2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/bio.h>
11 #include <openssl/ssl.h>
12 #include <openssl/err.h>
13 #include "../../ssl_local.h"
14 #include "../record_local.h"
16 /* Protocol version specific function pointers */
17 struct record_functions_st
19 int (*set_crypto_state)(OSSL_RECORD_LAYER *rl, int level,
20 unsigned char *key, size_t keylen,
21 unsigned char *iv, size_t ivlen,
22 unsigned char *mackey, size_t mackeylen,
23 const EVP_CIPHER *ciph,
25 /* TODO(RECLAYER): This probably should not be an int */
29 /* TODO(RECLAYER): Remove me */
31 int (*cipher)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
32 int sending, SSL_MAC_BUF *macs, size_t macsize,
33 /* TODO(RECLAYER): Remove me */ SSL_CONNECTION *s);
34 int (*mac)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, unsigned char *md,
35 int sending, /* TODO(RECLAYER): Remove me */SSL_CONNECTION *ssl);
38 struct ossl_record_layer_st
47 /* Types match the equivalent structures in the SSL object */
50 * TODO(RECLAYER): Should we take the opportunity to make this uint64_t
51 * even though upper layer continue to use uint32_t?
55 /* read IO goes into here */
57 /* each decoded record goes in here */
58 SSL3_RECORD rrec[SSL_MAX_PIPELINES];
60 /* How many records have we got available in the rrec bufer */
63 /* The record number in the rrec buffer that can be read next */
66 /* The number of records that have been released via tls_release_record */
69 /* Set to true if this is the first record in a connection */
70 unsigned int is_first_record;
72 /* where we are when reading */
75 /* used internally to point at a raw packet */
76 unsigned char *packet;
82 * Read as many input bytes as possible (for
84 * TODO(RECLAYER): Why isn't this just an option?
88 /* The number of consecutive empty records we have received */
89 size_t empty_record_count;
91 /* cryptographic state */
92 EVP_CIPHER_CTX *enc_read_ctx;
93 /* TLSv1.3 static read IV */
94 unsigned char read_iv[EVP_MAX_IV_LENGTH];
95 /* used for mac generation */
96 EVP_MD_CTX *read_hash;
100 /* Only used by SSLv3 */
101 unsigned char mac_secret[EVP_MAX_MD_SIZE];
103 /* TLSv1.3 static IV */
104 unsigned char iv[EVP_MAX_IV_LENGTH];
108 /* Function pointers for version specific functions */
109 /* Function pointers for version specific functions */
110 struct record_functions_st *funcs;
113 extern struct record_functions_st ssl_3_0_funcs;
114 extern struct record_functions_st tls_1_funcs;
115 extern struct record_functions_st tls_1_3_funcs;
116 extern struct record_functions_st tls_any_funcs;
118 void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
119 const char *fmt, ...);
121 # define RLAYERfatal(rl, al, r) RLAYERfatal_data((rl), (al), (r), NULL)
122 # define RLAYERfatal_data \
124 ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
127 int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
129 const EVP_CIPHER *ciph,
133 __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
134 __owur int ssl3_cbc_digest_record(const EVP_MD *md,
135 unsigned char *md_out,
137 const unsigned char *header,
138 const unsigned char *data,
140 size_t data_plus_mac_plus_padding_size,
141 const unsigned char *mac_secret,
142 size_t mac_secret_length, char is_sslv3);