in tls/s2n_send.c [91:206]
ssize_t s2n_sendv_with_offset_impl(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count, ssize_t offs, s2n_blocked_status *blocked)
{
ssize_t user_data_sent, total_size = 0;
POSIX_ENSURE(!conn->closed, S2N_ERR_CLOSED);
POSIX_ENSURE(!s2n_connection_is_quic_enabled(conn), S2N_ERR_UNSUPPORTED_WITH_QUIC);
/* Flush any pending I/O */
POSIX_GUARD(s2n_flush(conn, blocked));
/* Acknowledge consumed and flushed user data as sent */
user_data_sent = conn->current_user_data_consumed;
*blocked = S2N_BLOCKED_ON_WRITE;
uint16_t max_payload_size = 0;
POSIX_GUARD_RESULT(s2n_record_max_write_payload_size(conn, &max_payload_size));
/* TLS 1.0 and SSLv3 are vulnerable to the so-called Beast attack. Work
* around this by splitting messages into one byte records, and then
* the remainder can follow as usual.
*/
int cbcHackUsed = 0;
struct s2n_crypto_parameters *writer = conn->server;
if (conn->mode == S2N_CLIENT) {
writer = conn->client;
}
/* Defensive check against an invalid retry */
if (offs) {
const struct iovec* _bufs = bufs;
ssize_t _count = count;
while (offs >= _bufs->iov_len && _count > 0) {
offs -= _bufs->iov_len;
_bufs++;
_count--;
}
bufs = _bufs;
count = _count;
}
for (ssize_t i = 0; i < count; i++) {
total_size += bufs[i].iov_len;
}
total_size -= offs;
S2N_ERROR_IF(conn->current_user_data_consumed > total_size, S2N_ERR_SEND_SIZE);
POSIX_GUARD_RESULT(s2n_early_data_validate_send(conn, total_size));
if (conn->dynamic_record_timeout_threshold > 0) {
uint64_t elapsed;
POSIX_GUARD_RESULT(s2n_timer_elapsed(conn->config, &conn->write_timer, &elapsed));
/* Reset record size back to a single segment after threshold seconds of inactivity */
if (elapsed - conn->last_write_elapsed > (uint64_t) conn->dynamic_record_timeout_threshold * 1000000000) {
conn->active_application_bytes_consumed = 0;
}
conn->last_write_elapsed = elapsed;
}
/* Now write the data we were asked to send this round */
while (total_size - conn->current_user_data_consumed) {
ssize_t to_write = MIN(total_size - conn->current_user_data_consumed, max_payload_size);
/* If dynamic record size is enabled,
* use small TLS records that fit into a single TCP segment for the threshold bytes of data
*/
if (conn->active_application_bytes_consumed < (uint64_t) conn->dynamic_record_resize_threshold) {
uint16_t min_payload_size = 0;
POSIX_GUARD_RESULT(s2n_record_min_write_payload_size(conn, &min_payload_size));
to_write = MIN(min_payload_size, to_write);
}
/* Don't split messages in server mode for interoperability with naive clients.
* Some clients may have expectations based on the amount of content in the first record.
*/
if (conn->actual_protocol_version < S2N_TLS11 && writer->cipher_suite->record_alg->cipher->type == S2N_CBC && conn->mode != S2N_SERVER) {
if (to_write > 1 && cbcHackUsed == 0) {
to_write = 1;
cbcHackUsed = 1;
}
}
POSIX_GUARD(s2n_stuffer_rewrite(&conn->out));
POSIX_GUARD(s2n_post_handshake_send(conn, blocked));
/* Write and encrypt the record */
POSIX_GUARD(s2n_record_writev(conn, TLS_APPLICATION_DATA, bufs, count,
conn->current_user_data_consumed + offs, to_write));
conn->current_user_data_consumed += to_write;
conn->active_application_bytes_consumed += to_write;
/* Send it */
if (s2n_flush(conn, blocked) < 0) {
if (s2n_errno == S2N_ERR_IO_BLOCKED && user_data_sent > 0) {
/* We successfully sent >0 user bytes on the wire, but not the full requested payload
* because we became blocked on I/O. Acknowledge the data sent. */
conn->current_user_data_consumed -= user_data_sent;
return user_data_sent;
} else {
S2N_ERROR_PRESERVE_ERRNO();
}
}
/* Acknowledge consumed and flushed user data as sent */
user_data_sent = conn->current_user_data_consumed;
}
/* If everything has been written, then there's no user data pending */
conn->current_user_data_consumed = 0;
*blocked = S2N_NOT_BLOCKED;
POSIX_GUARD_RESULT(s2n_early_data_record_bytes(conn, total_size));
return total_size;
}