From: Matt Caswell Date: Wed, 31 Aug 2022 14:41:16 +0000 (+0100) Subject: Move the record padding callback fully into the record layer X-Git-Tag: openssl-3.2.0-alpha1~2029 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5f95eb77e780cc0b90a7da6cc4f79c7bb153ca64;p=thirdparty%2Fopenssl.git Move the record padding callback fully into the record layer We wrap the callback and pass it to the record layer via the dispatch array, in order to avoid accessing it directly via SSL_CONNECTION. Reviewed-by: Hugo Landau Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/19198) --- diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h index 294bec3e086..5fa451d916f 100644 --- a/ssl/record/methods/recmethod_local.h +++ b/ssl/record/methods/recmethod_local.h @@ -209,6 +209,7 @@ struct ossl_record_layer_st OSSL_FUNC_rlayer_skip_early_data_fn *skip_early_data; OSSL_FUNC_rlayer_msg_callback_fn *msg_callback; OSSL_FUNC_rlayer_security_fn *security; + OSSL_FUNC_rlayer_padding_fn *padding; size_t max_pipelines; diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 987fdff6d11..e3cc6c14dc9 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -1226,6 +1226,8 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, case OSSL_FUNC_RLAYER_SECURITY: rl->security = OSSL_FUNC_rlayer_security(fns); break; + case OSSL_FUNC_RLAYER_PADDING: + rl->padding = OSSL_FUNC_rlayer_padding(fns); default: /* Just ignore anything we don't understand */ break; @@ -1661,9 +1663,9 @@ int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, if (rlen < max_send_fragment) { size_t padding = 0; size_t max_padding = max_send_fragment - rlen; - if (s->record_padding_cb != NULL) { - padding = s->record_padding_cb(ssl, thistempl->type, rlen, - s->record_padding_arg); + + if (rl->padding != NULL) { + padding = rl->padding(rl->cbarg, thistempl->type, rlen); } else if (s->block_padding > 0) { size_t mask = s->block_padding - 1; size_t remainder; diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index c8951d45dbf..6d0251407ff 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1192,10 +1192,20 @@ static int rlayer_security_wrapper(void *cbarg, int op, int bits, int nid, return ssl_security(s, op, bits, nid, other); } +static OSSL_FUNC_rlayer_padding_fn rlayer_padding_wrapper; +static size_t rlayer_padding_wrapper(void *cbarg, int type, size_t len) +{ + SSL_CONNECTION *s = cbarg; + SSL *ssl = SSL_CONNECTION_GET_SSL(s); + + return s->record_padding_cb(ssl, type, len, s->record_padding_arg); +} + static const OSSL_DISPATCH rlayer_dispatch[] = { { OSSL_FUNC_RLAYER_SKIP_EARLY_DATA, (void (*)(void))ossl_statem_skip_early_data }, { OSSL_FUNC_RLAYER_MSG_CALLBACK, (void (*)(void))rlayer_msg_callback_wrapper }, { OSSL_FUNC_RLAYER_SECURITY, (void (*)(void))rlayer_security_wrapper }, + { OSSL_FUNC_RLAYER_PADDING, (void (*)(void))rlayer_padding_wrapper }, { 0, NULL } }; @@ -1370,7 +1380,9 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int rlret; BIO *prev = NULL; BIO *next = NULL; - unsigned int epoch = 0;; + unsigned int epoch = 0; + OSSL_DISPATCH rlayer_dispatch_tmp[OSSL_NELEM(rlayer_dispatch)]; + size_t i, j; if (direction == OSSL_RECORD_DIRECTION_READ) { prev = s->rlayer.rrlnext; @@ -1391,13 +1403,33 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, s->rlayer.rrlnext = next; } + /* + * Create a copy of the dispatch array, missing out wrappers for + * callbacks that we don't need. + */ + for (i = 0, j = 0; i < OSSL_NELEM(rlayer_dispatch); i++) { + switch (rlayer_dispatch[i].function_id) { + case OSSL_FUNC_RLAYER_MSG_CALLBACK: + if (s->msg_callback == NULL) + continue; + break; + case OSSL_FUNC_RLAYER_PADDING: + if (s->record_padding_cb == NULL) + continue; + break; + default: + break; + } + rlayer_dispatch_tmp[j++] = rlayer_dispatch[i]; + } + rlret = meth->new_record_layer(sctx->libctx, sctx->propq, version, s->server, direction, level, epoch, key, keylen, iv, ivlen, mackey, mackeylen, ciph, taglen, mactype, md, comp, prev, thisbio, next, NULL, NULL, - settings, options, rlayer_dispatch, s, - &newrl); + settings, options, rlayer_dispatch_tmp, + s, &newrl); BIO_free(prev); switch (rlret) { case OSSL_RECORD_RETURN_FATAL: diff --git a/ssl/record/record.h b/ssl/record/record.h index 75080e653ea..19021ca0135 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -271,4 +271,6 @@ OSSL_CORE_MAKE_FUNC(void, rlayer_msg_callback, (int write_p, int version, void *cbarg)) # define OSSL_FUNC_RLAYER_SECURITY 3 OSSL_CORE_MAKE_FUNC(int, rlayer_security, (void *cbarg, int op, int bits, - int nid, void *other)) \ No newline at end of file + int nid, void *other)) +# define OSSL_FUNC_RLAYER_PADDING 4 +OSSL_CORE_MAKE_FUNC(size_t, rlayer_padding, (void *cbarg, int type, size_t len))