From: Matt Caswell <matt@openssl.org>
Date: Mon, 26 Sep 2022 16:07:02 +0000 (+0100)
Subject: Abstract out the record type processing
X-Git-Tag: openssl-3.2.0-alpha1~1930
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7ca61d63e99726ef7874b88b96892dae75f51156;p=thirdparty%2Fopenssl.git

Abstract out the record type processing

Remove TLSv1.3 specific processing of the record type out of tls_common.c
and into tls13_meth.c

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19343)
---

diff --git a/ssl/record/methods/ktls_meth.c b/ssl/record/methods/ktls_meth.c
index e794d3bfe74..7e4567797d3 100644
--- a/ssl/record/methods/ktls_meth.c
+++ b/ssl/record/methods/ktls_meth.c
@@ -492,7 +492,8 @@ static struct record_functions_st ossl_ktls_funcs = {
     tls_get_max_records_default,
     tls_write_records_default,
     ktls_allocate_write_buffers,
-    ktls_initialise_write_packets
+    ktls_initialise_write_packets,
+    NULL
 };
 
 const OSSL_RECORD_METHOD ossl_ktls_record_method = {
diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h
index 4bb040d3458..c088f5947ba 100644
--- a/ssl/record/methods/recmethod_local.h
+++ b/ssl/record/methods/recmethod_local.h
@@ -95,6 +95,10 @@ struct record_functions_st
                                     WPACKET *pkt,
                                     SSL3_BUFFER *bufs,
                                     size_t *wpinited);
+
+    /* Get the actual record type to be used for a given template */
+    unsigned int (*get_record_type)(OSSL_RECORD_LAYER *rl,
+                                    OSSL_RECORD_TEMPLATE *template);
 };
 
 struct ossl_record_layer_st
diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c
index 23a27ee8891..6b932246930 100644
--- a/ssl/record/methods/ssl3_meth.c
+++ b/ssl/record/methods/ssl3_meth.c
@@ -313,5 +313,6 @@ struct record_functions_st ssl_3_0_funcs = {
     tls_write_records_default,
     /* These 2 functions are defined in tls1_meth.c */
     tls1_allocate_write_buffers,
-    tls1_initialise_write_packets
+    tls1_initialise_write_packets,
+    NULL
 };
diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c
index e720347bc5f..5044778e3b8 100644
--- a/ssl/record/methods/tls13_meth.c
+++ b/ssl/record/methods/tls13_meth.c
@@ -239,6 +239,20 @@ static int tls13_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec)
     return 1;
 }
 
+static unsigned int tls13_get_record_type(OSSL_RECORD_LAYER *rl,
+                                          OSSL_RECORD_TEMPLATE *template)
+{
+    if (rl->allow_plain_alerts && template->type == SSL3_RT_ALERT)
+        return  SSL3_RT_ALERT;
+
+    /*
+     * Aside from the above case we always use the application data record type
+     * when encrypting in TLSv1.3. The "inner" record type encodes the "real"
+     * record type from the template.
+     */
+    return SSL3_RT_APPLICATION_DATA;
+}
+
 struct record_functions_st tls_1_3_funcs = {
     tls13_set_crypto_state,
     tls13_cipher,
@@ -251,5 +265,6 @@ struct record_functions_st tls_1_3_funcs = {
     tls_get_max_records_default,
     tls_write_records_default,
     tls_allocate_write_buffers_default,
-    tls_initialise_write_packets_default
+    tls_initialise_write_packets_default,
+    tls13_get_record_type
 };
diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c
index 6887d756af3..7ea4886926f 100644
--- a/ssl/record/methods/tls1_meth.c
+++ b/ssl/record/methods/tls1_meth.c
@@ -654,7 +654,8 @@ struct record_functions_st tls_1_funcs = {
     tls_get_max_records_multiblock,
     tls_write_records_multiblock, /* Defined in tls_multib.c */
     tls1_allocate_write_buffers,
-    tls1_initialise_write_packets
+    tls1_initialise_write_packets,
+    NULL
 };
 
 struct record_functions_st dtls_1_funcs = {
@@ -669,5 +670,6 @@ struct record_functions_st dtls_1_funcs = {
     NULL,
     NULL,
     NULL,
+    NULL,
     NULL
 };
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 4a1a8d13b2e..8594b3d855b 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1587,14 +1587,11 @@ int tls_write_records_default(OSSL_RECORD_LAYER *rl,
         thistempl = (j < prefix) ? &prefixtempl : &templates[j - prefix];
 
         /*
-         * In TLSv1.3, once encrypting, we always use application data for the
-         * record type
+         * Default to the record type as specified in the template unless the
+         * protocol implementation says differently.
          */
-        if (rl->version == TLS1_3_VERSION
-                && rl->enc_ctx != NULL
-                && (!rl->allow_plain_alerts
-                    || thistempl->type != SSL3_RT_ALERT))
-            rectype = SSL3_RT_APPLICATION_DATA;
+        if (rl->funcs->get_record_type != NULL)
+            rectype = rl->funcs->get_record_type(rl, thistempl);
         else
             rectype = thistempl->type;
 
diff --git a/ssl/record/methods/tlsany_meth.c b/ssl/record/methods/tlsany_meth.c
index 499a70cb3a0..8a9075bfd0f 100644
--- a/ssl/record/methods/tlsany_meth.c
+++ b/ssl/record/methods/tlsany_meth.c
@@ -146,7 +146,8 @@ struct record_functions_st tls_any_funcs = {
     tls_get_max_records_default,
     tls_write_records_default,
     tls_allocate_write_buffers_default,
-    tls_initialise_write_packets_default
+    tls_initialise_write_packets_default,
+    NULL
 };
 
 static int dtls_any_set_protocol_version(OSSL_RECORD_LAYER *rl, int vers)
@@ -170,5 +171,6 @@ struct record_functions_st dtls_any_funcs = {
     NULL,
     NULL,
     NULL,
+    NULL,
     NULL
 };