+ for (sub = pkt->subs; sub != NULL; sub = sub->parent) {
+ if (!wpacket_intern_close(pkt, sub, 0))
return 0;
- }
}
- pkt->subs = sub->parent;
- OPENSSL_free(sub);
-
return 1;
}
-/*
- * Closes the most recent sub-packet. It also writes out the length of the
- * packet to the required location (normally the start of the WPACKET) if
- * appropriate. The top level WPACKET should be closed using WPACKET_finish()
- * instead of this function.
- */
int WPACKET_close(WPACKET *pkt)
{
+ /*
+ * Internal API, so should not fail - but we do negative testing of this
+ * so no assert (otherwise the tests fail)
+ */
if (pkt->subs == NULL || pkt->subs->parent == NULL)
return 0;
- return wpacket_intern_close(pkt);
+ return wpacket_intern_close(pkt, pkt->subs, 1);
}
-/*
- * The same as WPACKET_close() but only for the top most WPACKET. Additionally
- * frees memory resources for this WPACKET.
- */
int WPACKET_finish(WPACKET *pkt)
{
int ret;
+ /*
+ * Internal API, so should not fail - but we do negative testing of this
+ * so no assert (otherwise the tests fail)
+ */
if (pkt->subs == NULL || pkt->subs->parent != NULL)
return 0;
- ret = wpacket_intern_close(pkt);
+ ret = wpacket_intern_close(pkt, pkt->subs, 1);
+ if (ret) {
+ OPENSSL_free(pkt->subs);
+ pkt->subs = NULL;
+ }
- /* We free up memory no matter whether |ret| is zero or not */
- OPENSSL_free(pkt->subs);
- pkt->subs = NULL;
return ret;
}
-/*
- * Initialise a new sub-packet. Additionally |lenbytes| of data is preallocated
- * at the start of the sub-packet to store its length once we know it.
- */
-int WPACKET_start_sub_packet_len(WPACKET *pkt, size_t lenbytes)
+int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes)
{
WPACKET_SUB *sub;
+ unsigned char *lenchars;
+ /* Internal API, so should not fail */
+ assert(pkt->subs != NULL);
if (pkt->subs == NULL)
return 0;
sub->lenbytes = lenbytes;
if (lenbytes == 0) {
- sub->packet_len = NULL;
+ sub->packet_len = 0;
return 1;
}
- if (!WPACKET_allocate_bytes(pkt, lenbytes, &sub->packet_len)) {
+ if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars))
return 0;
- }
+ /* Convert to an offset in case the underlying BUF_MEM gets realloc'd */
+ sub->packet_len = lenchars - GETBUF(pkt);
return 1;
}
-/*
- * Same as WPACKET_get_sub_packet_len() except no bytes are pre-allocated for
- * the sub-packet length.
- */
int WPACKET_start_sub_packet(WPACKET *pkt)
{
- return WPACKET_start_sub_packet_len(pkt, 0);
+ return WPACKET_start_sub_packet_len__(pkt, 0);
}
-/*
- * Write the value stored in |val| into the WPACKET. The value will consome
- * |bytes| amount of storage. An error will occur if |val| cannot be accommdated
- * in |bytes| storage, e.g. attempting to write the value 256 into 1 byte will
- * fail.
- */
-int WPACKET_put_bytes(WPACKET *pkt, unsigned int val, size_t bytes)
+int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t size)
{
unsigned char *data;
- if (bytes > sizeof(unsigned int)
- || !WPACKET_allocate_bytes(pkt, bytes, &data))
- return 0;
-
- data += bytes - 1;
- for (; bytes > 0; bytes--) {
- *data = (unsigned char)(val & 0xff);
- data--;
- val >>= 8;
- }
+ /* Internal API, so should not fail */
+ assert(size <= sizeof(unsigned int));
- /* Check whether we could fit the value in the assigned number of bytes */
- if (val > 0)
+ if (size > sizeof(unsigned int)
+ || !WPACKET_allocate_bytes(pkt, size, &data)
+ || !put_value(data, val, size))
return 0;
return 1;
}
-/*
- * Set a maximum size that we will not allow the WPACKET to grow beyond. If not
- * set then there is no maximum.
- */
int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize)
{
+ WPACKET_SUB *sub;
+ size_t lenbytes;
+
+ /* Internal API, so should not fail */
+ assert(pkt->subs != NULL);
+ if (pkt->subs == NULL)
+ return 0;
+
+ /* Find the WPACKET_SUB for the top level */
+ for (sub = pkt->subs; sub->parent != NULL; sub = sub->parent)
+ continue;
+
+ lenbytes = sub->lenbytes;
+ if (lenbytes == 0)
+ lenbytes = sizeof(pkt->maxsize);
+
+ if (maxmaxsize(lenbytes) < maxsize || maxsize < pkt->written)
+ return 0;
+
pkt->maxsize = maxsize;
return 1;
}
-/*
- * Copy |len| bytes of data from |*src| into the WPACKET.
- */
int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len)
{
unsigned char *dest;
return 1;
}
-/*
- * Return the total number of bytes written so far to the underlying buffer.
- * This might includes bytes written by a parent WPACKET.
- */
+int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len,
+ size_t lenbytes)
+{
+ if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
+ || !WPACKET_memcpy(pkt, src, len)
+ || !WPACKET_close(pkt))
+ return 0;
+
+ return 1;
+}
+
int WPACKET_get_total_written(WPACKET *pkt, size_t *written)
{
- if (pkt->subs == NULL || written == NULL)
+ /* Internal API, so should not fail */
+ assert(written != NULL);
+ if (written == NULL)
return 0;
*written = pkt->written;
return 1;
}
-/*
- * Returns the length of the last sub-packet. This excludes any bytes allocated
- * for the length itself.
- */
int WPACKET_get_length(WPACKET *pkt, size_t *len)
{
+ /* Internal API, so should not fail */
+ assert(pkt->subs != NULL && len != NULL);
if (pkt->subs == NULL || len == NULL)
return 0;
return 1;
}
+
+unsigned char *WPACKET_get_curr(WPACKET *pkt)
+{
+ return GETBUF(pkt) + pkt->curr;
+}
+
+void WPACKET_cleanup(WPACKET *pkt)
+{
+ WPACKET_SUB *sub, *parent;
+
+ for (sub = pkt->subs; sub != NULL; sub = parent) {
+ parent = sub->parent;
+ OPENSSL_free(sub);
+ }
+ pkt->subs = NULL;
+}