[thirdparty/openssl.git] / ssl / record / methods / recmethod_local.h

/*
 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "../../ssl_local.h"
#include "../record_local.h"

typedef struct dtls_bitmap_st {
    /* Track 64 packets */
    uint64_t map;
    /* Max record number seen so far, 64-bit value in big-endian encoding */
    unsigned char max_seq_num[SEQ_NUM_SIZE];
} DTLS_BITMAP;

typedef struct ssl_mac_buf_st {
    unsigned char *mac;
    int alloced;
} SSL_MAC_BUF;

typedef struct ssl3_buffer_st {
    /* at least SSL3_RT_MAX_PACKET_SIZE bytes */
    unsigned char *buf;
    /* default buffer size (or 0 if no default set) */
    size_t default_len;
    /* buffer size */
    size_t len;
    /* where to 'copy from' */
    size_t offset;
    /* how many bytes left */
    size_t left;
    /* 'buf' is from application for KTLS */
    int app_buffer;
    /* The type of data stored in this buffer. Only used for writing */
    int type;
} SSL3_BUFFER;

typedef struct ssl3_record_st {
    /* Record layer version */
    /* r */
    int rec_version;
    /* type of record */
    /* r */
    int type;
    /* How many bytes available */
    /* rw */
    size_t length;
    /*
     * How many bytes were available before padding was removed? This is used
     * to implement the MAC check in constant time for CBC records.
     */
    /* rw */
    size_t orig_len;
    /* read/write offset into 'buf' */
    /* r */
    size_t off;
    /* pointer to the record data */
    /* rw */
    unsigned char *data;
    /* where the decode bytes are */
    /* rw */
    unsigned char *input;
    /* only used with decompression - malloc()ed */
    /* r */
    unsigned char *comp;
    /* epoch number, needed by DTLS1 */
    /* r */
    uint16_t epoch;
    /* sequence number, needed by DTLS1 */
    /* r */
    unsigned char seq_num[SEQ_NUM_SIZE];
} SSL3_RECORD;

/* Macros/functions provided by the SSL3_RECORD component */

#define SSL3_RECORD_set_type(r, t)              ((r)->type = (t))
#define SSL3_RECORD_set_rec_version(r, v)       ((r)->rec_version = (v))
#define SSL3_RECORD_get_length(r)               ((r)->length)
#define SSL3_RECORD_set_length(r, l)            ((r)->length = (l))
#define SSL3_RECORD_add_length(r, l)            ((r)->length += (l))
#define SSL3_RECORD_set_data(r, d)              ((r)->data = (d))
#define SSL3_RECORD_set_input(r, i)             ((r)->input = (i))
#define SSL3_RECORD_reset_input(r)              ((r)->input = (r)->data)


/* Protocol version specific function pointers */
struct record_functions_st
{
    /*
     * Returns either OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or
     * OSSL_RECORD_RETURN_NON_FATAL_ERR if we can keep trying to find an
     * alternative record layer.
     */
    int (*set_crypto_state)(OSSL_RECORD_LAYER *rl, int level,
                            unsigned char *key, size_t keylen,
                            unsigned char *iv, size_t ivlen,
                            unsigned char *mackey, size_t mackeylen,
                            const EVP_CIPHER *ciph,
                            size_t taglen,
                            int mactype,
                            const EVP_MD *md,
                            COMP_METHOD *comp);

    /*
     * Returns:
     *    0: if the record is publicly invalid, or an internal error, or AEAD
     *       decryption failed, or EtM decryption failed.
     *    1: Success or MtE decryption failed (MAC will be randomised)
     */
    int (*cipher)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
                  int sending, SSL_MAC_BUF *macs, size_t macsize);
    /* Returns 1 for success or 0 for error */
    int (*mac)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, unsigned char *md,
               int sending);

    /* Return 1 for success or 0 for error */
    int (*set_protocol_version)(OSSL_RECORD_LAYER *rl, int version);

    /* Read related functions */

    int (*read_n)(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
                  int clearold, size_t *readbytes);

    int (*get_more_records)(OSSL_RECORD_LAYER *rl);

    /* Return 1 for success or 0 for error */
    int (*validate_record_header)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec);

    /* Return 1 for success or 0 for error */
    int (*post_process_record)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec);

    /* Write related functions */

    size_t (*get_max_records)(OSSL_RECORD_LAYER *rl, int type, size_t len,
                              size_t maxfrag, size_t *preffrag);

    /* Return 1 for success or 0 for error */
    int (*write_records)(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates,
                         size_t numtempl);

    /* Allocate the rl->wbuf buffers. Return 1 for success or 0 for error */
    int (*allocate_write_buffers)(OSSL_RECORD_LAYER *rl,
                                  OSSL_RECORD_TEMPLATE *templates,
                                  size_t numtempl, size_t *prefix);

    /*
     * Initialise the packets in the |pkt| array using the buffers in |rl->wbuf|.
     * Some protocol versions may use the space in |prefixtempl| to add
     * an artificial template in front of the |templates| array and hence may
     * initialise 1 more WPACKET than there are templates. |*wpinited|
     * returns the number of WPACKETs in |pkt| that were successfully
     * initialised. This must be 0 on entry and will be filled in even on error.
     */
    int (*initialise_write_packets)(OSSL_RECORD_LAYER *rl,
                                    OSSL_RECORD_TEMPLATE *templates,
                                    size_t numtempl,
                                    OSSL_RECORD_TEMPLATE *prefixtempl,
                                    WPACKET *pkt,
                                    SSL3_BUFFER *bufs,
                                    size_t *wpinited);

    /* Get the actual record type to be used for a given template */
    unsigned int (*get_record_type)(OSSL_RECORD_LAYER *rl,
                                    OSSL_RECORD_TEMPLATE *template);

    /* Write the record header data to the WPACKET */
    int (*prepare_record_header)(OSSL_RECORD_LAYER *rl, WPACKET *thispkt,
                                 OSSL_RECORD_TEMPLATE *templ,
                                 unsigned int rectype,
                                 unsigned char **recdata);

    int (*add_record_padding)(OSSL_RECORD_LAYER *rl,
                              OSSL_RECORD_TEMPLATE *thistempl,
                              WPACKET *thispkt,
                              SSL3_RECORD *thiswr);

    /*
     * This applies any mac that might be necessary, ensures that we have enough
     * space in the WPACKET to perform the encryption and sets up the
     * SSL3_RECORD ready for that encryption.
     */
    int (*prepare_for_encryption)(OSSL_RECORD_LAYER *rl,
                                  size_t mac_size,
                                  WPACKET *thispkt,
                                  SSL3_RECORD *thiswr);

    /*
     * Any updates required to the record after encryption has been applied. For
     * example, adding a MAC if using encrypt-then-mac
     */
    int (*post_encryption_processing)(OSSL_RECORD_LAYER *rl,
                                      size_t mac_size,
                                      OSSL_RECORD_TEMPLATE *thistempl,
                                      WPACKET *thispkt,
                                      SSL3_RECORD *thiswr);

    /*
     * Some record layer implementations need to do some custom preparation of
     * the BIO before we write to it. KTLS does this to prevent coalescing of
     * control and data messages.
     */
    int (*prepare_write_bio)(OSSL_RECORD_LAYER *rl, int type);
};

struct ossl_record_layer_st
{
    OSSL_LIB_CTX *libctx;
    const char *propq;
    int isdtls;
    int version;
    int role;
    int direction;
    int level;
    const EVP_MD *md;
    /* DTLS only */
    uint16_t epoch;

    /*
     * A BIO containing any data read in the previous epoch that was destined
     * for this epoch
     */
    BIO *prev;

    /* The transport BIO */
    BIO *bio;

    /*
     * A BIO where we will send any data read by us that is destined for the
     * next epoch.
     */
    BIO *next;

    /* Types match the equivalent fields in the SSL object */
    uint64_t options;
    uint32_t mode;

    /* write IO goes into here */
    SSL3_BUFFER wbuf[SSL_MAX_PIPELINES + 1];

    /* Next wbuf with pending data still to write */
    size_t nextwbuf;

    /* How many pipelines can be used to write data */
    size_t numwpipes;

    /* read IO goes into here */
    SSL3_BUFFER rbuf;
    /* each decoded record goes in here */
    SSL3_RECORD rrec[SSL_MAX_PIPELINES];

    /* How many records have we got available in the rrec bufer */
    size_t num_recs;

    /* The record number in the rrec buffer that can be read next */
    size_t curr_rec;

    /* The number of records that have been released via tls_release_record */
    size_t num_released;

    /* where we are when reading */
    int rstate;

    /* used internally to point at a raw packet */
    unsigned char *packet;
    size_t packet_length;

    /* Sequence number for the next record */
    unsigned char sequence[SEQ_NUM_SIZE];

    /* Alert code to be used if an error occurs */
    int alert;

    /*
     * Read as many input bytes as possible (for non-blocking reads)
     */
    int read_ahead;

    /* The number of consecutive empty records we have received */
    size_t empty_record_count;

    /*
     * Do we need to send a prefix empty record before application data as a
     * countermeasure against known-IV weakness (necessary for SSLv3 and
     * TLSv1.0)
     */
    int need_empty_fragments;

    /* cryptographic state */
    EVP_CIPHER_CTX *enc_ctx;

    /* Explicit IV length */
    size_t eivlen;

    /* used for mac generation */
    EVP_MD_CTX *md_ctx;

    /* compress/uncompress */
    COMP_CTX *compctx;

    /* Set to 1 if this is the first handshake. 0 otherwise */
    int is_first_handshake;

    /*
     * The smaller of the configured and negotiated maximum fragment length
     * or SSL3_RT_MAX_PLAIN_LENGTH if none
     */
    unsigned int max_frag_len;

    /* The maxium amount of early data we can receive/send */
    uint32_t max_early_data;

    /* The amount of early data that we have sent/received */
    size_t early_data_count;

    /* TLSv1.3 record padding */
    size_t block_padding;

    /* Only used by SSLv3 */
    unsigned char mac_secret[EVP_MAX_MD_SIZE];

    /* TLSv1.0/TLSv1.1/TLSv1.2 */
    int use_etm;

    /* Flags for GOST ciphers */
    int stream_mac;
    int tlstree;

    /* TLSv1.3 fields */
    /* static IV */
    unsigned char iv[EVP_MAX_IV_LENGTH];
    /* static read IV */
    unsigned char read_iv[EVP_MAX_IV_LENGTH];
    int allow_plain_alerts;

    /* TLS "any" fields */
    /* Set to true if this is the first record in a connection */
    unsigned int is_first_record;

    size_t taglen;

    /* DTLS received handshake records (processed and unprocessed) */
    record_pqueue unprocessed_rcds;
    record_pqueue processed_rcds;

    /* records being received in the current epoch */
    DTLS_BITMAP bitmap;
    /* renegotiation starts a new set of sequence numbers */
    DTLS_BITMAP next_bitmap;

    /*
     * Whether we are currently in a hanshake or not. Only maintained for DTLS
     */
    int in_init;

    /* Callbacks */
    void *cbarg;
    OSSL_FUNC_rlayer_skip_early_data_fn *skip_early_data;
    OSSL_FUNC_rlayer_msg_callback_fn *msg_callback;
    OSSL_FUNC_rlayer_security_fn *security;
    OSSL_FUNC_rlayer_padding_fn *padding;

    size_t max_pipelines;

    /* Function pointers for version specific functions */
    struct record_functions_st *funcs;
};

typedef struct dtls_rlayer_record_data_st {
    unsigned char *packet;
    size_t packet_length;
    SSL3_BUFFER rbuf;
    SSL3_RECORD rrec;
} DTLS_RLAYER_RECORD_DATA;

extern struct record_functions_st ssl_3_0_funcs;
extern struct record_functions_st tls_1_funcs;
extern struct record_functions_st tls_1_3_funcs;
extern struct record_functions_st tls_any_funcs;
extern struct record_functions_st dtls_1_funcs;
extern struct record_functions_st dtls_any_funcs;

void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
                       const char *fmt, ...);

#define RLAYERfatal(rl, al, r) RLAYERfatal_data((rl), (al), (r), NULL)
#define RLAYERfatal_data                                           \
    (ERR_new(),                                                    \
     ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC),      \
     ossl_rlayer_fatal)

#define RLAYER_USE_EXPLICIT_IV(rl) ((rl)->version == TLS1_1_VERSION \
                                    || (rl)->version == TLS1_2_VERSION \
                                    || (rl)->isdtls)

void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num);

int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
                                     EVP_CIPHER_CTX *ctx,
                                     const EVP_CIPHER *ciph,
                                     const EVP_MD *md);

/* tls_pad.c */
int ssl3_cbc_remove_padding_and_mac(size_t *reclen,
                                    size_t origreclen,
                                    unsigned char *recdata,
                                    unsigned char **mac,
                                    int *alloced,
                                    size_t block_size, size_t mac_size,
                                    OSSL_LIB_CTX *libctx);

int tls1_cbc_remove_padding_and_mac(size_t *reclen,
                                    size_t origreclen,
                                    unsigned char *recdata,
                                    unsigned char **mac,
                                    int *alloced,
                                    size_t block_size, size_t mac_size,
                                    int aead,
                                    OSSL_LIB_CTX *libctx);

/* ssl3_cbc.c */
__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
__owur int ssl3_cbc_digest_record(const EVP_MD *md,
                                  unsigned char *md_out,
                                  size_t *md_out_size,
                                  const unsigned char *header,
                                  const unsigned char *data,
                                  size_t data_size,
                                  size_t data_plus_mac_plus_padding_size,
                                  const unsigned char *mac_secret,
                                  size_t mac_secret_length, char is_sslv3);

int tls_increment_sequence_ctr(OSSL_RECORD_LAYER *rl);
int tls_alloc_buffers(OSSL_RECORD_LAYER *rl);
int tls_free_buffers(OSSL_RECORD_LAYER *rl);

int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
                       int clearold, size_t *readbytes);
int tls_get_more_records(OSSL_RECORD_LAYER *rl);
int dtls_get_more_records(OSSL_RECORD_LAYER *rl);

int dtls_prepare_record_header(OSSL_RECORD_LAYER *rl,
                               WPACKET *thispkt,
                               OSSL_RECORD_TEMPLATE *templ,
                               unsigned int rectype,
                               unsigned char **recdata);
int dtls_post_encryption_processing(OSSL_RECORD_LAYER *rl,
                                    size_t mac_size,
                                    OSSL_RECORD_TEMPLATE *thistempl,
                                    WPACKET *thispkt,
                                    SSL3_RECORD *thiswr);

int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
int tls_default_validate_record_header(OSSL_RECORD_LAYER *rl, SSL3_RECORD *re);
int tls_do_compress(OSSL_RECORD_LAYER *rl, SSL3_RECORD *wr);
int tls_do_uncompress(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec);
int tls_default_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec);
int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec);

int
tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
                         int role, int direction, int level, unsigned char *key,
                         size_t keylen, unsigned char *iv, size_t ivlen,
                         unsigned char *mackey, size_t mackeylen,
                         const EVP_CIPHER *ciph, size_t taglen,
                         int mactype,
                         const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
                         BIO *transport, BIO *next,
                         BIO_ADDR *local, BIO_ADDR *peer,
                         const OSSL_PARAM *settings, const OSSL_PARAM *options,
                         const OSSL_DISPATCH *fns, void *cbarg,
                         OSSL_RECORD_LAYER **retrl);
int tls_free(OSSL_RECORD_LAYER *rl);
int tls_reset(OSSL_RECORD_LAYER *rl);
int tls_unprocessed_read_pending(OSSL_RECORD_LAYER *rl);
int tls_processed_read_pending(OSSL_RECORD_LAYER *rl);
size_t tls_app_data_pending(OSSL_RECORD_LAYER *rl);
size_t tls_get_max_records(OSSL_RECORD_LAYER *rl, int type, size_t len,
                           size_t maxfrag, size_t *preffrag);
int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates,
                      size_t numtempl);
int tls_retry_write_records(OSSL_RECORD_LAYER *rl);
int tls_get_alert_code(OSSL_RECORD_LAYER *rl);
int tls_set1_bio(OSSL_RECORD_LAYER *rl, BIO *bio);
int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
                    int *type, unsigned char **data, size_t *datalen,
                    uint16_t *epoch, unsigned char *seq_num);
int tls_release_record(OSSL_RECORD_LAYER *rl, void *rechandle);
int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
int tls_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
void tls_set_plain_alerts(OSSL_RECORD_LAYER *rl, int allow);
void tls_set_first_handshake(OSSL_RECORD_LAYER *rl, int first);
void tls_set_max_pipelines(OSSL_RECORD_LAYER *rl, size_t max_pipelines);
void tls_get_state(OSSL_RECORD_LAYER *rl, const char **shortstr,
                   const char **longstr);
int tls_set_options(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options);
const COMP_METHOD *tls_get_compression(OSSL_RECORD_LAYER *rl);
void tls_set_max_frag_len(OSSL_RECORD_LAYER *rl, size_t max_frag_len);
int tls_setup_read_buffer(OSSL_RECORD_LAYER *rl);
int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes,
                           size_t firstlen, size_t nextlen);

int tls_write_records_multiblock(OSSL_RECORD_LAYER *rl,
                                 OSSL_RECORD_TEMPLATE *templates,
                                 size_t numtempl);

size_t tls_get_max_records_default(OSSL_RECORD_LAYER *rl, int type, size_t len,
                                   size_t maxfrag, size_t *preffrag);
size_t tls_get_max_records_multiblock(OSSL_RECORD_LAYER *rl, int type,
                                      size_t len, size_t maxfrag,
                                      size_t *preffrag);
int tls_allocate_write_buffers_default(OSSL_RECORD_LAYER *rl,
                                       OSSL_RECORD_TEMPLATE *templates,
                                       size_t numtempl, size_t *prefix);
int tls_initialise_write_packets_default(OSSL_RECORD_LAYER *rl,
                                         OSSL_RECORD_TEMPLATE *templates,
                                         size_t numtempl,
                                         OSSL_RECORD_TEMPLATE *prefixtempl,
                                         WPACKET *pkt,
                                         SSL3_BUFFER *bufs,
                                         size_t *wpinited);
int tls1_allocate_write_buffers(OSSL_RECORD_LAYER *rl,
                                OSSL_RECORD_TEMPLATE *templates,
                                size_t numtempl, size_t *prefix);
int tls1_initialise_write_packets(OSSL_RECORD_LAYER *rl,
                                  OSSL_RECORD_TEMPLATE *templates,
                                  size_t numtempl,
                                  OSSL_RECORD_TEMPLATE *prefixtempl,
                                  WPACKET *pkt,
                                  SSL3_BUFFER *bufs,
                                  size_t *wpinited);
int tls_prepare_record_header_default(OSSL_RECORD_LAYER *rl,
                                      WPACKET *thispkt,
                                      OSSL_RECORD_TEMPLATE *templ,
                                      unsigned int rectype,
                                      unsigned char **recdata);
int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl,
                                       size_t mac_size,
                                       WPACKET *thispkt,
                                       SSL3_RECORD *thiswr);
int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
                                           size_t mac_size,
                                           OSSL_RECORD_TEMPLATE *thistempl,
                                           WPACKET *thispkt,
                                           SSL3_RECORD *thiswr);
int tls_write_records_default(OSSL_RECORD_LAYER *rl,
                              OSSL_RECORD_TEMPLATE *templates,
                              size_t numtempl);

/* Macros/functions provided by the SSL3_BUFFER component */

#define SSL3_BUFFER_get_buf(b)              ((b)->buf)
#define SSL3_BUFFER_set_buf(b, n)           ((b)->buf = (n))
#define SSL3_BUFFER_get_len(b)              ((b)->len)
#define SSL3_BUFFER_get_left(b)             ((b)->left)
#define SSL3_BUFFER_set_left(b, l)          ((b)->left = (l))
#define SSL3_BUFFER_sub_left(b, l)          ((b)->left -= (l))
#define SSL3_BUFFER_get_offset(b)           ((b)->offset)
#define SSL3_BUFFER_set_offset(b, o)        ((b)->offset = (o))
#define SSL3_BUFFER_add_offset(b, o)        ((b)->offset += (o))
#define SSL3_BUFFER_set_app_buffer(b, l)    ((b)->app_buffer = (l))
#define SSL3_BUFFER_is_app_buffer(b)        ((b)->app_buffer)

void SSL3_BUFFER_release(SSL3_BUFFER *b);
Commit	Line	Data
50023e9b MC	1	/*
	2	* Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <openssl/bio.h>
	11	#include <openssl/ssl.h>
	12	#include <openssl/err.h>
	13	#include "../../ssl_local.h"
	14	#include "../record_local.h"
	15
f6aab7b1 MC	16	typedef struct dtls_bitmap_st {
	17	/* Track 64 packets */
	18	uint64_t map;
	19	/* Max record number seen so far, 64-bit value in big-endian encoding */
	20	unsigned char max_seq_num[SEQ_NUM_SIZE];
	21	} DTLS_BITMAP;
	22
23c57f00 MC	23	typedef struct ssl_mac_buf_st {
	24	unsigned char *mac;
	25	int alloced;
	26	} SSL_MAC_BUF;
	27
	28	typedef struct ssl3_buffer_st {
	29	/* at least SSL3_RT_MAX_PACKET_SIZE bytes */
	30	unsigned char *buf;
	31	/* default buffer size (or 0 if no default set) */
	32	size_t default_len;
	33	/* buffer size */
	34	size_t len;
	35	/* where to 'copy from' */
	36	size_t offset;
	37	/* how many bytes left */
	38	size_t left;
	39	/* 'buf' is from application for KTLS */
	40	int app_buffer;
	41	/* The type of data stored in this buffer. Only used for writing */
	42	int type;
	43	} SSL3_BUFFER;
	44
	45	typedef struct ssl3_record_st {
	46	/* Record layer version */
	47	/* r */
	48	int rec_version;
	49	/* type of record */
	50	/* r */
	51	int type;
	52	/* How many bytes available */
	53	/* rw */
	54	size_t length;
	55	/*
	56	* How many bytes were available before padding was removed? This is used
	57	* to implement the MAC check in constant time for CBC records.
	58	*/
	59	/* rw */
	60	size_t orig_len;
	61	/* read/write offset into 'buf' */
	62	/* r */
	63	size_t off;
	64	/* pointer to the record data */
	65	/* rw */
	66	unsigned char *data;
	67	/* where the decode bytes are */
	68	/* rw */
	69	unsigned char *input;
	70	/* only used with decompression - malloc()ed */
	71	/* r */
	72	unsigned char *comp;
	73	/* epoch number, needed by DTLS1 */
	74	/* r */
	75	uint16_t epoch;
	76	/* sequence number, needed by DTLS1 */
	77	/* r */
	78	unsigned char seq_num[SEQ_NUM_SIZE];
	79	} SSL3_RECORD;
	80
	81	/* Macros/functions provided by the SSL3_RECORD component */
	82
	83	#define SSL3_RECORD_set_type(r, t) ((r)->type = (t))
	84	#define SSL3_RECORD_set_rec_version(r, v) ((r)->rec_version = (v))
	85	#define SSL3_RECORD_get_length(r) ((r)->length)
	86	#define SSL3_RECORD_set_length(r, l) ((r)->length = (l))
87	#define SSL3_RECORD_add_length(r, l) ((r)->length += (l))
88	#define SSL3_RECORD_set_data(r, d) ((r)->data = (d))
89	#define SSL3_RECORD_set_input(r, i) ((r)->input = (i))
90	#define SSL3_RECORD_reset_input(r) ((r)->input = (r)->data)
91
92
50023e9b MC	93	/* Protocol version specific function pointers */
	94	struct record_functions_st
	95	{
7c293999 MC	96	/*
	97	* Returns either OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or
	98	* OSSL_RECORD_RETURN_NON_FATAL_ERR if we can keep trying to find an
	99	* alternative record layer.
	100	*/
50023e9b MC	101	int (set_crypto_state)(OSSL_RECORD_LAYER rl, int level,
	102	unsigned char *key, size_t keylen,
	103	unsigned char *iv, size_t ivlen,
	104	unsigned char *mackey, size_t mackeylen,
	105	const EVP_CIPHER *ciph,
	106	size_t taglen,
50023e9b MC	107	int mactype,
50023e9b MC	108	const EVP_MD *md,
1e76110b	109	COMP_METHOD *comp);
1853d20a	110
7c293999 MC	111	/*
	112	* Returns:
	113	* 0: if the record is publicly invalid, or an internal error, or AEAD
	114	* decryption failed, or EtM decryption failed.
	115	* 1: Success or MtE decryption failed (MAC will be randomised)
	116	*/
50023e9b	117	int (cipher)(OSSL_RECORD_LAYER rl, SSL3_RECORD *recs, size_t n_recs,
8124ab56	118	int sending, SSL_MAC_BUF *macs, size_t macsize);
7c293999	119	/* Returns 1 for success or 0 for error */
50023e9b	120	int (mac)(OSSL_RECORD_LAYER rl, SSL3_RECORD rec, unsigned char md,
8124ab56	121	int sending);
1853d20a MC	122
	123	/* Return 1 for success or 0 for error */
	124	int (set_protocol_version)(OSSL_RECORD_LAYER rl, int version);
	125
bafe524b MC	126	/* Read related functions */
	127
	128	int (read_n)(OSSL_RECORD_LAYER rl, size_t n, size_t max, int extend,
	129	int clearold, size_t *readbytes);
	130
	131	int (get_more_records)(OSSL_RECORD_LAYER rl);
	132
1853d20a MC	133	/* Return 1 for success or 0 for error */
	134	int (validate_record_header)(OSSL_RECORD_LAYER rl, SSL3_RECORD *rec);
	135
	136	/* Return 1 for success or 0 for error */
8124ab56	137	int (post_process_record)(OSSL_RECORD_LAYER rl, SSL3_RECORD *rec);
bafe524b MC	138
	139	/* Write related functions */
	140
	141	size_t (get_max_records)(OSSL_RECORD_LAYER rl, int type, size_t len,
	142	size_t maxfrag, size_t *preffrag);
	143
	144	/* Return 1 for success or 0 for error */
	145	int (write_records)(OSSL_RECORD_LAYER rl, OSSL_RECORD_TEMPLATE *templates,
	146	size_t numtempl);
91fe8ff0 MC	147
	148	/* Allocate the rl->wbuf buffers. Return 1 for success or 0 for error */
	149	int (allocate_write_buffers)(OSSL_RECORD_LAYER rl,
	150	OSSL_RECORD_TEMPLATE *templates,
	151	size_t numtempl, size_t *prefix);
	152
	153	/*
	154	* Initialise the packets in the \|pkt\| array using the buffers in \|rl->wbuf\|.
	155	* Some protocol versions may use the space in \|prefixtempl\| to add
	156	* an artificial template in front of the \|templates\| array and hence may
	157	* initialise 1 more WPACKET than there are templates. \|*wpinited\|
	158	* returns the number of WPACKETs in \|pkt\| that were successfully
	159	* initialised. This must be 0 on entry and will be filled in even on error.
	160	*/
	161	int (initialise_write_packets)(OSSL_RECORD_LAYER rl,
	162	OSSL_RECORD_TEMPLATE *templates,
	163	size_t numtempl,
	164	OSSL_RECORD_TEMPLATE *prefixtempl,
	165	WPACKET *pkt,
	166	SSL3_BUFFER *bufs,
	167	size_t *wpinited);
7ca61d63 MC	168
	169	/* Get the actual record type to be used for a given template */
	170	unsigned int (get_record_type)(OSSL_RECORD_LAYER rl,
	171	OSSL_RECORD_TEMPLATE *template);
aca70ca8 MC	172
	173	/* Write the record header data to the WPACKET */
	174	int (prepare_record_header)(OSSL_RECORD_LAYER rl, WPACKET *thispkt,
	175	OSSL_RECORD_TEMPLATE *templ,
	176	unsigned int rectype,
	177	unsigned char **recdata);
2582de25 MC	178
	179	int (add_record_padding)(OSSL_RECORD_LAYER rl,
	180	OSSL_RECORD_TEMPLATE *thistempl,
	181	WPACKET *thispkt,
	182	SSL3_RECORD *thiswr);
757ef3ba MC	183
	184	/*
	185	* This applies any mac that might be necessary, ensures that we have enough
	186	* space in the WPACKET to perform the encryption and sets up the
	187	* SSL3_RECORD ready for that encryption.
	188	*/
	189	int (prepare_for_encryption)(OSSL_RECORD_LAYER rl,
	190	size_t mac_size,
	191	WPACKET *thispkt,
	192	SSL3_RECORD *thiswr);
2a354d54 MC	193
	194	/*
	195	* Any updates required to the record after encryption has been applied. For
	196	* example, adding a MAC if using encrypt-then-mac
	197	*/
	198	int (post_encryption_processing)(OSSL_RECORD_LAYER rl,
	199	size_t mac_size,
	200	OSSL_RECORD_TEMPLATE *thistempl,
	201	WPACKET *thispkt,
	202	SSL3_RECORD *thiswr);
ace38195 MC	203
	204	/*
	205	* Some record layer implementations need to do some custom preparation of
	206	* the BIO before we write to it. KTLS does this to prevent coalescing of
	207	* control and data messages.
	208	*/
	209	int (prepare_write_bio)(OSSL_RECORD_LAYER rl, int type);
50023e9b MC	210	};
	211
	212	struct ossl_record_layer_st
	213	{
	214	OSSL_LIB_CTX *libctx;
	215	const char *propq;
	216	int isdtls;
	217	int version;
	218	int role;
	219	int direction;
9dd90232	220	int level;
b05fbac1	221	const EVP_MD *md;
222cf410	222	/* DTLS only */
279754d4	223	uint16_t epoch;
359affde MC	224
	225	/*
	226	* A BIO containing any data read in the previous epoch that was destined
	227	* for this epoch
	228	*/
	229	BIO *prev;
	230
	231	/* The transport BIO */
50023e9b	232	BIO *bio;
359affde MC	233
	234	/*
	235	* A BIO where we will send any data read by us that is destined for the
	236	* next epoch.
	237	*/
	238	BIO *next;
	239
b0a9042e	240	/* Types match the equivalent fields in the SSL object */
50023e9b	241	uint64_t options;
50023e9b MC	242	uint32_t mode;
50023e9b MC	243
151f313e MC	244	/* write IO goes into here */
	245	SSL3_BUFFER wbuf[SSL_MAX_PIPELINES + 1];
	246
	247	/* Next wbuf with pending data still to write */
	248	size_t nextwbuf;
	249
e7694c69 MC	250	/* How many pipelines can be used to write data */
	251	size_t numwpipes;
	252
50023e9b MC	253	/* read IO goes into here */
	254	SSL3_BUFFER rbuf;
	255	/* each decoded record goes in here */
	256	SSL3_RECORD rrec[SSL_MAX_PIPELINES];
	257
	258	/* How many records have we got available in the rrec bufer */
	259	size_t num_recs;
	260
	261	/* The record number in the rrec buffer that can be read next */
	262	size_t curr_rec;
	263
	264	/* The number of records that have been released via tls_release_record */
	265	size_t num_released;
	266
50023e9b MC	267	/* where we are when reading */
	268	int rstate;
	269
	270	/* used internally to point at a raw packet */
	271	unsigned char *packet;
	272	size_t packet_length;
	273
0755722c MC	274	/* Sequence number for the next record */
	275	unsigned char sequence[SEQ_NUM_SIZE];
	276
4bf610bd	277	/* Alert code to be used if an error occurs */
50023e9b MC	278	int alert;
	279
	280	/*
b0a9042e	281	* Read as many input bytes as possible (for non-blocking reads)
50023e9b MC	282	*/
	283	int read_ahead;
	284
	285	/* The number of consecutive empty records we have received */
	286	size_t empty_record_count;
	287
b9e4e783 MC	288	/*
	289	* Do we need to send a prefix empty record before application data as a
	290	* countermeasure against known-IV weakness (necessary for SSLv3 and
	291	* TLSv1.0)
	292	*/
	293	int need_empty_fragments;
	294
50023e9b	295	/* cryptographic state */
6366bdd9	296	EVP_CIPHER_CTX *enc_ctx;
1853d20a	297
9251c3c4 MC	298	/* Explicit IV length */
	299	size_t eivlen;
	300
50023e9b	301	/* used for mac generation */
6366bdd9 MC	302	EVP_MD_CTX *md_ctx;
6366bdd9 MC	303
9251c3c4 MC	304	/* compress/uncompress */
9251c3c4 MC	305	COMP_CTX *compctx;
50023e9b	306
1853d20a MC	307	/* Set to 1 if this is the first handshake. 0 otherwise */
	308	int is_first_handshake;
	309
435d88d7 MC	310	/*
	311	* The smaller of the configured and negotiated maximum fragment length
	312	* or SSL3_RT_MAX_PLAIN_LENGTH if none
	313	*/
ffbd6e67 MC	314	unsigned int max_frag_len;
ffbd6e67 MC	315
9dd90232 MC	316	/* The maxium amount of early data we can receive/send */
	317	uint32_t max_early_data;
	318
	319	/* The amount of early data that we have sent/received */
	320	size_t early_data_count;
	321
eb7d6c2a MC	322	/* TLSv1.3 record padding */
	323	size_t block_padding;
	324
50023e9b MC	325	/* Only used by SSLv3 */
	326	unsigned char mac_secret[EVP_MAX_MD_SIZE];
	327
7f2f0ac7 MC	328	/* TLSv1.0/TLSv1.1/TLSv1.2 */
	329	int use_etm;
	330
8124ab56 MC	331	/* Flags for GOST ciphers */
	332	int stream_mac;
	333	int tlstree;
	334
1853d20a MC	335	/* TLSv1.3 fields */
1853d20a MC	336	/* static IV */
50023e9b	337	unsigned char iv[EVP_MAX_IV_LENGTH];
1853d20a MC	338	/* static read IV */
	339	unsigned char read_iv[EVP_MAX_IV_LENGTH];
	340	int allow_plain_alerts;
	341
	342	/* TLS "any" fields */
	343	/* Set to true if this is the first record in a connection */
	344	unsigned int is_first_record;
50023e9b MC	345
	346	size_t taglen;
	347
bfc0f10d	348	/* DTLS received handshake records (processed and unprocessed) */
eddb067e MC	349	record_pqueue unprocessed_rcds;
	350	record_pqueue processed_rcds;
	351
bfc0f10d	352	/* records being received in the current epoch */
f6aab7b1	353	DTLS_BITMAP bitmap;
bfc0f10d	354	/* renegotiation starts a new set of sequence numbers */
f6aab7b1	355	DTLS_BITMAP next_bitmap;
bfc0f10d MC	356
	357	/*
	358	* Whether we are currently in a hanshake or not. Only maintained for DTLS
	359	*/
	360	int in_init;
	361
9dd90232 MC	362	/* Callbacks */
9dd90232 MC	363	void *cbarg;
3c7b9ef9 MC	364	OSSL_FUNC_rlayer_skip_early_data_fn *skip_early_data;
3c7b9ef9 MC	365	OSSL_FUNC_rlayer_msg_callback_fn *msg_callback;
ed0e298f	366	OSSL_FUNC_rlayer_security_fn *security;
5f95eb77	367	OSSL_FUNC_rlayer_padding_fn *padding;
9dd90232	368
8124ab56 MC	369	size_t max_pipelines;
8124ab56 MC	370
50023e9b MC	371	/* Function pointers for version specific functions */
	372	struct record_functions_st *funcs;
	373	};
	374
eddb067e MC	375	typedef struct dtls_rlayer_record_data_st {
	376	unsigned char *packet;
	377	size_t packet_length;
	378	SSL3_BUFFER rbuf;
	379	SSL3_RECORD rrec;
	380	} DTLS_RLAYER_RECORD_DATA;
	381
50023e9b MC	382	extern struct record_functions_st ssl_3_0_funcs;
	383	extern struct record_functions_st tls_1_funcs;
	384	extern struct record_functions_st tls_1_3_funcs;
	385	extern struct record_functions_st tls_any_funcs;
222cf410 MC	386	extern struct record_functions_st dtls_1_funcs;
222cf410 MC	387	extern struct record_functions_st dtls_any_funcs;
50023e9b MC	388
	389	void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
	390	const char *fmt, ...);
	391
1704961c MC	392	#define RLAYERfatal(rl, al, r) RLAYERfatal_data((rl), (al), (r), NULL)
1704961c MC	393	#define RLAYERfatal_data \
50023e9b MC	394	(ERR_new(), \
	395	ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
	396	ossl_rlayer_fatal)
	397
1704961c MC	398	#define RLAYER_USE_EXPLICIT_IV(rl) ((rl)->version == TLS1_1_VERSION \
	399	\|\| (rl)->version == TLS1_2_VERSION \
	400	\|\| (rl)->isdtls)
88d61680	401
23c57f00 MC	402	void SSL3_RECORD_set_seq_num(SSL3_RECORD r, const unsigned char seq_num);
23c57f00 MC	403
50023e9b MC	404	int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
	405	EVP_CIPHER_CTX *ctx,
	406	const EVP_CIPHER *ciph,
7f2f0ac7	407	const EVP_MD *md);
23c57f00 MC	408
	409	/* tls_pad.c */
	410	int ssl3_cbc_remove_padding_and_mac(size_t *reclen,
	411	size_t origreclen,
	412	unsigned char *recdata,
	413	unsigned char **mac,
	414	int *alloced,
	415	size_t block_size, size_t mac_size,
	416	OSSL_LIB_CTX *libctx);
	417
	418	int tls1_cbc_remove_padding_and_mac(size_t *reclen,
	419	size_t origreclen,
	420	unsigned char *recdata,
	421	unsigned char **mac,
	422	int *alloced,
	423	size_t block_size, size_t mac_size,
	424	int aead,
	425	OSSL_LIB_CTX *libctx);
	426
50023e9b MC	427	/* ssl3_cbc.c */
	428	__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
	429	__owur int ssl3_cbc_digest_record(const EVP_MD *md,
	430	unsigned char *md_out,
	431	size_t *md_out_size,
	432	const unsigned char *header,
	433	const unsigned char *data,
	434	size_t data_size,
	435	size_t data_plus_mac_plus_padding_size,
	436	const unsigned char *mac_secret,
	437	size_t mac_secret_length, char is_sslv3);
1853d20a	438
bed07b18	439	int tls_increment_sequence_ctr(OSSL_RECORD_LAYER *rl);
7eb39ecb MC	440	int tls_alloc_buffers(OSSL_RECORD_LAYER *rl);
7eb39ecb MC	441	int tls_free_buffers(OSSL_RECORD_LAYER *rl);
bed07b18	442
1853d20a MC	443	int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
1853d20a MC	444	int clearold, size_t *readbytes);
eddb067e	445	int tls_get_more_records(OSSL_RECORD_LAYER *rl);
222cf410	446	int dtls_get_more_records(OSSL_RECORD_LAYER *rl);
1853d20a	447
b9e37f8f MC	448	int dtls_prepare_record_header(OSSL_RECORD_LAYER *rl,
	449	WPACKET *thispkt,
	450	OSSL_RECORD_TEMPLATE *templ,
	451	unsigned int rectype,
	452	unsigned char **recdata);
421386e3 MC	453	int dtls_post_encryption_processing(OSSL_RECORD_LAYER *rl,
	454	size_t mac_size,
	455	OSSL_RECORD_TEMPLATE *thistempl,
	456	WPACKET *thispkt,
	457	SSL3_RECORD *thiswr);
602ee1f6	458
1853d20a MC	459	int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
1853d20a MC	460	int tls_default_validate_record_header(OSSL_RECORD_LAYER rl, SSL3_RECORD re);
b9e37f8f	461	int tls_do_compress(OSSL_RECORD_LAYER rl, SSL3_RECORD wr);
222cf410	462	int tls_do_uncompress(OSSL_RECORD_LAYER rl, SSL3_RECORD rec);
8124ab56 MC	463	int tls_default_post_process_record(OSSL_RECORD_LAYER rl, SSL3_RECORD rec);
8124ab56 MC	464	int tls13_common_post_process_record(OSSL_RECORD_LAYER rl, SSL3_RECORD rec);
1853d20a MC	465
	466	int
	467	tls_int_new_record_layer(OSSL_LIB_CTX libctx, const char propq, int vers,
	468	int role, int direction, int level, unsigned char *key,
	469	size_t keylen, unsigned char *iv, size_t ivlen,
	470	unsigned char *mackey, size_t mackeylen,
	471	const EVP_CIPHER *ciph, size_t taglen,
1853d20a	472	int mactype,
1e76110b	473	const EVP_MD md, COMP_METHOD comp, BIO *prev,
359affde	474	BIO transport, BIO next,
1853d20a MC	475	BIO_ADDR local, BIO_ADDR peer,
1853d20a MC	476	const OSSL_PARAM settings, const OSSL_PARAM options,
9dd90232	477	const OSSL_DISPATCH fns, void cbarg,
8124ab56	478	OSSL_RECORD_LAYER **retrl);
359affde	479	int tls_free(OSSL_RECORD_LAYER *rl);
1853d20a MC	480	int tls_reset(OSSL_RECORD_LAYER *rl);
	481	int tls_unprocessed_read_pending(OSSL_RECORD_LAYER *rl);
	482	int tls_processed_read_pending(OSSL_RECORD_LAYER *rl);
	483	size_t tls_app_data_pending(OSSL_RECORD_LAYER *rl);
23bf52a4	484	size_t tls_get_max_records(OSSL_RECORD_LAYER *rl, int type, size_t len,
02719d5c	485	size_t maxfrag, size_t *preffrag);
2b71b042 MC	486	int tls_write_records(OSSL_RECORD_LAYER rl, OSSL_RECORD_TEMPLATE templates,
	487	size_t numtempl);
	488	int tls_retry_write_records(OSSL_RECORD_LAYER *rl);
1853d20a MC	489	int tls_get_alert_code(OSSL_RECORD_LAYER *rl);
1853d20a MC	490	int tls_set1_bio(OSSL_RECORD_LAYER rl, BIO bio);
1704961c	491	int tls_read_record(OSSL_RECORD_LAYER rl, void rechandle, int rversion,
1853d20a	492	int type, unsigned char data, size_t datalen,
8124ab56	493	uint16_t epoch, unsigned char seq_num);
1853d20a MC	494	int tls_release_record(OSSL_RECORD_LAYER rl, void rechandle);
	495	int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
	496	int tls_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
	497	void tls_set_plain_alerts(OSSL_RECORD_LAYER *rl, int allow);
	498	void tls_set_first_handshake(OSSL_RECORD_LAYER *rl, int first);
8124ab56	499	void tls_set_max_pipelines(OSSL_RECORD_LAYER *rl, size_t max_pipelines);
d0b17ea0 MC	500	void tls_get_state(OSSL_RECORD_LAYER rl, const char *shortstr,
d0b17ea0 MC	501	const char **longstr);
4566dae7	502	int tls_set_options(OSSL_RECORD_LAYER rl, const OSSL_PARAM options);
1e76110b	503	const COMP_METHOD tls_get_compression(OSSL_RECORD_LAYER rl);
435d88d7	504	void tls_set_max_frag_len(OSSL_RECORD_LAYER *rl, size_t max_frag_len);
9b7fb65e	505	int tls_setup_read_buffer(OSSL_RECORD_LAYER *rl);
bafe524b MC	506	int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes,
	507	size_t firstlen, size_t nextlen);
	508
	509	int tls_write_records_multiblock(OSSL_RECORD_LAYER *rl,
	510	OSSL_RECORD_TEMPLATE *templates,
	511	size_t numtempl);
	512
	513	size_t tls_get_max_records_default(OSSL_RECORD_LAYER *rl, int type, size_t len,
	514	size_t maxfrag, size_t *preffrag);
aca70ca8 MC	515	size_t tls_get_max_records_multiblock(OSSL_RECORD_LAYER *rl, int type,
	516	size_t len, size_t maxfrag,
	517	size_t *preffrag);
91fe8ff0 MC	518	int tls_allocate_write_buffers_default(OSSL_RECORD_LAYER *rl,
	519	OSSL_RECORD_TEMPLATE *templates,
	520	size_t numtempl, size_t *prefix);
	521	int tls_initialise_write_packets_default(OSSL_RECORD_LAYER *rl,
	522	OSSL_RECORD_TEMPLATE *templates,
	523	size_t numtempl,
	524	OSSL_RECORD_TEMPLATE *prefixtempl,
	525	WPACKET *pkt,
	526	SSL3_BUFFER *bufs,
	527	size_t *wpinited);
	528	int tls1_allocate_write_buffers(OSSL_RECORD_LAYER *rl,
	529	OSSL_RECORD_TEMPLATE *templates,
	530	size_t numtempl, size_t *prefix);
	531	int tls1_initialise_write_packets(OSSL_RECORD_LAYER *rl,
	532	OSSL_RECORD_TEMPLATE *templates,
	533	size_t numtempl,
	534	OSSL_RECORD_TEMPLATE *prefixtempl,
	535	WPACKET *pkt,
	536	SSL3_BUFFER *bufs,
	537	size_t *wpinited);
aca70ca8 MC	538	int tls_prepare_record_header_default(OSSL_RECORD_LAYER *rl,
	539	WPACKET *thispkt,
	540	OSSL_RECORD_TEMPLATE *templ,
	541	unsigned int rectype,
	542	unsigned char **recdata);
757ef3ba MC	543	int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl,
	544	size_t mac_size,
	545	WPACKET *thispkt,
	546	SSL3_RECORD *thiswr);
2a354d54 MC	547	int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
	548	size_t mac_size,
	549	OSSL_RECORD_TEMPLATE *thistempl,
	550	WPACKET *thispkt,
	551	SSL3_RECORD *thiswr);
bafe524b MC	552	int tls_write_records_default(OSSL_RECORD_LAYER *rl,
	553	OSSL_RECORD_TEMPLATE *templates,
	554	size_t numtempl);
e158ada6 MC	555
	556	/* Macros/functions provided by the SSL3_BUFFER component */
	557
	558	#define SSL3_BUFFER_get_buf(b) ((b)->buf)
	559	#define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n))
	560	#define SSL3_BUFFER_get_len(b) ((b)->len)
	561	#define SSL3_BUFFER_get_left(b) ((b)->left)
	562	#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l))
	563	#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l))
	564	#define SSL3_BUFFER_get_offset(b) ((b)->offset)
	565	#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o))
	566	#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o))
	567	#define SSL3_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l))
	568	#define SSL3_BUFFER_is_app_buffer(b) ((b)->app_buffer)
	569
	570	void SSL3_BUFFER_release(SSL3_BUFFER *b);