]>
Commit | Line | Data |
---|---|---|
50023e9b MC |
1 | /* |
2 | * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <openssl/bio.h> | |
11 | #include <openssl/ssl.h> | |
12 | #include <openssl/err.h> | |
13 | #include "../../ssl_local.h" | |
14 | #include "../record_local.h" | |
15 | ||
f6aab7b1 MC |
16 | typedef struct dtls_bitmap_st { |
17 | /* Track 64 packets */ | |
18 | uint64_t map; | |
19 | /* Max record number seen so far, 64-bit value in big-endian encoding */ | |
20 | unsigned char max_seq_num[SEQ_NUM_SIZE]; | |
21 | } DTLS_BITMAP; | |
22 | ||
23c57f00 MC |
23 | typedef struct ssl_mac_buf_st { |
24 | unsigned char *mac; | |
25 | int alloced; | |
26 | } SSL_MAC_BUF; | |
27 | ||
28 | typedef struct ssl3_buffer_st { | |
29 | /* at least SSL3_RT_MAX_PACKET_SIZE bytes */ | |
30 | unsigned char *buf; | |
31 | /* default buffer size (or 0 if no default set) */ | |
32 | size_t default_len; | |
33 | /* buffer size */ | |
34 | size_t len; | |
35 | /* where to 'copy from' */ | |
36 | size_t offset; | |
37 | /* how many bytes left */ | |
38 | size_t left; | |
39 | /* 'buf' is from application for KTLS */ | |
40 | int app_buffer; | |
41 | /* The type of data stored in this buffer. Only used for writing */ | |
42 | int type; | |
43 | } SSL3_BUFFER; | |
44 | ||
45 | typedef struct ssl3_record_st { | |
46 | /* Record layer version */ | |
47 | /* r */ | |
48 | int rec_version; | |
49 | /* type of record */ | |
50 | /* r */ | |
51 | int type; | |
52 | /* How many bytes available */ | |
53 | /* rw */ | |
54 | size_t length; | |
55 | /* | |
56 | * How many bytes were available before padding was removed? This is used | |
57 | * to implement the MAC check in constant time for CBC records. | |
58 | */ | |
59 | /* rw */ | |
60 | size_t orig_len; | |
61 | /* read/write offset into 'buf' */ | |
62 | /* r */ | |
63 | size_t off; | |
64 | /* pointer to the record data */ | |
65 | /* rw */ | |
66 | unsigned char *data; | |
67 | /* where the decode bytes are */ | |
68 | /* rw */ | |
69 | unsigned char *input; | |
70 | /* only used with decompression - malloc()ed */ | |
71 | /* r */ | |
72 | unsigned char *comp; | |
73 | /* epoch number, needed by DTLS1 */ | |
74 | /* r */ | |
75 | uint16_t epoch; | |
76 | /* sequence number, needed by DTLS1 */ | |
77 | /* r */ | |
78 | unsigned char seq_num[SEQ_NUM_SIZE]; | |
79 | } SSL3_RECORD; | |
80 | ||
81 | /* Macros/functions provided by the SSL3_RECORD component */ | |
82 | ||
83 | #define SSL3_RECORD_set_type(r, t) ((r)->type = (t)) | |
84 | #define SSL3_RECORD_set_rec_version(r, v) ((r)->rec_version = (v)) | |
85 | #define SSL3_RECORD_get_length(r) ((r)->length) | |
86 | #define SSL3_RECORD_set_length(r, l) ((r)->length = (l)) | |
87 | #define SSL3_RECORD_add_length(r, l) ((r)->length += (l)) | |
88 | #define SSL3_RECORD_set_data(r, d) ((r)->data = (d)) | |
89 | #define SSL3_RECORD_set_input(r, i) ((r)->input = (i)) | |
90 | #define SSL3_RECORD_reset_input(r) ((r)->input = (r)->data) | |
91 | ||
92 | ||
50023e9b MC |
93 | /* Protocol version specific function pointers */ |
94 | struct record_functions_st | |
95 | { | |
7c293999 MC |
96 | /* |
97 | * Returns either OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or | |
98 | * OSSL_RECORD_RETURN_NON_FATAL_ERR if we can keep trying to find an | |
99 | * alternative record layer. | |
100 | */ | |
50023e9b MC |
101 | int (*set_crypto_state)(OSSL_RECORD_LAYER *rl, int level, |
102 | unsigned char *key, size_t keylen, | |
103 | unsigned char *iv, size_t ivlen, | |
104 | unsigned char *mackey, size_t mackeylen, | |
105 | const EVP_CIPHER *ciph, | |
106 | size_t taglen, | |
50023e9b MC |
107 | int mactype, |
108 | const EVP_MD *md, | |
1e76110b | 109 | COMP_METHOD *comp); |
1853d20a | 110 | |
7c293999 MC |
111 | /* |
112 | * Returns: | |
113 | * 0: if the record is publicly invalid, or an internal error, or AEAD | |
114 | * decryption failed, or EtM decryption failed. | |
115 | * 1: Success or MtE decryption failed (MAC will be randomised) | |
116 | */ | |
50023e9b | 117 | int (*cipher)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs, |
8124ab56 | 118 | int sending, SSL_MAC_BUF *macs, size_t macsize); |
7c293999 | 119 | /* Returns 1 for success or 0 for error */ |
50023e9b | 120 | int (*mac)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, unsigned char *md, |
8124ab56 | 121 | int sending); |
1853d20a MC |
122 | |
123 | /* Return 1 for success or 0 for error */ | |
124 | int (*set_protocol_version)(OSSL_RECORD_LAYER *rl, int version); | |
125 | ||
bafe524b MC |
126 | /* Read related functions */ |
127 | ||
128 | int (*read_n)(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend, | |
129 | int clearold, size_t *readbytes); | |
130 | ||
131 | int (*get_more_records)(OSSL_RECORD_LAYER *rl); | |
132 | ||
1853d20a MC |
133 | /* Return 1 for success or 0 for error */ |
134 | int (*validate_record_header)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec); | |
135 | ||
136 | /* Return 1 for success or 0 for error */ | |
8124ab56 | 137 | int (*post_process_record)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec); |
bafe524b MC |
138 | |
139 | /* Write related functions */ | |
140 | ||
141 | size_t (*get_max_records)(OSSL_RECORD_LAYER *rl, int type, size_t len, | |
142 | size_t maxfrag, size_t *preffrag); | |
143 | ||
144 | /* Return 1 for success or 0 for error */ | |
145 | int (*write_records)(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, | |
146 | size_t numtempl); | |
91fe8ff0 MC |
147 | |
148 | /* Allocate the rl->wbuf buffers. Return 1 for success or 0 for error */ | |
149 | int (*allocate_write_buffers)(OSSL_RECORD_LAYER *rl, | |
150 | OSSL_RECORD_TEMPLATE *templates, | |
151 | size_t numtempl, size_t *prefix); | |
152 | ||
153 | /* | |
154 | * Initialise the packets in the |pkt| array using the buffers in |rl->wbuf|. | |
155 | * Some protocol versions may use the space in |prefixtempl| to add | |
156 | * an artificial template in front of the |templates| array and hence may | |
157 | * initialise 1 more WPACKET than there are templates. |*wpinited| | |
158 | * returns the number of WPACKETs in |pkt| that were successfully | |
159 | * initialised. This must be 0 on entry and will be filled in even on error. | |
160 | */ | |
161 | int (*initialise_write_packets)(OSSL_RECORD_LAYER *rl, | |
162 | OSSL_RECORD_TEMPLATE *templates, | |
163 | size_t numtempl, | |
164 | OSSL_RECORD_TEMPLATE *prefixtempl, | |
165 | WPACKET *pkt, | |
166 | SSL3_BUFFER *bufs, | |
167 | size_t *wpinited); | |
7ca61d63 MC |
168 | |
169 | /* Get the actual record type to be used for a given template */ | |
170 | unsigned int (*get_record_type)(OSSL_RECORD_LAYER *rl, | |
171 | OSSL_RECORD_TEMPLATE *template); | |
aca70ca8 MC |
172 | |
173 | /* Write the record header data to the WPACKET */ | |
174 | int (*prepare_record_header)(OSSL_RECORD_LAYER *rl, WPACKET *thispkt, | |
175 | OSSL_RECORD_TEMPLATE *templ, | |
176 | unsigned int rectype, | |
177 | unsigned char **recdata); | |
2582de25 MC |
178 | |
179 | int (*add_record_padding)(OSSL_RECORD_LAYER *rl, | |
180 | OSSL_RECORD_TEMPLATE *thistempl, | |
181 | WPACKET *thispkt, | |
182 | SSL3_RECORD *thiswr); | |
757ef3ba MC |
183 | |
184 | /* | |
185 | * This applies any mac that might be necessary, ensures that we have enough | |
186 | * space in the WPACKET to perform the encryption and sets up the | |
187 | * SSL3_RECORD ready for that encryption. | |
188 | */ | |
189 | int (*prepare_for_encryption)(OSSL_RECORD_LAYER *rl, | |
190 | size_t mac_size, | |
191 | WPACKET *thispkt, | |
192 | SSL3_RECORD *thiswr); | |
2a354d54 MC |
193 | |
194 | /* | |
195 | * Any updates required to the record after encryption has been applied. For | |
196 | * example, adding a MAC if using encrypt-then-mac | |
197 | */ | |
198 | int (*post_encryption_processing)(OSSL_RECORD_LAYER *rl, | |
199 | size_t mac_size, | |
200 | OSSL_RECORD_TEMPLATE *thistempl, | |
201 | WPACKET *thispkt, | |
202 | SSL3_RECORD *thiswr); | |
ace38195 MC |
203 | |
204 | /* | |
205 | * Some record layer implementations need to do some custom preparation of | |
206 | * the BIO before we write to it. KTLS does this to prevent coalescing of | |
207 | * control and data messages. | |
208 | */ | |
209 | int (*prepare_write_bio)(OSSL_RECORD_LAYER *rl, int type); | |
50023e9b MC |
210 | }; |
211 | ||
212 | struct ossl_record_layer_st | |
213 | { | |
214 | OSSL_LIB_CTX *libctx; | |
215 | const char *propq; | |
216 | int isdtls; | |
217 | int version; | |
218 | int role; | |
219 | int direction; | |
9dd90232 | 220 | int level; |
b05fbac1 | 221 | const EVP_MD *md; |
222cf410 | 222 | /* DTLS only */ |
279754d4 | 223 | uint16_t epoch; |
359affde MC |
224 | |
225 | /* | |
226 | * A BIO containing any data read in the previous epoch that was destined | |
227 | * for this epoch | |
228 | */ | |
229 | BIO *prev; | |
230 | ||
231 | /* The transport BIO */ | |
50023e9b | 232 | BIO *bio; |
359affde MC |
233 | |
234 | /* | |
235 | * A BIO where we will send any data read by us that is destined for the | |
236 | * next epoch. | |
237 | */ | |
238 | BIO *next; | |
239 | ||
b0a9042e | 240 | /* Types match the equivalent fields in the SSL object */ |
50023e9b | 241 | uint64_t options; |
50023e9b MC |
242 | uint32_t mode; |
243 | ||
151f313e MC |
244 | /* write IO goes into here */ |
245 | SSL3_BUFFER wbuf[SSL_MAX_PIPELINES + 1]; | |
246 | ||
247 | /* Next wbuf with pending data still to write */ | |
248 | size_t nextwbuf; | |
249 | ||
e7694c69 MC |
250 | /* How many pipelines can be used to write data */ |
251 | size_t numwpipes; | |
252 | ||
50023e9b MC |
253 | /* read IO goes into here */ |
254 | SSL3_BUFFER rbuf; | |
255 | /* each decoded record goes in here */ | |
256 | SSL3_RECORD rrec[SSL_MAX_PIPELINES]; | |
257 | ||
258 | /* How many records have we got available in the rrec bufer */ | |
259 | size_t num_recs; | |
260 | ||
261 | /* The record number in the rrec buffer that can be read next */ | |
262 | size_t curr_rec; | |
263 | ||
264 | /* The number of records that have been released via tls_release_record */ | |
265 | size_t num_released; | |
266 | ||
50023e9b MC |
267 | /* where we are when reading */ |
268 | int rstate; | |
269 | ||
270 | /* used internally to point at a raw packet */ | |
271 | unsigned char *packet; | |
272 | size_t packet_length; | |
273 | ||
0755722c MC |
274 | /* Sequence number for the next record */ |
275 | unsigned char sequence[SEQ_NUM_SIZE]; | |
276 | ||
4bf610bd | 277 | /* Alert code to be used if an error occurs */ |
50023e9b MC |
278 | int alert; |
279 | ||
280 | /* | |
b0a9042e | 281 | * Read as many input bytes as possible (for non-blocking reads) |
50023e9b MC |
282 | */ |
283 | int read_ahead; | |
284 | ||
285 | /* The number of consecutive empty records we have received */ | |
286 | size_t empty_record_count; | |
287 | ||
b9e4e783 MC |
288 | /* |
289 | * Do we need to send a prefix empty record before application data as a | |
290 | * countermeasure against known-IV weakness (necessary for SSLv3 and | |
291 | * TLSv1.0) | |
292 | */ | |
293 | int need_empty_fragments; | |
294 | ||
50023e9b | 295 | /* cryptographic state */ |
6366bdd9 | 296 | EVP_CIPHER_CTX *enc_ctx; |
1853d20a | 297 | |
9251c3c4 MC |
298 | /* Explicit IV length */ |
299 | size_t eivlen; | |
300 | ||
50023e9b | 301 | /* used for mac generation */ |
6366bdd9 MC |
302 | EVP_MD_CTX *md_ctx; |
303 | ||
9251c3c4 MC |
304 | /* compress/uncompress */ |
305 | COMP_CTX *compctx; | |
50023e9b | 306 | |
1853d20a MC |
307 | /* Set to 1 if this is the first handshake. 0 otherwise */ |
308 | int is_first_handshake; | |
309 | ||
435d88d7 MC |
310 | /* |
311 | * The smaller of the configured and negotiated maximum fragment length | |
312 | * or SSL3_RT_MAX_PLAIN_LENGTH if none | |
313 | */ | |
ffbd6e67 MC |
314 | unsigned int max_frag_len; |
315 | ||
9dd90232 MC |
316 | /* The maxium amount of early data we can receive/send */ |
317 | uint32_t max_early_data; | |
318 | ||
319 | /* The amount of early data that we have sent/received */ | |
320 | size_t early_data_count; | |
321 | ||
eb7d6c2a MC |
322 | /* TLSv1.3 record padding */ |
323 | size_t block_padding; | |
324 | ||
50023e9b MC |
325 | /* Only used by SSLv3 */ |
326 | unsigned char mac_secret[EVP_MAX_MD_SIZE]; | |
327 | ||
7f2f0ac7 MC |
328 | /* TLSv1.0/TLSv1.1/TLSv1.2 */ |
329 | int use_etm; | |
330 | ||
8124ab56 MC |
331 | /* Flags for GOST ciphers */ |
332 | int stream_mac; | |
333 | int tlstree; | |
334 | ||
1853d20a MC |
335 | /* TLSv1.3 fields */ |
336 | /* static IV */ | |
50023e9b | 337 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
1853d20a MC |
338 | /* static read IV */ |
339 | unsigned char read_iv[EVP_MAX_IV_LENGTH]; | |
340 | int allow_plain_alerts; | |
341 | ||
342 | /* TLS "any" fields */ | |
343 | /* Set to true if this is the first record in a connection */ | |
344 | unsigned int is_first_record; | |
50023e9b MC |
345 | |
346 | size_t taglen; | |
347 | ||
bfc0f10d | 348 | /* DTLS received handshake records (processed and unprocessed) */ |
eddb067e MC |
349 | record_pqueue unprocessed_rcds; |
350 | record_pqueue processed_rcds; | |
351 | ||
bfc0f10d | 352 | /* records being received in the current epoch */ |
f6aab7b1 | 353 | DTLS_BITMAP bitmap; |
bfc0f10d | 354 | /* renegotiation starts a new set of sequence numbers */ |
f6aab7b1 | 355 | DTLS_BITMAP next_bitmap; |
bfc0f10d MC |
356 | |
357 | /* | |
358 | * Whether we are currently in a hanshake or not. Only maintained for DTLS | |
359 | */ | |
360 | int in_init; | |
361 | ||
9dd90232 MC |
362 | /* Callbacks */ |
363 | void *cbarg; | |
3c7b9ef9 MC |
364 | OSSL_FUNC_rlayer_skip_early_data_fn *skip_early_data; |
365 | OSSL_FUNC_rlayer_msg_callback_fn *msg_callback; | |
ed0e298f | 366 | OSSL_FUNC_rlayer_security_fn *security; |
5f95eb77 | 367 | OSSL_FUNC_rlayer_padding_fn *padding; |
9dd90232 | 368 | |
8124ab56 MC |
369 | size_t max_pipelines; |
370 | ||
50023e9b MC |
371 | /* Function pointers for version specific functions */ |
372 | struct record_functions_st *funcs; | |
373 | }; | |
374 | ||
eddb067e MC |
375 | typedef struct dtls_rlayer_record_data_st { |
376 | unsigned char *packet; | |
377 | size_t packet_length; | |
378 | SSL3_BUFFER rbuf; | |
379 | SSL3_RECORD rrec; | |
380 | } DTLS_RLAYER_RECORD_DATA; | |
381 | ||
50023e9b MC |
382 | extern struct record_functions_st ssl_3_0_funcs; |
383 | extern struct record_functions_st tls_1_funcs; | |
384 | extern struct record_functions_st tls_1_3_funcs; | |
385 | extern struct record_functions_st tls_any_funcs; | |
222cf410 MC |
386 | extern struct record_functions_st dtls_1_funcs; |
387 | extern struct record_functions_st dtls_any_funcs; | |
50023e9b MC |
388 | |
389 | void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason, | |
390 | const char *fmt, ...); | |
391 | ||
1704961c MC |
392 | #define RLAYERfatal(rl, al, r) RLAYERfatal_data((rl), (al), (r), NULL) |
393 | #define RLAYERfatal_data \ | |
50023e9b MC |
394 | (ERR_new(), \ |
395 | ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \ | |
396 | ossl_rlayer_fatal) | |
397 | ||
1704961c MC |
398 | #define RLAYER_USE_EXPLICIT_IV(rl) ((rl)->version == TLS1_1_VERSION \ |
399 | || (rl)->version == TLS1_2_VERSION \ | |
400 | || (rl)->isdtls) | |
88d61680 | 401 | |
23c57f00 MC |
402 | void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num); |
403 | ||
50023e9b MC |
404 | int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl, |
405 | EVP_CIPHER_CTX *ctx, | |
406 | const EVP_CIPHER *ciph, | |
7f2f0ac7 | 407 | const EVP_MD *md); |
23c57f00 MC |
408 | |
409 | /* tls_pad.c */ | |
410 | int ssl3_cbc_remove_padding_and_mac(size_t *reclen, | |
411 | size_t origreclen, | |
412 | unsigned char *recdata, | |
413 | unsigned char **mac, | |
414 | int *alloced, | |
415 | size_t block_size, size_t mac_size, | |
416 | OSSL_LIB_CTX *libctx); | |
417 | ||
418 | int tls1_cbc_remove_padding_and_mac(size_t *reclen, | |
419 | size_t origreclen, | |
420 | unsigned char *recdata, | |
421 | unsigned char **mac, | |
422 | int *alloced, | |
423 | size_t block_size, size_t mac_size, | |
424 | int aead, | |
425 | OSSL_LIB_CTX *libctx); | |
426 | ||
50023e9b MC |
427 | /* ssl3_cbc.c */ |
428 | __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); | |
429 | __owur int ssl3_cbc_digest_record(const EVP_MD *md, | |
430 | unsigned char *md_out, | |
431 | size_t *md_out_size, | |
432 | const unsigned char *header, | |
433 | const unsigned char *data, | |
434 | size_t data_size, | |
435 | size_t data_plus_mac_plus_padding_size, | |
436 | const unsigned char *mac_secret, | |
437 | size_t mac_secret_length, char is_sslv3); | |
1853d20a | 438 | |
bed07b18 | 439 | int tls_increment_sequence_ctr(OSSL_RECORD_LAYER *rl); |
7eb39ecb MC |
440 | int tls_alloc_buffers(OSSL_RECORD_LAYER *rl); |
441 | int tls_free_buffers(OSSL_RECORD_LAYER *rl); | |
bed07b18 | 442 | |
1853d20a MC |
443 | int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend, |
444 | int clearold, size_t *readbytes); | |
eddb067e | 445 | int tls_get_more_records(OSSL_RECORD_LAYER *rl); |
222cf410 | 446 | int dtls_get_more_records(OSSL_RECORD_LAYER *rl); |
1853d20a | 447 | |
b9e37f8f MC |
448 | int dtls_prepare_record_header(OSSL_RECORD_LAYER *rl, |
449 | WPACKET *thispkt, | |
450 | OSSL_RECORD_TEMPLATE *templ, | |
451 | unsigned int rectype, | |
452 | unsigned char **recdata); | |
421386e3 MC |
453 | int dtls_post_encryption_processing(OSSL_RECORD_LAYER *rl, |
454 | size_t mac_size, | |
455 | OSSL_RECORD_TEMPLATE *thistempl, | |
456 | WPACKET *thispkt, | |
457 | SSL3_RECORD *thiswr); | |
602ee1f6 | 458 | |
1853d20a MC |
459 | int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version); |
460 | int tls_default_validate_record_header(OSSL_RECORD_LAYER *rl, SSL3_RECORD *re); | |
b9e37f8f | 461 | int tls_do_compress(OSSL_RECORD_LAYER *rl, SSL3_RECORD *wr); |
222cf410 | 462 | int tls_do_uncompress(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec); |
8124ab56 MC |
463 | int tls_default_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec); |
464 | int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec); | |
1853d20a MC |
465 | |
466 | int | |
467 | tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, | |
468 | int role, int direction, int level, unsigned char *key, | |
469 | size_t keylen, unsigned char *iv, size_t ivlen, | |
470 | unsigned char *mackey, size_t mackeylen, | |
471 | const EVP_CIPHER *ciph, size_t taglen, | |
1853d20a | 472 | int mactype, |
1e76110b | 473 | const EVP_MD *md, COMP_METHOD *comp, BIO *prev, |
359affde | 474 | BIO *transport, BIO *next, |
1853d20a MC |
475 | BIO_ADDR *local, BIO_ADDR *peer, |
476 | const OSSL_PARAM *settings, const OSSL_PARAM *options, | |
9dd90232 | 477 | const OSSL_DISPATCH *fns, void *cbarg, |
8124ab56 | 478 | OSSL_RECORD_LAYER **retrl); |
359affde | 479 | int tls_free(OSSL_RECORD_LAYER *rl); |
1853d20a MC |
480 | int tls_reset(OSSL_RECORD_LAYER *rl); |
481 | int tls_unprocessed_read_pending(OSSL_RECORD_LAYER *rl); | |
482 | int tls_processed_read_pending(OSSL_RECORD_LAYER *rl); | |
483 | size_t tls_app_data_pending(OSSL_RECORD_LAYER *rl); | |
23bf52a4 | 484 | size_t tls_get_max_records(OSSL_RECORD_LAYER *rl, int type, size_t len, |
02719d5c | 485 | size_t maxfrag, size_t *preffrag); |
2b71b042 MC |
486 | int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, |
487 | size_t numtempl); | |
488 | int tls_retry_write_records(OSSL_RECORD_LAYER *rl); | |
1853d20a MC |
489 | int tls_get_alert_code(OSSL_RECORD_LAYER *rl); |
490 | int tls_set1_bio(OSSL_RECORD_LAYER *rl, BIO *bio); | |
1704961c | 491 | int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion, |
1853d20a | 492 | int *type, unsigned char **data, size_t *datalen, |
8124ab56 | 493 | uint16_t *epoch, unsigned char *seq_num); |
1853d20a MC |
494 | int tls_release_record(OSSL_RECORD_LAYER *rl, void *rechandle); |
495 | int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version); | |
496 | int tls_set_protocol_version(OSSL_RECORD_LAYER *rl, int version); | |
497 | void tls_set_plain_alerts(OSSL_RECORD_LAYER *rl, int allow); | |
498 | void tls_set_first_handshake(OSSL_RECORD_LAYER *rl, int first); | |
8124ab56 | 499 | void tls_set_max_pipelines(OSSL_RECORD_LAYER *rl, size_t max_pipelines); |
d0b17ea0 MC |
500 | void tls_get_state(OSSL_RECORD_LAYER *rl, const char **shortstr, |
501 | const char **longstr); | |
4566dae7 | 502 | int tls_set_options(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options); |
1e76110b | 503 | const COMP_METHOD *tls_get_compression(OSSL_RECORD_LAYER *rl); |
435d88d7 | 504 | void tls_set_max_frag_len(OSSL_RECORD_LAYER *rl, size_t max_frag_len); |
9b7fb65e | 505 | int tls_setup_read_buffer(OSSL_RECORD_LAYER *rl); |
bafe524b MC |
506 | int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes, |
507 | size_t firstlen, size_t nextlen); | |
508 | ||
509 | int tls_write_records_multiblock(OSSL_RECORD_LAYER *rl, | |
510 | OSSL_RECORD_TEMPLATE *templates, | |
511 | size_t numtempl); | |
512 | ||
513 | size_t tls_get_max_records_default(OSSL_RECORD_LAYER *rl, int type, size_t len, | |
514 | size_t maxfrag, size_t *preffrag); | |
aca70ca8 MC |
515 | size_t tls_get_max_records_multiblock(OSSL_RECORD_LAYER *rl, int type, |
516 | size_t len, size_t maxfrag, | |
517 | size_t *preffrag); | |
91fe8ff0 MC |
518 | int tls_allocate_write_buffers_default(OSSL_RECORD_LAYER *rl, |
519 | OSSL_RECORD_TEMPLATE *templates, | |
520 | size_t numtempl, size_t *prefix); | |
521 | int tls_initialise_write_packets_default(OSSL_RECORD_LAYER *rl, | |
522 | OSSL_RECORD_TEMPLATE *templates, | |
523 | size_t numtempl, | |
524 | OSSL_RECORD_TEMPLATE *prefixtempl, | |
525 | WPACKET *pkt, | |
526 | SSL3_BUFFER *bufs, | |
527 | size_t *wpinited); | |
528 | int tls1_allocate_write_buffers(OSSL_RECORD_LAYER *rl, | |
529 | OSSL_RECORD_TEMPLATE *templates, | |
530 | size_t numtempl, size_t *prefix); | |
531 | int tls1_initialise_write_packets(OSSL_RECORD_LAYER *rl, | |
532 | OSSL_RECORD_TEMPLATE *templates, | |
533 | size_t numtempl, | |
534 | OSSL_RECORD_TEMPLATE *prefixtempl, | |
535 | WPACKET *pkt, | |
536 | SSL3_BUFFER *bufs, | |
537 | size_t *wpinited); | |
aca70ca8 MC |
538 | int tls_prepare_record_header_default(OSSL_RECORD_LAYER *rl, |
539 | WPACKET *thispkt, | |
540 | OSSL_RECORD_TEMPLATE *templ, | |
541 | unsigned int rectype, | |
542 | unsigned char **recdata); | |
757ef3ba MC |
543 | int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl, |
544 | size_t mac_size, | |
545 | WPACKET *thispkt, | |
546 | SSL3_RECORD *thiswr); | |
2a354d54 MC |
547 | int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl, |
548 | size_t mac_size, | |
549 | OSSL_RECORD_TEMPLATE *thistempl, | |
550 | WPACKET *thispkt, | |
551 | SSL3_RECORD *thiswr); | |
bafe524b MC |
552 | int tls_write_records_default(OSSL_RECORD_LAYER *rl, |
553 | OSSL_RECORD_TEMPLATE *templates, | |
554 | size_t numtempl); | |
e158ada6 MC |
555 | |
556 | /* Macros/functions provided by the SSL3_BUFFER component */ | |
557 | ||
558 | #define SSL3_BUFFER_get_buf(b) ((b)->buf) | |
559 | #define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n)) | |
560 | #define SSL3_BUFFER_get_len(b) ((b)->len) | |
561 | #define SSL3_BUFFER_get_left(b) ((b)->left) | |
562 | #define SSL3_BUFFER_set_left(b, l) ((b)->left = (l)) | |
563 | #define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l)) | |
564 | #define SSL3_BUFFER_get_offset(b) ((b)->offset) | |
565 | #define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o)) | |
566 | #define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o)) | |
567 | #define SSL3_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l)) | |
568 | #define SSL3_BUFFER_is_app_buffer(b) ((b)->app_buffer) | |
569 | ||
570 | void SSL3_BUFFER_release(SSL3_BUFFER *b); |