ssl/record/ssl3_record.c

   1 /*
   2  * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <assert.h>
  11 #include "../ssl_local.h"
  12 #include <openssl/trace.h>
  13 #include <openssl/rand.h>
  14 #include <openssl/core_names.h>
  15 #include "record_local.h"
  16 #include "internal/cryptlib.h"
  17
  18 void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs)
  19 {
  20     size_t i;
  21
  22     for (i = 0; i < num_recs; i++) {
  23         OPENSSL_free(r[i].comp);
  24         r[i].comp = NULL;
  25     }
  26 }
  27
  28 void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
  29 {
  30     memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE);
  31 }
  32
  33 uint32_t ossl_get_max_early_data(SSL_CONNECTION *s)
  34 {
  35     uint32_t max_early_data;
  36     SSL_SESSION *sess = s->session;
  37
  38     /*
  39      * If we are a client then we always use the max_early_data from the
  40      * session/psksession. Otherwise we go with the lowest out of the max early
  41      * data set in the session and the configured max_early_data.
  42      */
  43     if (!s->server && sess->ext.max_early_data == 0) {
  44         if (!ossl_assert(s->psksession != NULL
  45                          && s->psksession->ext.max_early_data > 0)) {
  46             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  47             return 0;
  48         }
  49         sess = s->psksession;
  50     }
  51
  52     if (!s->server)
  53         max_early_data = sess->ext.max_early_data;
  54     else if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
  55         max_early_data = s->recv_max_early_data;
  56     else
  57         max_early_data = s->recv_max_early_data < sess->ext.max_early_data
  58                          ? s->recv_max_early_data : sess->ext.max_early_data;
  59
  60     return max_early_data;
  61 }
  62
  63 int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length, size_t overhead,
  64                              int send)
  65 {
  66     uint32_t max_early_data;
  67
  68     max_early_data = ossl_get_max_early_data(s);
  69
  70     if (max_early_data == 0) {
  71         SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
  72                  SSL_R_TOO_MUCH_EARLY_DATA);
  73         return 0;
  74     }
  75
  76     /* If we are dealing with ciphertext we need to allow for the overhead */
  77     max_early_data += overhead;
  78
  79     if (s->early_data_count + length > max_early_data) {
  80         SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
  81                  SSL_R_TOO_MUCH_EARLY_DATA);
  82         return 0;
  83     }
  84     s->early_data_count += length;
  85
  86     return 1;
  87 }