]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/record/methods/tls_common.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Move the sequence number into the OSSL_RECORD_LAYER object
[thirdparty/openssl.git] / ssl / record / methods / tls_common.c
1 /*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/bio.h>
11 #include <openssl/ssl.h>
12 #include <openssl/err.h>
13 #include <openssl/core_names.h>
14 #include "internal/e_os.h"
15 #include "internal/packet.h"
16 #include "../../ssl_local.h"
17 #include "../record_local.h"
18 #include "recmethod_local.h"
19
20 # define SSL_AD_NO_ALERT -1
21
22 static void tls_int_free(OSSL_RECORD_LAYER *rl);
23
24 void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
25 const char *fmt, ...)
26 {
27 va_list args;
28
29 va_start(args, fmt);
30 ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
31 va_end(args);
32
33 rl->alert = al;
34 }
35
36 int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
37 EVP_CIPHER_CTX *ctx,
38 const EVP_CIPHER *ciph,
39 const EVP_MD *md)
40 {
41 /*
42 * Provided cipher, the TLS padding/MAC removal is performed provider
43 * side so we need to tell the ctx about our TLS version and mac size
44 */
45 OSSL_PARAM params[3], *pprm = params;
46 size_t macsize = 0;
47 int imacsize = -1;
48
49 if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0
50 && !rl->use_etm)
51 imacsize = EVP_MD_get_size(md);
52 if (imacsize >= 0)
53 macsize = (size_t)imacsize;
54
55 *pprm++ = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION,
56 &rl->version);
57 *pprm++ = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE,
58 &macsize);
59 *pprm = OSSL_PARAM_construct_end();
60
61 if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
62 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
63 return 0;
64 }
65
66 return 1;
67 }
68
69 /*
70 * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
71 * which ssl3_cbc_digest_record supports.
72 */
73 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
74 {
75 switch (EVP_MD_CTX_get_type(ctx)) {
76 case NID_md5:
77 case NID_sha1:
78 case NID_sha224:
79 case NID_sha256:
80 case NID_sha384:
81 case NID_sha512:
82 return 1;
83 default:
84 return 0;
85 }
86 }
87
88 #ifndef OPENSSL_NO_COMP
89 static int rlayer_allow_compression(OSSL_RECORD_LAYER *rl)
90 {
91 if (rl->options & SSL_OP_NO_COMPRESSION)
92 return 0;
93 # if 0
94 /* TODO(RECLAYER): Implement ssl_security inside the record layer */
95 return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL);
96 # else
97 return 1;
98 # endif
99 }
100 #endif
101
102 static int rlayer_setup_read_buffer(OSSL_RECORD_LAYER *rl)
103 {
104 unsigned char *p;
105 size_t len, align = 0, headerlen;
106 SSL3_BUFFER *b;
107
108 b = &rl->rbuf;
109
110 if (rl->isdtls)
111 headerlen = DTLS1_RT_HEADER_LENGTH;
112 else
113 headerlen = SSL3_RT_HEADER_LENGTH;
114
115 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
116 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
117 #endif
118
119 if (b->buf == NULL) {
120 len = SSL3_RT_MAX_PLAIN_LENGTH
121 + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
122 #ifndef OPENSSL_NO_COMP
123 if (rlayer_allow_compression(rl))
124 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
125 #endif
126 if (b->default_len > len)
127 len = b->default_len;
128 if ((p = OPENSSL_malloc(len)) == NULL) {
129 /*
130 * We've got a malloc failure, and we're still initialising buffers.
131 * We assume we're so doomed that we won't even be able to send an
132 * alert.
133 */
134 RLAYERfatal(rl, SSL_AD_NO_ALERT, ERR_R_MALLOC_FAILURE);
135 return 0;
136 }
137 b->buf = p;
138 b->len = len;
139 }
140
141 return 1;
142 }
143
144 static int rlayer_release_read_buffer(OSSL_RECORD_LAYER *rl)
145 {
146 SSL3_BUFFER *b;
147
148 b = &rl->rbuf;
149 if (rl->options & SSL_OP_CLEANSE_PLAINTEXT)
150 OPENSSL_cleanse(b->buf, b->len);
151 OPENSSL_free(b->buf);
152 b->buf = NULL;
153 return 1;
154 }
155
156 void tls_reset_packet_length(OSSL_RECORD_LAYER *rl)
157 {
158 rl->packet_length = 0;
159 }
160
161 /*
162 * Return values are as per SSL_read()
163 */
164 int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
165 int clearold, size_t *readbytes)
166 {
167 /*
168 * If extend == 0, obtain new n-byte packet; if extend == 1, increase
169 * packet by another n bytes. The packet will be in the sub-array of
170 * s->rlayer.rbuf.buf specified by s->rlayer.packet and
171 * s->rlayer.packet_length. (If s->rlayer.read_ahead is set, 'max' bytes may
172 * be stored in rbuf [plus s->rlayer.packet_length bytes if extend == 1].)
173 * if clearold == 1, move the packet to the start of the buffer; if
174 * clearold == 0 then leave any old packets where they were
175 */
176 size_t len, left, align = 0;
177 unsigned char *pkt;
178 SSL3_BUFFER *rb;
179
180 if (n == 0)
181 return OSSL_RECORD_RETURN_NON_FATAL_ERR;
182
183 rb = &rl->rbuf;
184 /*
185 * TODO(RECLAYER): Once this function is only called from inside the rlayer
186 * directly, we can probably remove this since it is initialised in
187 * tls_get_more_records
188 */
189 if (rb->buf == NULL) {
190 if (!rlayer_setup_read_buffer(rl)) {
191 /* RLAYERfatal() already called */
192 return OSSL_RECORD_RETURN_FATAL;
193 }
194 }
195
196 left = rb->left;
197 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
198 align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
199 align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
200 #endif
201
202 if (!extend) {
203 /* start with empty packet ... */
204 if (left == 0) {
205 rb->offset = align;
206 } else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
207 /*
208 * check if next packet length is large enough to justify payload
209 * alignment...
210 */
211 pkt = rb->buf + rb->offset;
212 if (pkt[0] == SSL3_RT_APPLICATION_DATA
213 && (pkt[3] << 8 | pkt[4]) >= 128) {
214 /*
215 * Note that even if packet is corrupted and its length field
216 * is insane, we can only be led to wrong decision about
217 * whether memmove will occur or not. Header values has no
218 * effect on memmove arguments and therefore no buffer
219 * overrun can be triggered.
220 */
221 memmove(rb->buf + align, pkt, left);
222 rb->offset = align;
223 }
224 }
225 rl->packet = rb->buf + rb->offset;
226 rl->packet_length = 0;
227 /* ... now we can act as if 'extend' was set */
228 }
229
230 len = rl->packet_length;
231 pkt = rb->buf + align;
232 /*
233 * Move any available bytes to front of buffer: 'len' bytes already
234 * pointed to by 'packet', 'left' extra ones at the end
235 */
236 if (rl->packet != pkt && clearold == 1) {
237 memmove(pkt, rl->packet, len + left);
238 rl->packet = pkt;
239 rb->offset = len + align;
240 }
241
242 /*
243 * For DTLS/UDP reads should not span multiple packets because the read
244 * operation returns the whole packet at once (as long as it fits into
245 * the buffer).
246 */
247 if (rl->isdtls) {
248 if (left == 0 && extend)
249 return 0;
250 if (left > 0 && n > left)
251 n = left;
252 }
253
254 /* if there is enough in the buffer from a previous read, take some */
255 if (left >= n) {
256 rl->packet_length += n;
257 rb->left = left - n;
258 rb->offset += n;
259 *readbytes = n;
260 return OSSL_RECORD_RETURN_SUCCESS;
261 }
262
263 /* else we need to read more data */
264
265 if (n > rb->len - rb->offset) {
266 /* does not happen */
267 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
268 return OSSL_RECORD_RETURN_FATAL;
269 }
270
271 /* We always act like read_ahead is set for DTLS */
272 if (!rl->read_ahead && !rl->isdtls) {
273 /* ignore max parameter */
274 max = n;
275 } else {
276 if (max < n)
277 max = n;
278 if (max > rb->len - rb->offset)
279 max = rb->len - rb->offset;
280 }
281
282 while (left < n) {
283 size_t bioread = 0;
284 int ret;
285 BIO *bio = rl->prev != NULL ? rl->prev : rl->bio;
286
287 /*
288 * Now we have len+left bytes at the front of s->s3.rbuf.buf and
289 * need to read in more until we have len+n (up to len+max if
290 * possible)
291 */
292
293 clear_sys_error();
294 if (bio != NULL) {
295 ret = BIO_read(bio, pkt + len + left, max - left);
296 if (ret > 0) {
297 bioread = ret;
298 ret = OSSL_RECORD_RETURN_SUCCESS;
299 } else if (BIO_should_retry(bio)) {
300 if (rl->prev != NULL) {
301 /*
302 * We were reading from the previous epoch. Now there is no
303 * more data, so swap to the actual transport BIO
304 */
305 BIO_free(rl->prev);
306 rl->prev = NULL;
307 continue;
308 }
309 ret = OSSL_RECORD_RETURN_RETRY;
310 } else if (BIO_eof(bio)) {
311 ret = OSSL_RECORD_RETURN_EOF;
312 } else {
313 ret = OSSL_RECORD_RETURN_FATAL;
314 }
315 } else {
316 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_READ_BIO_NOT_SET);
317 ret = OSSL_RECORD_RETURN_FATAL;
318 }
319
320 if (ret <= OSSL_RECORD_RETURN_RETRY) {
321 rb->left = left;
322 if (rl->mode & SSL_MODE_RELEASE_BUFFERS && !rl->isdtls)
323 if (len + left == 0)
324 rlayer_release_read_buffer(rl);
325 return ret;
326 }
327 left += bioread;
328 /*
329 * reads should *never* span multiple packets for DTLS because the
330 * underlying transport protocol is message oriented as opposed to
331 * byte oriented as in the TLS case.
332 */
333 if (rl->isdtls) {
334 if (n > left)
335 n = left; /* makes the while condition false */
336 }
337 }
338
339 /* done reading, now the book-keeping */
340 rb->offset += n;
341 rb->left = left - n;
342 rl->packet_length += n;
343 *readbytes = n;
344 return OSSL_RECORD_RETURN_SUCCESS;
345 }
346
347 /*
348 * Peeks ahead into "read_ahead" data to see if we have a whole record waiting
349 * for us in the buffer.
350 */
351 static int tls_record_app_data_waiting(OSSL_RECORD_LAYER *rl)
352 {
353 SSL3_BUFFER *rbuf;
354 size_t left, len;
355 unsigned char *p;
356
357 rbuf = &rl->rbuf;
358
359 p = SSL3_BUFFER_get_buf(rbuf);
360 if (p == NULL)
361 return 0;
362
363 left = SSL3_BUFFER_get_left(rbuf);
364
365 if (left < SSL3_RT_HEADER_LENGTH)
366 return 0;
367
368 p += SSL3_BUFFER_get_offset(rbuf);
369
370 /*
371 * We only check the type and record length, we will sanity check version
372 * etc later
373 */
374 if (*p != SSL3_RT_APPLICATION_DATA)
375 return 0;
376
377 p += 3;
378 n2s(p, len);
379
380 if (left < SSL3_RT_HEADER_LENGTH + len)
381 return 0;
382
383 return 1;
384 }
385
386 /*
387 * MAX_EMPTY_RECORDS defines the number of consecutive, empty records that
388 * will be processed per call to ssl3_get_record. Without this limit an
389 * attacker could send empty records at a faster rate than we can process and
390 * cause ssl3_get_record to loop forever.
391 */
392 #define MAX_EMPTY_RECORDS 32
393
394 #define SSL2_RT_HEADER_LENGTH 2
395
396 /*-
397 * Call this to buffer new input records in rl->rrec.
398 * It will return a OSSL_RECORD_RETURN_* value.
399 * When it finishes successfully (OSSL_RECORD_RETURN_SUCCESS), |rl->num_recs|
400 * records have been decoded. For each record 'i':
401 * rrec[i].type - is the type of record
402 * rrec[i].data, - data
403 * rrec[i].length, - number of bytes
404 * Multiple records will only be returned if the record types are all
405 * SSL3_RT_APPLICATION_DATA. The number of records returned will always be <=
406 * |max_pipelines|
407 */
408 static int tls_get_more_records(OSSL_RECORD_LAYER *rl,
409 /* TODO(RECLAYER): Remove me */ SSL_CONNECTION *s)
410 {
411 int enc_err, rret;
412 int i;
413 size_t more, n;
414 SSL3_RECORD *rr, *thisrr;
415 SSL3_BUFFER *rbuf;
416 unsigned char *p;
417 unsigned char md[EVP_MAX_MD_SIZE];
418 unsigned int version;
419 size_t mac_size = 0;
420 int imac_size;
421 size_t num_recs = 0, max_recs, j;
422 PACKET pkt, sslv2pkt;
423 SSL_MAC_BUF *macbufs = NULL;
424 int ret = OSSL_RECORD_RETURN_FATAL;
425 SSL *ssl = SSL_CONNECTION_GET_SSL(s);
426
427 rr = rl->rrec;
428 rbuf = &rl->rbuf;
429 if (rbuf->buf == NULL) {
430 if (!rlayer_setup_read_buffer(rl)) {
431 /* RLAYERfatal() already called */
432 return OSSL_RECORD_RETURN_FATAL;
433 }
434 }
435
436 max_recs = s->max_pipelines;
437 if (max_recs == 0)
438 max_recs = 1;
439
440 do {
441 thisrr = &rr[num_recs];
442
443 /* check if we have the header */
444 if ((rl->rstate != SSL_ST_READ_BODY) ||
445 (rl->packet_length < SSL3_RT_HEADER_LENGTH)) {
446 size_t sslv2len;
447 unsigned int type;
448
449 rret = rl->funcs->read_n(rl, SSL3_RT_HEADER_LENGTH,
450 SSL3_BUFFER_get_len(rbuf), 0,
451 num_recs == 0 ? 1 : 0, &n);
452
453 if (rret < OSSL_RECORD_RETURN_SUCCESS)
454 return rret; /* error or non-blocking */
455
456 rl->rstate = SSL_ST_READ_BODY;
457
458 p = rl->packet;
459 if (!PACKET_buf_init(&pkt, p, rl->packet_length)) {
460 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
461 return OSSL_RECORD_RETURN_FATAL;
462 }
463 sslv2pkt = pkt;
464 if (!PACKET_get_net_2_len(&sslv2pkt, &sslv2len)
465 || !PACKET_get_1(&sslv2pkt, &type)) {
466 RLAYERfatal(rl, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR);
467 return OSSL_RECORD_RETURN_FATAL;
468 }
469 /*
470 * The first record received by the server may be a V2ClientHello.
471 */
472 if (rl->role == OSSL_RECORD_ROLE_SERVER
473 && rl->is_first_record
474 && (sslv2len & 0x8000) != 0
475 && (type == SSL2_MT_CLIENT_HELLO)) {
476 /*
477 * SSLv2 style record
478 *
479 * |num_recs| here will actually always be 0 because
480 * |num_recs > 0| only ever occurs when we are processing
481 * multiple app data records - which we know isn't the case here
482 * because it is an SSLv2ClientHello. We keep it using
483 * |num_recs| for the sake of consistency
484 */
485 thisrr->type = SSL3_RT_HANDSHAKE;
486 thisrr->rec_version = SSL2_VERSION;
487
488 thisrr->length = sslv2len & 0x7fff;
489
490 if (thisrr->length > SSL3_BUFFER_get_len(rbuf)
491 - SSL2_RT_HEADER_LENGTH) {
492 RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
493 SSL_R_PACKET_LENGTH_TOO_LONG);
494 return OSSL_RECORD_RETURN_FATAL;
495 }
496 } else {
497 /* SSLv3+ style record */
498
499 /* Pull apart the header into the SSL3_RECORD */
500 if (!PACKET_get_1(&pkt, &type)
501 || !PACKET_get_net_2(&pkt, &version)
502 || !PACKET_get_net_2_len(&pkt, &thisrr->length)) {
503 if (s->msg_callback)
504 s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, ssl,
505 s->msg_callback_arg);
506 RLAYERfatal(rl, SSL_AD_DECODE_ERROR, ERR_R_INTERNAL_ERROR);
507 return OSSL_RECORD_RETURN_FATAL;
508 }
509 thisrr->type = type;
510 thisrr->rec_version = version;
511
512 /*
513 * When we call validate_record_header() only records actually
514 * received in SSLv2 format should have the record version set
515 * to SSL2_VERSION. This way validate_record_header() can know
516 * what format the record was in based on the version.
517 */
518 if (thisrr->rec_version == SSL2_VERSION) {
519 RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION,
520 SSL_R_WRONG_VERSION_NUMBER);
521 return OSSL_RECORD_RETURN_FATAL;
522 }
523
524 if (s->msg_callback)
525 s->msg_callback(0, version, SSL3_RT_HEADER, p, 5, ssl,
526 s->msg_callback_arg);
527
528 if (thisrr->length >
529 SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {
530 RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
531 SSL_R_PACKET_LENGTH_TOO_LONG);
532 return OSSL_RECORD_RETURN_FATAL;
533 }
534 }
535
536 if (!rl->funcs->validate_record_header(rl, thisrr)) {
537 /* RLAYERfatal already called */
538 return OSSL_RECORD_RETURN_FATAL;
539 }
540
541 /* now rl->rstate == SSL_ST_READ_BODY */
542 }
543
544 /*
545 * rl->rstate == SSL_ST_READ_BODY, get and decode the data. Calculate
546 * how much more data we need to read for the rest of the record
547 */
548 if (thisrr->rec_version == SSL2_VERSION) {
549 more = thisrr->length + SSL2_RT_HEADER_LENGTH
550 - SSL3_RT_HEADER_LENGTH;
551 } else {
552 more = thisrr->length;
553 }
554
555 if (more > 0) {
556 /* now rl->packet_length == SSL3_RT_HEADER_LENGTH */
557
558 rret = rl->funcs->read_n(rl, more, more, 1, 0, &n);
559 if (rret < OSSL_RECORD_RETURN_SUCCESS)
560 return rret; /* error or non-blocking io */
561 }
562
563 /* set state for later operations */
564 rl->rstate = SSL_ST_READ_HEADER;
565
566 /*
567 * At this point, rl->packet_length == SSL3_RT_HEADER_LENGTH
568 * + thisrr->length, or rl->packet_length == SSL2_RT_HEADER_LENGTH
569 * + thisrr->length and we have that many bytes in rl->packet
570 */
571 if (thisrr->rec_version == SSL2_VERSION)
572 thisrr->input = &(rl->packet[SSL2_RT_HEADER_LENGTH]);
573 else
574 thisrr->input = &(rl->packet[SSL3_RT_HEADER_LENGTH]);
575
576 /*
577 * ok, we can now read from 'rl->packet' data into 'thisrr'.
578 * thisrr->input points at thisrr->length bytes, which need to be copied
579 * into thisrr->data by either the decryption or by the decompression.
580 * When the data is 'copied' into the thisrr->data buffer,
581 * thisrr->input will be updated to point at the new buffer
582 */
583
584 /*
585 * We now have - encrypted [ MAC [ compressed [ plain ] ] ]
586 * thisrr->length bytes of encrypted compressed stuff.
587 */
588
589 /* decrypt in place in 'thisrr->input' */
590 thisrr->data = thisrr->input;
591 thisrr->orig_len = thisrr->length;
592
593 /* Mark this record as not read by upper layers yet */
594 thisrr->read = 0;
595
596 num_recs++;
597
598 /* we have pulled in a full packet so zero things */
599 tls_reset_packet_length(rl);
600 rl->is_first_record = 0;
601 } while (num_recs < max_recs
602 && thisrr->type == SSL3_RT_APPLICATION_DATA
603 && RLAYER_USE_EXPLICIT_IV(rl)
604 && rl->enc_read_ctx != NULL
605 && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(rl->enc_read_ctx))
606 & EVP_CIPH_FLAG_PIPELINE) != 0
607 && tls_record_app_data_waiting(rl));
608
609 if (num_recs == 1
610 && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC
611 /* The following can happen in tlsany_meth after HRR */
612 && rl->version == TLS1_3_VERSION
613 && rl->is_first_handshake) {
614 /*
615 * CCS messages must be exactly 1 byte long, containing the value 0x01
616 */
617 if (thisrr->length != 1 || thisrr->data[0] != 0x01) {
618 RLAYERfatal(rl, SSL_AD_ILLEGAL_PARAMETER,
619 SSL_R_INVALID_CCS_MESSAGE);
620 return OSSL_RECORD_RETURN_FATAL;
621 }
622 /*
623 * CCS messages are ignored in TLSv1.3. We treat it like an empty
624 * handshake record
625 */
626 thisrr->type = SSL3_RT_HANDSHAKE;
627 if (++(rl->empty_record_count) > MAX_EMPTY_RECORDS) {
628 RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE,
629 SSL_R_UNEXPECTED_CCS_MESSAGE);
630 return OSSL_RECORD_RETURN_FATAL;
631 }
632 thisrr->read = 1;
633 rl->num_recs = 0;
634 rl->curr_rec = 0;
635 rl->num_released = 0;
636
637 return OSSL_RECORD_RETURN_SUCCESS;
638 }
639
640 if (rl->read_hash != NULL) {
641 const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(rl->read_hash);
642
643 if (tmpmd != NULL) {
644 imac_size = EVP_MD_get_size(tmpmd);
645 if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {
646 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
647 return OSSL_RECORD_RETURN_FATAL;
648 }
649 mac_size = (size_t)imac_size;
650 }
651 }
652
653 /*
654 * If in encrypt-then-mac mode calculate mac from encrypted record. All
655 * the details below are public so no timing details can leak.
656 */
657 if (rl->use_etm && rl->read_hash) {
658 unsigned char *mac;
659
660 for (j = 0; j < num_recs; j++) {
661 thisrr = &rr[j];
662
663 if (thisrr->length < mac_size) {
664 RLAYERfatal(rl, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_TOO_SHORT);
665 return OSSL_RECORD_RETURN_FATAL;
666 }
667 thisrr->length -= mac_size;
668 mac = thisrr->data + thisrr->length;
669 i = rl->funcs->mac(rl, thisrr, md, 0 /* not send */, s);
670 if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) {
671 RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC,
672 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
673 return OSSL_RECORD_RETURN_FATAL;
674 }
675 }
676 /*
677 * We've handled the mac now - there is no MAC inside the encrypted
678 * record
679 */
680 mac_size = 0;
681 }
682
683 if (mac_size > 0) {
684 macbufs = OPENSSL_zalloc(sizeof(*macbufs) * num_recs);
685 if (macbufs == NULL) {
686 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
687 return OSSL_RECORD_RETURN_FATAL;
688 }
689 }
690
691 /*
692 * TODO(RECLAYER): Only call rl functions once TLSv1.3/SSLv3 is moved to new
693 * record layer code
694 */
695 enc_err = rl->funcs->cipher(rl, rr, num_recs, 0, macbufs, mac_size, s);
696
697 /*-
698 * enc_err is:
699 * 0: if the record is publicly invalid, or an internal error, or AEAD
700 * decryption failed, or ETM decryption failed.
701 * 1: Success or MTE decryption failed (MAC will be randomised)
702 */
703 if (enc_err == 0) {
704 if (rl->alert != 0) {
705 /* RLAYERfatal() already got called */
706 goto end;
707 }
708 if (num_recs == 1 && ossl_statem_skip_early_data(s)) {
709 /*
710 * Valid early_data that we cannot decrypt will fail here. We treat
711 * it like an empty record.
712 */
713
714 thisrr = &rr[0];
715
716 if (!ossl_early_data_count_ok(s, thisrr->length,
717 EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
718 /* SSLfatal() already called */
719 goto end;
720 }
721
722 thisrr->length = 0;
723 thisrr->read = 1;
724 rl->num_recs = 0;
725 rl->curr_rec = 0;
726 rl->num_released = 0;
727 /* Reset the read sequence */
728 memset(rl->sequence, 0, sizeof(rl->sequence));
729 ret = 1;
730 goto end;
731 }
732 RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC,
733 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
734 goto end;
735 }
736 OSSL_TRACE_BEGIN(TLS) {
737 BIO_printf(trc_out, "dec %lu\n", (unsigned long)rr[0].length);
738 BIO_dump_indent(trc_out, rr[0].data, rr[0].length, 4);
739 } OSSL_TRACE_END(TLS);
740
741 /* r->length is now the compressed data plus mac */
742 if (rl->enc_read_ctx != NULL
743 && !rl->use_etm
744 && EVP_MD_CTX_get0_md(rl->read_hash) != NULL) {
745 /* rl->read_hash != NULL => mac_size != -1 */
746
747 for (j = 0; j < num_recs; j++) {
748 SSL_MAC_BUF *thismb = &macbufs[j];
749 thisrr = &rr[j];
750
751 i = rl->funcs->mac(rl, thisrr, md, 0 /* not send */, s);
752 if (i == 0 || thismb == NULL || thismb->mac == NULL
753 || CRYPTO_memcmp(md, thismb->mac, (size_t)mac_size) != 0)
754 enc_err = 0;
755 if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
756 enc_err = 0;
757 }
758 }
759
760 if (enc_err == 0) {
761 if (rl->alert != 0) {
762 /* We already called RLAYERfatal() */
763 goto end;
764 }
765 /*
766 * A separate 'decryption_failed' alert was introduced with TLS 1.0,
767 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
768 * failure is directly visible from the ciphertext anyway, we should
769 * not reveal which kind of error occurred -- this might become
770 * visible to an attacker (e.g. via a logfile)
771 */
772 RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC,
773 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
774 goto end;
775 }
776
777 for (j = 0; j < num_recs; j++) {
778 thisrr = &rr[j];
779
780 if (!rl->funcs->post_process_record(rl, thisrr, s)) {
781 /* RLAYERfatal already called */
782 goto end;
783 }
784
785 /*
786 * Check if the received packet overflows the current
787 * Max Fragment Length setting.
788 * Note: rl->max_frag_len > 0 and KTLS are mutually exclusive.
789 */
790 if (rl->max_frag_len > 0 && thisrr->length > rl->max_frag_len) {
791 RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
792 goto end;
793 }
794
795 thisrr->off = 0;
796 /*-
797 * So at this point the following is true
798 * thisrr->type is the type of record
799 * thisrr->length == number of bytes in record
800 * thisrr->off == offset to first valid byte
801 * thisrr->data == where to take bytes from, increment after use :-).
802 */
803
804 /* just read a 0 length packet */
805 if (thisrr->length == 0) {
806 if (++(rl->empty_record_count) > MAX_EMPTY_RECORDS) {
807 RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_RECORD_TOO_SMALL);
808 goto end;
809 }
810 } else {
811 rl->empty_record_count = 0;
812 }
813 }
814
815 if (s->early_data_state == SSL_EARLY_DATA_READING) {
816 thisrr = &rr[0];
817 if (thisrr->type == SSL3_RT_APPLICATION_DATA
818 && !ossl_early_data_count_ok(s, thisrr->length, 0, 0)) {
819 /* SSLfatal already called */
820 goto end;
821 }
822 }
823
824 rl->num_recs = num_recs;
825 rl->curr_rec = 0;
826 rl->num_released = 0;
827 ret = OSSL_RECORD_RETURN_SUCCESS;
828 end:
829 if (macbufs != NULL) {
830 for (j = 0; j < num_recs; j++) {
831 if (macbufs[j].alloced)
832 OPENSSL_free(macbufs[j].mac);
833 }
834 OPENSSL_free(macbufs);
835 }
836 return ret;
837 }
838
839 /* Shared by ssl3_meth and tls1_meth */
840 int tls_default_validate_record_header(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
841 {
842 size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
843
844 if (rec->rec_version != rl->version) {
845 RLAYERfatal(rl, SSL_AD_PROTOCOL_VERSION, SSL_R_WRONG_VERSION_NUMBER);
846 return 0;
847 }
848
849 #ifndef OPENSSL_NO_COMP
850 /*
851 * If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH
852 * does not include the compression overhead anyway.
853 */
854 if (rl->expand == NULL)
855 len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
856 #endif
857
858 if (rec->length > len) {
859 RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
860 SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
861 return 0;
862 }
863
864 return 1;
865 }
866
867 static int tls_do_uncompress(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
868 {
869 #ifndef OPENSSL_NO_COMP
870 int i;
871
872 if (rec->comp == NULL) {
873 rec->comp = (unsigned char *)
874 OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
875 }
876 if (rec->comp == NULL)
877 return 0;
878
879 i = COMP_expand_block(rl->expand, rec->comp,
880 SSL3_RT_MAX_PLAIN_LENGTH, rec->data, (int)rec->length);
881 if (i < 0)
882 return 0;
883 else
884 rec->length = i;
885 rec->data = rec->comp;
886 return 1;
887 #else
888 return 0;
889 #endif
890 }
891
892 /* Shared by tlsany_meth, ssl3_meth and tls1_meth */
893 int tls_default_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, SSL_CONNECTION *s)
894 {
895 if (rl->expand != NULL) {
896 if (rec->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
897 RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
898 SSL_R_COMPRESSED_LENGTH_TOO_LONG);
899 return 0;
900 }
901 if (!tls_do_uncompress(rl, rec)) {
902 RLAYERfatal(rl, SSL_AD_DECOMPRESSION_FAILURE,
903 SSL_R_BAD_DECOMPRESSION);
904 return 0;
905 }
906 }
907
908 if (rec->length > SSL3_RT_MAX_PLAIN_LENGTH) {
909 RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
910 return 0;
911 }
912
913 return 1;
914 }
915
916 /* Shared by tls13_meth and ktls_meth */
917 int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec,
918 SSL_CONNECTION *s)
919 {
920 SSL *ssl = SSL_CONNECTION_GET_SSL(s);
921
922 if (rec->type != SSL3_RT_APPLICATION_DATA
923 && rec->type != SSL3_RT_ALERT
924 && rec->type != SSL3_RT_HANDSHAKE) {
925 RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE);
926 return 0;
927 }
928
929 if (s->msg_callback)
930 s->msg_callback(0, rl->version, SSL3_RT_INNER_CONTENT_TYPE,
931 &rec->type, 1, ssl, s->msg_callback_arg);
932
933 /*
934 * TLSv1.3 alert and handshake records are required to be non-zero in
935 * length.
936 */
937 if ((rec->type == SSL3_RT_HANDSHAKE
938 || rec->type == SSL3_RT_ALERT)
939 && rec->length == 0) {
940 RLAYERfatal(rl, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_LENGTH);
941 return 0;
942 }
943
944 return 1;
945 }
946
947 int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
948 int *type, unsigned char **data, size_t *datalen,
949 uint16_t *epoch, unsigned char *seq_num,
950 /* TODO(RECLAYER): Remove me */ SSL_CONNECTION *s)
951 {
952 SSL3_RECORD *rec;
953
954 /*
955 * tls_get_more_records() can return success without actually reading
956 * anything useful (i.e. if empty records are read). We loop here until
957 * we have something useful. tls_get_more_records() will eventually fail if
958 * too many sequential empty records are read.
959 */
960 while (rl->curr_rec >= rl->num_recs) {
961 int ret;
962
963 if (rl->num_released != rl->num_recs) {
964 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_RECORDS_NOT_RELEASED);
965 return OSSL_RECORD_RETURN_FATAL;
966 }
967
968 ret = tls_get_more_records(rl, s);
969
970 if (ret != OSSL_RECORD_RETURN_SUCCESS)
971 return ret;
972 }
973
974 /*
975 * We have now got rl->num_recs records buffered in rl->rrec. rl->curr_rec
976 * points to the next one to read.
977 */
978 rec = &rl->rrec[rl->curr_rec++];
979
980 *rechandle = rec;
981 *rversion = rec->rec_version;
982 *type = rec->type;
983 *data = rec->data;
984 *datalen = rec->length;
985
986 return OSSL_RECORD_RETURN_SUCCESS;
987 }
988
989 int tls_release_record(OSSL_RECORD_LAYER *rl, void *rechandle)
990 {
991 if (!ossl_assert(rl->num_released < rl->curr_rec)
992 || !ossl_assert(rechandle == &rl->rrec[rl->num_released])) {
993 /* Should not happen */
994 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_INVALID_RECORD);
995 return OSSL_RECORD_RETURN_FATAL;
996 }
997
998 rl->num_released++;
999
1000 return OSSL_RECORD_RETURN_SUCCESS;
1001 }
1002
1003 int
1004 tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
1005 int role, int direction, int level, unsigned char *key,
1006 size_t keylen, unsigned char *iv, size_t ivlen,
1007 unsigned char *mackey, size_t mackeylen,
1008 const EVP_CIPHER *ciph, size_t taglen,
1009 /* TODO(RECLAYER): This probably should not be an int */
1010 int mactype,
1011 const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
1012 BIO *transport, BIO *next, BIO_ADDR *local,
1013 BIO_ADDR *peer, const OSSL_PARAM *settings,
1014 const OSSL_PARAM *options, OSSL_RECORD_LAYER **retrl,
1015 /* TODO(RECLAYER): Remove me */
1016 SSL_CONNECTION *s)
1017 {
1018 OSSL_RECORD_LAYER *rl = OPENSSL_zalloc(sizeof(*rl));
1019 const OSSL_PARAM *p;
1020
1021 *retrl = NULL;
1022
1023 if (rl == NULL) {
1024 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
1025 return OSSL_RECORD_RETURN_FATAL;
1026 }
1027
1028 /*
1029 * TODO(RECLAYER): Need to handle the case where the params are updated
1030 * after the record layer has been created.
1031 */
1032 p = OSSL_PARAM_locate_const(options, OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS);
1033 if (p != NULL && !OSSL_PARAM_get_uint64(p, &rl->options)) {
1034 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
1035 goto err;
1036 }
1037
1038 p = OSSL_PARAM_locate_const(options, OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE);
1039 if (p != NULL && !OSSL_PARAM_get_uint32(p, &rl->mode)) {
1040 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
1041 goto err;
1042 }
1043
1044 /* Loop through all the settings since they must all be understood */
1045 for (p = settings; p->key != NULL; p++) {
1046 if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM) == 0) {
1047 if (!OSSL_PARAM_get_int(p, &rl->use_etm)) {
1048 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
1049 goto err;
1050 }
1051 } else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN) == 0) {
1052 if (!OSSL_PARAM_get_uint(p, &rl->max_frag_len)) {
1053 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
1054 goto err;
1055 }
1056 } else {
1057 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_MANDATORY_PARAMETER);
1058 goto err;
1059 }
1060 }
1061
1062
1063 if (level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) {
1064 /*
1065 * We ignore any read_ahead setting prior to the application protection
1066 * level. Otherwise we may read ahead data in a lower protection level
1067 * that is destined for a higher protection level. To simplify the logic
1068 * we don't support that at this stage.
1069 */
1070 /*
1071 * TODO(RECLAYER): Handle the case of read_ahead at the application
1072 * level and a key update/reneg occurs.
1073 */
1074 p = OSSL_PARAM_locate_const(options, OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD);
1075 if (p != NULL && !OSSL_PARAM_get_int(p, &rl->read_ahead)) {
1076 RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
1077 goto err;
1078 }
1079 }
1080
1081 rl->libctx = libctx;
1082 rl->propq = propq;
1083
1084 rl->version = vers;
1085 rl->role = role;
1086 rl->direction = direction;
1087
1088 if (level == OSSL_RECORD_PROTECTION_LEVEL_NONE)
1089 rl->is_first_record = 1;
1090
1091 if (!tls_set1_bio(rl, transport))
1092 goto err;
1093
1094 if (prev != NULL && !BIO_up_ref(prev))
1095 goto err;
1096 rl->prev = prev;
1097
1098 if (next != NULL && !BIO_up_ref(next))
1099 goto err;
1100 rl->next = next;
1101
1102 *retrl = rl;
1103 return OSSL_RECORD_RETURN_SUCCESS;
1104 err:
1105 tls_int_free(rl);
1106 return OSSL_RECORD_RETURN_FATAL;
1107 }
1108
1109 static int
1110 tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
1111 int role, int direction, int level, unsigned char *key,
1112 size_t keylen, unsigned char *iv, size_t ivlen,
1113 unsigned char *mackey, size_t mackeylen,
1114 const EVP_CIPHER *ciph, size_t taglen,
1115 /* TODO(RECLAYER): This probably should not be an int */
1116 int mactype,
1117 const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
1118 BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
1119 const OSSL_PARAM *settings, const OSSL_PARAM *options,
1120 OSSL_RECORD_LAYER **retrl,
1121 /* TODO(RECLAYER): Remove me */
1122 SSL_CONNECTION *s)
1123 {
1124 int ret;
1125
1126 ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
1127 key, keylen, iv, ivlen, mackey, mackeylen,
1128 ciph, taglen, mactype, md, comp, prev,
1129 transport, next, local, peer, settings,
1130 options, retrl, s);
1131
1132 if (ret != OSSL_RECORD_RETURN_SUCCESS)
1133 return ret;
1134
1135 switch (vers) {
1136 case TLS_ANY_VERSION:
1137 (*retrl)->funcs = &tls_any_funcs;
1138 break;
1139 case TLS1_3_VERSION:
1140 (*retrl)->funcs = &tls_1_3_funcs;
1141 break;
1142 case TLS1_2_VERSION:
1143 case TLS1_1_VERSION:
1144 case TLS1_VERSION:
1145 (*retrl)->funcs = &tls_1_funcs;
1146 break;
1147 case SSL3_VERSION:
1148 (*retrl)->funcs = &ssl_3_0_funcs;
1149 break;
1150 default:
1151 /* Should not happen */
1152 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
1153 ret = OSSL_RECORD_RETURN_FATAL;
1154 goto err;
1155 }
1156
1157 ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
1158 ivlen, mackey, mackeylen, ciph,
1159 taglen, mactype, md, comp, s);
1160
1161 err:
1162 if (ret != OSSL_RECORD_RETURN_SUCCESS) {
1163 OPENSSL_free(*retrl);
1164 *retrl = NULL;
1165 }
1166 return ret;
1167 }
1168
1169 /* TODO(RECLAYER): Temporary funcs */
1170 static int dtls_set_protocol_version(OSSL_RECORD_LAYER *rl, int version)
1171 {
1172 rl->version = version;
1173 return 1;
1174 }
1175 static struct record_functions_st dtls_funcs = {
1176 NULL,
1177 NULL,
1178 NULL,
1179 NULL,
1180 dtls_set_protocol_version,
1181 NULL
1182 };
1183
1184 static int
1185 dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
1186 int role, int direction, int level, unsigned char *key,
1187 size_t keylen, unsigned char *iv, size_t ivlen,
1188 unsigned char *mackey, size_t mackeylen,
1189 const EVP_CIPHER *ciph, size_t taglen,
1190 /* TODO(RECLAYER): This probably should not be an int */
1191 int mactype,
1192 const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
1193 BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
1194 const OSSL_PARAM *settings, const OSSL_PARAM *options,
1195 OSSL_RECORD_LAYER **retrl,
1196 /* TODO(RECLAYER): Remove me */
1197 SSL_CONNECTION *s)
1198 {
1199 int ret;
1200
1201
1202 ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
1203 key, keylen, iv, ivlen, mackey, mackeylen,
1204 ciph, taglen, mactype, md, comp, prev,
1205 transport, next, local, peer, settings,
1206 options, retrl, s);
1207
1208 if (ret != OSSL_RECORD_RETURN_SUCCESS)
1209 return ret;
1210
1211 (*retrl)->isdtls = 1;
1212 (*retrl)->funcs = &dtls_funcs;
1213
1214 return OSSL_RECORD_RETURN_SUCCESS;
1215 }
1216
1217 static void tls_int_free(OSSL_RECORD_LAYER *rl)
1218 {
1219 /* TODO(RECLAYER): Cleanse sensitive fields */
1220 BIO_free(rl->prev);
1221 BIO_free(rl->bio);
1222 BIO_free(rl->next);
1223 SSL3_BUFFER_release(&rl->rbuf);
1224
1225 EVP_CIPHER_CTX_free(rl->enc_read_ctx);
1226 EVP_MD_CTX_free(rl->read_hash);
1227 #ifndef OPENSSL_NO_COMP
1228 COMP_CTX_free(rl->expand);
1229 #endif
1230
1231 OPENSSL_free(rl);
1232 }
1233
1234 int tls_free(OSSL_RECORD_LAYER *rl)
1235 {
1236 SSL3_BUFFER *rbuf;
1237 size_t left, written;
1238 int ret = 1;
1239
1240 rbuf = &rl->rbuf;
1241
1242 left = SSL3_BUFFER_get_left(rbuf);
1243 if (left > 0) {
1244 /*
1245 * This record layer is closing but we still have data left in our
1246 * buffer. It must be destined for the next epoch - so push it there.
1247 */
1248 ret = BIO_write_ex(rl->next, rbuf->buf + rbuf->offset, left, &written);
1249 }
1250 tls_int_free(rl);
1251
1252 return ret;
1253 }
1254
1255
1256 int tls_reset(OSSL_RECORD_LAYER *rl)
1257 {
1258 memset(rl, 0, sizeof(*rl));
1259 return 1;
1260 }
1261
1262 int tls_unprocessed_read_pending(OSSL_RECORD_LAYER *rl)
1263 {
1264 return SSL3_BUFFER_get_left(&rl->rbuf) != 0;
1265 }
1266
1267 int tls_processed_read_pending(OSSL_RECORD_LAYER *rl)
1268 {
1269 return rl->curr_rec < rl->num_recs;
1270 }
1271
1272 size_t tls_app_data_pending(OSSL_RECORD_LAYER *rl)
1273 {
1274 return 0;
1275 }
1276
1277 int tls_write_pending(OSSL_RECORD_LAYER *rl)
1278 {
1279 return 0;
1280 }
1281
1282 size_t tls_get_max_record_len(OSSL_RECORD_LAYER *rl)
1283 {
1284 return 0;
1285 }
1286
1287 size_t tls_get_max_records(OSSL_RECORD_LAYER *rl)
1288 {
1289 return 0;
1290 }
1291
1292 int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE **templates,
1293 size_t numtempl, size_t allowance, size_t *sent)
1294 {
1295 return 0;
1296 }
1297
1298 int tls_retry_write_records(OSSL_RECORD_LAYER *rl, size_t allowance,
1299 size_t *sent)
1300 {
1301 return 0;
1302 }
1303
1304
1305 int tls_get_alert_code(OSSL_RECORD_LAYER *rl)
1306 {
1307 return rl->alert;
1308 }
1309
1310 int tls_set1_bio(OSSL_RECORD_LAYER *rl, BIO *bio)
1311 {
1312 if (bio != NULL && !BIO_up_ref(bio))
1313 return 0;
1314 BIO_free(rl->bio);
1315 rl->bio = bio;
1316
1317 return 1;
1318 }
1319
1320 /* Shared by most methods except tlsany_meth */
1321 int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version)
1322 {
1323 if (rl->version != version)
1324 return 0;
1325
1326 return 1;
1327 }
1328
1329 int tls_set_protocol_version(OSSL_RECORD_LAYER *rl, int version)
1330 {
1331 return rl->funcs->set_protocol_version(rl, version);
1332 }
1333
1334 void tls_set_plain_alerts(OSSL_RECORD_LAYER *rl, int allow)
1335 {
1336 rl->allow_plain_alerts = allow;
1337 }
1338
1339 void tls_set_first_handshake(OSSL_RECORD_LAYER *rl, int first)
1340 {
1341 rl->is_first_handshake = first;
1342 }
1343
1344 SSL3_BUFFER *tls_get0_rbuf(OSSL_RECORD_LAYER *rl)
1345 {
1346 return &rl->rbuf;
1347 }
1348
1349 unsigned char *tls_get0_packet(OSSL_RECORD_LAYER *rl)
1350 {
1351 return rl->packet;
1352 }
1353
1354 void tls_set0_packet(OSSL_RECORD_LAYER *rl, unsigned char *packet,
1355 size_t packetlen)
1356 {
1357 rl->packet = packet;
1358 rl->packet_length = packetlen;
1359 }
1360
1361 size_t tls_get_packet_length(OSSL_RECORD_LAYER *rl)
1362 {
1363 return rl->packet_length;
1364 }
1365
1366 const OSSL_RECORD_METHOD ossl_tls_record_method = {
1367 tls_new_record_layer,
1368 tls_free,
1369 tls_reset,
1370 tls_unprocessed_read_pending,
1371 tls_processed_read_pending,
1372 tls_app_data_pending,
1373 tls_write_pending,
1374 tls_get_max_record_len,
1375 tls_get_max_records,
1376 tls_write_records,
1377 tls_retry_write_records,
1378 tls_read_record,
1379 tls_release_record,
1380 tls_get_alert_code,
1381 tls_set1_bio,
1382 tls_set_protocol_version,
1383 tls_set_plain_alerts,
1384 tls_set_first_handshake,
1385
1386 /*
1387 * TODO(RECLAYER): Remove these. These function pointers are temporary hacks
1388 * during the record layer refactoring. They need to be removed before the
1389 * refactor is complete.
1390 */
1391 tls_default_read_n,
1392 tls_get0_rbuf,
1393 tls_get0_packet,
1394 tls_set0_packet,
1395 tls_get_packet_length,
1396 tls_reset_packet_length
1397 };
1398
1399 const OSSL_RECORD_METHOD ossl_dtls_record_method = {
1400 dtls_new_record_layer,
1401 tls_free,
1402 tls_reset,
1403 tls_unprocessed_read_pending,
1404 tls_processed_read_pending,
1405 tls_app_data_pending,
1406 tls_write_pending,
1407 tls_get_max_record_len,
1408 tls_get_max_records,
1409 tls_write_records,
1410 tls_retry_write_records,
1411 tls_read_record,
1412 tls_release_record,
1413 tls_get_alert_code,
1414 tls_set1_bio,
1415 tls_set_protocol_version,
1416 NULL,
1417 tls_set_first_handshake,
1418
1419 /*
1420 * TODO(RECLAYER): Remove these. These function pointers are temporary hacks
1421 * during the record layer refactoring. They need to be removed before the
1422 * refactor is complete.
1423 */
1424 tls_default_read_n,
1425 tls_get0_rbuf,
1426 tls_get0_packet,
1427 tls_set0_packet,
1428 tls_get_packet_length,
1429 tls_reset_packet_length
1430 };
A mirror of the official openssl repository