]>
Commit | Line | Data |
---|---|---|
50023e9b | 1 | /* |
b6461792 | 2 | * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. |
50023e9b MC |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <openssl/bio.h> | |
11 | #include <openssl/ssl.h> | |
12 | #include <openssl/err.h> | |
13 | #include "../../ssl_local.h" | |
14 | #include "../record_local.h" | |
15 | ||
f6aab7b1 MC |
16 | typedef struct dtls_bitmap_st { |
17 | /* Track 64 packets */ | |
18 | uint64_t map; | |
19 | /* Max record number seen so far, 64-bit value in big-endian encoding */ | |
20 | unsigned char max_seq_num[SEQ_NUM_SIZE]; | |
21 | } DTLS_BITMAP; | |
22 | ||
23c57f00 MC |
23 | typedef struct ssl_mac_buf_st { |
24 | unsigned char *mac; | |
25 | int alloced; | |
26 | } SSL_MAC_BUF; | |
27 | ||
e9189cc4 | 28 | typedef struct tls_buffer_st { |
23c57f00 MC |
29 | /* at least SSL3_RT_MAX_PACKET_SIZE bytes */ |
30 | unsigned char *buf; | |
31 | /* default buffer size (or 0 if no default set) */ | |
32 | size_t default_len; | |
33 | /* buffer size */ | |
34 | size_t len; | |
35 | /* where to 'copy from' */ | |
36 | size_t offset; | |
37 | /* how many bytes left */ | |
38 | size_t left; | |
39 | /* 'buf' is from application for KTLS */ | |
40 | int app_buffer; | |
41 | /* The type of data stored in this buffer. Only used for writing */ | |
42 | int type; | |
e9189cc4 | 43 | } TLS_BUFFER; |
23c57f00 | 44 | |
22094d11 | 45 | typedef struct tls_rl_record_st { |
23c57f00 MC |
46 | /* Record layer version */ |
47 | /* r */ | |
48 | int rec_version; | |
49 | /* type of record */ | |
50 | /* r */ | |
51 | int type; | |
52 | /* How many bytes available */ | |
53 | /* rw */ | |
54 | size_t length; | |
55 | /* | |
56 | * How many bytes were available before padding was removed? This is used | |
57 | * to implement the MAC check in constant time for CBC records. | |
58 | */ | |
59 | /* rw */ | |
60 | size_t orig_len; | |
61 | /* read/write offset into 'buf' */ | |
62 | /* r */ | |
63 | size_t off; | |
64 | /* pointer to the record data */ | |
65 | /* rw */ | |
66 | unsigned char *data; | |
67 | /* where the decode bytes are */ | |
68 | /* rw */ | |
69 | unsigned char *input; | |
70 | /* only used with decompression - malloc()ed */ | |
71 | /* r */ | |
72 | unsigned char *comp; | |
73 | /* epoch number, needed by DTLS1 */ | |
74 | /* r */ | |
75 | uint16_t epoch; | |
76 | /* sequence number, needed by DTLS1 */ | |
77 | /* r */ | |
78 | unsigned char seq_num[SEQ_NUM_SIZE]; | |
22094d11 | 79 | } TLS_RL_RECORD; |
23c57f00 | 80 | |
22094d11 | 81 | /* Macros/functions provided by the TLS_RL_RECORD component */ |
23c57f00 | 82 | |
22094d11 MC |
83 | #define TLS_RL_RECORD_set_type(r, t) ((r)->type = (t)) |
84 | #define TLS_RL_RECORD_set_rec_version(r, v) ((r)->rec_version = (v)) | |
85 | #define TLS_RL_RECORD_get_length(r) ((r)->length) | |
86 | #define TLS_RL_RECORD_set_length(r, l) ((r)->length = (l)) | |
87 | #define TLS_RL_RECORD_add_length(r, l) ((r)->length += (l)) | |
88 | #define TLS_RL_RECORD_set_data(r, d) ((r)->data = (d)) | |
89 | #define TLS_RL_RECORD_set_input(r, i) ((r)->input = (i)) | |
90 | #define TLS_RL_RECORD_reset_input(r) ((r)->input = (r)->data) | |
23c57f00 MC |
91 | |
92 | ||
50023e9b MC |
93 | /* Protocol version specific function pointers */ |
94 | struct record_functions_st | |
95 | { | |
7c293999 MC |
96 | /* |
97 | * Returns either OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or | |
98 | * OSSL_RECORD_RETURN_NON_FATAL_ERR if we can keep trying to find an | |
99 | * alternative record layer. | |
100 | */ | |
50023e9b MC |
101 | int (*set_crypto_state)(OSSL_RECORD_LAYER *rl, int level, |
102 | unsigned char *key, size_t keylen, | |
103 | unsigned char *iv, size_t ivlen, | |
104 | unsigned char *mackey, size_t mackeylen, | |
105 | const EVP_CIPHER *ciph, | |
106 | size_t taglen, | |
50023e9b MC |
107 | int mactype, |
108 | const EVP_MD *md, | |
1e76110b | 109 | COMP_METHOD *comp); |
1853d20a | 110 | |
7c293999 MC |
111 | /* |
112 | * Returns: | |
113 | * 0: if the record is publicly invalid, or an internal error, or AEAD | |
114 | * decryption failed, or EtM decryption failed. | |
115 | * 1: Success or MtE decryption failed (MAC will be randomised) | |
116 | */ | |
22094d11 | 117 | int (*cipher)(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *recs, size_t n_recs, |
8124ab56 | 118 | int sending, SSL_MAC_BUF *macs, size_t macsize); |
7c293999 | 119 | /* Returns 1 for success or 0 for error */ |
22094d11 | 120 | int (*mac)(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md, |
8124ab56 | 121 | int sending); |
1853d20a MC |
122 | |
123 | /* Return 1 for success or 0 for error */ | |
124 | int (*set_protocol_version)(OSSL_RECORD_LAYER *rl, int version); | |
125 | ||
bafe524b MC |
126 | /* Read related functions */ |
127 | ||
128 | int (*read_n)(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend, | |
129 | int clearold, size_t *readbytes); | |
130 | ||
131 | int (*get_more_records)(OSSL_RECORD_LAYER *rl); | |
132 | ||
1853d20a | 133 | /* Return 1 for success or 0 for error */ |
22094d11 | 134 | int (*validate_record_header)(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec); |
1853d20a MC |
135 | |
136 | /* Return 1 for success or 0 for error */ | |
22094d11 | 137 | int (*post_process_record)(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec); |
bafe524b MC |
138 | |
139 | /* Write related functions */ | |
140 | ||
eb1eaa9a | 141 | size_t (*get_max_records)(OSSL_RECORD_LAYER *rl, uint8_t type, size_t len, |
bafe524b MC |
142 | size_t maxfrag, size_t *preffrag); |
143 | ||
144 | /* Return 1 for success or 0 for error */ | |
145 | int (*write_records)(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, | |
146 | size_t numtempl); | |
91fe8ff0 MC |
147 | |
148 | /* Allocate the rl->wbuf buffers. Return 1 for success or 0 for error */ | |
149 | int (*allocate_write_buffers)(OSSL_RECORD_LAYER *rl, | |
150 | OSSL_RECORD_TEMPLATE *templates, | |
151 | size_t numtempl, size_t *prefix); | |
152 | ||
153 | /* | |
154 | * Initialise the packets in the |pkt| array using the buffers in |rl->wbuf|. | |
155 | * Some protocol versions may use the space in |prefixtempl| to add | |
156 | * an artificial template in front of the |templates| array and hence may | |
157 | * initialise 1 more WPACKET than there are templates. |*wpinited| | |
158 | * returns the number of WPACKETs in |pkt| that were successfully | |
159 | * initialised. This must be 0 on entry and will be filled in even on error. | |
160 | */ | |
161 | int (*initialise_write_packets)(OSSL_RECORD_LAYER *rl, | |
162 | OSSL_RECORD_TEMPLATE *templates, | |
163 | size_t numtempl, | |
164 | OSSL_RECORD_TEMPLATE *prefixtempl, | |
165 | WPACKET *pkt, | |
e9189cc4 | 166 | TLS_BUFFER *bufs, |
91fe8ff0 | 167 | size_t *wpinited); |
7ca61d63 MC |
168 | |
169 | /* Get the actual record type to be used for a given template */ | |
eb1eaa9a TM |
170 | uint8_t (*get_record_type)(OSSL_RECORD_LAYER *rl, |
171 | OSSL_RECORD_TEMPLATE *template); | |
aca70ca8 MC |
172 | |
173 | /* Write the record header data to the WPACKET */ | |
174 | int (*prepare_record_header)(OSSL_RECORD_LAYER *rl, WPACKET *thispkt, | |
175 | OSSL_RECORD_TEMPLATE *templ, | |
eb1eaa9a | 176 | uint8_t rectype, |
aca70ca8 | 177 | unsigned char **recdata); |
2582de25 MC |
178 | |
179 | int (*add_record_padding)(OSSL_RECORD_LAYER *rl, | |
180 | OSSL_RECORD_TEMPLATE *thistempl, | |
181 | WPACKET *thispkt, | |
22094d11 | 182 | TLS_RL_RECORD *thiswr); |
757ef3ba MC |
183 | |
184 | /* | |
185 | * This applies any mac that might be necessary, ensures that we have enough | |
186 | * space in the WPACKET to perform the encryption and sets up the | |
22094d11 | 187 | * TLS_RL_RECORD ready for that encryption. |
757ef3ba MC |
188 | */ |
189 | int (*prepare_for_encryption)(OSSL_RECORD_LAYER *rl, | |
190 | size_t mac_size, | |
191 | WPACKET *thispkt, | |
22094d11 | 192 | TLS_RL_RECORD *thiswr); |
2a354d54 MC |
193 | |
194 | /* | |
195 | * Any updates required to the record after encryption has been applied. For | |
196 | * example, adding a MAC if using encrypt-then-mac | |
197 | */ | |
198 | int (*post_encryption_processing)(OSSL_RECORD_LAYER *rl, | |
199 | size_t mac_size, | |
200 | OSSL_RECORD_TEMPLATE *thistempl, | |
201 | WPACKET *thispkt, | |
22094d11 | 202 | TLS_RL_RECORD *thiswr); |
ace38195 MC |
203 | |
204 | /* | |
205 | * Some record layer implementations need to do some custom preparation of | |
206 | * the BIO before we write to it. KTLS does this to prevent coalescing of | |
207 | * control and data messages. | |
208 | */ | |
209 | int (*prepare_write_bio)(OSSL_RECORD_LAYER *rl, int type); | |
50023e9b MC |
210 | }; |
211 | ||
212 | struct ossl_record_layer_st | |
213 | { | |
214 | OSSL_LIB_CTX *libctx; | |
215 | const char *propq; | |
216 | int isdtls; | |
217 | int version; | |
218 | int role; | |
219 | int direction; | |
9dd90232 | 220 | int level; |
b05fbac1 | 221 | const EVP_MD *md; |
222cf410 | 222 | /* DTLS only */ |
279754d4 | 223 | uint16_t epoch; |
359affde MC |
224 | |
225 | /* | |
226 | * A BIO containing any data read in the previous epoch that was destined | |
227 | * for this epoch | |
228 | */ | |
229 | BIO *prev; | |
230 | ||
231 | /* The transport BIO */ | |
50023e9b | 232 | BIO *bio; |
359affde MC |
233 | |
234 | /* | |
235 | * A BIO where we will send any data read by us that is destined for the | |
236 | * next epoch. | |
237 | */ | |
238 | BIO *next; | |
239 | ||
b0a9042e | 240 | /* Types match the equivalent fields in the SSL object */ |
50023e9b | 241 | uint64_t options; |
50023e9b MC |
242 | uint32_t mode; |
243 | ||
151f313e | 244 | /* write IO goes into here */ |
e9189cc4 | 245 | TLS_BUFFER wbuf[SSL_MAX_PIPELINES + 1]; |
151f313e MC |
246 | |
247 | /* Next wbuf with pending data still to write */ | |
248 | size_t nextwbuf; | |
249 | ||
e7694c69 MC |
250 | /* How many pipelines can be used to write data */ |
251 | size_t numwpipes; | |
252 | ||
50023e9b | 253 | /* read IO goes into here */ |
e9189cc4 | 254 | TLS_BUFFER rbuf; |
50023e9b | 255 | /* each decoded record goes in here */ |
22094d11 | 256 | TLS_RL_RECORD rrec[SSL_MAX_PIPELINES]; |
50023e9b | 257 | |
eb4129e1 | 258 | /* How many records have we got available in the rrec buffer */ |
50023e9b MC |
259 | size_t num_recs; |
260 | ||
261 | /* The record number in the rrec buffer that can be read next */ | |
262 | size_t curr_rec; | |
263 | ||
264 | /* The number of records that have been released via tls_release_record */ | |
265 | size_t num_released; | |
266 | ||
50023e9b MC |
267 | /* where we are when reading */ |
268 | int rstate; | |
269 | ||
270 | /* used internally to point at a raw packet */ | |
271 | unsigned char *packet; | |
272 | size_t packet_length; | |
273 | ||
0755722c MC |
274 | /* Sequence number for the next record */ |
275 | unsigned char sequence[SEQ_NUM_SIZE]; | |
276 | ||
4bf610bd | 277 | /* Alert code to be used if an error occurs */ |
50023e9b MC |
278 | int alert; |
279 | ||
280 | /* | |
b0a9042e | 281 | * Read as many input bytes as possible (for non-blocking reads) |
50023e9b MC |
282 | */ |
283 | int read_ahead; | |
284 | ||
285 | /* The number of consecutive empty records we have received */ | |
286 | size_t empty_record_count; | |
287 | ||
b9e4e783 MC |
288 | /* |
289 | * Do we need to send a prefix empty record before application data as a | |
290 | * countermeasure against known-IV weakness (necessary for SSLv3 and | |
291 | * TLSv1.0) | |
292 | */ | |
293 | int need_empty_fragments; | |
294 | ||
50023e9b | 295 | /* cryptographic state */ |
6366bdd9 | 296 | EVP_CIPHER_CTX *enc_ctx; |
1853d20a | 297 | |
9251c3c4 MC |
298 | /* Explicit IV length */ |
299 | size_t eivlen; | |
300 | ||
50023e9b | 301 | /* used for mac generation */ |
6366bdd9 MC |
302 | EVP_MD_CTX *md_ctx; |
303 | ||
9251c3c4 MC |
304 | /* compress/uncompress */ |
305 | COMP_CTX *compctx; | |
50023e9b | 306 | |
1853d20a MC |
307 | /* Set to 1 if this is the first handshake. 0 otherwise */ |
308 | int is_first_handshake; | |
309 | ||
435d88d7 MC |
310 | /* |
311 | * The smaller of the configured and negotiated maximum fragment length | |
312 | * or SSL3_RT_MAX_PLAIN_LENGTH if none | |
313 | */ | |
ffbd6e67 MC |
314 | unsigned int max_frag_len; |
315 | ||
eb4129e1 | 316 | /* The maximum amount of early data we can receive/send */ |
9dd90232 MC |
317 | uint32_t max_early_data; |
318 | ||
319 | /* The amount of early data that we have sent/received */ | |
320 | size_t early_data_count; | |
321 | ||
eb7d6c2a MC |
322 | /* TLSv1.3 record padding */ |
323 | size_t block_padding; | |
324 | ||
50023e9b MC |
325 | /* Only used by SSLv3 */ |
326 | unsigned char mac_secret[EVP_MAX_MD_SIZE]; | |
327 | ||
7f2f0ac7 MC |
328 | /* TLSv1.0/TLSv1.1/TLSv1.2 */ |
329 | int use_etm; | |
330 | ||
8124ab56 MC |
331 | /* Flags for GOST ciphers */ |
332 | int stream_mac; | |
333 | int tlstree; | |
334 | ||
1853d20a MC |
335 | /* TLSv1.3 fields */ |
336 | /* static IV */ | |
50023e9b | 337 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
1853d20a MC |
338 | int allow_plain_alerts; |
339 | ||
340 | /* TLS "any" fields */ | |
341 | /* Set to true if this is the first record in a connection */ | |
342 | unsigned int is_first_record; | |
50023e9b MC |
343 | |
344 | size_t taglen; | |
345 | ||
bfc0f10d | 346 | /* DTLS received handshake records (processed and unprocessed) */ |
715a74a6 FWH |
347 | struct pqueue_st *unprocessed_rcds; |
348 | struct pqueue_st *processed_rcds; | |
eddb067e | 349 | |
bfc0f10d | 350 | /* records being received in the current epoch */ |
f6aab7b1 | 351 | DTLS_BITMAP bitmap; |
bfc0f10d | 352 | /* renegotiation starts a new set of sequence numbers */ |
f6aab7b1 | 353 | DTLS_BITMAP next_bitmap; |
bfc0f10d MC |
354 | |
355 | /* | |
eb4129e1 | 356 | * Whether we are currently in a handshake or not. Only maintained for DTLS |
bfc0f10d MC |
357 | */ |
358 | int in_init; | |
359 | ||
9dd90232 MC |
360 | /* Callbacks */ |
361 | void *cbarg; | |
3c7b9ef9 MC |
362 | OSSL_FUNC_rlayer_skip_early_data_fn *skip_early_data; |
363 | OSSL_FUNC_rlayer_msg_callback_fn *msg_callback; | |
ed0e298f | 364 | OSSL_FUNC_rlayer_security_fn *security; |
5f95eb77 | 365 | OSSL_FUNC_rlayer_padding_fn *padding; |
9dd90232 | 366 | |
8124ab56 MC |
367 | size_t max_pipelines; |
368 | ||
50023e9b | 369 | /* Function pointers for version specific functions */ |
89dd87e1 | 370 | const struct record_functions_st *funcs; |
50023e9b MC |
371 | }; |
372 | ||
eddb067e MC |
373 | typedef struct dtls_rlayer_record_data_st { |
374 | unsigned char *packet; | |
375 | size_t packet_length; | |
e9189cc4 | 376 | TLS_BUFFER rbuf; |
22094d11 | 377 | TLS_RL_RECORD rrec; |
eddb067e MC |
378 | } DTLS_RLAYER_RECORD_DATA; |
379 | ||
89dd87e1 HL |
380 | extern const struct record_functions_st ssl_3_0_funcs; |
381 | extern const struct record_functions_st tls_1_funcs; | |
382 | extern const struct record_functions_st tls_1_3_funcs; | |
383 | extern const struct record_functions_st tls_any_funcs; | |
384 | extern const struct record_functions_st dtls_1_funcs; | |
385 | extern const struct record_functions_st dtls_any_funcs; | |
50023e9b MC |
386 | |
387 | void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason, | |
388 | const char *fmt, ...); | |
389 | ||
1704961c MC |
390 | #define RLAYERfatal(rl, al, r) RLAYERfatal_data((rl), (al), (r), NULL) |
391 | #define RLAYERfatal_data \ | |
50023e9b MC |
392 | (ERR_new(), \ |
393 | ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ | |
394 | ossl_rlayer_fatal) | |
395 | ||
1704961c MC |
396 | #define RLAYER_USE_EXPLICIT_IV(rl) ((rl)->version == TLS1_1_VERSION \ |
397 | || (rl)->version == TLS1_2_VERSION \ | |
709637c8 FWH |
398 | || (rl)->version == DTLS1_BAD_VER \ |
399 | || (rl)->version == DTLS1_VERSION \ | |
400 | || (rl)->version == DTLS1_2_VERSION) | |
88d61680 | 401 | |
22094d11 MC |
402 | void ossl_tls_rl_record_set_seq_num(TLS_RL_RECORD *r, |
403 | const unsigned char *seq_num); | |
23c57f00 | 404 | |
50023e9b MC |
405 | int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl, |
406 | EVP_CIPHER_CTX *ctx, | |
407 | const EVP_CIPHER *ciph, | |
7f2f0ac7 | 408 | const EVP_MD *md); |
23c57f00 | 409 | |
bed07b18 | 410 | int tls_increment_sequence_ctr(OSSL_RECORD_LAYER *rl); |
7eb39ecb MC |
411 | int tls_alloc_buffers(OSSL_RECORD_LAYER *rl); |
412 | int tls_free_buffers(OSSL_RECORD_LAYER *rl); | |
bed07b18 | 413 | |
1853d20a MC |
414 | int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend, |
415 | int clearold, size_t *readbytes); | |
eddb067e | 416 | int tls_get_more_records(OSSL_RECORD_LAYER *rl); |
222cf410 | 417 | int dtls_get_more_records(OSSL_RECORD_LAYER *rl); |
1853d20a | 418 | |
b9e37f8f MC |
419 | int dtls_prepare_record_header(OSSL_RECORD_LAYER *rl, |
420 | WPACKET *thispkt, | |
421 | OSSL_RECORD_TEMPLATE *templ, | |
eb1eaa9a | 422 | uint8_t rectype, |
b9e37f8f | 423 | unsigned char **recdata); |
421386e3 MC |
424 | int dtls_post_encryption_processing(OSSL_RECORD_LAYER *rl, |
425 | size_t mac_size, | |
426 | OSSL_RECORD_TEMPLATE *thistempl, | |
427 | WPACKET *thispkt, | |
22094d11 | 428 | TLS_RL_RECORD *thiswr); |
602ee1f6 | 429 | |
1853d20a | 430 | int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version); |
22094d11 MC |
431 | int tls_default_validate_record_header(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *re); |
432 | int tls_do_compress(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *wr); | |
433 | int tls_do_uncompress(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec); | |
434 | int tls_default_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec); | |
435 | int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec); | |
1853d20a MC |
436 | |
437 | int | |
438 | tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, | |
cfabddfb | 439 | int role, int direction, int level, |
1853d20a | 440 | const EVP_CIPHER *ciph, size_t taglen, |
1e76110b | 441 | const EVP_MD *md, COMP_METHOD *comp, BIO *prev, |
359affde | 442 | BIO *transport, BIO *next, |
1853d20a | 443 | const OSSL_PARAM *settings, const OSSL_PARAM *options, |
9dd90232 | 444 | const OSSL_DISPATCH *fns, void *cbarg, |
8124ab56 | 445 | OSSL_RECORD_LAYER **retrl); |
359affde | 446 | int tls_free(OSSL_RECORD_LAYER *rl); |
1853d20a MC |
447 | int tls_unprocessed_read_pending(OSSL_RECORD_LAYER *rl); |
448 | int tls_processed_read_pending(OSSL_RECORD_LAYER *rl); | |
449 | size_t tls_app_data_pending(OSSL_RECORD_LAYER *rl); | |
eb1eaa9a | 450 | size_t tls_get_max_records(OSSL_RECORD_LAYER *rl, uint8_t type, size_t len, |
02719d5c | 451 | size_t maxfrag, size_t *preffrag); |
2b71b042 MC |
452 | int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, |
453 | size_t numtempl); | |
454 | int tls_retry_write_records(OSSL_RECORD_LAYER *rl); | |
1853d20a MC |
455 | int tls_get_alert_code(OSSL_RECORD_LAYER *rl); |
456 | int tls_set1_bio(OSSL_RECORD_LAYER *rl, BIO *bio); | |
1704961c | 457 | int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion, |
1cc8c53b | 458 | uint8_t *type, const unsigned char **data, size_t *datalen, |
8124ab56 | 459 | uint16_t *epoch, unsigned char *seq_num); |
7a4e109e | 460 | int tls_release_record(OSSL_RECORD_LAYER *rl, void *rechandle, size_t length); |
1853d20a MC |
461 | int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version); |
462 | int tls_set_protocol_version(OSSL_RECORD_LAYER *rl, int version); | |
463 | void tls_set_plain_alerts(OSSL_RECORD_LAYER *rl, int allow); | |
464 | void tls_set_first_handshake(OSSL_RECORD_LAYER *rl, int first); | |
8124ab56 | 465 | void tls_set_max_pipelines(OSSL_RECORD_LAYER *rl, size_t max_pipelines); |
d0b17ea0 MC |
466 | void tls_get_state(OSSL_RECORD_LAYER *rl, const char **shortstr, |
467 | const char **longstr); | |
4566dae7 | 468 | int tls_set_options(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options); |
1e76110b | 469 | const COMP_METHOD *tls_get_compression(OSSL_RECORD_LAYER *rl); |
435d88d7 | 470 | void tls_set_max_frag_len(OSSL_RECORD_LAYER *rl, size_t max_frag_len); |
9b7fb65e | 471 | int tls_setup_read_buffer(OSSL_RECORD_LAYER *rl); |
bafe524b MC |
472 | int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes, |
473 | size_t firstlen, size_t nextlen); | |
474 | ||
475 | int tls_write_records_multiblock(OSSL_RECORD_LAYER *rl, | |
476 | OSSL_RECORD_TEMPLATE *templates, | |
477 | size_t numtempl); | |
478 | ||
eb1eaa9a TM |
479 | size_t tls_get_max_records_default(OSSL_RECORD_LAYER *rl, uint8_t type, |
480 | size_t len, | |
bafe524b | 481 | size_t maxfrag, size_t *preffrag); |
eb1eaa9a | 482 | size_t tls_get_max_records_multiblock(OSSL_RECORD_LAYER *rl, uint8_t type, |
aca70ca8 MC |
483 | size_t len, size_t maxfrag, |
484 | size_t *preffrag); | |
91fe8ff0 MC |
485 | int tls_allocate_write_buffers_default(OSSL_RECORD_LAYER *rl, |
486 | OSSL_RECORD_TEMPLATE *templates, | |
487 | size_t numtempl, size_t *prefix); | |
488 | int tls_initialise_write_packets_default(OSSL_RECORD_LAYER *rl, | |
489 | OSSL_RECORD_TEMPLATE *templates, | |
490 | size_t numtempl, | |
491 | OSSL_RECORD_TEMPLATE *prefixtempl, | |
492 | WPACKET *pkt, | |
e9189cc4 | 493 | TLS_BUFFER *bufs, |
91fe8ff0 MC |
494 | size_t *wpinited); |
495 | int tls1_allocate_write_buffers(OSSL_RECORD_LAYER *rl, | |
496 | OSSL_RECORD_TEMPLATE *templates, | |
497 | size_t numtempl, size_t *prefix); | |
498 | int tls1_initialise_write_packets(OSSL_RECORD_LAYER *rl, | |
499 | OSSL_RECORD_TEMPLATE *templates, | |
500 | size_t numtempl, | |
501 | OSSL_RECORD_TEMPLATE *prefixtempl, | |
502 | WPACKET *pkt, | |
e9189cc4 | 503 | TLS_BUFFER *bufs, |
91fe8ff0 | 504 | size_t *wpinited); |
aca70ca8 MC |
505 | int tls_prepare_record_header_default(OSSL_RECORD_LAYER *rl, |
506 | WPACKET *thispkt, | |
507 | OSSL_RECORD_TEMPLATE *templ, | |
eb1eaa9a | 508 | uint8_t rectype, |
aca70ca8 | 509 | unsigned char **recdata); |
757ef3ba MC |
510 | int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl, |
511 | size_t mac_size, | |
512 | WPACKET *thispkt, | |
22094d11 | 513 | TLS_RL_RECORD *thiswr); |
2a354d54 MC |
514 | int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl, |
515 | size_t mac_size, | |
516 | OSSL_RECORD_TEMPLATE *thistempl, | |
517 | WPACKET *thispkt, | |
22094d11 | 518 | TLS_RL_RECORD *thiswr); |
bafe524b MC |
519 | int tls_write_records_default(OSSL_RECORD_LAYER *rl, |
520 | OSSL_RECORD_TEMPLATE *templates, | |
521 | size_t numtempl); | |
e158ada6 | 522 | |
e9189cc4 MC |
523 | /* Macros/functions provided by the TLS_BUFFER component */ |
524 | ||
525 | #define TLS_BUFFER_get_buf(b) ((b)->buf) | |
526 | #define TLS_BUFFER_set_buf(b, n) ((b)->buf = (n)) | |
527 | #define TLS_BUFFER_get_len(b) ((b)->len) | |
528 | #define TLS_BUFFER_get_left(b) ((b)->left) | |
529 | #define TLS_BUFFER_set_left(b, l) ((b)->left = (l)) | |
530 | #define TLS_BUFFER_sub_left(b, l) ((b)->left -= (l)) | |
531 | #define TLS_BUFFER_get_offset(b) ((b)->offset) | |
532 | #define TLS_BUFFER_set_offset(b, o) ((b)->offset = (o)) | |
533 | #define TLS_BUFFER_add_offset(b, o) ((b)->offset += (o)) | |
534 | #define TLS_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l)) | |
535 | #define TLS_BUFFER_is_app_buffer(b) ((b)->app_buffer) | |
536 | ||
537 | void ossl_tls_buffer_release(TLS_BUFFER *b); |