This removes some references to the SSL object from the record layer.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
/* TODO(RECLAYER): Remove me */
SSL_CONNECTION *s)
{
- void *rl_sequence;
ktls_crypto_info_t crypto_info;
/*
return OSSL_RECORD_RETURN_NON_FATAL_ERR;
}
- if (rl->direction == OSSL_RECORD_DIRECTION_WRITE)
- rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer);
- else
- rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer);
-
- if (!ktls_configure_crypto(s, ciph, rl_sequence, &crypto_info,
+ if (!ktls_configure_crypto(s, ciph, rl->sequence, &crypto_info,
rl->direction == OSSL_RECORD_DIRECTION_WRITE,
iv, ivlen, key, keylen, mackey, mackeylen))
return OSSL_RECORD_RETURN_NON_FATAL_ERR;
unsigned char *packet;
size_t packet_length;
+ /* Sequence number for the next record */
+ unsigned char sequence[SEQ_NUM_SIZE];
+
int alert;
/*
static int ssl3_mac(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, unsigned char *md,
int sending, SSL_CONNECTION *ssl)
{
- unsigned char *mac_sec, *seq;
+ unsigned char *mac_sec, *seq = rl->sequence;
const EVP_MD_CTX *hash;
unsigned char *p, rec_char;
size_t md_size;
if (sending) {
mac_sec = &(ssl->s3.write_mac_secret[0]);
- seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
hash = ssl->write_hash;
} else {
mac_sec = &(rl->mac_secret[0]);
- seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
hash = rl->read_hash;
}
return OSSL_RECORD_RETURN_FATAL;
}
- RECORD_LAYER_reset_read_sequence(&s->rlayer);
rl->taglen = taglen;
mode = EVP_CIPHER_get_mode(ciph);
unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH];
size_t ivlen, offset, loop, hdrlen;
unsigned char *staticiv;
- unsigned char *seq;
+ unsigned char *seq = rl->sequence;
int lenu, lenf;
SSL3_RECORD *rec = &recs[0];
WPACKET wpkt;
if (sending) {
ctx = s->enc_write_ctx;
staticiv = s->write_iv;
- seq = RECORD_LAYER_get_write_sequence(&s->rlayer);
} else {
ctx = rl->enc_read_ctx;
staticiv = rl->iv;
- seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
}
cipher = EVP_CIPHER_CTX_get0_cipher(ctx);
}
}
#endif
- /*
- * this is done by dtls1_reset_seq_numbers for DTLS
- */
- if (!rl->isdtls)
- RECORD_LAYER_reset_read_sequence(&s->rlayer);
/*
* If we have an AEAD Cipher, then there is no separate MAC, so we can skip
& EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
unsigned char *seq;
- seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
- : RECORD_LAYER_get_read_sequence(&s->rlayer);
+ seq = rl->sequence;
if (SSL_CONNECTION_IS_DTLS(s)) {
/* DTLS does not support pipelining */
if (sending && !rl->use_etm)
decrement_seq = 1;
- seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
- : RECORD_LAYER_get_read_sequence(&s->rlayer);
+ seq = rl->sequence;
if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_TLSTREE, decrement_seq, seq) <= 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
static int tls1_mac(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, unsigned char *md,
int sending, SSL_CONNECTION *ssl)
{
- unsigned char *seq;
+ unsigned char *seq = rl->sequence;
EVP_MD_CTX *hash;
size_t md_size;
int i;
int t;
int ret = 0;
- if (sending) {
- seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
+ if (sending)
hash = ssl->write_hash;
- } else {
- seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
+ else
hash = rl->read_hash;
- }
t = EVP_MD_CTX_get_size(hash);
if (!ossl_assert(t >= 0))
rl->num_recs = 0;
rl->curr_rec = 0;
rl->num_released = 0;
- RECORD_LAYER_reset_read_sequence(&s->rlayer);
+ /* Reset the read sequence */
+ memset(rl->sequence, 0, sizeof(rl->sequence));
ret = 1;
goto end;
}
int tls_unprocessed_read_pending(OSSL_RECORD_LAYER *rl)
{
- return SSL3_BUFFER_get_left(&rl->rbuf) != 0;;
+ return SSL3_BUFFER_get_left(&rl->rbuf) != 0;
}
int tls_processed_read_pending(OSSL_RECORD_LAYER *rl)
#include "internal/nelem.h"
#include "internal/ktls.h"
#include "../ssl/ssl_local.h"
+#include "../ssl/record/methods/recmethod_local.h"
#include "filterprov.h"
#undef OSSL_NO_USABLE_TLS1_3
cbuf[0] = count++;
memcpy(crec_wseq_before, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
- memcpy(crec_rseq_before, &clientsc->rlayer.read_sequence, SEQ_NUM_SIZE);
+ memcpy(crec_rseq_before, &clientsc->rrl->sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_before, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
- memcpy(srec_rseq_before, &serversc->rlayer.read_sequence, SEQ_NUM_SIZE);
+ memcpy(srec_rseq_before, &serversc->rrl->sequence, SEQ_NUM_SIZE);
if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf)))
goto end;
}
memcpy(crec_wseq_after, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
- memcpy(crec_rseq_after, &clientsc->rlayer.read_sequence, SEQ_NUM_SIZE);
+ memcpy(crec_rseq_after, &clientsc->rrl->sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_after, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
- memcpy(srec_rseq_after, &serversc->rlayer.read_sequence, SEQ_NUM_SIZE);
+ memcpy(srec_rseq_after, &serversc->rrl->sequence, SEQ_NUM_SIZE);
/* verify the payload */
if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf)))