[thirdparty/openssl.git] / ssl / record / recordmethod.h

/*
 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#ifndef OSSL_INTERNAL_RECORDMETHOD_H
# define OSSL_INTERNAL_RECORDMETHOD_H
# pragma once

# include <openssl/ssl.h>

/*
 * We use the term "record" here to refer to a packet of data. Records are
 * typically protected via a cipher and MAC, or an AEAD cipher (although not
 * always). This usage of the term record is consistent with the TLS concept.
 * In QUIC the term "record" is not used but it is analogous to the QUIC term
 * "packet". The interface in this file applies to all protocols that protect
 * records/packets of data, i.e. (D)TLS and QUIC. The term record is used to
 * refer to both contexts.
 */


/*
 * Types of QUIC record layer;
 *
 * QUIC reuses the TLS handshake for agreeing secrets. An SSL object representing
 * a QUIC connection will have an additional SSL object internally representing
 * the TLS state of the QUIC handshake. This internal TLS is referred to as
 * QUIC-TLS in this file.
 * "Records" output from QUIC-TLS contains standard TLS handshake messages and
 * are *not* encrypted directly but are instead wrapped up in plaintext
 * CRYPTO frames. These CRYPTO frames could be collected together with other
 * QUIC frames into a single QUIC packet. The QUIC record layer will then
 * encrypt the whole packet.
 *
 * So we have:
 * QUIC-TLS record layer: outputs plaintext CRYPTO frames containing TLS
 *                        handshake messages only.
 * QUIC record layer: outputs encrypted packets which may contain CRYPTO frames
 *                    or any other type of QUIC frame.
 */

/*
 * An OSSL_RECORD_METHOD is a protcol specific method which provides the
 * functions for reading and writing records for that protocol. Which
 * OSSL_RECORD_METHOD to use for a given protocol is defined by the SSL_METHOD.
 */
typedef struct ossl_record_method_st OSSL_RECORD_METHOD;

/*
 * An OSSL_RECORD_LAYER is just an externally defined opaque pointer created by
 * the method
 */
typedef struct ossl_record_layer_st OSSL_RECORD_LAYER;


# define OSSL_RECORD_ROLE_CLIENT 0
# define OSSL_RECORD_ROLE_SERVER 1

# define OSSL_RECORD_DIRECTION_READ  0
# define OSSL_RECORD_DIRECTION_WRITE 1

/*
 * Protection level. For <= TLSv1.2 only "NONE" and "APPLICATION" are used.
 */
# define OSSL_RECORD_PROTECTION_LEVEL_NONE        0
# define OSSL_RECORD_PROTECTION_LEVEL_EARLY       1
# define OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE   2
# define OSSL_RECORD_PROTECTION_LEVEL_APPLICATION 3


# define OSSL_RECORD_RETURN_SUCCESS           1
# define OSSL_RECORD_RETURN_RETRY             0
# define OSSL_RECORD_RETURN_NON_FATAL_ERR    -1
# define OSSL_RECORD_RETURN_FATAL            -2
# define OSSL_RECORD_RETURN_EOF              -3

/*
 * Template for creating a record. A record consists of the |type| of data it
 * will contain (e.g. alert, handshake, application data, etc) along with an
 * array of buffers in |bufs| of size |numbufs|. There is a corresponding array
 * of buffer lengths in |buflens|. Concatenating all of the buffer data together
 * would give you the complete plaintext payload to be sent in a single record.
 */
struct ossl_record_template_st {
    int type;
    void **bufs;
    size_t *buflens;
    size_t numbufs;
};

typedef struct ossl_record_template_st OSSL_RECORD_TEMPLATE;

/*
 * Rather than a "method" approach, we could make this fetchable - Should we?
 * There could be some complexity in finding suitable record layer implementations
 * e.g. we need to find one that matches the negotiated protocol, cipher,
 * extensions, etc. The selection_cb approach given above doesn't work so well
 * if unknown third party providers with OSSL_RECORD_METHOD implementations are
 * loaded.
 */

/*
 * If this becomes public API then we will need functions to create and
 * free an OSSL_RECORD_METHOD, as well as functions to get/set the various
 * function pointers....unless we make it fetchable.
 */
struct ossl_record_method_st {
    /*
     * Create a new OSSL_RECORD_LAYER object for handling the protocol version
     * set by |vers|. |role| is 0 for client and 1 for server. |direction|
     * indicates either read or write. |level| is the protection level as
     * described above. |settings| are mandatory settings that will cause the
     * new() call to fail if they are not understood (for example to require
     * Encrypt-Then-Mac support). |options| are optional settings that will not
     * cause the new() call to fail if they are not understood (for example
     * whether to use "read ahead" or not).
     *
     * The BIO in |transport| is the BIO for the underlying transport layer.
     * Where the direction is "read", then this BIO will only ever be used for
     * reading data. Where the direction is "write", then this BIO will only
     * every be used for writing data.
     *
     * An SSL object will always have at least 2 OSSL_RECORD_LAYER objects in
     * force at any one time (one for reading and one for writing). In some
     * protocols more than 2 might be used (e.g. in DTLS for retransmitting
     * messages from an earlier epoch).
     */

    /*
     * TODO(RECLAYER): Will have to be something other than EVP_CIPHER if we
     * make this fetchable
     * TODO(RECLAYER): mactype should not be an int
     */
    OSSL_RECORD_LAYER *(*new_record_layer)(OSSL_LIB_CTX *libctx,
                                           const char *propq, int vers,
                                           int role, int direction,
                                           int level, unsigned char *key,
                                           size_t keylen,
                                           unsigned char *iv,
                                           size_t ivlen,
                                           unsigned char *mackey,
                                           size_t mackeylen,
                                           const EVP_CIPHER *ciph,
                                           size_t taglen,
                                           /* TODO(RECLAYER): This probably should not be an int */
                                           int mactype,
                                           const EVP_MD *md,
                                           const SSL_COMP *comp,
                                           BIO *transport, BIO_ADDR *local,
                                           BIO_ADDR *peer,
                                           const OSSL_PARAM *settings,
                                           const OSSL_PARAM *options,
                                           /* TODO(RECLAYER): Remove me */
                                           SSL_CONNECTION *s);
    void (*free)(OSSL_RECORD_LAYER *rl);

    int (*reset)(OSSL_RECORD_LAYER *rl); /* Is this needed? */

    /* Returns 1 if we have unprocessed data buffered or 0 otherwise */
    int (*unprocessed_read_pending)(OSSL_RECORD_LAYER *rl);
    /*
     * Returns 1 if we have processed data buffered that can be read or 0 otherwise
     * - not necessarily app data
     */
    int (*processed_read_pending)(OSSL_RECORD_LAYER *rl);

    /*
     * The amount of processed app data that is internally bufferred and
     * available to read
     */
    size_t (*app_data_pending)(OSSL_RECORD_LAYER *rl);

    int (*write_pending)(OSSL_RECORD_LAYER *rl);


    /*
     * Find out the maximum amount of plaintext data that the record layer is
     * prepared to write in a single record. When calling write_records it is
     * the caller's responsibility to ensure that no record template exceeds
     * this maximum when calling write_records.
     */
    size_t (*get_max_record_len)(OSSL_RECORD_LAYER *rl);

    /*
     * Find out the maximum number of records that the record layer is prepared
     * to process in a single call to write_records. It is the caller's
     * responsibility to ensure that no call to write_records exceeds this
     * number of records.
     */
    size_t (*get_max_records)(OSSL_RECORD_LAYER *rl);

    /*
     * Write |numtempl| records from the array of record templates pointed to
     * by |templates|. Each record should be no longer than the value returned
     * by get_max_record_len(), and there should be no more records than the
     * value returned by get_max_records().
     * |allowance| is the maximum amount of "on-the-wire" data that is allowed
     * to be sent at the moment (including all QUIC headers, but excluding any
     * UDP/IP headers). After a successful or retry return |*sent| will
     * be updated with the amount of data that has been sent so far. In the case
     * of a retry this could be 0.
     * Where possible the caller will attempt to ensure that all records are the
     * same length, except the last record. This may not always be possible so
     * the record method implementation should not rely on this being the case.
     * In the event of a retry the caller should call retry_write_records()
     * to try again. No more calls to write_records() should be attempted until
     * retry_write_records() returns success.
     * Buffers allocated for the record templates can be freed immediately after
     * write_records() returns - even in the case a retry.
     * The record templates represent the plaintext payload. The encrypted
     * output is written to the |transport| BIO.
     * Returns:
     *  1 on success
     *  0 on retry
     * -1 on failure
     */
    int (*write_records)(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE **templates,
                         size_t numtempl, size_t allowance, size_t *sent);

    /*
     * Retry a previous call to write_records. The caller should continue to
     * call this until the function returns with success or failure. After
     * each retry more of the data may have been incrementally sent. |allowance|
     * is the amount of "on-the-wire" data that is allowed to be sent at the
     * moment. After a successful or retry return |*sent| will
     * be updated with the amount of data that has been sent by this call to
     * retry_write_records().
     * Returns:
     *  1 on success
     *  0 on retry
     * -1 on failure
     */
    int (*retry_write_records)(OSSL_RECORD_LAYER *rl, size_t allowance,
                               size_t *sent);

    /*
     * Read a record and return the record layer version and record type in
     * the |rversion| and |type| parameters. |*data| is set to point to a
     * record layer buffer containing the record payload data and |*datalen|
     * is filled in with the length of that data. The |epoch| and |seq_num|
     * values are only used if DTLS has been negotiated. In that case they are
     * filled in with the epoch and sequence number from the record.
     * An opaque record layer handle for the record is returned in |*rechandle|
     * which is used in a subsequent call to |release_record|. The buffer must
     * remain available until release_record is called.
     *
     * Internally the the OSSL_RECORD_METHOD the implementation may read/process
     * multiple records in one go and buffer them.
     */
    int (*read_record)(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
                      int *type, unsigned char **data, size_t *datalen,
                      uint16_t *epoch, unsigned char *seq_num,
                      /* TODO(RECLAYER): Remove me */ SSL_CONNECTION *s);
    /*
     * Release a buffer associated with a record previously read with
     * read_record. Records are guaranteed to be released in the order that they
     * are read.
     */
    int (*release_record)(OSSL_RECORD_LAYER *rl, void *rechandle);

    /*
     * In the event that a fatal error is returned from the functions above then
     * get_alert_code() can be called to obtain a more details identifier for
     * the error. In (D)TLS this is the alert description code.
     */
    int (*get_alert_code)(OSSL_RECORD_LAYER *rl);

    /*
     * Update the transport BIO from the one originally set in the
     * new_record_layer call
     */
    int (*set1_bio)(OSSL_RECORD_LAYER *rl, BIO *bio);

    /*
     * TODO(RECLAYER): Remove these. These function pointers are temporary hacks
     * during the record layer refactoring. They need to be removed before the
     * refactor is complete.
     */
    int (*read_n)(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
                  int clearold, size_t *readbytes);
    SSL3_BUFFER *(*get0_rbuf)(OSSL_RECORD_LAYER *rl);
    unsigned char *(*get0_packet)(OSSL_RECORD_LAYER *rl);
    void (*set0_packet)(OSSL_RECORD_LAYER *rl, unsigned char *packet,
                        size_t packetlen);
    size_t (*get_packet_length)(OSSL_RECORD_LAYER *rl);
    void (*reset_packet_length)(OSSL_RECORD_LAYER *rl);
};


/* Standard built-in record methods */
extern const OSSL_RECORD_METHOD ossl_tls_record_method;
extern const OSSL_RECORD_METHOD ossl_dtls_record_method;

#endif /* !defined(OSSL_INTERNAL_RECORDMETHOD_H) */
Commit	Line	Data
79a1f3e4 MC	1	/*
	2	* Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
79eebb08 MC	10	#ifndef OSSL_INTERNAL_RECORDMETHOD_H
	11	# define OSSL_INTERNAL_RECORDMETHOD_H
	12	# pragma once
	13
	14	# include <openssl/ssl.h>
79a1f3e4 MC	15
	16	/*
	17	* We use the term "record" here to refer to a packet of data. Records are
	18	* typically protected via a cipher and MAC, or an AEAD cipher (although not
	19	* always). This usage of the term record is consistent with the TLS concept.
	20	* In QUIC the term "record" is not used but it is analogous to the QUIC term
	21	* "packet". The interface in this file applies to all protocols that protect
	22	* records/packets of data, i.e. (D)TLS and QUIC. The term record is used to
	23	* refer to both contexts.
	24	*/
	25
	26
	27	/*
	28	* Types of QUIC record layer;
	29	*
	30	* QUIC reuses the TLS handshake for agreeing secrets. An SSL object representing
	31	* a QUIC connection will have an additional SSL object internally representing
	32	* the TLS state of the QUIC handshake. This internal TLS is referred to as
	33	* QUIC-TLS in this file.
	34	* "Records" output from QUIC-TLS contains standard TLS handshake messages and
	35	* are not encrypted directly but are instead wrapped up in plaintext
	36	* CRYPTO frames. These CRYPTO frames could be collected together with other
	37	* QUIC frames into a single QUIC packet. The QUIC record layer will then
	38	* encrypt the whole packet.
	39	*
	40	* So we have:
	41	* QUIC-TLS record layer: outputs plaintext CRYPTO frames containing TLS
	42	* handshake messages only.
	43	* QUIC record layer: outputs encrypted packets which may contain CRYPTO frames
	44	* or any other type of QUIC frame.
	45	*/
	46
	47	/*
	48	* An OSSL_RECORD_METHOD is a protcol specific method which provides the
	49	* functions for reading and writing records for that protocol. Which
	50	* OSSL_RECORD_METHOD to use for a given protocol is defined by the SSL_METHOD.
	51	*/
	52	typedef struct ossl_record_method_st OSSL_RECORD_METHOD;
	53
	54	/*
	55	* An OSSL_RECORD_LAYER is just an externally defined opaque pointer created by
	56	* the method
	57	*/
	58	typedef struct ossl_record_layer_st OSSL_RECORD_LAYER;
	59
	60
79eebb08 MC	61	# define OSSL_RECORD_ROLE_CLIENT 0
79eebb08 MC	62	# define OSSL_RECORD_ROLE_SERVER 1
79a1f3e4	63
79eebb08 MC	64	# define OSSL_RECORD_DIRECTION_READ 0
79eebb08 MC	65	# define OSSL_RECORD_DIRECTION_WRITE 1
79a1f3e4 MC	66
	67	/*
	68	* Protection level. For <= TLSv1.2 only "NONE" and "APPLICATION" are used.
	69	*/
79eebb08 MC	70	# define OSSL_RECORD_PROTECTION_LEVEL_NONE 0
	71	# define OSSL_RECORD_PROTECTION_LEVEL_EARLY 1
	72	# define OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE 2
	73	# define OSSL_RECORD_PROTECTION_LEVEL_APPLICATION 3
79a1f3e4 MC	74
79a1f3e4 MC	75
79eebb08 MC	76	# define OSSL_RECORD_RETURN_SUCCESS 1
	77	# define OSSL_RECORD_RETURN_RETRY 0
	78	# define OSSL_RECORD_RETURN_NON_FATAL_ERR -1
	79	# define OSSL_RECORD_RETURN_FATAL -2
	80	# define OSSL_RECORD_RETURN_EOF -3
e2d5742b	81
79a1f3e4 MC	82	/*
	83	* Template for creating a record. A record consists of the \|type\| of data it
	84	* will contain (e.g. alert, handshake, application data, etc) along with an
	85	* array of buffers in \|bufs\| of size \|numbufs\|. There is a corresponding array
	86	* of buffer lengths in \|buflens\|. Concatenating all of the buffer data together
	87	* would give you the complete plaintext payload to be sent in a single record.
	88	*/
	89	struct ossl_record_template_st {
	90	int type;
	91	void **bufs;
	92	size_t *buflens;
	93	size_t numbufs;
	94	};
	95
	96	typedef struct ossl_record_template_st OSSL_RECORD_TEMPLATE;
	97
	98	/*
	99	* Rather than a "method" approach, we could make this fetchable - Should we?
	100	* There could be some complexity in finding suitable record layer implementations
	101	* e.g. we need to find one that matches the negotiated protocol, cipher,
	102	* extensions, etc. The selection_cb approach given above doesn't work so well
	103	* if unknown third party providers with OSSL_RECORD_METHOD implementations are
	104	* loaded.
	105	*/
	106
	107	/*
	108	* If this becomes public API then we will need functions to create and
	109	* free an OSSL_RECORD_METHOD, as well as functions to get/set the various
	110	* function pointers....unless we make it fetchable.
	111	*/
	112	struct ossl_record_method_st {
	113	/*
	114	* Create a new OSSL_RECORD_LAYER object for handling the protocol version
	115	* set by \|vers\|. \|role\| is 0 for client and 1 for server. \|direction\|
	116	* indicates either read or write. \|level\| is the protection level as
	117	* described above. \|settings\| are mandatory settings that will cause the
	118	* new() call to fail if they are not understood (for example to require
	119	* Encrypt-Then-Mac support). \|options\| are optional settings that will not
	120	* cause the new() call to fail if they are not understood (for example
	121	* whether to use "read ahead" or not).
	122	*
	123	* The BIO in \|transport\| is the BIO for the underlying transport layer.
	124	* Where the direction is "read", then this BIO will only ever be used for
	125	* reading data. Where the direction is "write", then this BIO will only
	126	* every be used for writing data.
	127	*
	128	* An SSL object will always have at least 2 OSSL_RECORD_LAYER objects in
	129	* force at any one time (one for reading and one for writing). In some
	130	* protocols more than 2 might be used (e.g. in DTLS for retransmitting
	131	* messages from an earlier epoch).
	132	*/
	133
	134	/*
aedbb71b MC	135	* TODO(RECLAYER): Will have to be something other than EVP_CIPHER if we
	136	* make this fetchable
	137	* TODO(RECLAYER): mactype should not be an int
79a1f3e4	138	*/
aedbb71b MC	139	OSSL_RECORD_LAYER (new_record_layer)(OSSL_LIB_CTX *libctx,
	140	const char *propq, int vers,
	141	int role, int direction,
	142	int level, unsigned char *key,
	143	size_t keylen,
	144	unsigned char *iv,
	145	size_t ivlen,
	146	unsigned char *mackey,
	147	size_t mackeylen,
	148	const EVP_CIPHER *ciph,
	149	size_t taglen,
	150	/* TODO(RECLAYER): This probably should not be an int */
	151	int mactype,
	152	const EVP_MD *md,
	153	const SSL_COMP *comp,
	154	BIO transport, BIO_ADDR local,
	155	BIO_ADDR *peer,
	156	const OSSL_PARAM *settings,
	157	const OSSL_PARAM *options,
	158	/* TODO(RECLAYER): Remove me */
	159	SSL_CONNECTION *s);
11653dcd	160	void (free)(OSSL_RECORD_LAYER rl);
79a1f3e4	161
11653dcd	162	int (reset)(OSSL_RECORD_LAYER rl); /* Is this needed? */
79a1f3e4 MC	163
79a1f3e4 MC	164	/* Returns 1 if we have unprocessed data buffered or 0 otherwise */
11653dcd	165	int (unprocessed_read_pending)(OSSL_RECORD_LAYER rl);
79a1f3e4 MC	166	/*
	167	* Returns 1 if we have processed data buffered that can be read or 0 otherwise
	168	* - not necessarily app data
	169	*/
11653dcd	170	int (processed_read_pending)(OSSL_RECORD_LAYER rl);
79a1f3e4 MC	171
	172	/*
	173	* The amount of processed app data that is internally bufferred and
	174	* available to read
	175	*/
11653dcd	176	size_t (app_data_pending)(OSSL_RECORD_LAYER rl);
79a1f3e4	177
11653dcd	178	int (write_pending)(OSSL_RECORD_LAYER rl);
79a1f3e4 MC	179
	180
	181	/*
	182	* Find out the maximum amount of plaintext data that the record layer is
	183	* prepared to write in a single record. When calling write_records it is
	184	* the caller's responsibility to ensure that no record template exceeds
	185	* this maximum when calling write_records.
	186	*/
11653dcd	187	size_t (get_max_record_len)(OSSL_RECORD_LAYER rl);
79a1f3e4 MC	188
	189	/*
	190	* Find out the maximum number of records that the record layer is prepared
	191	* to process in a single call to write_records. It is the caller's
	192	* responsibility to ensure that no call to write_records exceeds this
	193	* number of records.
	194	*/
11653dcd	195	size_t (get_max_records)(OSSL_RECORD_LAYER rl);
79a1f3e4 MC	196
	197	/*
	198	* Write \|numtempl\| records from the array of record templates pointed to
	199	* by \|templates\|. Each record should be no longer than the value returned
	200	* by get_max_record_len(), and there should be no more records than the
	201	* value returned by get_max_records().
	202	* \|allowance\| is the maximum amount of "on-the-wire" data that is allowed
	203	* to be sent at the moment (including all QUIC headers, but excluding any
	204	* UDP/IP headers). After a successful or retry return \|*sent\| will
	205	* be updated with the amount of data that has been sent so far. In the case
	206	* of a retry this could be 0.
	207	* Where possible the caller will attempt to ensure that all records are the
	208	* same length, except the last record. This may not always be possible so
	209	* the record method implementation should not rely on this being the case.
	210	* In the event of a retry the caller should call retry_write_records()
	211	* to try again. No more calls to write_records() should be attempted until
	212	* retry_write_records() returns success.
	213	* Buffers allocated for the record templates can be freed immediately after
	214	* write_records() returns - even in the case a retry.
	215	* The record templates represent the plaintext payload. The encrypted
	216	* output is written to the \|transport\| BIO.
	217	* Returns:
	218	* 1 on success
	219	* 0 on retry
	220	* -1 on failure
	221	*/
11653dcd MC	222	int (write_records)(OSSL_RECORD_LAYER rl, OSSL_RECORD_TEMPLATE **templates,
11653dcd MC	223	size_t numtempl, size_t allowance, size_t *sent);
79a1f3e4 MC	224
	225	/*
	226	* Retry a previous call to write_records. The caller should continue to
	227	* call this until the function returns with success or failure. After
	228	* each retry more of the data may have been incrementally sent. \|allowance\|
	229	* is the amount of "on-the-wire" data that is allowed to be sent at the
	230	* moment. After a successful or retry return \|*sent\| will
	231	* be updated with the amount of data that has been sent by this call to
	232	* retry_write_records().
	233	* Returns:
	234	* 1 on success
	235	* 0 on retry
	236	* -1 on failure
	237	*/
11653dcd MC	238	int (retry_write_records)(OSSL_RECORD_LAYER rl, size_t allowance,
11653dcd MC	239	size_t *sent);
79a1f3e4 MC	240
	241	/*
	242	* Read a record and return the record layer version and record type in
	243	* the \|rversion\| and \|type\| parameters. \|*data\| is set to point to a
	244	* record layer buffer containing the record payload data and \|*datalen\|
	245	* is filled in with the length of that data. The \|epoch\| and \|seq_num\|
	246	* values are only used if DTLS has been negotiated. In that case they are
	247	* filled in with the epoch and sequence number from the record.
	248	* An opaque record layer handle for the record is returned in \|*rechandle\|
	249	* which is used in a subsequent call to \|release_record\|. The buffer must
	250	* remain available until release_record is called.
	251	*
	252	* Internally the the OSSL_RECORD_METHOD the implementation may read/process
	253	* multiple records in one go and buffer them.
	254	*/
11653dcd MC	255	int (read_record)(OSSL_RECORD_LAYER rl, void *rechandle, int rversion,
11653dcd MC	256	int type, unsigned char data, size_t datalen,
4030869d MC	257	uint16_t epoch, unsigned char seq_num,
4030869d MC	258	/* TODO(RECLAYER): Remove me / SSL_CONNECTION s);
79a1f3e4 MC	259	/*
	260	* Release a buffer associated with a record previously read with
	261	* read_record. Records are guaranteed to be released in the order that they
	262	* are read.
	263	*/
4030869d	264	int (release_record)(OSSL_RECORD_LAYER rl, void *rechandle);
79a1f3e4	265
e2d5742b MC	266	/*
	267	* In the event that a fatal error is returned from the functions above then
	268	* get_alert_code() can be called to obtain a more details identifier for
	269	* the error. In (D)TLS this is the alert description code.
	270	*/
	271	int (get_alert_code)(OSSL_RECORD_LAYER rl);
	272
	273	/*
	274	* Update the transport BIO from the one originally set in the
	275	* new_record_layer call
	276	*/
	277	int (set1_bio)(OSSL_RECORD_LAYER rl, BIO *bio);
	278
	279	/*
	280	* TODO(RECLAYER): Remove these. These function pointers are temporary hacks
	281	* during the record layer refactoring. They need to be removed before the
	282	* refactor is complete.
	283	*/
	284	int (read_n)(OSSL_RECORD_LAYER rl, size_t n, size_t max, int extend,
	285	int clearold, size_t *readbytes);
	286	SSL3_BUFFER (get0_rbuf)(OSSL_RECORD_LAYER *rl);
	287	unsigned char (get0_packet)(OSSL_RECORD_LAYER *rl);
	288	void (set0_packet)(OSSL_RECORD_LAYER rl, unsigned char *packet,
	289	size_t packetlen);
	290	size_t (get_packet_length)(OSSL_RECORD_LAYER rl);
	291	void (reset_packet_length)(OSSL_RECORD_LAYER rl);
79a1f3e4	292	};
e2d5742b MC	293
	294
	295	/* Standard built-in record methods */
	296	extern const OSSL_RECORD_METHOD ossl_tls_record_method;
79eebb08 MC	297	extern const OSSL_RECORD_METHOD ossl_dtls_record_method;
	298
	299	#endif /* !defined(OSSL_INTERNAL_RECORDMETHOD_H) */