struct ossl_record_layer_st {
QUIC_TLS *qtls;
+
+ /* Protection level */
+ int level;
+
/* Only used for retry flags */
BIO *dummybio;
/* Set if recbuf is populated with data */
unsigned int recread : 1;
+
+ /* Callbacks */
+ OSSL_FUNC_rlayer_msg_callback_fn *msg_callback;
+ void *cbarg;
};
static int
}
rl->qtls = (QUIC_TLS *)rlarg;
+ rl->level = level;
rl->dummybio = transport;
+ rl->cbarg = cbarg;
*retrl = rl;
+ if (fns != NULL) {
+ for (; fns->function_id != 0; fns++) {
+ switch (fns->function_id) {
+ break;
+ case OSSL_FUNC_RLAYER_MSG_CALLBACK:
+ rl->msg_callback = OSSL_FUNC_rlayer_msg_callback(fns);
+ break;
+ default:
+ /* Just ignore anything we don't understand */
+ break;
+ }
+ }
+ }
+
switch (level) {
case OSSL_RECORD_PROTECTION_LEVEL_NONE:
return 1;
BIO_clear_retry_flags(rl->dummybio);
+ if (rl->msg_callback != NULL) {
+ unsigned char dummyrec[SSL3_RT_HEADER_LENGTH];
+
+ /*
+ * For the purposes of the callback we "pretend" to be normal TLS,
+ * and manufacture a dummy record header
+ */
+ dummyrec[0] = (rl->level == OSSL_RECORD_PROTECTION_LEVEL_NONE)
+ ? template->type
+ : SSL3_RT_APPLICATION_DATA;
+ dummyrec[1] = (unsigned char)((template->version >> 8) & 0xff);
+ dummyrec[2] = (unsigned char)(template->version & 0xff);
+ /*
+ * We assume that buflen is always <= UINT16_MAX. Since this is
+ * generated by libssl itself we actually expect it to never
+ * exceed SSL3_RT_MAX_PLAIN_LENGTH - so it should be a safe
+ * assumption
+ */
+ dummyrec[3] = (unsigned char)((template->buflen >> 8) & 0xff);
+ dummyrec[4] = (unsigned char)(template->buflen & 0xff);
+
+ rl->msg_callback(1, TLS1_3_VERSION, SSL3_RT_HEADER, dummyrec,
+ SSL3_RT_HEADER_LENGTH, rl->cbarg);
+
+ if (rl->level != OSSL_RECORD_PROTECTION_LEVEL_NONE) {
+ rl->msg_callback(1, TLS1_3_VERSION, SSL3_RT_INNER_CONTENT_TYPE,
+ &template->type, 1, rl->cbarg);
+ }
+ }
+
switch (template->type) {
case SSL3_RT_ALERT:
if (template->buflen != 2) {
rl->recread = 1;
/* epoch/seq_num are not relevant for TLS */
+ if (rl->msg_callback != NULL) {
+ unsigned char dummyrec[SSL3_RT_HEADER_LENGTH];
+
+ /*
+ * For the purposes of the callback we "pretend" to be normal TLS,
+ * and manufacture a dummy record header
+ */
+ dummyrec[0] = (rl->level == OSSL_RECORD_PROTECTION_LEVEL_NONE)
+ ? SSL3_RT_HANDSHAKE
+ : SSL3_RT_APPLICATION_DATA;
+ dummyrec[1] = (unsigned char)((TLS1_2_VERSION >> 8) & 0xff);
+ dummyrec[2] = (unsigned char)(TLS1_2_VERSION & 0xff);
+ /*
+ * *datalen will always fit into 2 bytes because our original buffer
+ * size is less than that.
+ */
+ dummyrec[3] = (unsigned char)((*datalen >> 8) & 0xff);
+ dummyrec[4] = (unsigned char)(*datalen & 0xff);
+
+ rl->msg_callback(0, TLS1_3_VERSION, SSL3_RT_HEADER, dummyrec,
+ SSL3_RT_HEADER_LENGTH, rl->cbarg);
+ rl->msg_callback(0, TLS1_3_VERSION, SSL3_RT_INNER_CONTENT_TYPE, type, 1,
+ rl->cbarg);
+ }
+
return OSSL_RECORD_RETURN_SUCCESS;
}
projects / openssl.git / commitdiff