return OSSL_RECORD_RETURN_SUCCESS;
}
+int tls_set_options(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options)
+{
+ const OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate_const(options, OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS);
+ if (p != NULL && !OSSL_PARAM_get_uint64(p, &rl->options)) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+
+ p = OSSL_PARAM_locate_const(options, OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE);
+ if (p != NULL && !OSSL_PARAM_get_uint32(p, &rl->mode)) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+
+ p = OSSL_PARAM_locate_const(options,
+ OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN);
+ if (p != NULL && !OSSL_PARAM_get_size_t(p, &rl->rbuf.default_len)) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+
+ if (rl->level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) {
+ /*
+ * We ignore any read_ahead setting prior to the application protection
+ * level. Otherwise we may read ahead data in a lower protection level
+ * that is destined for a higher protection level. To simplify the logic
+ * we don't support that at this stage.
+ */
+ p = OSSL_PARAM_locate_const(options,
+ OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD);
+ if (p != NULL && !OSSL_PARAM_get_int(p, &rl->read_ahead)) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
int
tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
int role, int direction, int level, unsigned char *key,
return OSSL_RECORD_RETURN_FATAL;
}
- /*
- * TODO(RECLAYER): Need to handle the case where the params are updated
- * after the record layer has been created.
- */
- p = OSSL_PARAM_locate_const(options, OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS);
- if (p != NULL && !OSSL_PARAM_get_uint64(p, &rl->options)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
- goto err;
- }
-
- p = OSSL_PARAM_locate_const(options, OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE);
- if (p != NULL && !OSSL_PARAM_get_uint32(p, &rl->mode)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
- goto err;
- }
-
- p = OSSL_PARAM_locate_const(options, OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN);
- if (p != NULL && !OSSL_PARAM_get_size_t(p, &rl->rbuf.default_len)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
- goto err;
- }
-
/* Loop through all the settings since they must all be understood */
if (settings != NULL) {
for (p = settings; p->key != NULL; p++) {
}
}
-
- if (level == OSSL_RECORD_PROTECTION_LEVEL_APPLICATION) {
- /*
- * We ignore any read_ahead setting prior to the application protection
- * level. Otherwise we may read ahead data in a lower protection level
- * that is destined for a higher protection level. To simplify the logic
- * we don't support that at this stage.
- */
- p = OSSL_PARAM_locate_const(options, OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD);
- if (p != NULL && !OSSL_PARAM_get_int(p, &rl->read_ahead)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
- goto err;
- }
- }
-
rl->libctx = libctx;
rl->propq = propq;
}
}
+ if (!tls_set_options(rl, options)) {
+ RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
+ goto err;
+ }
+
*retrl = rl;
return OSSL_RECORD_RETURN_SUCCESS;
err:
tls_set_first_handshake,
tls_set_max_pipelines,
NULL,
- tls_get_state
+ tls_get_state,
+ tls_set_options
};
#include <openssl/async.h>
#include <openssl/ct.h>
#include <openssl/trace.h>
+#include <openssl/core_names.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"
#include "internal/ktls.h"
void SSL_set_read_ahead(SSL *s, int yes)
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+ OSSL_PARAM options[2], *opts = options;
if (sc == NULL)
return;
RECORD_LAYER_set_read_ahead(&sc->rlayer, yes);
+
+ *opts++ = OSSL_PARAM_construct_int(OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD,
+ &sc->rlayer.read_ahead);
+ *opts = OSSL_PARAM_construct_end();
+
+ /* Ignore return value */
+ sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
}
int SSL_get_read_ahead(const SSL *s)
return 1;
case SSL_CTRL_MODE:
- return (sc->mode |= larg);
+ {
+ OSSL_PARAM options[2], *opts = options;
+
+ sc->mode |= larg;
+
+ *opts++ = OSSL_PARAM_construct_uint32(OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE,
+ &sc->mode);
+ *opts = OSSL_PARAM_construct_end();
+
+ /* Ignore return value */
+ sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
+
+ return sc->mode;
+ }
case SSL_CTRL_CLEAR_MODE:
return (sc->mode &= ~larg);
case SSL_CTRL_GET_MAX_CERT_LIST:
uint64_t SSL_set_options(SSL *s, uint64_t op)
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+ OSSL_PARAM options[2], *opts = options;
if (sc == NULL)
return 0;
- return sc->options |= op;
+ sc->options |= op;
+
+ *opts++ = OSSL_PARAM_construct_uint64(OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS,
+ &sc->options);
+ *opts = OSSL_PARAM_construct_end();
+
+ /* Ignore return value */
+ sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options);
+
+ return sc->options;
}
uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op)
projects / thirdparty / openssl.git / commitdiff
