size_t ivlen, unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
- const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
+ const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
const OSSL_DISPATCH *fns, void *cbarg,
tls_set_max_pipelines,
dtls_set_in_init,
tls_get_state,
- tls_set_options
+ tls_set_options,
+ tls_get_compression
};
size_t taglen,
int mactype,
const EVP_MD *md,
- const SSL_COMP *comp)
+ COMP_METHOD *comp)
{
ktls_crypto_info_t crypto_info;
size_t ivlen, unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
- const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
+ const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
const OSSL_DISPATCH *fns, void *cbarg,
/*
* TODO(RECLAYER): We're not ready to set the crypto state for the write
- * record layer. Fix this once we are
+ * record layer in TLSv1.3. Fix this once we are
*/
- if (direction == OSSL_RECORD_DIRECTION_WRITE)
+ if (direction == OSSL_RECORD_DIRECTION_WRITE && vers == TLS1_3_VERSION)
return 1;
+
ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
ivlen, mackey, mackeylen, ciph,
taglen, mactype, md, comp);
tls_set_max_pipelines,
NULL,
tls_get_state,
- tls_set_options
+ tls_set_options,
+ tls_get_compression
};
size_t taglen,
int mactype,
const EVP_MD *md,
- const SSL_COMP *comp);
+ COMP_METHOD *comp);
/*
* Returns:
unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
- const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
+ const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
BIO *transport, BIO *next,
BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
void tls_get_state(OSSL_RECORD_LAYER *rl, const char **shortstr,
const char **longstr);
int tls_set_options(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options);
+const COMP_METHOD *tls_get_compression(OSSL_RECORD_LAYER *rl);
int tls_setup_read_buffer(OSSL_RECORD_LAYER *rl);
int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes,
size_t firstlen, size_t nextlen);
size_t taglen,
int mactype,
const EVP_MD *md,
- const SSL_COMP *comp)
+ COMP_METHOD *comp)
{
EVP_CIPHER_CTX *ciph_ctx;
}
#ifndef OPENSSL_NO_COMP
if (comp != NULL) {
- rl->compctx = COMP_CTX_new(comp->method);
+ rl->compctx = COMP_CTX_new(comp);
if (rl->compctx == NULL) {
ERR_raise(ERR_LIB_SSL, SSL_R_COMPRESSION_LIBRARY_ERROR);
return OSSL_RECORD_RETURN_FATAL;
size_t taglen,
int mactype,
const EVP_MD *md,
- const SSL_COMP *comp)
+ COMP_METHOD *comp)
{
EVP_CIPHER_CTX *ciph_ctx;
int mode;
size_t taglen,
int mactype,
const EVP_MD *md,
- const SSL_COMP *comp)
+ COMP_METHOD *comp)
{
EVP_CIPHER_CTX *ciph_ctx;
EVP_PKEY *mac_key;
}
#ifndef OPENSSL_NO_COMP
if (comp != NULL) {
- rl->compctx = COMP_CTX_new(comp->method);
+ rl->compctx = COMP_CTX_new(comp);
if (rl->compctx == NULL) {
ERR_raise(ERR_LIB_SSL, SSL_R_COMPRESSION_LIBRARY_ERROR);
return OSSL_RECORD_RETURN_FATAL;
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/core_names.h>
+#include <openssl/comp.h>
#include "internal/e_os.h"
#include "internal/packet.h"
#include "../../ssl_local.h"
unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
- const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
+ const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
BIO *transport, BIO *next, BIO_ADDR *local,
BIO_ADDR *peer, const OSSL_PARAM *settings,
const OSSL_PARAM *options,
size_t ivlen, unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
- const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
+ const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
const OSSL_DISPATCH *fns, void *cbarg,
*longstr = lng;
}
+const COMP_METHOD *tls_get_compression(OSSL_RECORD_LAYER *rl)
+{
+#ifndef OPENSSL_NO_COMP
+ return (rl->compctx == NULL) ? NULL : COMP_CTX_get_method(rl->compctx);
+#else
+ return NULL;
+#endif
+}
+
const OSSL_RECORD_METHOD ossl_tls_record_method = {
tls_new_record_layer,
tls_free,
tls_set_max_pipelines,
NULL,
tls_get_state,
- tls_set_options
+ tls_set_options,
+ tls_get_compression
};
size_t taglen,
int mactype,
const EVP_MD *md,
- const SSL_COMP *comp)
+ COMP_METHOD *comp)
{
if (level != OSSL_RECORD_PROTECTION_LEVEL_NONE) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
unsigned int maxfrag = SSL3_RT_MAX_PLAIN_LENGTH;
int use_early_data = 0;
uint32_t max_early_data;
+ COMP_METHOD *compm = (comp == NULL) ? NULL : comp->method;
meth = ssl_select_next_record_layer(s, level);
s->server, direction, level, epoch,
key, keylen, iv, ivlen, mackey,
mackeylen, ciph, taglen, mactype, md,
- comp, prev, thisbio, next, NULL, NULL,
+ compm, prev, thisbio, next, NULL, NULL,
settings, options, rlayer_dispatch_tmp,
s, &newrl);
BIO_free(prev);
size_t taglen,
int mactype,
const EVP_MD *md,
- const SSL_COMP *comp,
+ COMP_METHOD *comp,
BIO *prev,
BIO *transport,
BIO *next,
* new_record_layer call.
*/
int (*set_options)(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options);
+
+ const COMP_METHOD *(*get_compression)(OSSL_RECORD_LAYER *rl);
};
if (sc == NULL)
return NULL;
- return sc->compress ? COMP_CTX_get_method(sc->compress) : NULL;
+ /* TODO(RECLAYER): Remove me once SSLv3/DTLS moved to write record layer */
+ if (SSL_CONNECTION_IS_DTLS(sc) || sc->version == SSL3_VERSION)
+ return sc->compress ? COMP_CTX_get_method(sc->compress) : NULL;
+
+ return sc->rlayer.wrlmethod->get_compression(sc->rlayer.wrl);
#else
return NULL;
#endif
if (sc == NULL)
return NULL;
- return sc->expand ? COMP_CTX_get_method(sc->expand) : NULL;
+ return sc->rlayer.rrlmethod->get_compression(sc->rlayer.rrl);
#else
return NULL;
#endif
goto end;
cbuf[0] = count++;
- memcpy(crec_wseq_before, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
+ /* TODO(RECLAYER): Remove me once TLSv1.3 write side converted */
+ if (SSL_CONNECTION_IS_TLS13(serversc)) {
+ memcpy(crec_wseq_before, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
+ memcpy(srec_wseq_before, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
+ } else {
+ memcpy(crec_wseq_before, &clientsc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
+ memcpy(srec_wseq_before, &serversc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
+ }
memcpy(crec_rseq_before, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
- memcpy(srec_wseq_before, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_before, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf)))
}
}
- memcpy(crec_wseq_after, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
+ /* TODO(RECLAYER): Remove me once TLSv1.3 write side converted */
+ if (SSL_CONNECTION_IS_TLS13(serversc)) {
+ memcpy(crec_wseq_after, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
+ memcpy(srec_wseq_after, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
+ } else {
+ memcpy(crec_wseq_after, &clientsc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
+ memcpy(srec_wseq_after, &serversc->rlayer.wrl->sequence, SEQ_NUM_SIZE);
+ }
memcpy(crec_rseq_after, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
- memcpy(srec_wseq_after, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
memcpy(srec_rseq_after, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
/* verify the payload */