[thirdparty/openssl.git] / ssl / record / ssl3_record.c

/*
 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <assert.h>
#include "../ssl_local.h"
#include <openssl/trace.h>
#include <openssl/rand.h>
#include <openssl/core_names.h>
#include "record_local.h"
#include "internal/cryptlib.h"

void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs)
{
    size_t i;

    for (i = 0; i < num_recs; i++) {
        OPENSSL_free(r[i].comp);
        r[i].comp = NULL;
    }
}

void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
{
    memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE);
}

uint32_t ossl_get_max_early_data(SSL_CONNECTION *s)
{
    uint32_t max_early_data;
    SSL_SESSION *sess = s->session;

    /*
     * If we are a client then we always use the max_early_data from the
     * session/psksession. Otherwise we go with the lowest out of the max early
     * data set in the session and the configured max_early_data.
     */
    if (!s->server && sess->ext.max_early_data == 0) {
        if (!ossl_assert(s->psksession != NULL
                         && s->psksession->ext.max_early_data > 0)) {
            SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
            return 0;
        }
        sess = s->psksession;
    }

    if (!s->server)
        max_early_data = sess->ext.max_early_data;
    else if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
        max_early_data = s->recv_max_early_data;
    else
        max_early_data = s->recv_max_early_data < sess->ext.max_early_data
                         ? s->recv_max_early_data : sess->ext.max_early_data;

    return max_early_data;
}

int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length, size_t overhead,
                             int send)
{
    uint32_t max_early_data;

    max_early_data = ossl_get_max_early_data(s);

    if (max_early_data == 0) {
        SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
                 SSL_R_TOO_MUCH_EARLY_DATA);
        return 0;
    }

    /* If we are dealing with ciphertext we need to allow for the overhead */
    max_early_data += overhead;

    if (s->early_data_count + length > max_early_data) {
        SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
                 SSL_R_TOO_MUCH_EARLY_DATA);
        return 0;
    }
    s->early_data_count += length;

    return 1;
}
Commit	Line	Data
846e33c7	1	/*
fecb3aae	2	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
258f8721	3	*
2c18d164	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
846e33c7 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
258f8721 MC	8	*/
258f8721 MC	9
51ccad3f	10	#include <assert.h>
706457b7	11	#include "../ssl_local.h"
49b26f54	12	#include <openssl/trace.h>
02a36fda	13	#include <openssl/rand.h>
524cb684	14	#include <openssl/core_names.h>
706457b7	15	#include "record_local.h"
67dc995e	16	#include "internal/cryptlib.h"
02a36fda	17
5607b275	18	void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs)
258f8721	19	{
5607b275	20	size_t i;
94777c9c MC	21
	22	for (i = 0; i < num_recs; i++) {
	23	OPENSSL_free(r[i].comp);
	24	r[i].comp = NULL;
	25	}
258f8721 MC	26	}
258f8721 MC	27
258f8721 MC	28	void SSL3_RECORD_set_seq_num(SSL3_RECORD r, const unsigned char seq_num)
258f8721 MC	29	{
e5bf62f7	30	memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE);
258f8721	31	}
fe589e61	32
9dd90232	33	uint32_t ossl_get_max_early_data(SSL_CONNECTION *s)
70ef40a0	34	{
4e8548e8	35	uint32_t max_early_data;
add8d0e9	36	SSL_SESSION *sess = s->session;
70ef40a0 MC	37
70ef40a0 MC	38	/*
7daf7156	39	* If we are a client then we always use the max_early_data from the
add8d0e9 MC	40	* session/psksession. Otherwise we go with the lowest out of the max early
add8d0e9 MC	41	* data set in the session and the configured max_early_data.
70ef40a0	42	*/
add8d0e9 MC	43	if (!s->server && sess->ext.max_early_data == 0) {
	44	if (!ossl_assert(s->psksession != NULL
	45	&& s->psksession->ext.max_early_data > 0)) {
c48ffbcc	46	SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
add8d0e9 MC	47	return 0;
	48	}
	49	sess = s->psksession;
	50	}
4e8548e8 MC	51
4e8548e8 MC	52	if (!s->server)
add8d0e9	53	max_early_data = sess->ext.max_early_data;
4e8548e8 MC	54	else if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
	55	max_early_data = s->recv_max_early_data;
	56	else
	57	max_early_data = s->recv_max_early_data < sess->ext.max_early_data
	58	? s->recv_max_early_data : sess->ext.max_early_data;
70ef40a0	59
9dd90232 MC	60	return max_early_data;
	61	}
	62
	63	int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length, size_t overhead,
	64	int send)
	65	{
	66	uint32_t max_early_data;
	67
	68	max_early_data = ossl_get_max_early_data(s);
	69
70ef40a0	70	if (max_early_data == 0) {
196f2cbb	71	SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
c48ffbcc	72	SSL_R_TOO_MUCH_EARLY_DATA);
70ef40a0 MC	73	return 0;
	74	}
	75
	76	/* If we are dealing with ciphertext we need to allow for the overhead */
	77	max_early_data += overhead;
	78
7daf7156	79	if (s->early_data_count + length > max_early_data) {
196f2cbb	80	SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
c48ffbcc	81	SSL_R_TOO_MUCH_EARLY_DATA);
70ef40a0 MC	82	return 0;
70ef40a0 MC	83	}
7daf7156	84	s->early_data_count += length;
70ef40a0 MC	85
	86	return 1;
	87	}