]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
fecb3aae | 2 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. |
258f8721 | 3 | * |
2c18d164 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
258f8721 MC |
8 | */ |
9 | ||
51ccad3f | 10 | #include <assert.h> |
706457b7 | 11 | #include "../ssl_local.h" |
49b26f54 | 12 | #include <openssl/trace.h> |
02a36fda | 13 | #include <openssl/rand.h> |
524cb684 | 14 | #include <openssl/core_names.h> |
706457b7 | 15 | #include "record_local.h" |
67dc995e | 16 | #include "internal/cryptlib.h" |
02a36fda | 17 | |
5607b275 | 18 | void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs) |
258f8721 | 19 | { |
5607b275 | 20 | size_t i; |
94777c9c MC |
21 | |
22 | for (i = 0; i < num_recs; i++) { | |
23 | OPENSSL_free(r[i].comp); | |
24 | r[i].comp = NULL; | |
25 | } | |
258f8721 MC |
26 | } |
27 | ||
258f8721 MC |
28 | void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num) |
29 | { | |
e5bf62f7 | 30 | memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE); |
258f8721 | 31 | } |
fe589e61 | 32 | |
9dd90232 | 33 | uint32_t ossl_get_max_early_data(SSL_CONNECTION *s) |
70ef40a0 | 34 | { |
4e8548e8 | 35 | uint32_t max_early_data; |
add8d0e9 | 36 | SSL_SESSION *sess = s->session; |
70ef40a0 MC |
37 | |
38 | /* | |
7daf7156 | 39 | * If we are a client then we always use the max_early_data from the |
add8d0e9 MC |
40 | * session/psksession. Otherwise we go with the lowest out of the max early |
41 | * data set in the session and the configured max_early_data. | |
70ef40a0 | 42 | */ |
add8d0e9 MC |
43 | if (!s->server && sess->ext.max_early_data == 0) { |
44 | if (!ossl_assert(s->psksession != NULL | |
45 | && s->psksession->ext.max_early_data > 0)) { | |
c48ffbcc | 46 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
add8d0e9 MC |
47 | return 0; |
48 | } | |
49 | sess = s->psksession; | |
50 | } | |
4e8548e8 MC |
51 | |
52 | if (!s->server) | |
add8d0e9 | 53 | max_early_data = sess->ext.max_early_data; |
4e8548e8 MC |
54 | else if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED) |
55 | max_early_data = s->recv_max_early_data; | |
56 | else | |
57 | max_early_data = s->recv_max_early_data < sess->ext.max_early_data | |
58 | ? s->recv_max_early_data : sess->ext.max_early_data; | |
70ef40a0 | 59 | |
9dd90232 MC |
60 | return max_early_data; |
61 | } | |
62 | ||
63 | int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length, size_t overhead, | |
64 | int send) | |
65 | { | |
66 | uint32_t max_early_data; | |
67 | ||
68 | max_early_data = ossl_get_max_early_data(s); | |
69 | ||
70ef40a0 | 70 | if (max_early_data == 0) { |
196f2cbb | 71 | SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE, |
c48ffbcc | 72 | SSL_R_TOO_MUCH_EARLY_DATA); |
70ef40a0 MC |
73 | return 0; |
74 | } | |
75 | ||
76 | /* If we are dealing with ciphertext we need to allow for the overhead */ | |
77 | max_early_data += overhead; | |
78 | ||
7daf7156 | 79 | if (s->early_data_count + length > max_early_data) { |
196f2cbb | 80 | SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE, |
c48ffbcc | 81 | SSL_R_TOO_MUCH_EARLY_DATA); |
70ef40a0 MC |
82 | return 0; |
83 | } | |
7daf7156 | 84 | s->early_data_count += length; |
70ef40a0 MC |
85 | |
86 | return 1; | |
87 | } |