2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/bio.h>
11 #include <openssl/ssl.h>
12 #include <openssl/err.h>
13 #include <openssl/core_names.h>
14 #include "internal/e_os.h"
16 #include "recordmethod.h"
18 struct ossl_record_layer_st
25 /* Types match the equivalent structures in the SSL object */
28 * TODO(RECLAYER): Should we take the opportunity to make this uint64_t
29 * even though upper layer continue to use uint32_t?
33 /* read IO goes into here */
36 /* used internally to point at a raw packet */
37 unsigned char *packet
;
43 * Read as many input bytes as possible (for
45 * TODO(RECLAYER): Why isn't this just an option?
50 static int tls_set1_bio(OSSL_RECORD_LAYER
*rl
, BIO
*bio
);
52 # define SSL_AD_NO_ALERT -1
54 static void rlayer_fatal(OSSL_RECORD_LAYER
*rl
, int al
, int reason
,
60 ERR_vset_error(ERR_LIB_SSL
, reason
, fmt
, args
);
67 # define RLAYERfatal(rl, al, r) RLAYERfatal_data((rl), (al), (r), NULL)
68 # define RLAYERfatal_data \
70 ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
73 static int rlayer_allow_compression(OSSL_RECORD_LAYER
*rl
)
75 if (rl
->options
& SSL_OP_NO_COMPRESSION
)
78 /* TODO(RECLAYER): Implement ssl_security inside the record layer */
79 return ssl_security(s
, SSL_SECOP_COMPRESSION
, 0, 0, NULL
);
85 static int rlayer_setup_read_buffer(OSSL_RECORD_LAYER
*rl
)
88 size_t len
, align
= 0, headerlen
;
94 headerlen
= DTLS1_RT_HEADER_LENGTH
;
96 headerlen
= SSL3_RT_HEADER_LENGTH
;
98 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
99 align
= (-SSL3_RT_HEADER_LENGTH
) & (SSL3_ALIGN_PAYLOAD
- 1);
102 if (b
->buf
== NULL
) {
103 len
= SSL3_RT_MAX_PLAIN_LENGTH
104 + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
+ headerlen
+ align
;
105 #ifndef OPENSSL_NO_COMP
106 if (rlayer_allow_compression(rl
))
107 len
+= SSL3_RT_MAX_COMPRESSED_OVERHEAD
;
109 if (b
->default_len
> len
)
110 len
= b
->default_len
;
111 if ((p
= OPENSSL_malloc(len
)) == NULL
) {
113 * We've got a malloc failure, and we're still initialising buffers.
114 * We assume we're so doomed that we won't even be able to send an
117 RLAYERfatal(rl
, SSL_AD_NO_ALERT
, ERR_R_MALLOC_FAILURE
);
127 static int rlayer_release_read_buffer(OSSL_RECORD_LAYER
*rl
)
132 if (rl
->options
& SSL_OP_CLEANSE_PLAINTEXT
)
133 OPENSSL_cleanse(b
->buf
, b
->len
);
134 OPENSSL_free(b
->buf
);
140 * Return values are as per SSL_read()
142 static int tls_read_n(OSSL_RECORD_LAYER
*rl
, size_t n
, size_t max
, int extend
,
143 int clearold
, size_t *readbytes
)
146 * If extend == 0, obtain new n-byte packet; if extend == 1, increase
147 * packet by another n bytes. The packet will be in the sub-array of
148 * s->rlayer.rbuf.buf specified by s->rlayer.packet and
149 * s->rlayer.packet_length. (If s->rlayer.read_ahead is set, 'max' bytes may
150 * be stored in rbuf [plus s->rlayer.packet_length bytes if extend == 1].)
151 * if clearold == 1, move the packet to the start of the buffer; if
152 * clearold == 0 then leave any old packets where they were
154 size_t len
, left
, align
= 0;
159 return OSSL_RECORD_RETURN_NON_FATAL_ERR
;
162 if (rb
->buf
== NULL
) {
163 if (!rlayer_setup_read_buffer(rl
)) {
164 /* RLAYERfatal() already called */
165 return OSSL_RECORD_RETURN_FATAL
;
170 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
171 align
= (size_t)rb
->buf
+ SSL3_RT_HEADER_LENGTH
;
172 align
= SSL3_ALIGN_PAYLOAD
- 1 - ((align
- 1) % SSL3_ALIGN_PAYLOAD
);
176 /* start with empty packet ... */
179 } else if (align
!= 0 && left
>= SSL3_RT_HEADER_LENGTH
) {
181 * check if next packet length is large enough to justify payload
184 pkt
= rb
->buf
+ rb
->offset
;
185 if (pkt
[0] == SSL3_RT_APPLICATION_DATA
186 && (pkt
[3] << 8 | pkt
[4]) >= 128) {
188 * Note that even if packet is corrupted and its length field
189 * is insane, we can only be led to wrong decision about
190 * whether memmove will occur or not. Header values has no
191 * effect on memmove arguments and therefore no buffer
192 * overrun can be triggered.
194 memmove(rb
->buf
+ align
, pkt
, left
);
198 rl
->packet
= rb
->buf
+ rb
->offset
;
199 rl
->packet_length
= 0;
200 /* ... now we can act as if 'extend' was set */
203 len
= rl
->packet_length
;
204 pkt
= rb
->buf
+ align
;
206 * Move any available bytes to front of buffer: 'len' bytes already
207 * pointed to by 'packet', 'left' extra ones at the end
209 if (rl
->packet
!= pkt
&& clearold
== 1) {
210 memmove(pkt
, rl
->packet
, len
+ left
);
212 rb
->offset
= len
+ align
;
216 * For DTLS/UDP reads should not span multiple packets because the read
217 * operation returns the whole packet at once (as long as it fits into
221 if (left
== 0 && extend
)
223 if (left
> 0 && n
> left
)
227 /* if there is enough in the buffer from a previous read, take some */
229 rl
->packet_length
+= n
;
233 return OSSL_RECORD_RETURN_SUCCESS
;
236 /* else we need to read more data */
238 if (n
> rb
->len
- rb
->offset
) {
239 /* does not happen */
240 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
241 return OSSL_RECORD_RETURN_FATAL
;
245 * Ktls always reads full records.
246 * Also, we always act like read_ahead is set for DTLS.
248 if (!BIO_get_ktls_recv(s
->rbio
) && !rl
->read_ahead
250 /* ignore max parameter */
255 if (max
> rb
->len
- rb
->offset
)
256 max
= rb
->len
- rb
->offset
;
264 * Now we have len+left bytes at the front of s->s3.rbuf.buf and
265 * need to read in more until we have len+n (up to len+max if
270 if (rl
->bio
!= NULL
) {
271 ret
= BIO_read(rl
->bio
, pkt
+ len
+ left
, max
- left
);
274 ret
= OSSL_RECORD_RETURN_SUCCESS
;
275 } else if (BIO_should_retry(rl
->bio
)) {
276 ret
= OSSL_RECORD_RETURN_RETRY
;
277 } else if (BIO_eof(rl
->bio
)) {
278 ret
= OSSL_RECORD_RETURN_EOF
;
280 ret
= OSSL_RECORD_RETURN_FATAL
;
283 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, SSL_R_READ_BIO_NOT_SET
);
284 ret
= OSSL_RECORD_RETURN_FATAL
;
287 if (ret
<= OSSL_RECORD_RETURN_RETRY
) {
289 if (rl
->mode
& SSL_MODE_RELEASE_BUFFERS
&& !rl
->isdtls
)
291 rlayer_release_read_buffer(rl
);
296 * reads should *never* span multiple packets for DTLS because the
297 * underlying transport protocol is message oriented as opposed to
298 * byte oriented as in the TLS case.
302 n
= left
; /* makes the while condition false */
306 /* done reading, now the book-keeping */
309 rl
->packet_length
+= n
;
311 return OSSL_RECORD_RETURN_SUCCESS
;
314 static OSSL_RECORD_LAYER
*tls_new_record_layer(int vers
, int role
, int direction
,
315 int level
, unsigned char *secret
,
316 size_t secretlen
, SSL_CIPHER
*c
,
317 BIO
*transport
, BIO_ADDR
*local
,
319 const OSSL_PARAM
*settings
,
320 const OSSL_PARAM
*options
)
322 OSSL_RECORD_LAYER
*rl
= OPENSSL_zalloc(sizeof(*rl
));
326 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_MALLOC_FAILURE
);
330 if (transport
!= NULL
&& !BIO_up_ref(transport
)) {
331 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_MALLOC_FAILURE
);
335 p
= OSSL_PARAM_locate_const(options
, OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS
);
336 if (p
!= NULL
&& !OSSL_PARAM_get_uint64(p
, &rl
->options
)) {
337 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, SSL_R_FAILED_TO_GET_PARAMETER
);
341 p
= OSSL_PARAM_locate_const(options
, OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE
);
342 if (p
!= NULL
&& !OSSL_PARAM_get_uint32(p
, &rl
->mode
)) {
343 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, SSL_R_FAILED_TO_GET_PARAMETER
);
348 p
= OSSL_PARAM_locate_const(options
, OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD
);
349 if (p
!= NULL
&& !OSSL_PARAM_get_int(p
, &rl
->read_ahead
)) {
350 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, SSL_R_FAILED_TO_GET_PARAMETER
);
356 rl
->direction
= direction
;
357 if (!tls_set1_bio(rl
, transport
))
366 static OSSL_RECORD_LAYER
*dtls_new_record_layer(int vers
, int role
, int direction
,
367 int level
, unsigned char *secret
,
368 size_t secretlen
, SSL_CIPHER
*c
,
369 BIO
*transport
, BIO_ADDR
*local
,
371 const OSSL_PARAM
*settings
,
372 const OSSL_PARAM
*options
)
374 OSSL_RECORD_LAYER
*rl
= tls_new_record_layer(vers
, role
, direction
, level
,
375 secret
, secretlen
, c
, transport
,
376 local
, peer
, settings
, options
);
386 static void tls_free(OSSL_RECORD_LAYER
*rl
)
392 static int tls_reset(OSSL_RECORD_LAYER
*rl
)
394 memset(rl
, 0, sizeof(*rl
));
398 static int tls_unprocessed_read_pending(OSSL_RECORD_LAYER
*rl
)
403 static int tls_processed_read_pending(OSSL_RECORD_LAYER
*rl
)
408 static size_t tls_app_data_pending(OSSL_RECORD_LAYER
*rl
)
413 static int tls_write_pending(OSSL_RECORD_LAYER
*rl
)
418 static size_t tls_get_max_record_len(OSSL_RECORD_LAYER
*rl
)
423 static size_t tls_get_max_records(OSSL_RECORD_LAYER
*rl
)
428 static int tls_write_records(OSSL_RECORD_LAYER
*rl
,
429 OSSL_RECORD_TEMPLATE
**templates
, size_t numtempl
,
430 size_t allowance
, size_t *sent
)
435 static int tls_retry_write_records(OSSL_RECORD_LAYER
*rl
, size_t allowance
,
441 static int tls_read_record(OSSL_RECORD_LAYER
*rl
, void **rechandle
,
442 int *rversion
, int *type
, unsigned char **data
,
443 size_t *datalen
, uint16_t *epoch
,
444 unsigned char *seq_num
)
449 static void tls_release_record(OSSL_RECORD_LAYER
*rl
, void *rechandle
)
454 static int tls_get_alert_code(OSSL_RECORD_LAYER
*rl
)
459 static int tls_set1_bio(OSSL_RECORD_LAYER
*rl
, BIO
*bio
)
461 if (bio
!= NULL
&& !BIO_up_ref(bio
))
469 static SSL3_BUFFER
*tls_get0_rbuf(OSSL_RECORD_LAYER
*rl
)
474 static unsigned char *tls_get0_packet(OSSL_RECORD_LAYER
*rl
)
479 static void tls_set0_packet(OSSL_RECORD_LAYER
*rl
, unsigned char *packet
,
483 rl
->packet_length
= packetlen
;
486 static size_t tls_get_packet_length(OSSL_RECORD_LAYER
*rl
)
488 return rl
->packet_length
;
491 static void tls_reset_packet_length(OSSL_RECORD_LAYER
*rl
)
493 rl
->packet_length
= 0;
496 const OSSL_RECORD_METHOD ossl_tls_record_method
= {
497 tls_new_record_layer
,
500 tls_unprocessed_read_pending
,
501 tls_processed_read_pending
,
502 tls_app_data_pending
,
504 tls_get_max_record_len
,
507 tls_retry_write_records
,
514 * TODO(RECLAYER): Remove these. These function pointers are temporary hacks
515 * during the record layer refactoring. They need to be removed before the
516 * refactor is complete.
522 tls_get_packet_length
,
523 tls_reset_packet_length
526 const OSSL_RECORD_METHOD ossl_dtls_record_method
= {
527 dtls_new_record_layer
,
530 tls_unprocessed_read_pending
,
531 tls_processed_read_pending
,
532 tls_app_data_pending
,
534 tls_get_max_record_len
,
537 tls_retry_write_records
,
544 * TODO(RECLAYER): Remove these. These function pointers are temporary hacks
545 * during the record layer refactoring. They need to be removed before the
546 * refactor is complete.
552 tls_get_packet_length
,
553 tls_reset_packet_length