Skip to content

Commit 8721efe

Browse files
andrewrkandrewrk
committed
std.crypto.tls.Client: always write to buffer
simplifies the logic & makes it respect limit
1 parent d7bf608 commit 8721efe

File tree

2 files changed

+46
-26
lines changed

2 files changed

+46
-26
lines changed

lib/std/Io/Reader.zig

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,9 +25,7 @@ pub const VTable = struct {
2525
///
2626
/// Returns the number of bytes written, which will be at minimum `0` and
2727
/// at most `limit`. The number returned, including zero, does not indicate
28-
/// end of stream. `limit` is guaranteed to be at least as large as the
29-
/// buffer capacity of `w`, a value whose minimum size is determined by the
30-
/// stream implementation.
28+
/// end of stream.
3129
///
3230
/// The reader's internal logical seek position moves forward in accordance
3331
/// with the number of bytes returned from this function.

lib/std/crypto/tls/Client.zig

Lines changed: 45 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -61,9 +61,6 @@ pub const ReadError = error{
6161
TlsUnexpectedMessage,
6262
TlsIllegalParameter,
6363
TlsSequenceOverflow,
64-
/// The buffer provided to the read function was not at least
65-
/// `min_buffer_len`.
66-
OutputBufferUndersize,
6764
};
6865

6966
pub const SslKeyLog = struct {
@@ -372,7 +369,8 @@ pub fn init(input: *Reader, output: *Writer, options: Options) InitError!Client
372369
};
373370
P.AEAD.decrypt(cleartext, ciphertext, auth_tag, record_header, nonce, pv.server_handshake_key) catch
374371
return error.TlsBadRecordMac;
375-
cleartext_fragment_end += std.mem.trimEnd(u8, cleartext, "\x00").len;
372+
// TODO use scalar, non-slice version
373+
cleartext_fragment_end += mem.trimEnd(u8, cleartext, "\x00").len;
376374
},
377375
}
378376
read_seq += 1;
@@ -395,9 +393,9 @@ pub fn init(input: *Reader, output: *Writer, options: Options) InitError!Client
395393
const cleartext_fragment_buf = cleartext_buf[cleartext_fragment_end..];
396394
if (message_len > cleartext_fragment_buf.len) return error.TlsRecordOverflow;
397395
const cleartext = cleartext_fragment_buf[0..message_len];
398-
const ad = std.mem.toBytes(big(read_seq)) ++
396+
const ad = mem.toBytes(big(read_seq)) ++
399397
record_header[0 .. 1 + 2] ++
400-
std.mem.toBytes(big(message_len));
398+
mem.toBytes(big(message_len));
401399
const record_iv = record_decoder.array(P.record_iv_length).*;
402400
const masked_read_seq = read_seq &
403401
comptime std.math.shl(u64, std.math.maxInt(u64), 8 * P.record_iv_length);
@@ -738,7 +736,7 @@ pub fn init(input: *Reader, output: *Writer, options: Options) InitError!Client
738736
&.{ "server finished", &p.transcript_hash.finalResult() },
739737
P.verify_data_length,
740738
),
741-
.app_cipher = std.mem.bytesToValue(P.Tls_1_2, &key_block),
739+
.app_cipher = mem.bytesToValue(P.Tls_1_2, &key_block),
742740
} };
743741
const pv = &p.version.tls_1_2;
744742
const nonce: [P.AEAD.nonce_length]u8 = nonce: {
@@ -756,7 +754,7 @@ pub fn init(input: *Reader, output: *Writer, options: Options) InitError!Client
756754
client_verify_cleartext.len ..][0..client_verify_cleartext.len],
757755
client_verify_msg[client_verify_msg.len - P.mac_length ..][0..P.mac_length],
758756
&client_verify_cleartext,
759-
std.mem.toBytes(big(write_seq)) ++ client_verify_msg[0 .. 1 + 2] ++ int(u16, client_verify_cleartext.len),
757+
mem.toBytes(big(write_seq)) ++ client_verify_msg[0 .. 1 + 2] ++ int(u16, client_verify_cleartext.len),
760758
nonce,
761759
pv.app_cipher.client_write_key,
762760
);
@@ -873,7 +871,10 @@ pub fn init(input: *Reader, output: *Writer, options: Options) InitError!Client
873871
.input = input,
874872
.reader = .{
875873
.buffer = options.read_buffer,
876-
.vtable = &.{ .stream = stream },
874+
.vtable = &.{
875+
.stream = stream,
876+
.readVec = readVec,
877+
},
877878
.seek = 0,
878879
.end = 0,
879880
},
@@ -1017,7 +1018,7 @@ fn prepareCiphertextRecord(
10171018
const nonce = nonce: {
10181019
const V = @Vector(P.AEAD.nonce_length, u8);
10191020
const pad = [1]u8{0} ** (P.AEAD.nonce_length - 8);
1020-
const operand: V = pad ++ std.mem.toBytes(big(c.write_seq));
1021+
const operand: V = pad ++ mem.toBytes(big(c.write_seq));
10211022
break :nonce @as(V, pv.client_iv) ^ operand;
10221023
};
10231024
P.AEAD.encrypt(ciphertext, auth_tag, cleartext, ad, nonce, pv.client_key);
@@ -1048,7 +1049,7 @@ fn prepareCiphertextRecord(
10481049
record_header.* = .{@intFromEnum(inner_content_type)} ++
10491050
int(u16, @intFromEnum(tls.ProtocolVersion.tls_1_2)) ++
10501051
int(u16, P.record_iv_length + message_len + P.mac_length);
1051-
const ad = std.mem.toBytes(big(c.write_seq)) ++ record_header[0 .. 1 + 2] ++ int(u16, message_len);
1052+
const ad = mem.toBytes(big(c.write_seq)) ++ record_header[0 .. 1 + 2] ++ int(u16, message_len);
10521053
const record_iv = ciphertext_buf[ciphertext_end..][0..P.record_iv_length];
10531054
ciphertext_end += P.record_iv_length;
10541055
const nonce: [P.AEAD.nonce_length]u8 = nonce: {
@@ -1076,7 +1077,22 @@ pub fn eof(c: Client) bool {
10761077
}
10771078

10781079
fn stream(r: *Reader, w: *Writer, limit: std.Io.Limit) Reader.StreamError!usize {
1080+
// This function writes exclusively to the buffer.
1081+
_ = w;
1082+
_ = limit;
1083+
const c: *Client = @alignCast(@fieldParentPtr("reader", r));
1084+
return readIndirect(c);
1085+
}
1086+
1087+
fn readVec(r: *Reader, data: [][]u8) Reader.Error!usize {
1088+
// This function writes exclusively to the buffer.
1089+
_ = data;
10791090
const c: *Client = @alignCast(@fieldParentPtr("reader", r));
1091+
return readIndirect(c);
1092+
}
1093+
1094+
fn readIndirect(c: *Client) Reader.Error!usize {
1095+
const r = &c.reader;
10801096
if (c.eof()) return error.EndOfStream;
10811097
const input = c.input;
10821098
// If at least one full encrypted record is not buffered, read once.
@@ -1108,8 +1124,13 @@ fn stream(r: *Reader, w: *Writer, limit: std.Io.Limit) Reader.StreamError!usize
11081124
if (record_end > input.buffered().len) return 0;
11091125
}
11101126

1111-
var cleartext_stack_buffer: [max_ciphertext_len]u8 = undefined;
1112-
const cleartext, const inner_ct: tls.ContentType = cleartext: switch (c.application_cipher) {
1127+
if (r.seek == r.end) {
1128+
r.seek = 0;
1129+
r.end = 0;
1130+
}
1131+
const cleartext_buffer = r.buffer[r.end..];
1132+
1133+
const cleartext_len, const inner_ct: tls.ContentType = cleartext: switch (c.application_cipher) {
11131134
inline else => |*p| switch (c.tls_version) {
11141135
.tls_1_3 => {
11151136
const pv = &p.tls_1_3;
@@ -1121,23 +1142,24 @@ fn stream(r: *Reader, w: *Writer, limit: std.Io.Limit) Reader.StreamError!usize
11211142
const nonce = nonce: {
11221143
const V = @Vector(P.AEAD.nonce_length, u8);
11231144
const pad = [1]u8{0} ** (P.AEAD.nonce_length - 8);
1124-
const operand: V = pad ++ std.mem.toBytes(big(c.read_seq));
1145+
const operand: V = pad ++ mem.toBytes(big(c.read_seq));
11251146
break :nonce @as(V, pv.server_iv) ^ operand;
11261147
};
1127-
const cleartext = cleartext_stack_buffer[0..ciphertext.len];
1148+
const cleartext = cleartext_buffer[0..ciphertext.len];
11281149
P.AEAD.decrypt(cleartext, ciphertext, auth_tag, ad, nonce, pv.server_key) catch
11291150
return failRead(c, error.TlsBadRecordMac);
1151+
// TODO use scalar, non-slice version
11301152
const msg = mem.trimRight(u8, cleartext, "\x00");
1131-
break :cleartext .{ msg[0 .. msg.len - 1], @enumFromInt(msg[msg.len - 1]) };
1153+
break :cleartext .{ msg.len - 1, @enumFromInt(msg[msg.len - 1]) };
11321154
},
11331155
.tls_1_2 => {
11341156
const pv = &p.tls_1_2;
11351157
const P = @TypeOf(p.*);
11361158
const message_len: u16 = record_len - P.record_iv_length - P.mac_length;
11371159
const ad_header = input.take(tls.record_header_len) catch unreachable; // already peeked
1138-
const ad = std.mem.toBytes(big(c.read_seq)) ++
1160+
const ad = mem.toBytes(big(c.read_seq)) ++
11391161
ad_header[0 .. 1 + 2] ++
1140-
std.mem.toBytes(big(message_len));
1162+
mem.toBytes(big(message_len));
11411163
const record_iv = (input.takeArray(P.record_iv_length) catch unreachable).*; // already peeked
11421164
const masked_read_seq = c.read_seq &
11431165
comptime std.math.shl(u64, std.math.maxInt(u64), 8 * P.record_iv_length);
@@ -1149,14 +1171,15 @@ fn stream(r: *Reader, w: *Writer, limit: std.Io.Limit) Reader.StreamError!usize
11491171
};
11501172
const ciphertext = input.take(message_len) catch unreachable; // already peeked
11511173
const auth_tag = (input.takeArray(P.mac_length) catch unreachable).*; // already peeked
1152-
const cleartext = cleartext_stack_buffer[0..ciphertext.len];
1174+
const cleartext = cleartext_buffer[0..ciphertext.len];
11531175
P.AEAD.decrypt(cleartext, ciphertext, auth_tag, ad, nonce, pv.server_write_key) catch
11541176
return failRead(c, error.TlsBadRecordMac);
1155-
break :cleartext .{ cleartext, ct };
1177+
break :cleartext .{ cleartext.len, ct };
11561178
},
11571179
else => unreachable,
11581180
},
11591181
};
1182+
const cleartext = cleartext_buffer[0..cleartext_len];
11601183
c.read_seq = std.math.add(u64, c.read_seq, 1) catch return failRead(c, error.TlsSequenceOverflow);
11611184
switch (inner_ct) {
11621185
.alert => {
@@ -1245,9 +1268,8 @@ fn stream(r: *Reader, w: *Writer, limit: std.Io.Limit) Reader.StreamError!usize
12451268
return 0;
12461269
},
12471270
.application_data => {
1248-
if (@intFromEnum(limit) < cleartext.len) return failRead(c, error.OutputBufferUndersize);
1249-
try w.writeAll(cleartext);
1250-
return cleartext.len;
1271+
r.end += cleartext.len;
1272+
return 0;
12511273
},
12521274
else => return failRead(c, error.TlsUnexpectedMessage),
12531275
}

0 commit comments

Comments
 (0)