[thirdparty/openssl.git] / ssl / record / recordmethod.h

/*
 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#ifndef OSSL_INTERNAL_RECORDMETHOD_H
# define OSSL_INTERNAL_RECORDMETHOD_H
# pragma once

# include <openssl/ssl.h>

/*
 * We use the term "record" here to refer to a packet of data. Records are
 * typically protected via a cipher and MAC, or an AEAD cipher (although not
 * always). This usage of the term record is consistent with the TLS concept.
 * In QUIC the term "record" is not used but it is analogous to the QUIC term
 * "packet". The interface in this file applies to all protocols that protect
 * records/packets of data, i.e. (D)TLS and QUIC. The term record is used to
 * refer to both contexts.
 */

/*
 * An OSSL_RECORD_METHOD is a protcol specific method which provides the
 * functions for reading and writing records for that protocol. Which
 * OSSL_RECORD_METHOD to use for a given protocol is defined by the SSL_METHOD.
 */
typedef struct ossl_record_method_st OSSL_RECORD_METHOD;

/*
 * An OSSL_RECORD_LAYER is just an externally defined opaque pointer created by
 * the method
 */
typedef struct ossl_record_layer_st OSSL_RECORD_LAYER;


# define OSSL_RECORD_ROLE_CLIENT 0
# define OSSL_RECORD_ROLE_SERVER 1

# define OSSL_RECORD_DIRECTION_READ  0
# define OSSL_RECORD_DIRECTION_WRITE 1

/*
 * Protection level. For <= TLSv1.2 only "NONE" and "APPLICATION" are used.
 */
# define OSSL_RECORD_PROTECTION_LEVEL_NONE        0
# define OSSL_RECORD_PROTECTION_LEVEL_EARLY       1
# define OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE   2
# define OSSL_RECORD_PROTECTION_LEVEL_APPLICATION 3

# define OSSL_RECORD_RETURN_SUCCESS           1
# define OSSL_RECORD_RETURN_RETRY             0
# define OSSL_RECORD_RETURN_NON_FATAL_ERR    -1
# define OSSL_RECORD_RETURN_FATAL            -2
# define OSSL_RECORD_RETURN_EOF              -3

/*
 * Template for creating a record. A record consists of the |type| of data it
 * will contain (e.g. alert, handshake, application data, etc) along with a
 * buffer of payload data in |buf| of length |buflen|.
 */
struct ossl_record_template_st {
    int type;
    unsigned int version;
    const unsigned char *buf;
    size_t buflen;
};

typedef struct ossl_record_template_st OSSL_RECORD_TEMPLATE;

/*
 * Rather than a "method" approach, we could make this fetchable - Should we?
 * There could be some complexity in finding suitable record layer implementations
 * e.g. we need to find one that matches the negotiated protocol, cipher,
 * extensions, etc. The selection_cb approach given above doesn't work so well
 * if unknown third party providers with OSSL_RECORD_METHOD implementations are
 * loaded.
 */

/*
 * If this becomes public API then we will need functions to create and
 * free an OSSL_RECORD_METHOD, as well as functions to get/set the various
 * function pointers....unless we make it fetchable.
 */
struct ossl_record_method_st {
    /*
     * Create a new OSSL_RECORD_LAYER object for handling the protocol version
     * set by |vers|. |role| is 0 for client and 1 for server. |direction|
     * indicates either read or write. |level| is the protection level as
     * described above. |settings| are mandatory settings that will cause the
     * new() call to fail if they are not understood (for example to require
     * Encrypt-Then-Mac support). |options| are optional settings that will not
     * cause the new() call to fail if they are not understood (for example
     * whether to use "read ahead" or not).
     *
     * The BIO in |transport| is the BIO for the underlying transport layer.
     * Where the direction is "read", then this BIO will only ever be used for
     * reading data. Where the direction is "write", then this BIO will only
     * every be used for writing data.
     *
     * An SSL object will always have at least 2 OSSL_RECORD_LAYER objects in
     * force at any one time (one for reading and one for writing). In some
     * protocols more than 2 might be used (e.g. in DTLS for retransmitting
     * messages from an earlier epoch).
     *
     * The created OSSL_RECORD_LAYER object is stored in *ret on success (or
     * NULL otherwise). The return value will be one of
     * OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or
     * OSSL_RECORD_RETURN_NON_FATAL. A non-fatal return means that creation of
     * the record layer has failed because it is unsuitable, but an alternative
     * record layer can be tried instead.
     */

    /*
     * If we eventually make this fetchable then we will need to use something
     * other than EVP_CIPHER. Also mactype would not be a NID, but a string. For
     * now though, this works.
     */
    int (*new_record_layer)(OSSL_LIB_CTX *libctx,
                            const char *propq, int vers,
                            int role, int direction,
                            int level,
                            uint16_t epoch,
                            unsigned char *key,
                            size_t keylen,
                            unsigned char *iv,
                            size_t ivlen,
                            unsigned char *mackey,
                            size_t mackeylen,
                            const EVP_CIPHER *ciph,
                            size_t taglen,
                            int mactype,
                            const EVP_MD *md,
                            COMP_METHOD *comp,
                            BIO *prev,
                            BIO *transport,
                            BIO *next,
                            BIO_ADDR *local,
                            BIO_ADDR *peer,
                            const OSSL_PARAM *settings,
                            const OSSL_PARAM *options,
                            const OSSL_DISPATCH *fns,
                            void *cbarg,
                            OSSL_RECORD_LAYER **ret);
    int (*free)(OSSL_RECORD_LAYER *rl);

    int (*reset)(OSSL_RECORD_LAYER *rl); /* Is this needed? */

    /* Returns 1 if we have unprocessed data buffered or 0 otherwise */
    int (*unprocessed_read_pending)(OSSL_RECORD_LAYER *rl);

    /*
     * Returns 1 if we have processed data buffered that can be read or 0 otherwise
     * - not necessarily app data
     */
    int (*processed_read_pending)(OSSL_RECORD_LAYER *rl);

    /*
     * The amount of processed app data that is internally bufferred and
     * available to read
     */
    size_t (*app_data_pending)(OSSL_RECORD_LAYER *rl);

    int (*write_pending)(OSSL_RECORD_LAYER *rl);

    /*
     * Find out the maximum amount of plaintext data that the record layer is
     * prepared to write in a single record. When calling write_records it is
     * the caller's responsibility to ensure that no record template exceeds
     * this maximum when calling write_records.
     */
    size_t (*get_max_record_len)(OSSL_RECORD_LAYER *rl);

    /*
     * Find out the maximum number of records that the record layer is prepared
     * to process in a single call to write_records. It is the caller's
     * responsibility to ensure that no call to write_records exceeds this
     * number of records. |type| is the type of the records that the caller
     * wants to write, and |len| is the total amount of data that it wants
     * to send. |maxfrag| is the maximum allowed fragment size based on user
     * configuration, or TLS parameter negotiation. |*preffrag| contains on
     * entry the default fragment size that will actually be used based on user
     * configuration. This will always be less than or equal to |maxfrag|. On
     * exit the record layer may update this to an alternative fragment size to
     * be used. This must always be less than or equal to |maxfrag|.
     */
    size_t (*get_max_records)(OSSL_RECORD_LAYER *rl, int type, size_t len,
                              size_t maxfrag, size_t *preffrag);

    /*
     * Write |numtempl| records from the array of record templates pointed to
     * by |templates|. Each record should be no longer than the value returned
     * by get_max_record_len(), and there should be no more records than the
     * value returned by get_max_records().
     * Where possible the caller will attempt to ensure that all records are the
     * same length, except the last record. This may not always be possible so
     * the record method implementation should not rely on this being the case.
     * In the event of a retry the caller should call retry_write_records()
     * to try again. No more calls to write_records() should be attempted until
     * retry_write_records() returns success.
     * Buffers allocated for the record templates can be freed immediately after
     * write_records() returns - even in the case a retry.
     * The record templates represent the plaintext payload. The encrypted
     * output is written to the |transport| BIO.
     * Returns:
     *  1 on success
     *  0 on retry
     * -1 on failure
     */
    int (*write_records)(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates,
                         size_t numtempl);

    /*
     * Retry a previous call to write_records. The caller should continue to
     * call this until the function returns with success or failure. After
     * each retry more of the data may have been incrementally sent.
     * Returns:
     *  1 on success
     *  0 on retry
     * -1 on failure
     */
    int (*retry_write_records)(OSSL_RECORD_LAYER *rl);

    /*
     * Read a record and return the record layer version and record type in
     * the |rversion| and |type| parameters. |*data| is set to point to a
     * record layer buffer containing the record payload data and |*datalen|
     * is filled in with the length of that data. The |epoch| and |seq_num|
     * values are only used if DTLS has been negotiated. In that case they are
     * filled in with the epoch and sequence number from the record.
     * An opaque record layer handle for the record is returned in |*rechandle|
     * which is used in a subsequent call to |release_record|. The buffer must
     * remain available until release_record is called.
     *
     * Internally the the OSSL_RECORD_METHOD the implementation may read/process
     * multiple records in one go and buffer them.
     */
    int (*read_record)(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
                      int *type, unsigned char **data, size_t *datalen,
                      uint16_t *epoch, unsigned char *seq_num);
    /*
     * Release a buffer associated with a record previously read with
     * read_record. Records are guaranteed to be released in the order that they
     * are read.
     */
    int (*release_record)(OSSL_RECORD_LAYER *rl, void *rechandle);

    /*
     * In the event that a fatal error is returned from the functions above then
     * get_alert_code() can be called to obtain a more details identifier for
     * the error. In (D)TLS this is the alert description code.
     */
    int (*get_alert_code)(OSSL_RECORD_LAYER *rl);

    /*
     * Update the transport BIO from the one originally set in the
     * new_record_layer call
     */
    int (*set1_bio)(OSSL_RECORD_LAYER *rl, BIO *bio);

    /* Called when protocol negotiation selects a protocol version to use */
    int (*set_protocol_version)(OSSL_RECORD_LAYER *rl, int version);

    /*
     * Whether we are allowed to receive unencrypted alerts, even if we might
     * otherwise expect encrypted records. Ignored by protocol versions where
     * this isn't relevant
     */
    void (*set_plain_alerts)(OSSL_RECORD_LAYER *rl, int allow);

    /*
     * Called immediately after creation of the record layer if we are in a
     * first handshake. Also called at the end of the first handshake
     */
    void (*set_first_handshake)(OSSL_RECORD_LAYER *rl, int first);

    /*
     * Set the maximum number of pipelines that the record layer should process.
     * The default is 1.
     */
    void (*set_max_pipelines)(OSSL_RECORD_LAYER *rl, size_t max_pipelines);

    /*
     * Called to tell the record layer whether we are currently "in init" or
     * not. Default at creation of the record layer is "yes".
     */
    void (*set_in_init)(OSSL_RECORD_LAYER *rl, int in_init);

    /*
     * Get a short or long human readable description of the record layer state
     */
    void (*get_state)(OSSL_RECORD_LAYER *rl, const char **shortstr,
                      const char **longstr);

    /*
     * Set new options or modify ones that were originaly specified in the
     * new_record_layer call.
     */
    int (*set_options)(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options);

    const COMP_METHOD *(*get_compression)(OSSL_RECORD_LAYER *rl);

    /*
     * Set the maximum fragment length to be used for the record layer. This
     * will override any previous value supplied for the "max_frag_len"
     * setting during construction of the record layer.
     */
    void (*set_max_frag_len)(OSSL_RECORD_LAYER *rl, size_t max_frag_len);

    /*
     * The maximum expansion in bytes that the record layer might add while
     * writing a record
     */
    size_t (*get_max_record_overhead)(OSSL_RECORD_LAYER *rl);

    /*
     * Increment the record sequence number
     */
    int (*increment_sequence_ctr)(OSSL_RECORD_LAYER *rl);
};


/* Standard built-in record methods */
extern const OSSL_RECORD_METHOD ossl_tls_record_method;
# ifndef OPENSSL_NO_KTLS
extern const OSSL_RECORD_METHOD ossl_ktls_record_method;
# endif
extern const OSSL_RECORD_METHOD ossl_dtls_record_method;

#endif /* !defined(OSSL_INTERNAL_RECORDMETHOD_H) */
Commit	Line	Data
79a1f3e4 MC	1	/*
	2	* Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
79eebb08 MC	10	#ifndef OSSL_INTERNAL_RECORDMETHOD_H
	11	# define OSSL_INTERNAL_RECORDMETHOD_H
	12	# pragma once
	13
	14	# include <openssl/ssl.h>
79a1f3e4 MC	15
	16	/*
	17	* We use the term "record" here to refer to a packet of data. Records are
	18	* typically protected via a cipher and MAC, or an AEAD cipher (although not
	19	* always). This usage of the term record is consistent with the TLS concept.
	20	* In QUIC the term "record" is not used but it is analogous to the QUIC term
	21	* "packet". The interface in this file applies to all protocols that protect
	22	* records/packets of data, i.e. (D)TLS and QUIC. The term record is used to
	23	* refer to both contexts.
	24	*/
	25
79a1f3e4 MC	26	/*
	27	* An OSSL_RECORD_METHOD is a protcol specific method which provides the
	28	* functions for reading and writing records for that protocol. Which
	29	* OSSL_RECORD_METHOD to use for a given protocol is defined by the SSL_METHOD.
	30	*/
	31	typedef struct ossl_record_method_st OSSL_RECORD_METHOD;
	32
	33	/*
	34	* An OSSL_RECORD_LAYER is just an externally defined opaque pointer created by
	35	* the method
	36	*/
	37	typedef struct ossl_record_layer_st OSSL_RECORD_LAYER;
	38
	39
79eebb08 MC	40	# define OSSL_RECORD_ROLE_CLIENT 0
79eebb08 MC	41	# define OSSL_RECORD_ROLE_SERVER 1
79a1f3e4	42
79eebb08 MC	43	# define OSSL_RECORD_DIRECTION_READ 0
79eebb08 MC	44	# define OSSL_RECORD_DIRECTION_WRITE 1
79a1f3e4 MC	45
	46	/*
	47	* Protection level. For <= TLSv1.2 only "NONE" and "APPLICATION" are used.
	48	*/
79eebb08 MC	49	# define OSSL_RECORD_PROTECTION_LEVEL_NONE 0
	50	# define OSSL_RECORD_PROTECTION_LEVEL_EARLY 1
	51	# define OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE 2
	52	# define OSSL_RECORD_PROTECTION_LEVEL_APPLICATION 3
79a1f3e4	53
79eebb08 MC	54	# define OSSL_RECORD_RETURN_SUCCESS 1
	55	# define OSSL_RECORD_RETURN_RETRY 0
	56	# define OSSL_RECORD_RETURN_NON_FATAL_ERR -1
	57	# define OSSL_RECORD_RETURN_FATAL -2
	58	# define OSSL_RECORD_RETURN_EOF -3
e2d5742b	59
79a1f3e4 MC	60	/*
79a1f3e4 MC	61	* Template for creating a record. A record consists of the \|type\| of data it
a566864b MC	62	* will contain (e.g. alert, handshake, application data, etc) along with a
a566864b MC	63	* buffer of payload data in \|buf\| of length \|buflen\|.
79a1f3e4 MC	64	*/
	65	struct ossl_record_template_st {
	66	int type;
1d367677	67	unsigned int version;
a566864b MC	68	const unsigned char *buf;
a566864b MC	69	size_t buflen;
79a1f3e4 MC	70	};
	71
	72	typedef struct ossl_record_template_st OSSL_RECORD_TEMPLATE;
	73
	74	/*
	75	* Rather than a "method" approach, we could make this fetchable - Should we?
	76	* There could be some complexity in finding suitable record layer implementations
	77	* e.g. we need to find one that matches the negotiated protocol, cipher,
	78	* extensions, etc. The selection_cb approach given above doesn't work so well
	79	* if unknown third party providers with OSSL_RECORD_METHOD implementations are
	80	* loaded.
	81	*/
	82
	83	/*
	84	* If this becomes public API then we will need functions to create and
	85	* free an OSSL_RECORD_METHOD, as well as functions to get/set the various
	86	* function pointers....unless we make it fetchable.
	87	*/
	88	struct ossl_record_method_st {
	89	/*
	90	* Create a new OSSL_RECORD_LAYER object for handling the protocol version
	91	* set by \|vers\|. \|role\| is 0 for client and 1 for server. \|direction\|
	92	* indicates either read or write. \|level\| is the protection level as
	93	* described above. \|settings\| are mandatory settings that will cause the
	94	* new() call to fail if they are not understood (for example to require
	95	* Encrypt-Then-Mac support). \|options\| are optional settings that will not
	96	* cause the new() call to fail if they are not understood (for example
	97	* whether to use "read ahead" or not).
	98	*
	99	* The BIO in \|transport\| is the BIO for the underlying transport layer.
	100	* Where the direction is "read", then this BIO will only ever be used for
	101	* reading data. Where the direction is "write", then this BIO will only
	102	* every be used for writing data.
	103	*
	104	* An SSL object will always have at least 2 OSSL_RECORD_LAYER objects in
	105	* force at any one time (one for reading and one for writing). In some
	106	* protocols more than 2 might be used (e.g. in DTLS for retransmitting
	107	* messages from an earlier epoch).
7c293999 MC	108	*
	109	* The created OSSL_RECORD_LAYER object is stored in *ret on success (or
	110	* NULL otherwise). The return value will be one of
	111	* OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or
	112	* OSSL_RECORD_RETURN_NON_FATAL. A non-fatal return means that creation of
	113	* the record layer has failed because it is unsuitable, but an alternative
	114	* record layer can be tried instead.
79a1f3e4 MC	115	*/
	116
	117	/*
4564b47d MC	118	* If we eventually make this fetchable then we will need to use something
	119	* other than EVP_CIPHER. Also mactype would not be a NID, but a string. For
	120	* now though, this works.
79a1f3e4	121	*/
7c293999 MC	122	int (new_record_layer)(OSSL_LIB_CTX libctx,
	123	const char *propq, int vers,
	124	int role, int direction,
222cf410	125	int level,
279754d4	126	uint16_t epoch,
222cf410	127	unsigned char *key,
7c293999 MC	128	size_t keylen,
	129	unsigned char *iv,
	130	size_t ivlen,
	131	unsigned char *mackey,
	132	size_t mackeylen,
	133	const EVP_CIPHER *ciph,
	134	size_t taglen,
7c293999 MC	135	int mactype,
7c293999 MC	136	const EVP_MD *md,
1e76110b	137	COMP_METHOD *comp,
359affde MC	138	BIO *prev,
	139	BIO *transport,
	140	BIO *next,
	141	BIO_ADDR *local,
7c293999 MC	142	BIO_ADDR *peer,
	143	const OSSL_PARAM *settings,
	144	const OSSL_PARAM *options,
9dd90232 MC	145	const OSSL_DISPATCH *fns,
9dd90232 MC	146	void *cbarg,
8124ab56	147	OSSL_RECORD_LAYER **ret);
359affde	148	int (free)(OSSL_RECORD_LAYER rl);
79a1f3e4	149
11653dcd	150	int (reset)(OSSL_RECORD_LAYER rl); /* Is this needed? */
79a1f3e4 MC	151
79a1f3e4 MC	152	/* Returns 1 if we have unprocessed data buffered or 0 otherwise */
11653dcd	153	int (unprocessed_read_pending)(OSSL_RECORD_LAYER rl);
1704961c	154
79a1f3e4 MC	155	/*
	156	* Returns 1 if we have processed data buffered that can be read or 0 otherwise
	157	* - not necessarily app data
	158	*/
11653dcd	159	int (processed_read_pending)(OSSL_RECORD_LAYER rl);
79a1f3e4 MC	160
	161	/*
	162	* The amount of processed app data that is internally bufferred and
	163	* available to read
	164	*/
11653dcd	165	size_t (app_data_pending)(OSSL_RECORD_LAYER rl);
79a1f3e4	166
11653dcd	167	int (write_pending)(OSSL_RECORD_LAYER rl);
79a1f3e4	168
79a1f3e4 MC	169	/*
	170	* Find out the maximum amount of plaintext data that the record layer is
	171	* prepared to write in a single record. When calling write_records it is
	172	* the caller's responsibility to ensure that no record template exceeds
	173	* this maximum when calling write_records.
	174	*/
11653dcd	175	size_t (get_max_record_len)(OSSL_RECORD_LAYER rl);
79a1f3e4 MC	176
	177	/*
	178	* Find out the maximum number of records that the record layer is prepared
	179	* to process in a single call to write_records. It is the caller's
	180	* responsibility to ensure that no call to write_records exceeds this
02719d5c	181	* number of records. \|type\| is the type of the records that the caller
23bf52a4	182	* wants to write, and \|len\| is the total amount of data that it wants
02719d5c MC	183	* to send. \|maxfrag\| is the maximum allowed fragment size based on user
	184	* configuration, or TLS parameter negotiation. \|*preffrag\| contains on
	185	* entry the default fragment size that will actually be used based on user
	186	* configuration. This will always be less than or equal to \|maxfrag\|. On
	187	* exit the record layer may update this to an alternative fragment size to
	188	* be used. This must always be less than or equal to \|maxfrag\|.
79a1f3e4	189	*/
23bf52a4	190	size_t (get_max_records)(OSSL_RECORD_LAYER rl, int type, size_t len,
02719d5c	191	size_t maxfrag, size_t *preffrag);
79a1f3e4 MC	192
	193	/*
	194	* Write \|numtempl\| records from the array of record templates pointed to
	195	* by \|templates\|. Each record should be no longer than the value returned
	196	* by get_max_record_len(), and there should be no more records than the
	197	* value returned by get_max_records().
79a1f3e4 MC	198	* Where possible the caller will attempt to ensure that all records are the
	199	* same length, except the last record. This may not always be possible so
	200	* the record method implementation should not rely on this being the case.
	201	* In the event of a retry the caller should call retry_write_records()
	202	* to try again. No more calls to write_records() should be attempted until
	203	* retry_write_records() returns success.
	204	* Buffers allocated for the record templates can be freed immediately after
	205	* write_records() returns - even in the case a retry.
	206	* The record templates represent the plaintext payload. The encrypted
	207	* output is written to the \|transport\| BIO.
	208	* Returns:
	209	* 1 on success
	210	* 0 on retry
	211	* -1 on failure
	212	*/
2b71b042 MC	213	int (write_records)(OSSL_RECORD_LAYER rl, OSSL_RECORD_TEMPLATE *templates,
2b71b042 MC	214	size_t numtempl);
79a1f3e4 MC	215
	216	/*
	217	* Retry a previous call to write_records. The caller should continue to
	218	* call this until the function returns with success or failure. After
2b71b042	219	* each retry more of the data may have been incrementally sent.
79a1f3e4 MC	220	* Returns:
	221	* 1 on success
	222	* 0 on retry
	223	* -1 on failure
	224	*/
2b71b042	225	int (retry_write_records)(OSSL_RECORD_LAYER rl);
79a1f3e4 MC	226
	227	/*
	228	* Read a record and return the record layer version and record type in
	229	* the \|rversion\| and \|type\| parameters. \|*data\| is set to point to a
	230	* record layer buffer containing the record payload data and \|*datalen\|
	231	* is filled in with the length of that data. The \|epoch\| and \|seq_num\|
	232	* values are only used if DTLS has been negotiated. In that case they are
	233	* filled in with the epoch and sequence number from the record.
	234	* An opaque record layer handle for the record is returned in \|*rechandle\|
	235	* which is used in a subsequent call to \|release_record\|. The buffer must
	236	* remain available until release_record is called.
	237	*
	238	* Internally the the OSSL_RECORD_METHOD the implementation may read/process
	239	* multiple records in one go and buffer them.
	240	*/
11653dcd MC	241	int (read_record)(OSSL_RECORD_LAYER rl, void *rechandle, int rversion,
11653dcd MC	242	int type, unsigned char data, size_t datalen,
8124ab56	243	uint16_t epoch, unsigned char seq_num);
79a1f3e4 MC	244	/*
	245	* Release a buffer associated with a record previously read with
	246	* read_record. Records are guaranteed to be released in the order that they
	247	* are read.
	248	*/
4030869d	249	int (release_record)(OSSL_RECORD_LAYER rl, void *rechandle);
79a1f3e4	250
e2d5742b MC	251	/*
	252	* In the event that a fatal error is returned from the functions above then
	253	* get_alert_code() can be called to obtain a more details identifier for
	254	* the error. In (D)TLS this is the alert description code.
	255	*/
	256	int (get_alert_code)(OSSL_RECORD_LAYER rl);
	257
	258	/*
	259	* Update the transport BIO from the one originally set in the
	260	* new_record_layer call
	261	*/
	262	int (set1_bio)(OSSL_RECORD_LAYER rl, BIO *bio);
	263
1853d20a MC	264	/* Called when protocol negotiation selects a protocol version to use */
	265	int (set_protocol_version)(OSSL_RECORD_LAYER rl, int version);
	266
	267	/*
	268	* Whether we are allowed to receive unencrypted alerts, even if we might
	269	* otherwise expect encrypted records. Ignored by protocol versions where
	270	* this isn't relevant
	271	*/
	272	void (set_plain_alerts)(OSSL_RECORD_LAYER rl, int allow);
	273
	274	/*
bfc0f10d	275	* Called immediately after creation of the record layer if we are in a
1853d20a MC	276	* first handshake. Also called at the end of the first handshake
	277	*/
	278	void (set_first_handshake)(OSSL_RECORD_LAYER rl, int first);
	279
8124ab56 MC	280	/*
	281	* Set the maximum number of pipelines that the record layer should process.
	282	* The default is 1.
	283	*/
	284	void (set_max_pipelines)(OSSL_RECORD_LAYER rl, size_t max_pipelines);
	285
bfc0f10d MC	286	/*
	287	* Called to tell the record layer whether we are currently "in init" or
	288	* not. Default at creation of the record layer is "yes".
	289	*/
	290	void (set_in_init)(OSSL_RECORD_LAYER rl, int in_init);
d0b17ea0 MC	291
	292	/*
	293	* Get a short or long human readable description of the record layer state
	294	*/
	295	void (get_state)(OSSL_RECORD_LAYER rl, const char **shortstr,
	296	const char **longstr);
4566dae7 MC	297
	298	/*
	299	* Set new options or modify ones that were originaly specified in the
	300	* new_record_layer call.
	301	*/
	302	int (set_options)(OSSL_RECORD_LAYER rl, const OSSL_PARAM *options);
1e76110b MC	303
1e76110b MC	304	const COMP_METHOD (get_compression)(OSSL_RECORD_LAYER *rl);
435d88d7 MC	305
	306	/*
	307	* Set the maximum fragment length to be used for the record layer. This
	308	* will override any previous value supplied for the "max_frag_len"
	309	* setting during construction of the record layer.
	310	*/
	311	void (set_max_frag_len)(OSSL_RECORD_LAYER rl, size_t max_frag_len);
4f428e86 MC	312
	313	/*
	314	* The maximum expansion in bytes that the record layer might add while
	315	* writing a record
	316	*/
	317	size_t (get_max_record_overhead)(OSSL_RECORD_LAYER rl);
b92fc4ae MC	318
	319	/*
	320	* Increment the record sequence number
	321	*/
	322	int (increment_sequence_ctr)(OSSL_RECORD_LAYER rl);
79a1f3e4	323	};
e2d5742b MC	324
	325
	326	/* Standard built-in record methods */
	327	extern const OSSL_RECORD_METHOD ossl_tls_record_method;
cc110a0a MC	328	# ifndef OPENSSL_NO_KTLS
	329	extern const OSSL_RECORD_METHOD ossl_ktls_record_method;
	330	# endif
79eebb08 MC	331	extern const OSSL_RECORD_METHOD ossl_dtls_record_method;
	332
	333	#endif /* !defined(OSSL_INTERNAL_RECORDMETHOD_H) */