int s2n_stuffer_skip_write(struct s2n_stuffer *stuffer, const uint32_t n)
{
if (s2n_stuffer_space_remaining(stuffer) < n) {
if (stuffer->growable) {
/* Always grow a stuffer by at least 1k */
uint32_t growth = n;
if (growth < 1024) {
growth = 1024;
}
GUARD(s2n_stuffer_resize(stuffer, stuffer->blob.size + growth));
} else {
S2N_ERROR(S2N_ERR_STUFFER_IS_FULL);
}
}
stuffer->write_cursor += n;
stuffer->wiped = 0;
return 0;
}
int s2n_connection_wipe(struct s2n_connection *conn)
{
/* First make a copy of everything we'd like to save, which isn't very
* much.
*/
int mode = conn->mode;
struct s2n_config *config = conn->config;
struct s2n_stuffer alert_in;
struct s2n_stuffer reader_alert_out;
struct s2n_stuffer writer_alert_out;
struct s2n_stuffer handshake_io;
struct s2n_stuffer header_in;
struct s2n_stuffer in;
struct s2n_stuffer out;
/* Wipe all of the sensitive stuff */
GUARD(s2n_connection_free_keys(conn));
GUARD(s2n_stuffer_wipe(&conn->alert_in));
GUARD(s2n_stuffer_wipe(&conn->reader_alert_out));
GUARD(s2n_stuffer_wipe(&conn->writer_alert_out));
GUARD(s2n_stuffer_wipe(&conn->handshake.io));
GUARD(s2n_stuffer_wipe(&conn->header_in));
GUARD(s2n_stuffer_wipe(&conn->in));
GUARD(s2n_stuffer_wipe(&conn->out));
/* Allocate or resize to their original sizes */
GUARD(s2n_stuffer_resize(&conn->in, S2N_DEFAULT_FRAGMENT_LENGTH));
/* Allocate memory for handling handshakes */
GUARD(s2n_stuffer_resize(&conn->handshake.io, S2N_DEFAULT_RECORD_LENGTH));
/* Clone the stuffers */
/* ignore gcc 4.7 address warnings because dest is allocated on the stack */
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Waddress"
memcpy_check(&alert_in, &conn->alert_in, sizeof(struct s2n_stuffer));
memcpy_check(&reader_alert_out, &conn->reader_alert_out, sizeof(struct s2n_stuffer));
memcpy_check(&writer_alert_out, &conn->writer_alert_out, sizeof(struct s2n_stuffer));
memcpy_check(&handshake_io, &conn->handshake.io, sizeof(struct s2n_stuffer));
memcpy_check(&header_in, &conn->header_in, sizeof(struct s2n_stuffer));
memcpy_check(&in, &conn->in, sizeof(struct s2n_stuffer));
memcpy_check(&out, &conn->out, sizeof(struct s2n_stuffer));
#pragma GCC diagnostic pop
/* Zero the whole connection structure */
memset_check(conn, 0, sizeof(struct s2n_connection));
conn->mode = mode;
conn->config = config;
conn->active.cipher_suite = &s2n_null_cipher_suite;
conn->pending.cipher_suite = &s2n_null_cipher_suite;
conn->server = &conn->active;
conn->client = &conn->active;
conn->max_fragment_length = S2N_DEFAULT_FRAGMENT_LENGTH;
conn->handshake.state = CLIENT_HELLO;
GUARD(s2n_hash_init(&conn->handshake.client_md5, S2N_HASH_MD5));
GUARD(s2n_hash_init(&conn->handshake.client_sha1, S2N_HASH_SHA1));
GUARD(s2n_hash_init(&conn->handshake.client_sha256, S2N_HASH_SHA256));
GUARD(s2n_hash_init(&conn->handshake.server_md5, S2N_HASH_MD5));
GUARD(s2n_hash_init(&conn->handshake.server_sha1, S2N_HASH_SHA1));
GUARD(s2n_hash_init(&conn->handshake.server_sha256, S2N_HASH_SHA256));
memcpy_check(&conn->alert_in, &alert_in, sizeof(struct s2n_stuffer));
memcpy_check(&conn->reader_alert_out, &reader_alert_out, sizeof(struct s2n_stuffer));
memcpy_check(&conn->writer_alert_out, &writer_alert_out, sizeof(struct s2n_stuffer));
memcpy_check(&conn->handshake.io, &handshake_io, sizeof(struct s2n_stuffer));
memcpy_check(&conn->header_in, &header_in, sizeof(struct s2n_stuffer));
memcpy_check(&conn->in, &in, sizeof(struct s2n_stuffer));
memcpy_check(&conn->out, &out, sizeof(struct s2n_stuffer));
/* Set everything to the highest version at first */
conn->server_protocol_version = s2n_highest_protocol_version;
conn->client_protocol_version = s2n_highest_protocol_version;
conn->actual_protocol_version = s2n_highest_protocol_version;
return 0;
}
int s2n_connection_wipe(struct s2n_connection *conn)
{
/* First make a copy of everything we'd like to save, which isn't very
* much.
*/
int mode = conn->mode;
struct s2n_config *config = conn->config;
struct s2n_stuffer alert_in;
struct s2n_stuffer reader_alert_out;
struct s2n_stuffer writer_alert_out;
struct s2n_stuffer handshake_io;
struct s2n_stuffer header_in;
struct s2n_stuffer in;
struct s2n_stuffer out;
/* Session keys will be wiped. Preserve structs to avoid reallocation */
struct s2n_session_key initial_client_key;
struct s2n_session_key initial_server_key;
struct s2n_session_key secure_client_key;
struct s2n_session_key secure_server_key;
/* Wipe all of the sensitive stuff */
GUARD(s2n_connection_wipe_keys(conn));
GUARD(s2n_stuffer_wipe(&conn->alert_in));
GUARD(s2n_stuffer_wipe(&conn->reader_alert_out));
GUARD(s2n_stuffer_wipe(&conn->writer_alert_out));
GUARD(s2n_stuffer_wipe(&conn->handshake.io));
GUARD(s2n_stuffer_wipe(&conn->header_in));
GUARD(s2n_stuffer_wipe(&conn->in));
GUARD(s2n_stuffer_wipe(&conn->out));
/* Restore the socket option values */
GUARD(s2n_socket_read_restore(conn));
GUARD(s2n_socket_write_restore(conn));
GUARD(s2n_free(&conn->status_response));
/* Allocate or resize to their original sizes */
GUARD(s2n_stuffer_resize(&conn->in, S2N_LARGE_FRAGMENT_LENGTH));
/* Allocate memory for handling handshakes */
GUARD(s2n_stuffer_resize(&conn->handshake.io, S2N_LARGE_RECORD_LENGTH));
/* Clone the stuffers */
/* ignore gcc 4.7 address warnings because dest is allocated on the stack */
/* pragma gcc diagnostic was added in gcc 4.6 */
#if defined(__GNUC__) && GCC_VERSION >= 40600
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Waddress"
#endif
memcpy_check(&alert_in, &conn->alert_in, sizeof(struct s2n_stuffer));
memcpy_check(&reader_alert_out, &conn->reader_alert_out, sizeof(struct s2n_stuffer));
memcpy_check(&writer_alert_out, &conn->writer_alert_out, sizeof(struct s2n_stuffer));
memcpy_check(&handshake_io, &conn->handshake.io, sizeof(struct s2n_stuffer));
memcpy_check(&header_in, &conn->header_in, sizeof(struct s2n_stuffer));
memcpy_check(&in, &conn->in, sizeof(struct s2n_stuffer));
memcpy_check(&out, &conn->out, sizeof(struct s2n_stuffer));
memcpy_check(&initial_client_key, &conn->initial.client_key, sizeof(struct s2n_session_key));
memcpy_check(&initial_server_key, &conn->initial.server_key, sizeof(struct s2n_session_key));
memcpy_check(&secure_client_key, &conn->secure.client_key, sizeof(struct s2n_session_key));
memcpy_check(&secure_server_key, &conn->secure.server_key, sizeof(struct s2n_session_key));
#if defined(__GNUC__) && GCC_VERSION >= 40600
#pragma GCC diagnostic pop
#endif
/* Zero the whole connection structure */
memset_check(conn, 0, sizeof(struct s2n_connection));
conn->readfd = -1;
conn->writefd = -1;
conn->mode = mode;
conn->config = config;
conn->close_notify_queued = 0;
conn->current_user_data_consumed = 0;
conn->initial.cipher_suite = &s2n_null_cipher_suite;
conn->secure.cipher_suite = &s2n_null_cipher_suite;
conn->server = &conn->initial;
conn->client = &conn->initial;
conn->max_fragment_length = S2N_SMALL_FRAGMENT_LENGTH;
conn->handshake.handshake_type = INITIAL;
conn->handshake.message_number = 0;
GUARD(s2n_hash_init(&conn->handshake.md5, S2N_HASH_MD5));
GUARD(s2n_hash_init(&conn->handshake.sha1, S2N_HASH_SHA1));
GUARD(s2n_hash_init(&conn->handshake.sha256, S2N_HASH_SHA256));
GUARD(s2n_hash_init(&conn->handshake.sha384, S2N_HASH_SHA384));
GUARD(s2n_hmac_init(&conn->client->client_record_mac, S2N_HMAC_NONE, NULL, 0));
GUARD(s2n_hmac_init(&conn->server->server_record_mac, S2N_HMAC_NONE, NULL, 0));
memcpy_check(&conn->alert_in, &alert_in, sizeof(struct s2n_stuffer));
memcpy_check(&conn->reader_alert_out, &reader_alert_out, sizeof(struct s2n_stuffer));
memcpy_check(&conn->writer_alert_out, &writer_alert_out, sizeof(struct s2n_stuffer));
memcpy_check(&conn->handshake.io, &handshake_io, sizeof(struct s2n_stuffer));
memcpy_check(&conn->header_in, &header_in, sizeof(struct s2n_stuffer));
memcpy_check(&conn->in, &in, sizeof(struct s2n_stuffer));
memcpy_check(&conn->out, &out, sizeof(struct s2n_stuffer));
memcpy_check(&conn->initial.client_key, &initial_client_key, sizeof(struct s2n_session_key));
memcpy_check(&conn->initial.server_key, &initial_server_key, sizeof(struct s2n_session_key));
memcpy_check(&conn->secure.client_key, &secure_client_key, sizeof(struct s2n_session_key));
memcpy_check(&conn->secure.server_key, &secure_server_key, sizeof(struct s2n_session_key));
if (conn->mode == S2N_SERVER) {
conn->server_protocol_version = s2n_highest_protocol_version;
conn->client_protocol_version = s2n_unknown_protocol_version;
}
else {
conn->server_protocol_version = s2n_unknown_protocol_version;
conn->client_protocol_version = s2n_highest_protocol_version;
}
conn->actual_protocol_version = s2n_unknown_protocol_version;
return 0;
}