From: Andy Polyakov Date: Wed, 5 Feb 2014 20:43:17 +0000 (+0100) Subject: ssl/s3_pkt.c: add multi-block processing [from master]. X-Git-Tag: OpenSSL_1_0_2-beta1~47 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=95783193946982d5acfc9f8d43dc25c021f39b9c;p=openssl ssl/s3_pkt.c: add multi-block processing [from master]. --- diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index b3c293f672..ddb474bb93 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -117,6 +117,20 @@ #include #include +#ifndef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK +# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 +#endif + +#if defined(OPENSSL_SMALL_FOOTPRINT) || \ + !( defined(AES_ASM) && ( \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) || \ + defined(__INTEL__) ) \ + ) +# undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK +# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 +#endif + static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment); static int ssl3_get_record(SSL *s); @@ -582,7 +596,12 @@ int ssl3_do_compress(SSL *ssl) int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) { const unsigned char *buf=buf_; - unsigned int tot,n,nw; + int tot; + unsigned int n,nw; +#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK + unsigned int max_send_fragment; +#endif + SSL3_BUFFER *wb=&(s->s3->wbuf); int i; s->rwstate=SSL_NOTHING; @@ -600,6 +619,163 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } } + /* first check if there is a SSL3_BUFFER still being written + * out. This will happen with non blocking IO */ + if (wb->left != 0) + { + i = ssl3_write_pending(s,type,&buf[tot],s->s3->wpend_tot); + if (i<=0) + { + /* XXX should we ssl3_release_write_buffer if i<0? */ + s->s3->wnum=tot; + return i; + } + tot += i; /* this might be last fragment */ + } + +#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK + /* + * Depending on platform multi-block can deliver several *times* + * better performance. Downside is that it has to allocate + * jumbo buffer to accomodate up to 8 records, but the + * compromise is considered worthy. + */ + if (type==SSL3_RT_APPLICATION_DATA && + len >= 4*(max_send_fragment=s->max_send_fragment) && + s->compress==NULL && s->msg_callback==NULL && + SSL_USE_EXPLICIT_IV(s) && + EVP_CIPHER_flags(s->enc_write_ctx->cipher)&EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) + { + unsigned char aad[13]; + EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; + int packlen; + + /* minimize address aliasing conflicts */ + if ((max_send_fragment&0xffff) == 0) + max_send_fragment -= 512; + + if (tot==0 || wb->buf==NULL) /* allocate jumbo buffer */ + { + ssl3_release_write_buffer(s); + + packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, + EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE, + max_send_fragment,NULL); + + if (len>=8*max_send_fragment) packlen *= 8; + else packlen *= 4; + + wb->buf=OPENSSL_malloc(packlen); + wb->len=packlen; + } + else if (tot==len) /* done? */ + { + OPENSSL_free(wb->buf); /* free jumbo buffer */ + wb->buf = NULL; + return tot; + } + + n=(len-tot); + for (;;) + { + if (n < 4*max_send_fragment) + { + OPENSSL_free(wb->buf); /* free jumbo buffer */ + wb->buf = NULL; + break; + } + + if (s->s3->alert_dispatch) + { + i=s->method->ssl_dispatch_alert(s); + if (i <= 0) + { + s->s3->wnum=tot; + return i; + } + } + + if (n >= 8*max_send_fragment) + nw = max_send_fragment*(mb_param.interleave=8); + else + nw = max_send_fragment*(mb_param.interleave=4); + + memcpy(aad,s->s3->write_sequence,8); + aad[8]=type; + aad[9]=(unsigned char)(s->version>>8); + aad[10]=(unsigned char)(s->version); + aad[11]=0; + aad[12]=0; + mb_param.out = NULL; + mb_param.inp = aad; + mb_param.len = nw; + + packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, + EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, + sizeof(mb_param),&mb_param); + + if (packlen<=0 || packlen>wb->len) /* never happens */ + { + OPENSSL_free(wb->buf); /* free jumbo buffer */ + wb->buf = NULL; + break; + } + + mb_param.out = wb->buf; + mb_param.inp = &buf[tot]; + mb_param.len = nw; + + EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, + EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, + sizeof(mb_param),&mb_param); + + s->s3->write_sequence[7] += mb_param.interleave; + if (s->s3->write_sequence[7] < mb_param.interleave) + { + int j=6; + while (j>=0 && (++s->s3->write_sequence[j--])==0) ; + } + + wb->offset = 0; + wb->left = packlen; + + s->s3->wpend_tot = nw; + s->s3->wpend_buf = &buf[tot]; + s->s3->wpend_type= type; + s->s3->wpend_ret = nw; + + i = ssl3_write_pending(s,type,&buf[tot],nw); + if (i<=0) + { + if (i<0) + { + OPENSSL_free(wb->buf); + wb->buf = NULL; + } + s->s3->wnum=tot; + return i; + } + if (i==(int)n) + { + OPENSSL_free(wb->buf); /* free jumbo buffer */ + wb->buf = NULL; + return tot+i; + } + n-=i; + tot+=i; + } + } + else +#endif + if (tot==len) /* done? */ + { + if (s->mode & SSL_MODE_RELEASE_BUFFERS && + !SSL_IS_DTLS(s)) + ssl3_release_write_buffer(s); + + return tot; + } + n=(len-tot); for (;;) { @@ -611,6 +787,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) i=do_ssl3_write(s, type, &(buf[tot]), nw, 0); if (i <= 0) { + /* XXX should we ssl3_release_write_buffer if i<0? */ s->s3->wnum=tot; return i; } @@ -622,7 +799,11 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) /* next chunk of data should get another prepended empty fragment * in ciphersuites with known-IV weakness: */ s->s3->empty_fragment_done = 0; - + + if ((i==(int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS && + !SSL_IS_DTLS(s)) + ssl3_release_write_buffer(s); + return tot+i; } @@ -896,9 +1077,6 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, { wb->left=0; wb->offset+=i; - if (s->mode & SSL_MODE_RELEASE_BUFFERS && - !SSL_IS_DTLS(s)) - ssl3_release_write_buffer(s); s->rwstate=SSL_NOTHING; return(s->s3->wpend_ret); }