void *rl_sequence;
ktls_crypto_info_t crypto_info;
- /* Check if we are suitable for KTLS */
+ /*
+ * Check if we are suitable for KTLS. If not suitable we return
+ * OSSL_RECORD_RETURN_NON_FATAL_ERR so that other record layers can be tried
+ * instead
+ */
if (comp != NULL)
- return 0;
+ return OSSL_RECORD_RETURN_NON_FATAL_ERR;
/* ktls supports only the maximum fragment size */
if (ssl_get_max_send_fragment(s) != SSL3_RT_MAX_PLAIN_LENGTH)
- return 0;
+ return OSSL_RECORD_RETURN_NON_FATAL_ERR;
/* check that cipher is supported */
if (!ktls_check_supported_cipher(s, ciph, taglen))
- return 0;
+ return OSSL_RECORD_RETURN_NON_FATAL_ERR;
/*
* TODO(RECLAYER): For the write side we need to add a check for
/* All future data will get encrypted by ktls. Flush the BIO or skip ktls */
if (rl->direction == OSSL_RECORD_DIRECTION_WRITE) {
if (BIO_flush(rl->bio) <= 0)
- return 0;
+ return OSSL_RECORD_RETURN_NON_FATAL_ERR;
}
if (rl->direction == OSSL_RECORD_DIRECTION_WRITE)
if (!ktls_configure_crypto(s, ciph, rl_sequence, &crypto_info,
rl->direction == OSSL_RECORD_DIRECTION_WRITE,
iv, ivlen, key, keylen, mackey, mackeylen))
- return 0;
+ return OSSL_RECORD_RETURN_NON_FATAL_ERR;
if (!BIO_set_ktls(rl->bio, &crypto_info, rl->direction))
- return 0;
+ return OSSL_RECORD_RETURN_NON_FATAL_ERR;
- return 1;
+ return OSSL_RECORD_RETURN_SUCCESS;
}
static int ktls_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *inrecs, size_t n_recs,
/* Protocol version specific function pointers */
struct record_functions_st
{
+ /*
+ * Returns either OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or
+ * OSSL_RECORD_RETURN_NON_FATAL_ERR if we can keep trying to find an
+ * alternative record layer.
+ */
int (*set_crypto_state)(OSSL_RECORD_LAYER *rl, int level,
unsigned char *key, size_t keylen,
unsigned char *iv, size_t ivlen,
const SSL_COMP *comp,
/* TODO(RECLAYER): Remove me */
SSL_CONNECTION *s);
+ /*
+ * Returns:
+ * 0: if the record is publicly invalid, or an internal error, or AEAD
+ * decryption failed, or EtM decryption failed.
+ * 1: Success or MtE decryption failed (MAC will be randomised)
+ */
int (*cipher)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
int sending, SSL_MAC_BUF *macs, size_t macsize,
/* TODO(RECLAYER): Remove me */ SSL_CONNECTION *s);
+ /* Returns 1 for success or 0 for error */
int (*mac)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, unsigned char *md,
int sending, /* TODO(RECLAYER): Remove me */SSL_CONNECTION *ssl);
};
EVP_CIPHER_CTX *ciph_ctx;
if (md == NULL) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
if ((rl->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
- return 0;
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
ciph_ctx = rl->enc_read_ctx;
rl->read_hash = EVP_MD_CTX_new();
if (rl->read_hash == NULL) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
#ifndef OPENSSL_NO_COMP
if (comp != NULL) {
rl->expand = COMP_CTX_new(comp->method);
if (rl->expand == NULL) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
- SSL_R_COMPRESSION_LIBRARY_ERROR);
- return 0;
+ ERR_raise(ERR_LIB_SSL, SSL_R_COMPRESSION_LIBRARY_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
}
#endif
if (!EVP_DecryptInit_ex(ciph_ctx, ciph, NULL, key, iv)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
if (EVP_CIPHER_get0_provider(ciph) != NULL
&& !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md, s)) {
- /* RLAYERfatal already called */
- return 0;
+ return OSSL_RECORD_RETURN_FATAL;
}
if (mackeylen > sizeof(rl->mac_secret)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
memcpy(rl->mac_secret, mackey, mackeylen);
- return 1;
+ return OSSL_RECORD_RETURN_SUCCESS;
}
/*
int mode;
if (ivlen > sizeof(rl->iv)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
memcpy(rl->iv, iv, ivlen);
ciph_ctx = rl->enc_read_ctx = EVP_CIPHER_CTX_new();
if (ciph_ctx == NULL) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
- return 0;
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
RECORD_LAYER_reset_read_sequence(&s->rlayer);
|| (mode == EVP_CIPH_CCM_MODE
&& EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) <= 0)
|| EVP_DecryptInit_ex(ciph_ctx, NULL, NULL, key, NULL) <= 0) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
- return 0;
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
- return 1;
+ return OSSL_RECORD_RETURN_SUCCESS;
}
static int tls13_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
EVP_PKEY *mac_key;
if (level != OSSL_RECORD_PROTECTION_LEVEL_APPLICATION)
- return 0;
+ return OSSL_RECORD_RETURN_FATAL;
if (s->ext.use_etm)
s->s3.flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
if ((rl->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
- return 0;
+ return OSSL_RECORD_RETURN_FATAL;
}
ciph_ctx = rl->enc_read_ctx;
rl->read_hash = EVP_MD_CTX_new();
if (rl->read_hash == NULL) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ return OSSL_RECORD_RETURN_FATAL;
}
#ifndef OPENSSL_NO_COMP
if (comp != NULL) {
rl->expand = COMP_CTX_new(comp->method);
if (rl->expand == NULL) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
- SSL_R_COMPRESSION_LIBRARY_ERROR);
- return 0;
+ ERR_raise(ERR_LIB_SSL, SSL_R_COMPRESSION_LIBRARY_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
}
#endif
rl->libctx, rl->propq, mac_key,
NULL) <= 0) {
EVP_PKEY_free(mac_key);
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
EVP_PKEY_free(mac_key);
}
if (EVP_CIPHER_get_mode(ciph) == EVP_CIPH_GCM_MODE) {
if (!EVP_DecryptInit_ex(ciph_ctx, ciph, NULL, key, NULL)
|| EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_GCM_SET_IV_FIXED,
- (int)ivlen, iv) <= 0) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ (int)ivlen, iv) <= 0) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
} else if (EVP_CIPHER_get_mode(ciph) == EVP_CIPH_CCM_MODE) {
if (!EVP_DecryptInit_ex(ciph_ctx, ciph, NULL, NULL, NULL)
* why not in the initial EVP_DecryptInit_ex() call?
*/
|| !EVP_DecryptInit_ex(ciph_ctx, NULL, NULL, key, NULL)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
} else {
if (!EVP_DecryptInit_ex(ciph_ctx, ciph, NULL, key, iv)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
}
/* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
&& mackeylen != 0
&& EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
(int)mackeylen, mackey) <= 0) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
if (EVP_CIPHER_get0_provider(ciph) != NULL
- && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md, s)) {
- /* RLAYERfatal already called */
- return 0;
- }
+ && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md, s))
+ return OSSL_RECORD_RETURN_FATAL;
- return 1;
+ return OSSL_RECORD_RETURN_SUCCESS;
}
#define MAX_PADDING 256
*pprm = OSSL_PARAM_construct_end();
if (!EVP_CIPHER_CTX_set_params(ctx, params)) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
return OSSL_RECORD_RETURN_SUCCESS;
}
-static OSSL_RECORD_LAYER *
+static int
tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
int role, int direction, int level, unsigned char *key,
size_t keylen, unsigned char *iv, size_t ivlen,
const EVP_MD *md, const SSL_COMP *comp, BIO *transport,
BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
+ OSSL_RECORD_LAYER **retrl,
/* TODO(RECLAYER): Remove me */
SSL_CONNECTION *s)
{
OSSL_RECORD_LAYER *rl = OPENSSL_zalloc(sizeof(*rl));
const OSSL_PARAM *p;
+ *retrl = NULL;
+
if (rl == NULL) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
- return NULL;
+ return OSSL_RECORD_RETURN_FATAL;
}
if (transport != NULL && !BIO_up_ref(transport)) {
if (!tls_set1_bio(rl, transport))
goto err;
- return rl;
+ *retrl = rl;
+ return OSSL_RECORD_RETURN_SUCCESS;
err:
OPENSSL_free(rl);
- return NULL;
+ return OSSL_RECORD_RETURN_FATAL;
}
-static OSSL_RECORD_LAYER *
+static int
tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
int role, int direction, int level, unsigned char *key,
size_t keylen, unsigned char *iv, size_t ivlen,
const EVP_MD *md, const SSL_COMP *comp, BIO *transport,
BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
+ OSSL_RECORD_LAYER **retrl,
/* TODO(RECLAYER): Remove me */
SSL_CONNECTION *s)
{
- OSSL_RECORD_LAYER *rl = tls_int_new_record_layer(libctx, propq, vers, role,
- direction, level, key,
- keylen, iv, ivlen, mackey,
- mackeylen, ciph, taglen,
- mactype, md, comp,
- transport, local, peer,
- settings, options, s);
+ int ret;
+
+ ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
+ key, keylen, iv, ivlen, mackey, mackeylen,
+ ciph, taglen, mactype, md, comp, transport,
+ local, peer, settings, options, retrl, s);
- if (rl == NULL)
- return NULL;
+ if (ret != OSSL_RECORD_RETURN_SUCCESS)
+ return ret;
switch (vers) {
case TLS_ANY_VERSION:
- rl->funcs = &tls_any_funcs;
+ (*retrl)->funcs = &tls_any_funcs;
break;
case TLS1_3_VERSION:
- rl->funcs = &tls_1_3_funcs;
+ (*retrl)->funcs = &tls_1_3_funcs;
break;
case TLS1_2_VERSION:
case TLS1_1_VERSION:
case TLS1_VERSION:
- rl->funcs = &tls_1_funcs;
+ (*retrl)->funcs = &tls_1_funcs;
break;
case SSL3_VERSION:
- rl->funcs = &ssl_3_0_funcs;
+ (*retrl)->funcs = &ssl_3_0_funcs;
break;
default:
/* Should not happen */
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ ret = OSSL_RECORD_RETURN_FATAL;
goto err;
}
- if (!rl->funcs->set_crypto_state(rl, level, key, keylen, iv, ivlen,
- mackey, mackeylen, ciph, taglen,
- mactype, md, comp, s))
- goto err;
+ ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
+ ivlen, mackey, mackeylen, ciph,
+ taglen, mactype, md, comp, s);
- return rl;
err:
- /* TODO(RECLAYER): How do we distinguish between fatal and non-fatal errors? */
- OPENSSL_free(rl);
- return NULL;
+ if (ret != OSSL_RECORD_RETURN_SUCCESS) {
+ OPENSSL_free(*retrl);
+ *retrl = NULL;
+ }
+ return ret;
}
-static OSSL_RECORD_LAYER *
+static int
dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
int role, int direction, int level, unsigned char *key,
size_t keylen, unsigned char *iv, size_t ivlen,
const EVP_MD *md, const SSL_COMP *comp, BIO *transport,
BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
+ OSSL_RECORD_LAYER **retrl,
/* TODO(RECLAYER): Remove me */
SSL_CONNECTION *s)
{
- OSSL_RECORD_LAYER *rl = tls_int_new_record_layer(libctx, propq, vers, role,
- direction, level, key,
- keylen, iv, ivlen, mackey,
- mackeylen, ciph, taglen,
- mactype, md, comp,
- transport, local, peer,
- settings, options, s);
+ int ret;
+
+ ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
+ key, keylen, iv, ivlen, mackey, mackeylen,
+ ciph, taglen, mactype, md, comp, transport,
+ local, peer, settings, options, retrl, s);
- if (rl == NULL)
- return NULL;
+ if (ret != OSSL_RECORD_RETURN_SUCCESS)
+ return ret;
- rl->isdtls = 1;
+ (*retrl)->isdtls = 1;
- return rl;
+ return OSSL_RECORD_RETURN_SUCCESS;
}
#ifndef OPENSSL_NO_KTLS
-static OSSL_RECORD_LAYER *
+static int
ktls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
int role, int direction, int level, unsigned char *key,
size_t keylen, unsigned char *iv, size_t ivlen,
const EVP_MD *md, const SSL_COMP *comp, BIO *transport,
BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
+ OSSL_RECORD_LAYER **retrl,
/* TODO(RECLAYER): Remove me */
SSL_CONNECTION *s)
{
- OSSL_RECORD_LAYER *rl = tls_int_new_record_layer(libctx, propq, vers, role,
- direction, level, key,
- keylen, iv, ivlen, mackey,
- mackeylen, ciph, taglen,
- mactype, md, comp,
- transport, local, peer,
- settings, options, s);
-
- if (rl == NULL)
- return NULL;
-
- rl->funcs = &ossl_ktls_funcs;
-
- if (!rl->funcs->set_crypto_state(rl, level, key, keylen, iv, ivlen,
- mackey, mackeylen, ciph, taglen,
- mactype, md, comp, s))
- goto err;
+ int ret;
- return rl;
- err:
- /* TODO(RECLAYER): How do we distinguish between fatal and non-fatal errors? */
- OPENSSL_free(rl);
- return NULL;
+ ret = tls_int_new_record_layer(libctx, propq, vers, role, direction, level,
+ key, keylen, iv, ivlen, mackey, mackeylen,
+ ciph, taglen, mactype, md, comp, transport,
+ local, peer, settings, options, retrl, s);
+
+ if (ret != OSSL_RECORD_RETURN_SUCCESS)
+ return ret;
+
+ (*retrl)->funcs = &ossl_ktls_funcs;
+
+ ret = (*retrl)->funcs->set_crypto_state(*retrl, level, key, keylen, iv,
+ ivlen, mackey, mackeylen, ciph,
+ taglen, mactype, md, comp, s);
+
+ if (ret != OSSL_RECORD_RETURN_SUCCESS) {
+ OPENSSL_free(*retrl);
+ *retrl = NULL;
+ }
+ return ret;
}
#endif
SSL_CONNECTION *s)
{
if (level != OSSL_RECORD_PROTECTION_LEVEL_NONE) {
- RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ return OSSL_RECORD_RETURN_FATAL;
}
/* No crypto protection at the "NONE" level so nothing to be done */
- return 1;
+ return OSSL_RECORD_RETURN_SUCCESS;
}
static int tls_any_cipher(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs,
}
for (;;) {
- s->rrl = s->rrlmethod->new_record_layer(sctx->libctx, sctx->propq,
- version, s->server, direction,
- level, key, keylen, iv, ivlen,
- mackey, mackeylen, ciph, taglen,
- mactype, md, comp, s->rbio,
- NULL, NULL, NULL, options, s);
- if (s->rrl == NULL) {
+ int rlret;
+
+ rlret = s->rrlmethod->new_record_layer(sctx->libctx, sctx->propq,
+ version, s->server, direction,
+ level, key, keylen, iv, ivlen,
+ mackey, mackeylen, ciph, taglen,
+ mactype, md, comp, s->rbio,
+ NULL, NULL, NULL, options,
+ &s->rrl, s);
+ switch (rlret) {
+ case OSSL_RECORD_RETURN_FATAL:
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_RECORD_LAYER_FAILURE);
+ goto err;
+
+ case OSSL_RECORD_RETURN_NON_FATAL_ERR:
if (s->rrlmethod != origmeth && origmeth != NULL) {
/*
* We tried a new record layer method, but it didn't work out,
s->rrlmethod = origmeth;
continue;
}
- ERR_raise(ERR_LIB_SSL, SSL_R_NO_SUITABLE_RECORD_LAYER);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_RECORD_LAYER);
+ goto err;
+
+ case OSSL_RECORD_RETURN_SUCCESS:
+ break;
+
+ default:
+ /* Should not happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
break;
* force at any one time (one for reading and one for writing). In some
* protocols more than 2 might be used (e.g. in DTLS for retransmitting
* messages from an earlier epoch).
+ *
+ * The created OSSL_RECORD_LAYER object is stored in *ret on success (or
+ * NULL otherwise). The return value will be one of
+ * OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or
+ * OSSL_RECORD_RETURN_NON_FATAL. A non-fatal return means that creation of
+ * the record layer has failed because it is unsuitable, but an alternative
+ * record layer can be tried instead.
*/
/*
* make this fetchable
* TODO(RECLAYER): mactype should not be an int
*/
- OSSL_RECORD_LAYER *(*new_record_layer)(OSSL_LIB_CTX *libctx,
- const char *propq, int vers,
- int role, int direction,
- int level, unsigned char *key,
- size_t keylen,
- unsigned char *iv,
- size_t ivlen,
- unsigned char *mackey,
- size_t mackeylen,
- const EVP_CIPHER *ciph,
- size_t taglen,
- /* TODO(RECLAYER): This probably should not be an int */
- int mactype,
- const EVP_MD *md,
- const SSL_COMP *comp,
- BIO *transport, BIO_ADDR *local,
- BIO_ADDR *peer,
- const OSSL_PARAM *settings,
- const OSSL_PARAM *options,
- /* TODO(RECLAYER): Remove me */
- SSL_CONNECTION *s);
+ int (*new_record_layer)(OSSL_LIB_CTX *libctx,
+ const char *propq, int vers,
+ int role, int direction,
+ int level, unsigned char *key,
+ size_t keylen,
+ unsigned char *iv,
+ size_t ivlen,
+ unsigned char *mackey,
+ size_t mackeylen,
+ const EVP_CIPHER *ciph,
+ size_t taglen,
+ /* TODO(RECLAYER): This probably should not be an int */
+ int mactype,
+ const EVP_MD *md,
+ const SSL_COMP *comp,
+ BIO *transport, BIO_ADDR *local,
+ BIO_ADDR *peer,
+ const OSSL_PARAM *settings,
+ const OSSL_PARAM *options,
+ OSSL_RECORD_LAYER **ret,
+ /* TODO(RECLAYER): Remove me */
+ SSL_CONNECTION *s);
void (*free)(OSSL_RECORD_LAYER *rl);
int (*reset)(OSSL_RECORD_LAYER *rl); /* Is this needed? */
OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
key, key_len, iv, iv_len, mac_secret,
md_len, ciph, 0, NID_undef, md, comp)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_RECORD_LAYER);
+ /* SSLfatal already called */
goto err;
}
OSSL_RECORD_PROTECTION_LEVEL_NONE,
NULL, 0, NULL, 0, NULL, 0, NULL, 0,
NID_undef, NULL, NULL)) {
- SSLfatal(sc, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_RECORD_LAYER);
+ /* SSLfatal already called */
return 0;
}
key, cl, iv, (size_t)k, mac_secret,
mac_secret_size, c, taglen, mac_type,
m, comp)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_RECORD_LAYER);
+ /* SSLfatal already called */
goto err;
}
OSSL_RECORD_DIRECTION_READ,
level, key, keylen, iv, ivlen, NULL, 0,
cipher, taglen, NID_undef, NULL, NULL)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_RECORD_LAYER);
+ /* SSLfatal already called */
goto err;
}
/* TODO(RECLAYER): Remove me */
key, keylen, iv, ivlen, NULL, 0,
s->s3.tmp.new_sym_enc, taglen, NID_undef, NULL,
NULL)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_RECORD_LAYER);
+ /* SSLfatal already called */
goto err;
}
}
projects / thirdparty / openssl.git / commitdiff
