2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/bio.h>
11 #include <openssl/ssl.h>
12 #include <openssl/err.h>
13 #include "../../ssl_local.h"
14 #include "../record_local.h"
16 typedef struct dtls_bitmap_st
{
17 /* Track 64 packets */
19 /* Max record number seen so far, 64-bit value in big-endian encoding */
20 unsigned char max_seq_num
[SEQ_NUM_SIZE
];
23 typedef struct ssl_mac_buf_st
{
28 typedef struct ssl3_buffer_st
{
29 /* at least SSL3_RT_MAX_PACKET_SIZE bytes */
31 /* default buffer size (or 0 if no default set) */
35 /* where to 'copy from' */
37 /* how many bytes left */
39 /* 'buf' is from application for KTLS */
41 /* The type of data stored in this buffer. Only used for writing */
45 typedef struct ssl3_record_st
{
46 /* Record layer version */
52 /* How many bytes available */
56 * How many bytes were available before padding was removed? This is used
57 * to implement the MAC check in constant time for CBC records.
61 /* read/write offset into 'buf' */
64 /* pointer to the record data */
67 /* where the decode bytes are */
70 /* only used with decompression - malloc()ed */
73 /* epoch number, needed by DTLS1 */
76 /* sequence number, needed by DTLS1 */
78 unsigned char seq_num
[SEQ_NUM_SIZE
];
81 /* Macros/functions provided by the SSL3_RECORD component */
83 #define SSL3_RECORD_set_type(r, t) ((r)->type = (t))
84 #define SSL3_RECORD_set_rec_version(r, v) ((r)->rec_version = (v))
85 #define SSL3_RECORD_get_length(r) ((r)->length)
86 #define SSL3_RECORD_set_length(r, l) ((r)->length = (l))
87 #define SSL3_RECORD_add_length(r, l) ((r)->length += (l))
88 #define SSL3_RECORD_set_data(r, d) ((r)->data = (d))
89 #define SSL3_RECORD_set_input(r, i) ((r)->input = (i))
90 #define SSL3_RECORD_reset_input(r) ((r)->input = (r)->data)
93 /* Protocol version specific function pointers */
94 struct record_functions_st
97 * Returns either OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or
98 * OSSL_RECORD_RETURN_NON_FATAL_ERR if we can keep trying to find an
99 * alternative record layer.
101 int (*set_crypto_state
)(OSSL_RECORD_LAYER
*rl
, int level
,
102 unsigned char *key
, size_t keylen
,
103 unsigned char *iv
, size_t ivlen
,
104 unsigned char *mackey
, size_t mackeylen
,
105 const EVP_CIPHER
*ciph
,
113 * 0: if the record is publicly invalid, or an internal error, or AEAD
114 * decryption failed, or EtM decryption failed.
115 * 1: Success or MtE decryption failed (MAC will be randomised)
117 int (*cipher
)(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*recs
, size_t n_recs
,
118 int sending
, SSL_MAC_BUF
*macs
, size_t macsize
);
119 /* Returns 1 for success or 0 for error */
120 int (*mac
)(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*rec
, unsigned char *md
,
123 /* Return 1 for success or 0 for error */
124 int (*set_protocol_version
)(OSSL_RECORD_LAYER
*rl
, int version
);
126 /* Read related functions */
128 int (*read_n
)(OSSL_RECORD_LAYER
*rl
, size_t n
, size_t max
, int extend
,
129 int clearold
, size_t *readbytes
);
131 int (*get_more_records
)(OSSL_RECORD_LAYER
*rl
);
133 /* Return 1 for success or 0 for error */
134 int (*validate_record_header
)(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*rec
);
136 /* Return 1 for success or 0 for error */
137 int (*post_process_record
)(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*rec
);
139 /* Write related functions */
141 size_t (*get_max_records
)(OSSL_RECORD_LAYER
*rl
, int type
, size_t len
,
142 size_t maxfrag
, size_t *preffrag
);
144 /* Return 1 for success or 0 for error */
145 int (*write_records
)(OSSL_RECORD_LAYER
*rl
, OSSL_RECORD_TEMPLATE
*templates
,
148 /* Allocate the rl->wbuf buffers. Return 1 for success or 0 for error */
149 int (*allocate_write_buffers
)(OSSL_RECORD_LAYER
*rl
,
150 OSSL_RECORD_TEMPLATE
*templates
,
151 size_t numtempl
, size_t *prefix
);
154 * Initialise the packets in the |pkt| array using the buffers in |rl->wbuf|.
155 * Some protocol versions may use the space in |prefixtempl| to add
156 * an artificial template in front of the |templates| array and hence may
157 * initialise 1 more WPACKET than there are templates. |*wpinited|
158 * returns the number of WPACKETs in |pkt| that were successfully
159 * initialised. This must be 0 on entry and will be filled in even on error.
161 int (*initialise_write_packets
)(OSSL_RECORD_LAYER
*rl
,
162 OSSL_RECORD_TEMPLATE
*templates
,
164 OSSL_RECORD_TEMPLATE
*prefixtempl
,
169 /* Get the actual record type to be used for a given template */
170 unsigned int (*get_record_type
)(OSSL_RECORD_LAYER
*rl
,
171 OSSL_RECORD_TEMPLATE
*template);
173 /* Write the record header data to the WPACKET */
174 int (*prepare_record_header
)(OSSL_RECORD_LAYER
*rl
, WPACKET
*thispkt
,
175 OSSL_RECORD_TEMPLATE
*templ
,
176 unsigned int rectype
,
177 unsigned char **recdata
);
179 int (*add_record_padding
)(OSSL_RECORD_LAYER
*rl
,
180 OSSL_RECORD_TEMPLATE
*thistempl
,
182 SSL3_RECORD
*thiswr
);
185 * This applies any mac that might be necessary, ensures that we have enough
186 * space in the WPACKET to perform the encryption and sets up the
187 * SSL3_RECORD ready for that encryption.
189 int (*prepare_for_encryption
)(OSSL_RECORD_LAYER
*rl
,
192 SSL3_RECORD
*thiswr
);
195 * Any updates required to the record after encryption has been applied. For
196 * example, adding a MAC if using encrypt-then-mac
198 int (*post_encryption_processing
)(OSSL_RECORD_LAYER
*rl
,
200 OSSL_RECORD_TEMPLATE
*thistempl
,
202 SSL3_RECORD
*thiswr
);
205 * Some record layer implementations need to do some custom preparation of
206 * the BIO before we write to it. KTLS does this to prevent coalescing of
207 * control and data messages.
209 int (*prepare_write_bio
)(OSSL_RECORD_LAYER
*rl
, int type
);
212 struct ossl_record_layer_st
214 OSSL_LIB_CTX
*libctx
;
226 * A BIO containing any data read in the previous epoch that was destined
231 /* The transport BIO */
235 * A BIO where we will send any data read by us that is destined for the
240 /* Types match the equivalent fields in the SSL object */
244 /* write IO goes into here */
245 SSL3_BUFFER wbuf
[SSL_MAX_PIPELINES
+ 1];
247 /* Next wbuf with pending data still to write */
250 /* How many pipelines can be used to write data */
253 /* read IO goes into here */
255 /* each decoded record goes in here */
256 SSL3_RECORD rrec
[SSL_MAX_PIPELINES
];
258 /* How many records have we got available in the rrec bufer */
261 /* The record number in the rrec buffer that can be read next */
264 /* The number of records that have been released via tls_release_record */
267 /* where we are when reading */
270 /* used internally to point at a raw packet */
271 unsigned char *packet
;
272 size_t packet_length
;
274 /* Sequence number for the next record */
275 unsigned char sequence
[SEQ_NUM_SIZE
];
277 /* Alert code to be used if an error occurs */
281 * Read as many input bytes as possible (for non-blocking reads)
285 /* The number of consecutive empty records we have received */
286 size_t empty_record_count
;
289 * Do we need to send a prefix empty record before application data as a
290 * countermeasure against known-IV weakness (necessary for SSLv3 and
293 int need_empty_fragments
;
295 /* cryptographic state */
296 EVP_CIPHER_CTX
*enc_ctx
;
298 /* Explicit IV length */
301 /* used for mac generation */
304 /* compress/uncompress */
307 /* Set to 1 if this is the first handshake. 0 otherwise */
308 int is_first_handshake
;
311 * The smaller of the configured and negotiated maximum fragment length
312 * or SSL3_RT_MAX_PLAIN_LENGTH if none
314 unsigned int max_frag_len
;
316 /* The maxium amount of early data we can receive/send */
317 uint32_t max_early_data
;
319 /* The amount of early data that we have sent/received */
320 size_t early_data_count
;
322 /* TLSv1.3 record padding */
323 size_t block_padding
;
325 /* Only used by SSLv3 */
326 unsigned char mac_secret
[EVP_MAX_MD_SIZE
];
328 /* TLSv1.0/TLSv1.1/TLSv1.2 */
331 /* Flags for GOST ciphers */
337 unsigned char iv
[EVP_MAX_IV_LENGTH
];
339 unsigned char read_iv
[EVP_MAX_IV_LENGTH
];
340 int allow_plain_alerts
;
342 /* TLS "any" fields */
343 /* Set to true if this is the first record in a connection */
344 unsigned int is_first_record
;
348 /* DTLS received handshake records (processed and unprocessed) */
349 record_pqueue unprocessed_rcds
;
350 record_pqueue processed_rcds
;
352 /* records being received in the current epoch */
354 /* renegotiation starts a new set of sequence numbers */
355 DTLS_BITMAP next_bitmap
;
358 * Whether we are currently in a hanshake or not. Only maintained for DTLS
364 OSSL_FUNC_rlayer_skip_early_data_fn
*skip_early_data
;
365 OSSL_FUNC_rlayer_msg_callback_fn
*msg_callback
;
366 OSSL_FUNC_rlayer_security_fn
*security
;
367 OSSL_FUNC_rlayer_padding_fn
*padding
;
369 size_t max_pipelines
;
371 /* Function pointers for version specific functions */
372 struct record_functions_st
*funcs
;
375 typedef struct dtls_rlayer_record_data_st
{
376 unsigned char *packet
;
377 size_t packet_length
;
380 } DTLS_RLAYER_RECORD_DATA
;
382 extern struct record_functions_st ssl_3_0_funcs
;
383 extern struct record_functions_st tls_1_funcs
;
384 extern struct record_functions_st tls_1_3_funcs
;
385 extern struct record_functions_st tls_any_funcs
;
386 extern struct record_functions_st dtls_1_funcs
;
387 extern struct record_functions_st dtls_any_funcs
;
389 void ossl_rlayer_fatal(OSSL_RECORD_LAYER
*rl
, int al
, int reason
,
390 const char *fmt
, ...);
392 #define RLAYERfatal(rl, al, r) RLAYERfatal_data((rl), (al), (r), NULL)
393 #define RLAYERfatal_data \
395 ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
398 #define RLAYER_USE_EXPLICIT_IV(rl) ((rl)->version == TLS1_1_VERSION \
399 || (rl)->version == TLS1_2_VERSION \
402 void SSL3_RECORD_set_seq_num(SSL3_RECORD
*r
, const unsigned char *seq_num
);
404 int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER
*rl
,
406 const EVP_CIPHER
*ciph
,
410 int ssl3_cbc_remove_padding_and_mac(size_t *reclen
,
412 unsigned char *recdata
,
415 size_t block_size
, size_t mac_size
,
416 OSSL_LIB_CTX
*libctx
);
418 int tls1_cbc_remove_padding_and_mac(size_t *reclen
,
420 unsigned char *recdata
,
423 size_t block_size
, size_t mac_size
,
425 OSSL_LIB_CTX
*libctx
);
428 __owur
char ssl3_cbc_record_digest_supported(const EVP_MD_CTX
*ctx
);
429 __owur
int ssl3_cbc_digest_record(const EVP_MD
*md
,
430 unsigned char *md_out
,
432 const unsigned char *header
,
433 const unsigned char *data
,
435 size_t data_plus_mac_plus_padding_size
,
436 const unsigned char *mac_secret
,
437 size_t mac_secret_length
, char is_sslv3
);
439 int tls_increment_sequence_ctr(OSSL_RECORD_LAYER
*rl
);
440 int tls_alloc_buffers(OSSL_RECORD_LAYER
*rl
);
441 int tls_free_buffers(OSSL_RECORD_LAYER
*rl
);
443 int tls_default_read_n(OSSL_RECORD_LAYER
*rl
, size_t n
, size_t max
, int extend
,
444 int clearold
, size_t *readbytes
);
445 int tls_get_more_records(OSSL_RECORD_LAYER
*rl
);
446 int dtls_get_more_records(OSSL_RECORD_LAYER
*rl
);
448 int dtls_prepare_record_header(OSSL_RECORD_LAYER
*rl
,
450 OSSL_RECORD_TEMPLATE
*templ
,
451 unsigned int rectype
,
452 unsigned char **recdata
);
453 int dtls_post_encryption_processing(OSSL_RECORD_LAYER
*rl
,
455 OSSL_RECORD_TEMPLATE
*thistempl
,
457 SSL3_RECORD
*thiswr
);
459 int tls_default_set_protocol_version(OSSL_RECORD_LAYER
*rl
, int version
);
460 int tls_default_validate_record_header(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*re
);
461 int tls_do_compress(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*wr
);
462 int tls_do_uncompress(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*rec
);
463 int tls_default_post_process_record(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*rec
);
464 int tls13_common_post_process_record(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*rec
);
467 tls_int_new_record_layer(OSSL_LIB_CTX
*libctx
, const char *propq
, int vers
,
468 int role
, int direction
, int level
, unsigned char *key
,
469 size_t keylen
, unsigned char *iv
, size_t ivlen
,
470 unsigned char *mackey
, size_t mackeylen
,
471 const EVP_CIPHER
*ciph
, size_t taglen
,
473 const EVP_MD
*md
, COMP_METHOD
*comp
, BIO
*prev
,
474 BIO
*transport
, BIO
*next
,
475 BIO_ADDR
*local
, BIO_ADDR
*peer
,
476 const OSSL_PARAM
*settings
, const OSSL_PARAM
*options
,
477 const OSSL_DISPATCH
*fns
, void *cbarg
,
478 OSSL_RECORD_LAYER
**retrl
);
479 int tls_free(OSSL_RECORD_LAYER
*rl
);
480 int tls_reset(OSSL_RECORD_LAYER
*rl
);
481 int tls_unprocessed_read_pending(OSSL_RECORD_LAYER
*rl
);
482 int tls_processed_read_pending(OSSL_RECORD_LAYER
*rl
);
483 size_t tls_app_data_pending(OSSL_RECORD_LAYER
*rl
);
484 size_t tls_get_max_records(OSSL_RECORD_LAYER
*rl
, int type
, size_t len
,
485 size_t maxfrag
, size_t *preffrag
);
486 int tls_write_records(OSSL_RECORD_LAYER
*rl
, OSSL_RECORD_TEMPLATE
*templates
,
488 int tls_retry_write_records(OSSL_RECORD_LAYER
*rl
);
489 int tls_get_alert_code(OSSL_RECORD_LAYER
*rl
);
490 int tls_set1_bio(OSSL_RECORD_LAYER
*rl
, BIO
*bio
);
491 int tls_read_record(OSSL_RECORD_LAYER
*rl
, void **rechandle
, int *rversion
,
492 int *type
, unsigned char **data
, size_t *datalen
,
493 uint16_t *epoch
, unsigned char *seq_num
);
494 int tls_release_record(OSSL_RECORD_LAYER
*rl
, void *rechandle
);
495 int tls_default_set_protocol_version(OSSL_RECORD_LAYER
*rl
, int version
);
496 int tls_set_protocol_version(OSSL_RECORD_LAYER
*rl
, int version
);
497 void tls_set_plain_alerts(OSSL_RECORD_LAYER
*rl
, int allow
);
498 void tls_set_first_handshake(OSSL_RECORD_LAYER
*rl
, int first
);
499 void tls_set_max_pipelines(OSSL_RECORD_LAYER
*rl
, size_t max_pipelines
);
500 void tls_get_state(OSSL_RECORD_LAYER
*rl
, const char **shortstr
,
501 const char **longstr
);
502 int tls_set_options(OSSL_RECORD_LAYER
*rl
, const OSSL_PARAM
*options
);
503 const COMP_METHOD
*tls_get_compression(OSSL_RECORD_LAYER
*rl
);
504 void tls_set_max_frag_len(OSSL_RECORD_LAYER
*rl
, size_t max_frag_len
);
505 int tls_setup_read_buffer(OSSL_RECORD_LAYER
*rl
);
506 int tls_setup_write_buffer(OSSL_RECORD_LAYER
*rl
, size_t numwpipes
,
507 size_t firstlen
, size_t nextlen
);
509 int tls_write_records_multiblock(OSSL_RECORD_LAYER
*rl
,
510 OSSL_RECORD_TEMPLATE
*templates
,
513 size_t tls_get_max_records_default(OSSL_RECORD_LAYER
*rl
, int type
, size_t len
,
514 size_t maxfrag
, size_t *preffrag
);
515 size_t tls_get_max_records_multiblock(OSSL_RECORD_LAYER
*rl
, int type
,
516 size_t len
, size_t maxfrag
,
518 int tls_allocate_write_buffers_default(OSSL_RECORD_LAYER
*rl
,
519 OSSL_RECORD_TEMPLATE
*templates
,
520 size_t numtempl
, size_t *prefix
);
521 int tls_initialise_write_packets_default(OSSL_RECORD_LAYER
*rl
,
522 OSSL_RECORD_TEMPLATE
*templates
,
524 OSSL_RECORD_TEMPLATE
*prefixtempl
,
528 int tls1_allocate_write_buffers(OSSL_RECORD_LAYER
*rl
,
529 OSSL_RECORD_TEMPLATE
*templates
,
530 size_t numtempl
, size_t *prefix
);
531 int tls1_initialise_write_packets(OSSL_RECORD_LAYER
*rl
,
532 OSSL_RECORD_TEMPLATE
*templates
,
534 OSSL_RECORD_TEMPLATE
*prefixtempl
,
538 int tls_prepare_record_header_default(OSSL_RECORD_LAYER
*rl
,
540 OSSL_RECORD_TEMPLATE
*templ
,
541 unsigned int rectype
,
542 unsigned char **recdata
);
543 int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER
*rl
,
546 SSL3_RECORD
*thiswr
);
547 int tls_post_encryption_processing_default(OSSL_RECORD_LAYER
*rl
,
549 OSSL_RECORD_TEMPLATE
*thistempl
,
551 SSL3_RECORD
*thiswr
);
552 int tls_write_records_default(OSSL_RECORD_LAYER
*rl
,
553 OSSL_RECORD_TEMPLATE
*templates
,
556 /* Macros/functions provided by the SSL3_BUFFER component */
558 #define SSL3_BUFFER_get_buf(b) ((b)->buf)
559 #define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n))
560 #define SSL3_BUFFER_get_len(b) ((b)->len)
561 #define SSL3_BUFFER_get_left(b) ((b)->left)
562 #define SSL3_BUFFER_set_left(b, l) ((b)->left = (l))
563 #define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l))
564 #define SSL3_BUFFER_get_offset(b) ((b)->offset)
565 #define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o))
566 #define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o))
567 #define SSL3_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l))
568 #define SSL3_BUFFER_is_app_buffer(b) ((b)->app_buffer)
570 void SSL3_BUFFER_release(SSL3_BUFFER
*b
);