2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/bio.h>
11 #include <openssl/ssl.h>
12 #include <openssl/err.h>
13 #include "../../ssl_local.h"
14 #include "../record_local.h"
16 /* Protocol version specific function pointers */
17 struct record_functions_st
20 * Returns either OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or
21 * OSSL_RECORD_RETURN_NON_FATAL_ERR if we can keep trying to find an
22 * alternative record layer.
24 int (*set_crypto_state)(OSSL_RECORD_LAYER *rl, int level,
25 unsigned char *key, size_t keylen,
26 unsigned char *iv, size_t ivlen,
27 unsigned char *mackey, size_t mackeylen,
28 const EVP_CIPHER *ciph,
30 /* TODO(RECLAYER): This probably should not be an int */
34 /* TODO(RECLAYER): Remove me */
37 int (*read_n)(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
38 int clearold, size_t *readbytes);
41 * 0: if the record is publicly invalid, or an internal error, or AEAD
42 * decryption failed, or EtM decryption failed.
43 * 1: Success or MtE decryption failed (MAC will be randomised)
45 int (*cipher)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
46 int sending, SSL_MAC_BUF *macs, size_t macsize,
47 /* TODO(RECLAYER): Remove me */ SSL_CONNECTION *s);
48 /* Returns 1 for success or 0 for error */
49 int (*mac)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, unsigned char *md,
50 int sending, /* TODO(RECLAYER): Remove me */SSL_CONNECTION *ssl);
52 /* Return 1 for success or 0 for error */
53 int (*set_protocol_version)(OSSL_RECORD_LAYER *rl, int version);
55 /* Return 1 for success or 0 for error */
56 int (*validate_record_header)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec);
58 /* Return 1 for success or 0 for error */
59 int (*post_process_record)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec,
60 /* TODO(RECLAYER): Remove me */ SSL_CONNECTION *s);
63 struct ossl_record_layer_st
73 * A BIO containing any data read in the previous epoch that was destined
78 /* The transport BIO */
82 * A BIO where we will send any data read by us that is destined for the
87 /* Types match the equivalent structures in the SSL object */
90 * TODO(RECLAYER): Should we take the opportunity to make this uint64_t
91 * even though upper layer continue to use uint32_t?
95 /* read IO goes into here */
97 /* each decoded record goes in here */
98 SSL3_RECORD rrec[SSL_MAX_PIPELINES];
100 /* How many records have we got available in the rrec bufer */
103 /* The record number in the rrec buffer that can be read next */
106 /* The number of records that have been released via tls_release_record */
109 /* where we are when reading */
112 /* used internally to point at a raw packet */
113 unsigned char *packet;
114 size_t packet_length;
119 * Read as many input bytes as possible (for
120 * non-blocking reads)
121 * TODO(RECLAYER): Why isn't this just an option?
125 /* The number of consecutive empty records we have received */
126 size_t empty_record_count;
128 /* cryptographic state */
129 EVP_CIPHER_CTX *enc_read_ctx;
131 /* used for mac generation */
132 EVP_MD_CTX *read_hash;
136 /* Set to 1 if this is the first handshake. 0 otherwise */
137 int is_first_handshake;
139 /* Only used by SSLv3 */
140 unsigned char mac_secret[EVP_MAX_MD_SIZE];
144 unsigned char iv[EVP_MAX_IV_LENGTH];
146 unsigned char read_iv[EVP_MAX_IV_LENGTH];
147 int allow_plain_alerts;
149 /* TLS "any" fields */
150 /* Set to true if this is the first record in a connection */
151 unsigned int is_first_record;
155 /* Function pointers for version specific functions */
156 /* Function pointers for version specific functions */
157 struct record_functions_st *funcs;
160 extern struct record_functions_st ssl_3_0_funcs;
161 extern struct record_functions_st tls_1_funcs;
162 extern struct record_functions_st tls_1_3_funcs;
163 extern struct record_functions_st tls_any_funcs;
165 void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
166 const char *fmt, ...);
168 # define RLAYERfatal(rl, al, r) RLAYERfatal_data((rl), (al), (r), NULL)
169 # define RLAYERfatal_data \
171 ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
174 int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
176 const EVP_CIPHER *ciph,
180 __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
181 __owur int ssl3_cbc_digest_record(const EVP_MD *md,
182 unsigned char *md_out,
184 const unsigned char *header,
185 const unsigned char *data,
187 size_t data_plus_mac_plus_padding_size,
188 const unsigned char *mac_secret,
189 size_t mac_secret_length, char is_sslv3);
191 int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
192 int clearold, size_t *readbytes);
194 int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
195 int tls_default_validate_record_header(OSSL_RECORD_LAYER *rl, SSL3_RECORD *re);
196 int tls_default_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, SSL_CONNECTION *s);
197 int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec,
201 tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
202 int role, int direction, int level, unsigned char *key,
203 size_t keylen, unsigned char *iv, size_t ivlen,
204 unsigned char *mackey, size_t mackeylen,
205 const EVP_CIPHER *ciph, size_t taglen,
206 /* TODO(RECLAYER): This probably should not be an int */
208 const EVP_MD *md, const SSL_COMP *comp, BIO *prev,
209 BIO *transport, BIO *next,
210 BIO_ADDR *local, BIO_ADDR *peer,
211 const OSSL_PARAM *settings, const OSSL_PARAM *options,
212 OSSL_RECORD_LAYER **retrl,
213 /* TODO(RECLAYER): Remove me */
215 int tls_free(OSSL_RECORD_LAYER *rl);
216 int tls_reset(OSSL_RECORD_LAYER *rl);
217 int tls_unprocessed_read_pending(OSSL_RECORD_LAYER *rl);
218 int tls_processed_read_pending(OSSL_RECORD_LAYER *rl);
219 size_t tls_app_data_pending(OSSL_RECORD_LAYER *rl);
220 int tls_write_pending(OSSL_RECORD_LAYER *rl);
221 size_t tls_get_max_record_len(OSSL_RECORD_LAYER *rl);
222 size_t tls_get_max_records(OSSL_RECORD_LAYER *rl);
223 int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE **templates,
224 size_t numtempl, size_t allowance, size_t *sent);
225 int tls_retry_write_records(OSSL_RECORD_LAYER *rl, size_t allowance,
227 int tls_get_alert_code(OSSL_RECORD_LAYER *rl);
228 int tls_set1_bio(OSSL_RECORD_LAYER *rl, BIO *bio);
229 int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
230 int *type, unsigned char **data, size_t *datalen,
231 uint16_t *epoch, unsigned char *seq_num,
232 /* TODO(RECLAYER): Remove me */ SSL_CONNECTION *s);
233 int tls_release_record(OSSL_RECORD_LAYER *rl, void *rechandle);
234 int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
235 int tls_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
236 void tls_set_plain_alerts(OSSL_RECORD_LAYER *rl, int allow);
237 void tls_set_first_handshake(OSSL_RECORD_LAYER *rl, int first);
238 SSL3_BUFFER *tls_get0_rbuf(OSSL_RECORD_LAYER *rl);
239 unsigned char *tls_get0_packet(OSSL_RECORD_LAYER *rl);
240 void tls_set0_packet(OSSL_RECORD_LAYER *rl, unsigned char *packet,
242 size_t tls_get_packet_length(OSSL_RECORD_LAYER *rl);
243 void tls_reset_packet_length(OSSL_RECORD_LAYER *rl);