2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/bio.h>
12 #include <openssl/ssl.h>
13 #include <openssl/err.h>
14 #include <openssl/core_names.h>
15 #include "internal/e_os.h"
16 #include "internal/packet.h"
17 #include "../../ssl_local.h"
18 #include "../record_local.h"
19 #include "recmethod_local.h"
21 static void tls_int_free(OSSL_RECORD_LAYER
*rl
);
23 void ossl_rlayer_fatal(OSSL_RECORD_LAYER
*rl
, int al
, int reason
,
29 ERR_vset_error(ERR_LIB_SSL
, reason
, fmt
, args
);
35 int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER
*rl
,
37 const EVP_CIPHER
*ciph
,
41 * Provided cipher, the TLS padding/MAC removal is performed provider
42 * side so we need to tell the ctx about our TLS version and mac size
44 OSSL_PARAM params
[3], *pprm
= params
;
48 if ((EVP_CIPHER_get_flags(ciph
) & EVP_CIPH_FLAG_AEAD_CIPHER
) == 0
50 imacsize
= EVP_MD_get_size(md
);
52 macsize
= (size_t)imacsize
;
54 *pprm
++ = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION
,
56 *pprm
++ = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE
,
58 *pprm
= OSSL_PARAM_construct_end();
60 if (!EVP_CIPHER_CTX_set_params(ctx
, params
)) {
61 ERR_raise(ERR_LIB_SSL
, ERR_R_INTERNAL_ERROR
);
69 * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
70 * which ssl3_cbc_digest_record supports.
72 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX
*ctx
)
74 switch (EVP_MD_CTX_get_type(ctx
)) {
87 #ifndef OPENSSL_NO_COMP
88 static int tls_allow_compression(OSSL_RECORD_LAYER
*rl
)
90 if (rl
->options
& SSL_OP_NO_COMPRESSION
)
93 return rl
->security
== NULL
94 || rl
->security(rl
->cbarg
, SSL_SECOP_COMPRESSION
, 0, 0, NULL
);
98 static void tls_release_write_buffer_int(OSSL_RECORD_LAYER
*rl
, size_t start
)
103 pipes
= rl
->numwpipes
;
105 while (pipes
> start
) {
106 wb
= &rl
->wbuf
[pipes
- 1];
108 if (SSL3_BUFFER_is_app_buffer(wb
))
109 SSL3_BUFFER_set_app_buffer(wb
, 0);
111 OPENSSL_free(wb
->buf
);
117 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
118 # ifndef OPENSSL_NO_COMP
119 # define MAX_PREFIX_LEN ((SSL3_ALIGN_PAYLOAD - 1) \
120 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
121 + SSL3_RT_HEADER_LENGTH \
122 + SSL3_RT_MAX_COMPRESSED_OVERHEAD)
124 # define MAX_PREFIX_LEN ((SSL3_ALIGN_PAYLOAD - 1) \
125 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
126 + SSL3_RT_HEADER_LENGTH)
127 # endif /* OPENSSL_NO_COMP */
129 # ifndef OPENSSL_NO_COMP
130 # define MAX_PREFIX_LEN (SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
131 + SSL3_RT_HEADER_LENGTH \
132 + SSL3_RT_MAX_COMPRESSED_OVERHEAD)
134 # define MAX_PREFIX_LEN (SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
135 + SSL3_RT_HEADER_LENGTH)
136 # endif /* OPENSSL_NO_COMP */
139 int tls_setup_write_buffer(OSSL_RECORD_LAYER
*rl
, size_t numwpipes
,
140 size_t firstlen
, size_t nextlen
)
143 size_t align
= 0, headerlen
;
146 SSL_CONNECTION
*s
= (SSL_CONNECTION
*)rl
->cbarg
;
149 if (firstlen
== 0 || (numwpipes
> 1 && nextlen
== 0)) {
151 headerlen
= DTLS1_RT_HEADER_LENGTH
+ 1;
153 headerlen
= SSL3_RT_HEADER_LENGTH
;
155 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
156 align
= SSL3_ALIGN_PAYLOAD
- 1;
159 defltlen
= ssl_get_max_send_fragment(s
)
160 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
+ headerlen
+ align
;
161 #ifndef OPENSSL_NO_COMP
162 if (tls_allow_compression(rl
))
163 defltlen
+= SSL3_RT_MAX_COMPRESSED_OVERHEAD
;
165 if (!(rl
->options
& SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
))
166 defltlen
+= headerlen
+ align
+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
;
170 for (currpipe
= 0; currpipe
< numwpipes
; currpipe
++) {
171 SSL3_BUFFER
*thiswb
= &wb
[currpipe
];
172 size_t len
= (currpipe
== 0) ? firstlen
: nextlen
;
177 if (thiswb
->len
!= len
) {
178 OPENSSL_free(thiswb
->buf
);
179 thiswb
->buf
= NULL
; /* force reallocation */
182 if (thiswb
->buf
== NULL
) {
183 if (s
->wbio
== NULL
|| !BIO_get_ktls_send(s
->wbio
)) {
184 p
= OPENSSL_malloc(len
);
186 if (rl
->numwpipes
< currpipe
)
187 rl
->numwpipes
= currpipe
;
189 * We've got a malloc failure, and we're still initialising
190 * buffers. We assume we're so doomed that we won't even be able
193 RLAYERfatal(rl
, SSL_AD_NO_ALERT
, ERR_R_CRYPTO_LIB
);
199 memset(thiswb
, 0, sizeof(SSL3_BUFFER
));
205 /* Free any previously allocated buffers that we are no longer using */
206 tls_release_write_buffer_int(rl
, currpipe
);
208 rl
->numwpipes
= numwpipes
;
213 static void tls_release_write_buffer(OSSL_RECORD_LAYER
*rl
)
215 tls_release_write_buffer_int(rl
, 0);
220 int tls_setup_read_buffer(OSSL_RECORD_LAYER
*rl
)
223 size_t len
, align
= 0, headerlen
;
229 headerlen
= DTLS1_RT_HEADER_LENGTH
;
231 headerlen
= SSL3_RT_HEADER_LENGTH
;
233 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
234 align
= (-SSL3_RT_HEADER_LENGTH
) & (SSL3_ALIGN_PAYLOAD
- 1);
237 if (b
->buf
== NULL
) {
238 len
= SSL3_RT_MAX_PLAIN_LENGTH
239 + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
+ headerlen
+ align
;
240 #ifndef OPENSSL_NO_COMP
241 if (tls_allow_compression(rl
))
242 len
+= SSL3_RT_MAX_COMPRESSED_OVERHEAD
;
244 if (b
->default_len
> len
)
245 len
= b
->default_len
;
246 if ((p
= OPENSSL_malloc(len
)) == NULL
) {
248 * We've got a malloc failure, and we're still initialising buffers.
249 * We assume we're so doomed that we won't even be able to send an
252 RLAYERfatal(rl
, SSL_AD_NO_ALERT
, ERR_R_CRYPTO_LIB
);
262 static int tls_release_read_buffer(OSSL_RECORD_LAYER
*rl
)
267 if ((rl
->options
& SSL_OP_CLEANSE_PLAINTEXT
) != 0)
268 OPENSSL_cleanse(b
->buf
, b
->len
);
269 OPENSSL_free(b
->buf
);
275 * Return values are as per SSL_read()
277 int tls_default_read_n(OSSL_RECORD_LAYER
*rl
, size_t n
, size_t max
, int extend
,
278 int clearold
, size_t *readbytes
)
281 * If extend == 0, obtain new n-byte packet; if extend == 1, increase
282 * packet by another n bytes. The packet will be in the sub-array of
283 * rl->rbuf.buf specified by rl->packet and rl->packet_length. (If
284 * rl->read_ahead is set, 'max' bytes may be stored in rbuf [plus
285 * rl->packet_length bytes if extend == 1].) if clearold == 1, move the
286 * packet to the start of the buffer; if clearold == 0 then leave any old
287 * packets where they were
289 size_t len
, left
, align
= 0;
294 return OSSL_RECORD_RETURN_NON_FATAL_ERR
;
298 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
299 align
= (size_t)rb
->buf
+ SSL3_RT_HEADER_LENGTH
;
300 align
= SSL3_ALIGN_PAYLOAD
- 1 - ((align
- 1) % SSL3_ALIGN_PAYLOAD
);
304 /* start with empty packet ... */
307 } else if (align
!= 0 && left
>= SSL3_RT_HEADER_LENGTH
) {
309 * check if next packet length is large enough to justify payload
312 pkt
= rb
->buf
+ rb
->offset
;
313 if (pkt
[0] == SSL3_RT_APPLICATION_DATA
314 && (pkt
[3] << 8 | pkt
[4]) >= 128) {
316 * Note that even if packet is corrupted and its length field
317 * is insane, we can only be led to wrong decision about
318 * whether memmove will occur or not. Header values has no
319 * effect on memmove arguments and therefore no buffer
320 * overrun can be triggered.
322 memmove(rb
->buf
+ align
, pkt
, left
);
326 rl
->packet
= rb
->buf
+ rb
->offset
;
327 rl
->packet_length
= 0;
328 /* ... now we can act as if 'extend' was set */
331 len
= rl
->packet_length
;
332 pkt
= rb
->buf
+ align
;
334 * Move any available bytes to front of buffer: 'len' bytes already
335 * pointed to by 'packet', 'left' extra ones at the end
337 if (rl
->packet
!= pkt
&& clearold
== 1) {
338 memmove(pkt
, rl
->packet
, len
+ left
);
340 rb
->offset
= len
+ align
;
344 * For DTLS/UDP reads should not span multiple packets because the read
345 * operation returns the whole packet at once (as long as it fits into
349 if (left
== 0 && extend
)
351 if (left
> 0 && n
> left
)
355 /* if there is enough in the buffer from a previous read, take some */
357 rl
->packet_length
+= n
;
361 return OSSL_RECORD_RETURN_SUCCESS
;
364 /* else we need to read more data */
366 if (n
> rb
->len
- rb
->offset
) {
367 /* does not happen */
368 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
369 return OSSL_RECORD_RETURN_FATAL
;
372 /* We always act like read_ahead is set for DTLS */
373 if (!rl
->read_ahead
&& !rl
->isdtls
) {
374 /* ignore max parameter */
379 if (max
> rb
->len
- rb
->offset
)
380 max
= rb
->len
- rb
->offset
;
386 BIO
*bio
= rl
->prev
!= NULL
? rl
->prev
: rl
->bio
;
389 * Now we have len+left bytes at the front of rl->rbuf.buf and
390 * need to read in more until we have len + n (up to len + max if
396 ret
= BIO_read(bio
, pkt
+ len
+ left
, max
- left
);
399 ret
= OSSL_RECORD_RETURN_SUCCESS
;
400 } else if (BIO_should_retry(bio
)) {
401 if (rl
->prev
!= NULL
) {
403 * We were reading from the previous epoch. Now there is no
404 * more data, so swap to the actual transport BIO
410 ret
= OSSL_RECORD_RETURN_RETRY
;
411 } else if (BIO_eof(bio
)) {
412 ret
= OSSL_RECORD_RETURN_EOF
;
414 ret
= OSSL_RECORD_RETURN_FATAL
;
417 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, SSL_R_READ_BIO_NOT_SET
);
418 ret
= OSSL_RECORD_RETURN_FATAL
;
421 if (ret
<= OSSL_RECORD_RETURN_RETRY
) {
423 if ((rl
->mode
& SSL_MODE_RELEASE_BUFFERS
) != 0 && !rl
->isdtls
)
425 tls_release_read_buffer(rl
);
430 * reads should *never* span multiple packets for DTLS because the
431 * underlying transport protocol is message oriented as opposed to
432 * byte oriented as in the TLS case.
436 n
= left
; /* makes the while condition false */
440 /* done reading, now the book-keeping */
443 rl
->packet_length
+= n
;
445 return OSSL_RECORD_RETURN_SUCCESS
;
449 * Peeks ahead into "read_ahead" data to see if we have a whole record waiting
450 * for us in the buffer.
452 static int tls_record_app_data_waiting(OSSL_RECORD_LAYER
*rl
)
460 p
= SSL3_BUFFER_get_buf(rbuf
);
464 left
= SSL3_BUFFER_get_left(rbuf
);
466 if (left
< SSL3_RT_HEADER_LENGTH
)
469 p
+= SSL3_BUFFER_get_offset(rbuf
);
472 * We only check the type and record length, we will sanity check version
475 if (*p
!= SSL3_RT_APPLICATION_DATA
)
481 if (left
< SSL3_RT_HEADER_LENGTH
+ len
)
487 static int rlayer_early_data_count_ok(OSSL_RECORD_LAYER
*rl
, size_t length
,
488 size_t overhead
, int send
)
490 uint32_t max_early_data
= rl
->max_early_data
;
492 if (max_early_data
== 0) {
493 RLAYERfatal(rl
, send
? SSL_AD_INTERNAL_ERROR
: SSL_AD_UNEXPECTED_MESSAGE
,
494 SSL_R_TOO_MUCH_EARLY_DATA
);
498 /* If we are dealing with ciphertext we need to allow for the overhead */
499 max_early_data
+= overhead
;
501 if (rl
->early_data_count
+ length
> max_early_data
) {
502 RLAYERfatal(rl
, send
? SSL_AD_INTERNAL_ERROR
: SSL_AD_UNEXPECTED_MESSAGE
,
503 SSL_R_TOO_MUCH_EARLY_DATA
);
506 rl
->early_data_count
+= length
;
512 * MAX_EMPTY_RECORDS defines the number of consecutive, empty records that
513 * will be processed per call to tls_get_more_records. Without this limit an
514 * attacker could send empty records at a faster rate than we can process and
515 * cause tls_get_more_records to loop forever.
517 #define MAX_EMPTY_RECORDS 32
519 #define SSL2_RT_HEADER_LENGTH 2
522 * Call this to buffer new input records in rl->rrec.
523 * It will return a OSSL_RECORD_RETURN_* value.
524 * When it finishes successfully (OSSL_RECORD_RETURN_SUCCESS), |rl->num_recs|
525 * records have been decoded. For each record 'i':
526 * rrec[i].type - is the type of record
527 * rrec[i].data, - data
528 * rrec[i].length, - number of bytes
529 * Multiple records will only be returned if the record types are all
530 * SSL3_RT_APPLICATION_DATA. The number of records returned will always be <=
533 int tls_get_more_records(OSSL_RECORD_LAYER
*rl
)
538 SSL3_RECORD
*rr
, *thisrr
;
541 unsigned char md
[EVP_MAX_MD_SIZE
];
542 unsigned int version
;
545 size_t num_recs
= 0, max_recs
, j
;
546 PACKET pkt
, sslv2pkt
;
547 SSL_MAC_BUF
*macbufs
= NULL
;
548 int ret
= OSSL_RECORD_RETURN_FATAL
;
552 if (rbuf
->buf
== NULL
) {
553 if (!tls_setup_read_buffer(rl
)) {
554 /* RLAYERfatal() already called */
555 return OSSL_RECORD_RETURN_FATAL
;
559 max_recs
= rl
->max_pipelines
;
565 thisrr
= &rr
[num_recs
];
567 /* check if we have the header */
568 if ((rl
->rstate
!= SSL_ST_READ_BODY
) ||
569 (rl
->packet_length
< SSL3_RT_HEADER_LENGTH
)) {
573 rret
= rl
->funcs
->read_n(rl
, SSL3_RT_HEADER_LENGTH
,
574 SSL3_BUFFER_get_len(rbuf
), 0,
575 num_recs
== 0 ? 1 : 0, &n
);
577 if (rret
< OSSL_RECORD_RETURN_SUCCESS
)
578 return rret
; /* error or non-blocking */
580 rl
->rstate
= SSL_ST_READ_BODY
;
583 if (!PACKET_buf_init(&pkt
, p
, rl
->packet_length
)) {
584 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
585 return OSSL_RECORD_RETURN_FATAL
;
588 if (!PACKET_get_net_2_len(&sslv2pkt
, &sslv2len
)
589 || !PACKET_get_1(&sslv2pkt
, &type
)) {
590 RLAYERfatal(rl
, SSL_AD_DECODE_ERROR
, ERR_R_INTERNAL_ERROR
);
591 return OSSL_RECORD_RETURN_FATAL
;
594 * The first record received by the server may be a V2ClientHello.
596 if (rl
->role
== OSSL_RECORD_ROLE_SERVER
597 && rl
->is_first_record
598 && (sslv2len
& 0x8000) != 0
599 && (type
== SSL2_MT_CLIENT_HELLO
)) {
603 * |num_recs| here will actually always be 0 because
604 * |num_recs > 0| only ever occurs when we are processing
605 * multiple app data records - which we know isn't the case here
606 * because it is an SSLv2ClientHello. We keep it using
607 * |num_recs| for the sake of consistency
609 thisrr
->type
= SSL3_RT_HANDSHAKE
;
610 thisrr
->rec_version
= SSL2_VERSION
;
612 thisrr
->length
= sslv2len
& 0x7fff;
614 if (thisrr
->length
> SSL3_BUFFER_get_len(rbuf
)
615 - SSL2_RT_HEADER_LENGTH
) {
616 RLAYERfatal(rl
, SSL_AD_RECORD_OVERFLOW
,
617 SSL_R_PACKET_LENGTH_TOO_LONG
);
618 return OSSL_RECORD_RETURN_FATAL
;
621 /* SSLv3+ style record */
623 /* Pull apart the header into the SSL3_RECORD */
624 if (!PACKET_get_1(&pkt
, &type
)
625 || !PACKET_get_net_2(&pkt
, &version
)
626 || !PACKET_get_net_2_len(&pkt
, &thisrr
->length
)) {
627 if (rl
->msg_callback
!= NULL
)
628 rl
->msg_callback(0, 0, SSL3_RT_HEADER
, p
, 5, rl
->cbarg
);
629 RLAYERfatal(rl
, SSL_AD_DECODE_ERROR
, ERR_R_INTERNAL_ERROR
);
630 return OSSL_RECORD_RETURN_FATAL
;
633 thisrr
->rec_version
= version
;
636 * When we call validate_record_header() only records actually
637 * received in SSLv2 format should have the record version set
638 * to SSL2_VERSION. This way validate_record_header() can know
639 * what format the record was in based on the version.
641 if (thisrr
->rec_version
== SSL2_VERSION
) {
642 RLAYERfatal(rl
, SSL_AD_PROTOCOL_VERSION
,
643 SSL_R_WRONG_VERSION_NUMBER
);
644 return OSSL_RECORD_RETURN_FATAL
;
647 if (rl
->msg_callback
!= NULL
)
648 rl
->msg_callback(0, version
, SSL3_RT_HEADER
, p
, 5, rl
->cbarg
);
651 SSL3_BUFFER_get_len(rbuf
) - SSL3_RT_HEADER_LENGTH
) {
652 RLAYERfatal(rl
, SSL_AD_RECORD_OVERFLOW
,
653 SSL_R_PACKET_LENGTH_TOO_LONG
);
654 return OSSL_RECORD_RETURN_FATAL
;
658 if (!rl
->funcs
->validate_record_header(rl
, thisrr
)) {
659 /* RLAYERfatal already called */
660 return OSSL_RECORD_RETURN_FATAL
;
663 /* now rl->rstate == SSL_ST_READ_BODY */
667 * rl->rstate == SSL_ST_READ_BODY, get and decode the data. Calculate
668 * how much more data we need to read for the rest of the record
670 if (thisrr
->rec_version
== SSL2_VERSION
) {
671 more
= thisrr
->length
+ SSL2_RT_HEADER_LENGTH
672 - SSL3_RT_HEADER_LENGTH
;
674 more
= thisrr
->length
;
678 /* now rl->packet_length == SSL3_RT_HEADER_LENGTH */
680 rret
= rl
->funcs
->read_n(rl
, more
, more
, 1, 0, &n
);
681 if (rret
< OSSL_RECORD_RETURN_SUCCESS
)
682 return rret
; /* error or non-blocking io */
685 /* set state for later operations */
686 rl
->rstate
= SSL_ST_READ_HEADER
;
689 * At this point, rl->packet_length == SSL3_RT_HEADER_LENGTH
690 * + thisrr->length, or rl->packet_length == SSL2_RT_HEADER_LENGTH
691 * + thisrr->length and we have that many bytes in rl->packet
693 if (thisrr
->rec_version
== SSL2_VERSION
)
694 thisrr
->input
= &(rl
->packet
[SSL2_RT_HEADER_LENGTH
]);
696 thisrr
->input
= &(rl
->packet
[SSL3_RT_HEADER_LENGTH
]);
699 * ok, we can now read from 'rl->packet' data into 'thisrr'.
700 * thisrr->input points at thisrr->length bytes, which need to be copied
701 * into thisrr->data by either the decryption or by the decompression.
702 * When the data is 'copied' into the thisrr->data buffer,
703 * thisrr->input will be updated to point at the new buffer
707 * We now have - encrypted [ MAC [ compressed [ plain ] ] ]
708 * thisrr->length bytes of encrypted compressed stuff.
711 /* decrypt in place in 'thisrr->input' */
712 thisrr
->data
= thisrr
->input
;
713 thisrr
->orig_len
= thisrr
->length
;
717 /* we have pulled in a full packet so zero things */
718 rl
->packet_length
= 0;
719 rl
->is_first_record
= 0;
720 } while (num_recs
< max_recs
721 && thisrr
->type
== SSL3_RT_APPLICATION_DATA
722 && RLAYER_USE_EXPLICIT_IV(rl
)
723 && rl
->enc_ctx
!= NULL
724 && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(rl
->enc_ctx
))
725 & EVP_CIPH_FLAG_PIPELINE
) != 0
726 && tls_record_app_data_waiting(rl
));
729 && thisrr
->type
== SSL3_RT_CHANGE_CIPHER_SPEC
730 /* The following can happen in tlsany_meth after HRR */
731 && rl
->version
== TLS1_3_VERSION
732 && rl
->is_first_handshake
) {
734 * CCS messages must be exactly 1 byte long, containing the value 0x01
736 if (thisrr
->length
!= 1 || thisrr
->data
[0] != 0x01) {
737 RLAYERfatal(rl
, SSL_AD_ILLEGAL_PARAMETER
,
738 SSL_R_INVALID_CCS_MESSAGE
);
739 return OSSL_RECORD_RETURN_FATAL
;
742 * CCS messages are ignored in TLSv1.3. We treat it like an empty
745 thisrr
->type
= SSL3_RT_HANDSHAKE
;
746 if (++(rl
->empty_record_count
) > MAX_EMPTY_RECORDS
) {
747 RLAYERfatal(rl
, SSL_AD_UNEXPECTED_MESSAGE
,
748 SSL_R_UNEXPECTED_CCS_MESSAGE
);
749 return OSSL_RECORD_RETURN_FATAL
;
753 rl
->num_released
= 0;
755 return OSSL_RECORD_RETURN_SUCCESS
;
758 if (rl
->md_ctx
!= NULL
) {
759 const EVP_MD
*tmpmd
= EVP_MD_CTX_get0_md(rl
->md_ctx
);
762 imac_size
= EVP_MD_get_size(tmpmd
);
763 if (!ossl_assert(imac_size
>= 0 && imac_size
<= EVP_MAX_MD_SIZE
)) {
764 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_EVP_LIB
);
765 return OSSL_RECORD_RETURN_FATAL
;
767 mac_size
= (size_t)imac_size
;
772 * If in encrypt-then-mac mode calculate mac from encrypted record. All
773 * the details below are public so no timing details can leak.
775 if (rl
->use_etm
&& rl
->md_ctx
) {
778 for (j
= 0; j
< num_recs
; j
++) {
781 if (thisrr
->length
< mac_size
) {
782 RLAYERfatal(rl
, SSL_AD_DECODE_ERROR
, SSL_R_LENGTH_TOO_SHORT
);
783 return OSSL_RECORD_RETURN_FATAL
;
785 thisrr
->length
-= mac_size
;
786 mac
= thisrr
->data
+ thisrr
->length
;
787 i
= rl
->funcs
->mac(rl
, thisrr
, md
, 0 /* not send */);
788 if (i
== 0 || CRYPTO_memcmp(md
, mac
, mac_size
) != 0) {
789 RLAYERfatal(rl
, SSL_AD_BAD_RECORD_MAC
,
790 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC
);
791 return OSSL_RECORD_RETURN_FATAL
;
795 * We've handled the mac now - there is no MAC inside the encrypted
802 macbufs
= OPENSSL_zalloc(sizeof(*macbufs
) * num_recs
);
803 if (macbufs
== NULL
) {
804 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_CRYPTO_LIB
);
805 return OSSL_RECORD_RETURN_FATAL
;
809 enc_err
= rl
->funcs
->cipher(rl
, rr
, num_recs
, 0, macbufs
, mac_size
);
813 * 0: if the record is publicly invalid, or an internal error, or AEAD
814 * decryption failed, or ETM decryption failed.
815 * 1: Success or MTE decryption failed (MAC will be randomised)
818 if (rl
->alert
!= SSL_AD_NO_ALERT
) {
819 /* RLAYERfatal() already got called */
823 && rl
->skip_early_data
!= NULL
824 && rl
->skip_early_data(rl
->cbarg
)) {
826 * Valid early_data that we cannot decrypt will fail here. We treat
827 * it like an empty record.
832 if (!rlayer_early_data_count_ok(rl
, thisrr
->length
,
833 EARLY_DATA_CIPHERTEXT_OVERHEAD
, 0)) {
834 /* RLAYERfatal() already called */
841 rl
->num_released
= 0;
842 /* Reset the read sequence */
843 memset(rl
->sequence
, 0, sizeof(rl
->sequence
));
847 RLAYERfatal(rl
, SSL_AD_BAD_RECORD_MAC
,
848 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC
);
851 OSSL_TRACE_BEGIN(TLS
) {
852 BIO_printf(trc_out
, "dec %lu\n", (unsigned long)rr
[0].length
);
853 BIO_dump_indent(trc_out
, rr
[0].data
, rr
[0].length
, 4);
854 } OSSL_TRACE_END(TLS
);
856 /* r->length is now the compressed data plus mac */
857 if (rl
->enc_ctx
!= NULL
859 && EVP_MD_CTX_get0_md(rl
->md_ctx
) != NULL
) {
860 /* rl->md_ctx != NULL => mac_size != -1 */
862 for (j
= 0; j
< num_recs
; j
++) {
863 SSL_MAC_BUF
*thismb
= &macbufs
[j
];
867 i
= rl
->funcs
->mac(rl
, thisrr
, md
, 0 /* not send */);
868 if (i
== 0 || thismb
== NULL
|| thismb
->mac
== NULL
869 || CRYPTO_memcmp(md
, thismb
->mac
, (size_t)mac_size
) != 0)
871 if (thisrr
->length
> SSL3_RT_MAX_COMPRESSED_LENGTH
+ mac_size
)
877 if (rl
->alert
!= SSL_AD_NO_ALERT
) {
878 /* We already called RLAYERfatal() */
882 * A separate 'decryption_failed' alert was introduced with TLS 1.0,
883 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
884 * failure is directly visible from the ciphertext anyway, we should
885 * not reveal which kind of error occurred -- this might become
886 * visible to an attacker (e.g. via a logfile)
888 RLAYERfatal(rl
, SSL_AD_BAD_RECORD_MAC
,
889 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC
);
893 for (j
= 0; j
< num_recs
; j
++) {
896 if (!rl
->funcs
->post_process_record(rl
, thisrr
)) {
897 /* RLAYERfatal already called */
902 * Check if the received packet overflows the current
903 * Max Fragment Length setting.
904 * Note: rl->max_frag_len > 0 and KTLS are mutually exclusive.
906 if (rl
->max_frag_len
> 0 && thisrr
->length
> rl
->max_frag_len
) {
907 RLAYERfatal(rl
, SSL_AD_RECORD_OVERFLOW
, SSL_R_DATA_LENGTH_TOO_LONG
);
913 * So at this point the following is true
914 * thisrr->type is the type of record
915 * thisrr->length == number of bytes in record
916 * thisrr->off == offset to first valid byte
917 * thisrr->data == where to take bytes from, increment after use :-).
920 /* just read a 0 length packet */
921 if (thisrr
->length
== 0) {
922 if (++(rl
->empty_record_count
) > MAX_EMPTY_RECORDS
) {
923 RLAYERfatal(rl
, SSL_AD_UNEXPECTED_MESSAGE
,
924 SSL_R_RECORD_TOO_SMALL
);
928 rl
->empty_record_count
= 0;
932 if (rl
->level
== OSSL_RECORD_PROTECTION_LEVEL_EARLY
) {
934 if (thisrr
->type
== SSL3_RT_APPLICATION_DATA
935 && !rlayer_early_data_count_ok(rl
, thisrr
->length
, 0, 0)) {
936 /* RLAYERfatal already called */
941 rl
->num_recs
= num_recs
;
943 rl
->num_released
= 0;
944 ret
= OSSL_RECORD_RETURN_SUCCESS
;
946 if (macbufs
!= NULL
) {
947 for (j
= 0; j
< num_recs
; j
++) {
948 if (macbufs
[j
].alloced
)
949 OPENSSL_free(macbufs
[j
].mac
);
951 OPENSSL_free(macbufs
);
956 /* Shared by ssl3_meth and tls1_meth */
957 int tls_default_validate_record_header(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*rec
)
959 size_t len
= SSL3_RT_MAX_ENCRYPTED_LENGTH
;
961 if (rec
->rec_version
!= rl
->version
) {
962 RLAYERfatal(rl
, SSL_AD_PROTOCOL_VERSION
, SSL_R_WRONG_VERSION_NUMBER
);
966 #ifndef OPENSSL_NO_COMP
968 * If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH
969 * does not include the compression overhead anyway.
971 if (rl
->compctx
== NULL
)
972 len
-= SSL3_RT_MAX_COMPRESSED_OVERHEAD
;
975 if (rec
->length
> len
) {
976 RLAYERfatal(rl
, SSL_AD_RECORD_OVERFLOW
,
977 SSL_R_ENCRYPTED_LENGTH_TOO_LONG
);
984 static int tls_do_compress(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*wr
)
986 #ifndef OPENSSL_NO_COMP
989 i
= COMP_compress_block(rl
->compctx
, wr
->data
,
990 (int)(wr
->length
+ SSL3_RT_MAX_COMPRESSED_OVERHEAD
),
991 wr
->input
, (int)wr
->length
);
996 wr
->input
= wr
->data
;
1003 int tls_do_uncompress(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*rec
)
1005 #ifndef OPENSSL_NO_COMP
1008 if (rec
->comp
== NULL
) {
1009 rec
->comp
= (unsigned char *)
1010 OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH
);
1012 if (rec
->comp
== NULL
)
1015 i
= COMP_expand_block(rl
->compctx
, rec
->comp
, SSL3_RT_MAX_PLAIN_LENGTH
,
1016 rec
->data
, (int)rec
->length
);
1021 rec
->data
= rec
->comp
;
1028 /* Shared by tlsany_meth, ssl3_meth and tls1_meth */
1029 int tls_default_post_process_record(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*rec
)
1031 if (rl
->compctx
!= NULL
) {
1032 if (rec
->length
> SSL3_RT_MAX_COMPRESSED_LENGTH
) {
1033 RLAYERfatal(rl
, SSL_AD_RECORD_OVERFLOW
,
1034 SSL_R_COMPRESSED_LENGTH_TOO_LONG
);
1037 if (!tls_do_uncompress(rl
, rec
)) {
1038 RLAYERfatal(rl
, SSL_AD_DECOMPRESSION_FAILURE
,
1039 SSL_R_BAD_DECOMPRESSION
);
1044 if (rec
->length
> SSL3_RT_MAX_PLAIN_LENGTH
) {
1045 RLAYERfatal(rl
, SSL_AD_RECORD_OVERFLOW
, SSL_R_DATA_LENGTH_TOO_LONG
);
1052 /* Shared by tls13_meth and ktls_meth */
1053 int tls13_common_post_process_record(OSSL_RECORD_LAYER
*rl
, SSL3_RECORD
*rec
)
1055 if (rec
->type
!= SSL3_RT_APPLICATION_DATA
1056 && rec
->type
!= SSL3_RT_ALERT
1057 && rec
->type
!= SSL3_RT_HANDSHAKE
) {
1058 RLAYERfatal(rl
, SSL_AD_UNEXPECTED_MESSAGE
, SSL_R_BAD_RECORD_TYPE
);
1062 if (rl
->msg_callback
!= NULL
)
1063 rl
->msg_callback(0, rl
->version
, SSL3_RT_INNER_CONTENT_TYPE
, &rec
->type
,
1067 * TLSv1.3 alert and handshake records are required to be non-zero in
1070 if ((rec
->type
== SSL3_RT_HANDSHAKE
|| rec
->type
== SSL3_RT_ALERT
)
1071 && rec
->length
== 0) {
1072 RLAYERfatal(rl
, SSL_AD_UNEXPECTED_MESSAGE
, SSL_R_BAD_LENGTH
);
1079 int tls_read_record(OSSL_RECORD_LAYER
*rl
, void **rechandle
, int *rversion
,
1080 int *type
, unsigned char **data
, size_t *datalen
,
1081 uint16_t *epoch
, unsigned char *seq_num
)
1086 * tls_get_more_records() can return success without actually reading
1087 * anything useful (i.e. if empty records are read). We loop here until
1088 * we have something useful. tls_get_more_records() will eventually fail if
1089 * too many sequential empty records are read.
1091 while (rl
->curr_rec
>= rl
->num_recs
) {
1094 if (rl
->num_released
!= rl
->num_recs
) {
1095 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, SSL_R_RECORDS_NOT_RELEASED
);
1096 return OSSL_RECORD_RETURN_FATAL
;
1099 ret
= rl
->funcs
->get_more_records(rl
);
1101 if (ret
!= OSSL_RECORD_RETURN_SUCCESS
)
1106 * We have now got rl->num_recs records buffered in rl->rrec. rl->curr_rec
1107 * points to the next one to read.
1109 rec
= &rl
->rrec
[rl
->curr_rec
++];
1112 *rversion
= rec
->rec_version
;
1114 *data
= rec
->data
+ rec
->off
;
1115 *datalen
= rec
->length
;
1117 *epoch
= rec
->epoch
;
1118 memcpy(seq_num
, rec
->seq_num
, sizeof(rec
->seq_num
));
1121 return OSSL_RECORD_RETURN_SUCCESS
;
1124 int tls_release_record(OSSL_RECORD_LAYER
*rl
, void *rechandle
)
1126 if (!ossl_assert(rl
->num_released
< rl
->curr_rec
)
1127 || !ossl_assert(rechandle
== &rl
->rrec
[rl
->num_released
])) {
1128 /* Should not happen */
1129 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, SSL_R_INVALID_RECORD
);
1130 return OSSL_RECORD_RETURN_FATAL
;
1135 if (rl
->curr_rec
== rl
->num_released
1136 && (rl
->mode
& SSL_MODE_RELEASE_BUFFERS
) != 0
1137 && SSL3_BUFFER_get_left(&rl
->rbuf
) == 0)
1138 tls_release_read_buffer(rl
);
1140 return OSSL_RECORD_RETURN_SUCCESS
;
1143 int tls_set_options(OSSL_RECORD_LAYER
*rl
, const OSSL_PARAM
*options
)
1145 const OSSL_PARAM
*p
;
1147 p
= OSSL_PARAM_locate_const(options
, OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS
);
1148 if (p
!= NULL
&& !OSSL_PARAM_get_uint64(p
, &rl
->options
)) {
1149 ERR_raise(ERR_LIB_SSL
, SSL_R_FAILED_TO_GET_PARAMETER
);
1153 p
= OSSL_PARAM_locate_const(options
, OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE
);
1154 if (p
!= NULL
&& !OSSL_PARAM_get_uint32(p
, &rl
->mode
)) {
1155 ERR_raise(ERR_LIB_SSL
, SSL_R_FAILED_TO_GET_PARAMETER
);
1159 if (rl
->direction
== OSSL_RECORD_DIRECTION_READ
) {
1160 p
= OSSL_PARAM_locate_const(options
,
1161 OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN
);
1162 if (p
!= NULL
&& !OSSL_PARAM_get_size_t(p
, &rl
->rbuf
.default_len
)) {
1163 ERR_raise(ERR_LIB_SSL
, SSL_R_FAILED_TO_GET_PARAMETER
);
1167 p
= OSSL_PARAM_locate_const(options
,
1168 OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING
);
1169 if (p
!= NULL
&& !OSSL_PARAM_get_size_t(p
, &rl
->block_padding
)) {
1170 ERR_raise(ERR_LIB_SSL
, SSL_R_FAILED_TO_GET_PARAMETER
);
1175 if (rl
->level
== OSSL_RECORD_PROTECTION_LEVEL_APPLICATION
) {
1177 * We ignore any read_ahead setting prior to the application protection
1178 * level. Otherwise we may read ahead data in a lower protection level
1179 * that is destined for a higher protection level. To simplify the logic
1180 * we don't support that at this stage.
1182 p
= OSSL_PARAM_locate_const(options
,
1183 OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD
);
1184 if (p
!= NULL
&& !OSSL_PARAM_get_int(p
, &rl
->read_ahead
)) {
1185 ERR_raise(ERR_LIB_SSL
, SSL_R_FAILED_TO_GET_PARAMETER
);
1194 tls_int_new_record_layer(OSSL_LIB_CTX
*libctx
, const char *propq
, int vers
,
1195 int role
, int direction
, int level
, unsigned char *key
,
1196 size_t keylen
, unsigned char *iv
, size_t ivlen
,
1197 unsigned char *mackey
, size_t mackeylen
,
1198 const EVP_CIPHER
*ciph
, size_t taglen
,
1200 const EVP_MD
*md
, const SSL_COMP
*comp
, BIO
*prev
,
1201 BIO
*transport
, BIO
*next
, BIO_ADDR
*local
,
1202 BIO_ADDR
*peer
, const OSSL_PARAM
*settings
,
1203 const OSSL_PARAM
*options
,
1204 const OSSL_DISPATCH
*fns
, void *cbarg
,
1205 OSSL_RECORD_LAYER
**retrl
)
1207 OSSL_RECORD_LAYER
*rl
= OPENSSL_zalloc(sizeof(*rl
));
1208 const OSSL_PARAM
*p
;
1213 return OSSL_RECORD_RETURN_FATAL
;
1215 /* Loop through all the settings since they must all be understood */
1216 if (settings
!= NULL
) {
1217 for (p
= settings
; p
->key
!= NULL
; p
++) {
1218 if (strcmp(p
->key
, OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM
) == 0) {
1219 if (!OSSL_PARAM_get_int(p
, &rl
->use_etm
)) {
1220 ERR_raise(ERR_LIB_SSL
, SSL_R_FAILED_TO_GET_PARAMETER
);
1223 } else if (strcmp(p
->key
,
1224 OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN
) == 0) {
1225 if (!OSSL_PARAM_get_uint(p
, &rl
->max_frag_len
)) {
1226 ERR_raise(ERR_LIB_SSL
, SSL_R_FAILED_TO_GET_PARAMETER
);
1229 } else if (strcmp(p
->key
,
1230 OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA
) == 0) {
1231 if (!OSSL_PARAM_get_uint32(p
, &rl
->max_early_data
)) {
1232 ERR_raise(ERR_LIB_SSL
, SSL_R_FAILED_TO_GET_PARAMETER
);
1235 } else if (strcmp(p
->key
,
1236 OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC
) == 0) {
1237 if (!OSSL_PARAM_get_int(p
, &rl
->stream_mac
)) {
1238 ERR_raise(ERR_LIB_SSL
, SSL_R_FAILED_TO_GET_PARAMETER
);
1241 } else if (strcmp(p
->key
,
1242 OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE
) == 0) {
1243 if (!OSSL_PARAM_get_int(p
, &rl
->tlstree
)) {
1244 ERR_raise(ERR_LIB_SSL
, SSL_R_FAILED_TO_GET_PARAMETER
);
1248 ERR_raise(ERR_LIB_SSL
, SSL_R_UNKNOWN_MANDATORY_PARAMETER
);
1254 rl
->libctx
= libctx
;
1259 rl
->direction
= direction
;
1262 rl
->alert
= SSL_AD_NO_ALERT
;
1264 if (level
== OSSL_RECORD_PROTECTION_LEVEL_NONE
)
1265 rl
->is_first_record
= 1;
1267 if (!tls_set1_bio(rl
, transport
))
1270 if (prev
!= NULL
&& !BIO_up_ref(prev
))
1274 if (next
!= NULL
&& !BIO_up_ref(next
))
1280 for (; fns
->function_id
!= 0; fns
++) {
1281 switch (fns
->function_id
) {
1282 case OSSL_FUNC_RLAYER_SKIP_EARLY_DATA
:
1283 rl
->skip_early_data
= OSSL_FUNC_rlayer_skip_early_data(fns
);
1285 case OSSL_FUNC_RLAYER_MSG_CALLBACK
:
1286 rl
->msg_callback
= OSSL_FUNC_rlayer_msg_callback(fns
);
1288 case OSSL_FUNC_RLAYER_SECURITY
:
1289 rl
->security
= OSSL_FUNC_rlayer_security(fns
);
1291 case OSSL_FUNC_RLAYER_PADDING
:
1292 rl
->padding
= OSSL_FUNC_rlayer_padding(fns
);
1294 /* Just ignore anything we don't understand */
1300 if (!tls_set_options(rl
, options
)) {
1301 ERR_raise(ERR_LIB_SSL
, SSL_R_FAILED_TO_GET_PARAMETER
);
1305 if ((rl
->options
& SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
) == 0
1306 && rl
->version
<= TLS1_VERSION
1307 && !EVP_CIPHER_is_a(ciph
, "NULL")
1308 && !EVP_CIPHER_is_a(ciph
, "RC4")) {
1310 * Enable vulnerability countermeasure for CBC ciphers with known-IV
1311 * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
1313 rl
->need_empty_fragments
= 1;
1317 return OSSL_RECORD_RETURN_SUCCESS
;
1320 return OSSL_RECORD_RETURN_FATAL
;
1324 tls_new_record_layer(OSSL_LIB_CTX
*libctx
, const char *propq
, int vers
,
1325 int role
, int direction
, int level
, uint16_t epoch
,
1326 unsigned char *key
, size_t keylen
, unsigned char *iv
,
1327 size_t ivlen
, unsigned char *mackey
, size_t mackeylen
,
1328 const EVP_CIPHER
*ciph
, size_t taglen
,
1330 const EVP_MD
*md
, const SSL_COMP
*comp
, BIO
*prev
,
1331 BIO
*transport
, BIO
*next
, BIO_ADDR
*local
, BIO_ADDR
*peer
,
1332 const OSSL_PARAM
*settings
, const OSSL_PARAM
*options
,
1333 const OSSL_DISPATCH
*fns
, void *cbarg
,
1334 OSSL_RECORD_LAYER
**retrl
)
1338 ret
= tls_int_new_record_layer(libctx
, propq
, vers
, role
, direction
, level
,
1339 key
, keylen
, iv
, ivlen
, mackey
, mackeylen
,
1340 ciph
, taglen
, mactype
, md
, comp
, prev
,
1341 transport
, next
, local
, peer
, settings
,
1342 options
, fns
, cbarg
, retrl
);
1344 if (ret
!= OSSL_RECORD_RETURN_SUCCESS
)
1348 case TLS_ANY_VERSION
:
1349 (*retrl
)->funcs
= &tls_any_funcs
;
1351 case TLS1_3_VERSION
:
1352 (*retrl
)->funcs
= &tls_1_3_funcs
;
1354 case TLS1_2_VERSION
:
1355 case TLS1_1_VERSION
:
1357 (*retrl
)->funcs
= &tls_1_funcs
;
1360 (*retrl
)->funcs
= &ssl_3_0_funcs
;
1363 /* Should not happen */
1364 ERR_raise(ERR_LIB_SSL
, ERR_R_INTERNAL_ERROR
);
1365 ret
= OSSL_RECORD_RETURN_FATAL
;
1369 ret
= (*retrl
)->funcs
->set_crypto_state(*retrl
, level
, key
, keylen
, iv
,
1370 ivlen
, mackey
, mackeylen
, ciph
,
1371 taglen
, mactype
, md
, comp
);
1374 if (ret
!= OSSL_RECORD_RETURN_SUCCESS
) {
1375 OPENSSL_free(*retrl
);
1381 static void tls_int_free(OSSL_RECORD_LAYER
*rl
)
1386 SSL3_BUFFER_release(&rl
->rbuf
);
1388 tls_release_write_buffer(rl
);
1390 EVP_CIPHER_CTX_free(rl
->enc_ctx
);
1391 EVP_MD_CTX_free(rl
->md_ctx
);
1392 #ifndef OPENSSL_NO_COMP
1393 COMP_CTX_free(rl
->compctx
);
1396 if (rl
->version
== SSL3_VERSION
)
1397 OPENSSL_cleanse(rl
->mac_secret
, sizeof(rl
->mac_secret
));
1399 SSL3_RECORD_release(rl
->rrec
, SSL_MAX_PIPELINES
);
1404 int tls_free(OSSL_RECORD_LAYER
*rl
)
1407 size_t left
, written
;
1412 left
= SSL3_BUFFER_get_left(rbuf
);
1415 * This record layer is closing but we still have data left in our
1416 * buffer. It must be destined for the next epoch - so push it there.
1418 ret
= BIO_write_ex(rl
->next
, rbuf
->buf
+ rbuf
->offset
, left
, &written
);
1425 int tls_reset(OSSL_RECORD_LAYER
*rl
)
1427 memset(rl
, 0, sizeof(*rl
));
1431 int tls_unprocessed_read_pending(OSSL_RECORD_LAYER
*rl
)
1433 return SSL3_BUFFER_get_left(&rl
->rbuf
) != 0;
1436 int tls_processed_read_pending(OSSL_RECORD_LAYER
*rl
)
1438 return rl
->curr_rec
< rl
->num_recs
;
1441 size_t tls_app_data_pending(OSSL_RECORD_LAYER
*rl
)
1446 for (i
= rl
->curr_rec
; i
< rl
->num_recs
; i
++) {
1447 if (rl
->rrec
[i
].type
!= SSL3_RT_APPLICATION_DATA
)
1449 num
+= rl
->rrec
[i
].length
;
1454 int tls_write_pending(OSSL_RECORD_LAYER
*rl
)
1459 size_t tls_get_max_record_len(OSSL_RECORD_LAYER
*rl
)
1464 size_t tls_get_max_records_default(OSSL_RECORD_LAYER
*rl
, int type
, size_t len
,
1465 size_t maxfrag
, size_t *preffrag
)
1467 /* TODO(RECLAYER): Remove me */
1468 SSL_CONNECTION
*s
= rl
->cbarg
;
1471 * TODO(RECLYAER): There is no test for the pipelining code. We should add
1475 * If we have a pipeline capable cipher, and we have been configured to use
1476 * it, then return the preferred number of pipelines.
1478 if (rl
->max_pipelines
> 0
1479 && s
->enc_write_ctx
!= NULL
1480 && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s
->enc_write_ctx
))
1481 & EVP_CIPH_FLAG_PIPELINE
) != 0
1482 && RLAYER_USE_EXPLICIT_IV(rl
)) {
1487 pipes
= ((len
- 1) / *preffrag
) + 1;
1489 return (pipes
< rl
->max_pipelines
) ? pipes
: rl
->max_pipelines
;
1495 size_t tls_get_max_records(OSSL_RECORD_LAYER
*rl
, int type
, size_t len
,
1496 size_t maxfrag
, size_t *preffrag
)
1498 return rl
->funcs
->get_max_records(rl
, type
, len
, maxfrag
, preffrag
);
1501 int tls_write_records_default(OSSL_RECORD_LAYER
*rl
,
1502 OSSL_RECORD_TEMPLATE
*templates
,
1505 WPACKET pkt
[SSL_MAX_PIPELINES
+ 1];
1506 SSL3_RECORD wr
[SSL_MAX_PIPELINES
+ 1];
1508 SSL3_RECORD
*thiswr
;
1509 unsigned char *recordstart
;
1510 int mac_size
= 0, ret
= 0;
1513 size_t len
, wpinited
= 0;
1514 size_t j
, prefix
= 0;
1516 /* TODO(RECLAYER): REMOVE ME */
1517 SSL_CONNECTION
*s
= rl
->cbarg
;
1518 SSL
*ssl
= SSL_CONNECTION_GET_SSL(s
);
1519 OSSL_RECORD_TEMPLATE prefixtempl
;
1520 OSSL_RECORD_TEMPLATE
*thistempl
;
1523 * TODO(RECLAYER): Remove this once SSLv3/TLSv1.3/DTLS crypto has
1524 * been moved to the new write record layer.
1526 if (rl
->version
== SSL3_VERSION
1527 || rl
->version
== TLS1_3_VERSION
1529 SSL_SESSION
*sess
= s
->session
;
1532 || (s
->enc_write_ctx
== NULL
)
1533 || (EVP_MD_CTX_get0_md(s
->write_hash
) == NULL
)) {
1536 mac_size
= EVP_MD_CTX_get_size(s
->write_hash
);
1538 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1543 if (rl
->md_ctx
!= NULL
&& EVP_MD_CTX_get0_md(rl
->md_ctx
) != NULL
) {
1544 mac_size
= EVP_MD_CTX_get_size(rl
->md_ctx
);
1546 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1551 /* Do we need to add an empty record prefix? */
1552 prefix
= rl
->need_empty_fragments
1553 && templates
[0].type
== SSL3_RT_APPLICATION_DATA
;
1556 * In the prefix case we can allocate a much smaller buffer. Otherwise we
1557 * just allocate the default buffer size
1559 if (!tls_setup_write_buffer(rl
, numtempl
+ prefix
,
1560 prefix
? MAX_PREFIX_LEN
: 0, 0)) {
1561 /* RLAYERfatal() already called */
1565 using_ktls
= BIO_get_ktls_send(rl
->bio
);
1566 if (!ossl_assert(!using_ktls
|| !prefix
)) {
1567 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1573 * countermeasure against known-IV weakness in CBC ciphersuites (see
1574 * http://www.openssl.org/~bodo/tls-cbc.txt)
1576 prefixtempl
.buf
= NULL
;
1577 prefixtempl
.version
= templates
[0].version
;
1578 prefixtempl
.buflen
= 0;
1579 prefixtempl
.type
= SSL3_RT_APPLICATION_DATA
;
1583 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
1584 align
= (size_t)SSL3_BUFFER_get_buf(wb
) + SSL3_RT_HEADER_LENGTH
;
1585 align
= SSL3_ALIGN_PAYLOAD
- 1
1586 - ((align
- 1) % SSL3_ALIGN_PAYLOAD
);
1588 SSL3_BUFFER_set_offset(wb
, align
);
1589 if (!WPACKET_init_static_len(&pkt
[0], SSL3_BUFFER_get_buf(wb
),
1590 SSL3_BUFFER_get_len(wb
), 0)
1591 || !WPACKET_allocate_bytes(&pkt
[0], align
, NULL
)) {
1592 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1597 for (j
= 0; j
< numtempl
; j
++) {
1598 thispkt
= &pkt
[prefix
+ j
];
1600 wb
= &rl
->wbuf
[prefix
+ j
];
1601 wb
->type
= templates
[j
].type
;
1605 * ktls doesn't modify the buffer, but to avoid a warning we need
1606 * to discard the const qualifier.
1607 * This doesn't leak memory because the buffers have been
1608 * released when switching to ktls.
1610 SSL3_BUFFER_set_buf(wb
, (unsigned char *)templates
[j
].buf
);
1611 SSL3_BUFFER_set_offset(wb
, 0);
1612 SSL3_BUFFER_set_app_buffer(wb
, 1);
1614 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
1615 align
= (size_t)SSL3_BUFFER_get_buf(wb
) + SSL3_RT_HEADER_LENGTH
;
1616 align
= SSL3_ALIGN_PAYLOAD
- 1
1617 - ((align
- 1) % SSL3_ALIGN_PAYLOAD
);
1619 SSL3_BUFFER_set_offset(wb
, align
);
1620 if (!WPACKET_init_static_len(thispkt
, SSL3_BUFFER_get_buf(wb
),
1621 SSL3_BUFFER_get_len(wb
), 0)
1622 || !WPACKET_allocate_bytes(thispkt
, align
, NULL
)) {
1623 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1630 /* Clear our SSL3_RECORD structures */
1631 memset(wr
, 0, sizeof(wr
));
1632 for (j
= 0; j
< numtempl
+ prefix
; j
++) {
1633 unsigned char *compressdata
= NULL
;
1635 unsigned int rectype
;
1639 thistempl
= (j
== 0 && prefix
== 1) ? &prefixtempl
:
1640 &templates
[j
- prefix
];
1643 * In TLSv1.3, once encrypting, we always use application data for the
1646 if (rl
->version
== TLS1_3_VERSION
1647 && s
->enc_write_ctx
!= NULL
1648 && (s
->statem
.enc_write_state
!= ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
1649 || thistempl
->type
!= SSL3_RT_ALERT
))
1650 rectype
= SSL3_RT_APPLICATION_DATA
;
1652 rectype
= thistempl
->type
;
1654 SSL3_RECORD_set_type(thiswr
, rectype
);
1655 SSL3_RECORD_set_rec_version(thiswr
, thistempl
->version
);
1657 maxcomplen
= thistempl
->buflen
;
1658 if (rl
->compctx
!= NULL
)
1659 maxcomplen
+= SSL3_RT_MAX_COMPRESSED_OVERHEAD
;
1662 * When using offload kernel will write the header.
1663 * Otherwise write the header now
1666 && (!WPACKET_put_bytes_u8(thispkt
, rectype
)
1667 || !WPACKET_put_bytes_u16(thispkt
, thistempl
->version
)
1668 || !WPACKET_start_sub_packet_u16(thispkt
)
1670 && !WPACKET_allocate_bytes(thispkt
, rl
->eivlen
, NULL
))
1672 && !WPACKET_reserve_bytes(thispkt
, maxcomplen
,
1674 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1678 /* lets setup the record stuff. */
1679 SSL3_RECORD_set_data(thiswr
, compressdata
);
1680 SSL3_RECORD_set_length(thiswr
, thistempl
->buflen
);
1682 SSL3_RECORD_set_input(thiswr
, (unsigned char *)thistempl
->buf
);
1685 * we now 'read' from thiswr->input, thiswr->length bytes into
1689 /* first we compress */
1690 if (rl
->compctx
!= NULL
) {
1691 if (!tls_do_compress(rl
, thiswr
)
1692 || !WPACKET_allocate_bytes(thispkt
, thiswr
->length
, NULL
)) {
1693 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, SSL_R_COMPRESSION_FAILURE
);
1698 SSL3_RECORD_reset_data(&wr
[j
]);
1700 if (!WPACKET_memcpy(thispkt
, thiswr
->input
, thiswr
->length
)) {
1701 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1704 SSL3_RECORD_reset_input(&wr
[j
]);
1708 if (rl
->version
== TLS1_3_VERSION
1710 && s
->enc_write_ctx
!= NULL
1711 && (s
->statem
.enc_write_state
!= ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
1712 || thistempl
->type
!= SSL3_RT_ALERT
)) {
1713 size_t rlen
, max_send_fragment
;
1715 if (!WPACKET_put_bytes_u8(thispkt
, thistempl
->type
)) {
1716 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1719 SSL3_RECORD_add_length(thiswr
, 1);
1721 /* Add TLS1.3 padding */
1722 max_send_fragment
= ssl_get_max_send_fragment(s
);
1723 rlen
= SSL3_RECORD_get_length(thiswr
);
1724 if (rlen
< max_send_fragment
) {
1726 size_t max_padding
= max_send_fragment
- rlen
;
1728 if (rl
->padding
!= NULL
) {
1729 padding
= rl
->padding(rl
->cbarg
, thistempl
->type
, rlen
);
1730 } else if (rl
->block_padding
> 0) {
1731 size_t mask
= rl
->block_padding
- 1;
1734 /* optimize for power of 2 */
1735 if ((rl
->block_padding
& mask
) == 0)
1736 remainder
= rlen
& mask
;
1738 remainder
= rlen
% rl
->block_padding
;
1739 /* don't want to add a block of padding if we don't have to */
1743 padding
= rl
->block_padding
- remainder
;
1746 /* do not allow the record to exceed max plaintext length */
1747 if (padding
> max_padding
)
1748 padding
= max_padding
;
1749 if (!WPACKET_memset(thispkt
, 0, padding
)) {
1750 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
,
1751 ERR_R_INTERNAL_ERROR
);
1754 SSL3_RECORD_add_length(thiswr
, padding
);
1760 * we should still have the output to thiswr->data and the input from
1761 * wr->input. Length should be thiswr->length. thiswr->data still points
1765 if (!using_ktls
&& !rl
->use_etm
&& mac_size
!= 0) {
1769 * TODO(RECLAYER): Remove this once SSLv3/TLSv1.3/DTLS crypto has
1770 * been moved to the new write record layer.
1772 if (rl
->version
== SSL3_VERSION
1773 || rl
->version
== TLS1_3_VERSION
1775 if (!WPACKET_allocate_bytes(thispkt
, mac_size
, &mac
)
1776 || !ssl
->method
->ssl3_enc
->mac(s
, thiswr
, mac
, 1)) {
1777 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1781 if (!WPACKET_allocate_bytes(thispkt
, mac_size
, &mac
)
1782 || !rl
->funcs
->mac(rl
, thiswr
, mac
, 1)) {
1783 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1790 * Reserve some bytes for any growth that may occur during encryption.
1791 * This will be at most one cipher block or the tag length if using
1792 * AEAD. SSL_RT_MAX_CIPHER_BLOCK_SIZE covers either case.
1795 if (!WPACKET_reserve_bytes(thispkt
,
1796 SSL_RT_MAX_CIPHER_BLOCK_SIZE
,
1799 * We also need next the amount of bytes written to this
1802 || !WPACKET_get_length(thispkt
, &len
)) {
1803 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1807 /* Get a pointer to the start of this record excluding header */
1808 recordstart
= WPACKET_get_curr(thispkt
) - len
;
1809 SSL3_RECORD_set_data(thiswr
, recordstart
);
1810 SSL3_RECORD_reset_input(thiswr
);
1811 SSL3_RECORD_set_length(thiswr
, len
);
1815 if (s
->statem
.enc_write_state
== ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
) {
1817 * We haven't actually negotiated the version yet, but we're trying to
1818 * send early data - so we need to use the tls13enc function.
1820 if (tls13_enc(s
, wr
, numtempl
, 1, NULL
, mac_size
) < 1) {
1821 if (!ossl_statem_in_error(s
))
1822 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1829 * TODO(RECLAYER): Remove this once SSLv3 crypto has been moved
1830 * to the new write record layer.
1832 if (rl
->version
== SSL3_VERSION
) {
1833 if (ssl
->method
->ssl3_enc
->enc(s
, wr
, 1, 1, NULL
, mac_size
) < 1) {
1834 if (!ossl_statem_in_error(s
))
1835 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1839 if (rl
->funcs
->cipher(rl
, wr
, 1, 1, NULL
, mac_size
) < 1) {
1840 if (!ossl_statem_in_error(s
))
1841 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1847 * TODO(RECLAYER): Remove this once SSLv3/TLSv1.3/DTLS crypto has
1848 * been moved to the new write record layer.
1850 if (rl
->version
== SSL3_VERSION
1851 || rl
->version
== TLS1_3_VERSION
1853 if (ssl
->method
->ssl3_enc
->enc(s
, wr
+ prefix
, numtempl
, 1, NULL
,
1855 if (!ossl_statem_in_error(s
))
1856 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1860 if (rl
->funcs
->cipher(rl
, wr
+ prefix
, numtempl
, 1, NULL
,
1862 if (!ossl_statem_in_error(s
))
1863 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1870 for (j
= 0; j
< prefix
+ numtempl
; j
++) {
1875 thistempl
= (prefix
== 1 && j
== 0) ? &prefixtempl
1876 : &templates
[j
- prefix
];
1881 /* Allocate bytes for the encryption overhead */
1882 if (!WPACKET_get_length(thispkt
, &origlen
)
1883 /* Encryption should never shrink the data! */
1884 || origlen
> thiswr
->length
1885 || (thiswr
->length
> origlen
1886 && !WPACKET_allocate_bytes(thispkt
,
1887 thiswr
->length
- origlen
,
1889 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1892 if (rl
->use_etm
&& mac_size
!= 0) {
1896 * TODO(RECLAYER): Remove this once SSLv3/TLSv1.3/DTLS crypto has
1897 * been moved to the new write record layer.
1899 if (rl
->version
== SSL3_VERSION
1900 || rl
->version
== TLS1_3_VERSION
1902 if (!WPACKET_allocate_bytes(thispkt
, mac_size
, &mac
)
1903 || !ssl
->method
->ssl3_enc
->mac(s
, thiswr
, mac
, 1)) {
1904 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1908 if (!WPACKET_allocate_bytes(thispkt
, mac_size
, &mac
)
1909 || !rl
->funcs
->mac(rl
, thiswr
, mac
, 1)) {
1910 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1915 SSL3_RECORD_add_length(thiswr
, mac_size
);
1918 if (!WPACKET_get_length(thispkt
, &len
)
1919 || !WPACKET_close(thispkt
)) {
1920 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1924 if (rl
->msg_callback
) {
1925 recordstart
= WPACKET_get_curr(thispkt
) - len
1926 - SSL3_RT_HEADER_LENGTH
;
1927 rl
->msg_callback(1, thiswr
->rec_version
, SSL3_RT_HEADER
, recordstart
,
1928 SSL3_RT_HEADER_LENGTH
, rl
->cbarg
);
1930 if (rl
->version
== TLS1_3_VERSION
&& s
->enc_write_ctx
!= NULL
) {
1931 unsigned char ctype
= thistempl
->type
;
1933 rl
->msg_callback(1, thiswr
->rec_version
, SSL3_RT_INNER_CONTENT_TYPE
,
1934 &ctype
, 1, rl
->cbarg
);
1938 if (!WPACKET_finish(thispkt
)) {
1939 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_INTERNAL_ERROR
);
1943 /* header is added by the kernel when using offload */
1944 SSL3_RECORD_add_length(thiswr
, SSL3_RT_HEADER_LENGTH
);
1948 * we should now have thiswr->data pointing to the encrypted data, which
1949 * is thiswr->length long.
1950 * Setting the type is not needed but helps for debugging
1952 SSL3_RECORD_set_type(thiswr
, thistempl
->type
);
1954 /* now let's set up wb */
1955 SSL3_BUFFER_set_left(&rl
->wbuf
[j
], SSL3_RECORD_get_length(thiswr
));
1960 for (j
= 0; j
< wpinited
; j
++)
1961 WPACKET_cleanup(&pkt
[j
]);
1965 int tls_write_records(OSSL_RECORD_LAYER
*rl
, OSSL_RECORD_TEMPLATE
*templates
,
1968 /* Check we don't have pending data waiting to write */
1969 if (!ossl_assert(rl
->nextwbuf
>= rl
->numwpipes
1970 || SSL3_BUFFER_get_left(&rl
->wbuf
[rl
->nextwbuf
]) == 0)) {
1971 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
1972 return OSSL_RECORD_RETURN_FATAL
;
1975 if (!rl
->funcs
->write_records(rl
, templates
, numtempl
)) {
1976 /* RLAYERfatal already called */
1977 return OSSL_RECORD_RETURN_FATAL
;
1981 /* we now just need to write the buffers */
1982 return tls_retry_write_records(rl
);
1985 int tls_retry_write_records(OSSL_RECORD_LAYER
*rl
)
1988 SSL3_BUFFER
*thiswb
;
1991 if (rl
->nextwbuf
>= rl
->numwpipes
)
1992 return OSSL_RECORD_RETURN_SUCCESS
;
1995 thiswb
= &rl
->wbuf
[rl
->nextwbuf
];
1998 if (rl
->bio
!= NULL
) {
2000 * To prevent coalescing of control and data messages,
2001 * such as in buffer_write, we flush the BIO
2003 if (BIO_get_ktls_send(rl
->bio
)
2004 && thiswb
->type
!= SSL3_RT_APPLICATION_DATA
) {
2005 i
= BIO_flush(rl
->bio
);
2007 if (BIO_should_retry(rl
->bio
))
2008 ret
= OSSL_RECORD_RETURN_RETRY
;
2010 ret
= OSSL_RECORD_RETURN_FATAL
;
2013 BIO_set_ktls_ctrl_msg(rl
->bio
, thiswb
->type
);
2015 i
= BIO_write(rl
->bio
, (char *)
2016 &(SSL3_BUFFER_get_buf(thiswb
)
2017 [SSL3_BUFFER_get_offset(thiswb
)]),
2018 (unsigned int)SSL3_BUFFER_get_left(thiswb
));
2021 if (i
== 0 && BIO_should_retry(rl
->bio
))
2022 ret
= OSSL_RECORD_RETURN_RETRY
;
2024 ret
= OSSL_RECORD_RETURN_SUCCESS
;
2026 if (BIO_should_retry(rl
->bio
))
2027 ret
= OSSL_RECORD_RETURN_RETRY
;
2029 ret
= OSSL_RECORD_RETURN_FATAL
;
2032 RLAYERfatal(rl
, SSL_AD_INTERNAL_ERROR
, SSL_R_BIO_NOT_SET
);
2033 ret
= OSSL_RECORD_RETURN_FATAL
;
2038 * When an empty fragment is sent on a connection using KTLS,
2039 * it is sent as a write of zero bytes. If this zero byte
2040 * write succeeds, i will be 0 rather than a non-zero value.
2041 * Treat i == 0 as success rather than an error for zero byte
2042 * writes to permit this case.
2044 if (i
>= 0 && tmpwrit
== SSL3_BUFFER_get_left(thiswb
)) {
2045 SSL3_BUFFER_set_left(thiswb
, 0);
2046 SSL3_BUFFER_add_offset(thiswb
, tmpwrit
);
2047 if (++(rl
->nextwbuf
) < rl
->numwpipes
)
2050 if (rl
->nextwbuf
== rl
->numwpipes
2051 && (rl
->mode
& SSL_MODE_RELEASE_BUFFERS
) != 0)
2052 tls_release_write_buffer(rl
);
2053 return OSSL_RECORD_RETURN_SUCCESS
;
2054 } else if (i
<= 0) {
2057 * For DTLS, just drop it. That's kind of the whole point in
2058 * using a datagram service
2060 SSL3_BUFFER_set_left(thiswb
, 0);
2061 if (++(rl
->nextwbuf
) == rl
->numwpipes
2062 && (rl
->mode
& SSL_MODE_RELEASE_BUFFERS
) != 0)
2063 tls_release_write_buffer(rl
);
2068 SSL3_BUFFER_add_offset(thiswb
, tmpwrit
);
2069 SSL3_BUFFER_sub_left(thiswb
, tmpwrit
);
2073 int tls_get_alert_code(OSSL_RECORD_LAYER
*rl
)
2078 int tls_set1_bio(OSSL_RECORD_LAYER
*rl
, BIO
*bio
)
2080 if (bio
!= NULL
&& !BIO_up_ref(bio
))
2088 /* Shared by most methods except tlsany_meth */
2089 int tls_default_set_protocol_version(OSSL_RECORD_LAYER
*rl
, int version
)
2091 if (rl
->version
!= version
)
2097 int tls_set_protocol_version(OSSL_RECORD_LAYER
*rl
, int version
)
2099 return rl
->funcs
->set_protocol_version(rl
, version
);
2102 void tls_set_plain_alerts(OSSL_RECORD_LAYER
*rl
, int allow
)
2104 rl
->allow_plain_alerts
= allow
;
2107 void tls_set_first_handshake(OSSL_RECORD_LAYER
*rl
, int first
)
2109 rl
->is_first_handshake
= first
;
2112 void tls_set_max_pipelines(OSSL_RECORD_LAYER
*rl
, size_t max_pipelines
)
2114 rl
->max_pipelines
= max_pipelines
;
2115 if (max_pipelines
> 1)
2119 void tls_get_state(OSSL_RECORD_LAYER
*rl
, const char **shortstr
,
2120 const char **longstr
)
2122 const char *shrt
, *lng
;
2124 switch (rl
->rstate
) {
2125 case SSL_ST_READ_HEADER
:
2127 lng
= "read header";
2129 case SSL_ST_READ_BODY
:
2134 shrt
= lng
= "unknown";
2137 if (shortstr
!= NULL
)
2139 if (longstr
!= NULL
)
2143 const OSSL_RECORD_METHOD ossl_tls_record_method
= {
2144 tls_new_record_layer
,
2147 tls_unprocessed_read_pending
,
2148 tls_processed_read_pending
,
2149 tls_app_data_pending
,
2151 tls_get_max_record_len
,
2152 tls_get_max_records
,
2154 tls_retry_write_records
,
2159 tls_set_protocol_version
,
2160 tls_set_plain_alerts
,
2161 tls_set_first_handshake
,
2162 tls_set_max_pipelines
,