Abstract out the record type processing

Remove TLSv1.3 specific processing of the record type out of tls_common.c
and into tls13_meth.c

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)

diff --git a/ssl/record/methods/ktls_meth.c b/ssl/record/methods/ktls_meth.c
index e794d3bfe7428eeebd71df67f7ebed0334715ee4..7e4567797d3fb2680f543557fc87d6f04e087416 100644 (file)
--- a/ssl/record/methods/ktls_meth.c
+++ b/ssl/record/methods/ktls_meth.c
@@ -492,7 +492,8 @@ static struct record_functions_st ossl_ktls_funcs = {
     tls_get_max_records_default,
     tls_write_records_default,
     ktls_allocate_write_buffers,
-    ktls_initialise_write_packets
+    ktls_initialise_write_packets,
+    NULL
 };
 
 const OSSL_RECORD_METHOD ossl_ktls_record_method = {

diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h
index 4bb040d3458a51fa23f1f4c7a170dd2cbef6ddb3..c088f5947bafedba730040bb47a4986a9e3646b3 100644 (file)
--- a/ssl/record/methods/recmethod_local.h
+++ b/ssl/record/methods/recmethod_local.h
@@ -95,6 +95,10 @@ struct record_functions_st
                                     WPACKET *pkt,
                                     SSL3_BUFFER *bufs,
                                     size_t *wpinited);
+
+    /* Get the actual record type to be used for a given template */
+    unsigned int (*get_record_type)(OSSL_RECORD_LAYER *rl,
+                                    OSSL_RECORD_TEMPLATE *template);
 };
 
 struct ossl_record_layer_st

diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c
index 23a27ee8891705f7544c2d4e56ac525f96ec49eb..6b9322469300003e53dedaf659a4ffc2d430af72 100644 (file)
--- a/ssl/record/methods/ssl3_meth.c
+++ b/ssl/record/methods/ssl3_meth.c
@@ -313,5 +313,6 @@ struct record_functions_st ssl_3_0_funcs = {
     tls_write_records_default,
     /* These 2 functions are defined in tls1_meth.c */
     tls1_allocate_write_buffers,
-    tls1_initialise_write_packets
+    tls1_initialise_write_packets,
+    NULL
 };

diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c
index e720347bc5fab21e831a902365181bf2f5beed99..5044778e3b8a4bec172f6f8dfb7d080a9d3767b0 100644 (file)
--- a/ssl/record/methods/tls13_meth.c
+++ b/ssl/record/methods/tls13_meth.c
@@ -239,6 +239,20 @@ static int tls13_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
     return 1;
 }
 
+static unsigned int tls13_get_record_type(OSSL_RECORD_LAYER *rl,
+                                          OSSL_RECORD_TEMPLATE *template)
+{
+    if (rl->allow_plain_alerts && template->type == SSL3_RT_ALERT)
+        return  SSL3_RT_ALERT;
+
+    /*
+     * Aside from the above case we always use the application data record type
+     * when encrypting in TLSv1.3. The "inner" record type encodes the "real"
+     * record type from the template.
+     */
+    return SSL3_RT_APPLICATION_DATA;
+}
+
 struct record_functions_st tls_1_3_funcs = {
     tls13_set_crypto_state,
     tls13_cipher,
@@ -251,5 +265,6 @@ struct record_functions_st tls_1_3_funcs = {
     tls_get_max_records_default,
     tls_write_records_default,
     tls_allocate_write_buffers_default,
-    tls_initialise_write_packets_default
+    tls_initialise_write_packets_default,
+    tls13_get_record_type
 };

diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c
index 6887d756af31c70b4a2377a8db6fa8763cf2e5fe..7ea4886926f3fe2793ce1d5c10ba656dc6a475e5 100644 (file)
--- a/ssl/record/methods/tls1_meth.c
+++ b/ssl/record/methods/tls1_meth.c
@@ -654,7 +654,8 @@ struct record_functions_st tls_1_funcs = {
     tls_get_max_records_multiblock,
     tls_write_records_multiblock, /* Defined in tls_multib.c */
     tls1_allocate_write_buffers,
-    tls1_initialise_write_packets
+    tls1_initialise_write_packets,
+    NULL
 };
 
 struct record_functions_st dtls_1_funcs = {
@@ -669,5 +670,6 @@ struct record_functions_st dtls_1_funcs = {
     NULL,
     NULL,
     NULL,
+    NULL,
     NULL
 };

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 4a1a8d13b2edb7ad07ae359ebb38335977f31eb5..8594b3d855bc1a1dc3e20b80990e09c37b9f8b24 100644 (file)
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1587,14 +1587,11 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
         thistempl = (j < prefix) ? &prefixtempl : &templates[j - prefix];
 
         /*
-         * In TLSv1.3, once encrypting, we always use application data for the
-         * record type
+         * Default to the record type as specified in the template unless the
+         * protocol implementation says differently.
          */
-        if (rl->version == TLS1_3_VERSION
-                && rl->enc_ctx != NULL
-                && (!rl->allow_plain_alerts
-                    || thistempl->type != SSL3_RT_ALERT))
-            rectype = SSL3_RT_APPLICATION_DATA;
+        if (rl->funcs->get_record_type != NULL)
+            rectype = rl->funcs->get_record_type(rl, thistempl);
         else
             rectype = thistempl->type;
 

diff --git a/ssl/record/methods/tlsany_meth.c b/ssl/record/methods/tlsany_meth.c
index 499a70cb3a035fba88ba936bd1f3e7253c98d6b5..8a9075bfd0f897826ed33b5bfefe4fe9a6ae408e 100644 (file)
--- a/ssl/record/methods/tlsany_meth.c
+++ b/ssl/record/methods/tlsany_meth.c
@@ -146,7 +146,8 @@ struct record_functions_st tls_any_funcs = {
     tls_get_max_records_default,
     tls_write_records_default,
     tls_allocate_write_buffers_default,
-    tls_initialise_write_packets_default
+    tls_initialise_write_packets_default,
+    NULL
 };
 
 static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
@@ -170,5 +171,6 @@ struct record_functions_st dtls_any_funcs = {
     NULL,
     NULL,
     NULL,
+    NULL,
     NULL
 };