if (sc == NULL)
return 0;
- sc->statem.in_init = 0;
+ ossl_statem_set_in_init(sc, 0);
return 1;
}
if (sc == NULL)
return 0;
- sc->statem.in_init = 0;
+ ossl_statem_set_in_init(sc, 0);
return 1;
}
static DTLS1_BITMAP *dtls1_get_bitmap(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rr,
unsigned int *is_next_epoch)
{
- SSL_CONNECTION *s = (SSL_CONNECTION *)rl->cbarg;
-
*is_next_epoch = 0;
/* In current epoch, accept HM, CCS, DATA, & ALERT */
if (rr->epoch == rl->epoch)
- return &s->rlayer.d->bitmap;
+ return &rl->bitmap;
/*
* Only HM and ALERT messages can be from the next epoch and only if we
rl->unprocessed_rcds.epoch != rl->epoch &&
(rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
*is_next_epoch = 1;
- return &s->rlayer.d->next_bitmap;
+ return &rl->next_bitmap;
}
return NULL;
}
+static void dtls_set_in_init(OSSL_RECORD_LAYER *rl, int in_init)
+{
+ rl->in_init = in_init;
+}
+
static int dtls1_process_record(OSSL_RECORD_LAYER *rl, DTLS1_BITMAP *bitmap)
{
int i;
return 1;
}
-/* copy buffered record into SSL structure */
+/* copy buffered record into OSSL_RECORD_LAYER structure */
static int dtls_copy_rlayer_record(OSSL_RECORD_LAYER *rl, pitem *item)
{
DTLS_RLAYER_RECORD_DATA *rdata;
unsigned short version;
DTLS1_BITMAP *bitmap;
unsigned int is_next_epoch;
- /* TODO(RECLAYER): Remove me */
- SSL_CONNECTION *s = (SSL_CONNECTION *)rl->cbarg;
- SSL *ssl = SSL_CONNECTION_GET_SSL(s);
rl->num_recs = 0;
rl->curr_rec = 0;
* processed at this time.
*/
if (is_next_epoch) {
- if ((SSL_in_init(ssl) || ossl_statem_get_in_handshake(s))) {
+ if (rl->in_init) {
if (dtls_rlayer_buffer_record(rl,
&(rl->unprocessed_rcds),
rr->seq_num) < 0) {
(*retrl)->isdtls = 1;
(*retrl)->epoch = epoch;
+ (*retrl)->in_init = 1;
switch (vers) {
case DTLS_ANY_VERSION:
return ret;
}
-
-
const OSSL_RECORD_METHOD ossl_dtls_record_method = {
dtls_new_record_layer,
dtls_free,
NULL,
tls_set_first_handshake,
tls_set_max_pipelines,
+ dtls_set_in_init,
/*
* TODO(RECLAYER): Remove these. These function pointers are temporary hacks
tls_set_plain_alerts,
tls_set_first_handshake,
tls_set_max_pipelines,
+ NULL,
/*
* TODO(RECLAYER): Remove these. These function pointers are temporary hacks
size_t taglen;
- /* DTLS eceived handshake records (processed and unprocessed) */
+ /* DTLS received handshake records (processed and unprocessed) */
record_pqueue unprocessed_rcds;
record_pqueue processed_rcds;
+ /* records being received in the current epoch */
+ DTLS1_BITMAP bitmap;
+ /* renegotiation starts a new set of sequence numbers */
+ DTLS1_BITMAP next_bitmap;
+
+ /*
+ * Whether we are currently in a hanshake or not. Only maintained for DTLS
+ */
+ int in_init;
+
/* Callbacks */
void *cbarg;
OSSL_FUNC_rlayer_skip_early_data_fn *skip_early_data;
size_t packetlen);
size_t tls_get_packet_length(OSSL_RECORD_LAYER *rl);
void tls_reset_packet_length(OSSL_RECORD_LAYER *rl);
-int rlayer_setup_read_buffer(OSSL_RECORD_LAYER *rl);
\ No newline at end of file
+int rlayer_setup_read_buffer(OSSL_RECORD_LAYER *rl);
size_t bs, ctr, padnum, loop;
unsigned char padval;
const EVP_CIPHER *enc;
- /* TODO(RECLAYER): FIXME */
- SSL_CONNECTION *s = (SSL_CONNECTION *)rl->cbarg;
if (n_recs == 0) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
/* DTLS does not support pipelining */
unsigned char dtlsseq[8], *p = dtlsseq;
- s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :
- DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p);
+ s2n(rl->epoch, p);
memcpy(p, &seq[2], 6);
memcpy(buf[ctr], dtlsseq, 8);
} else {
unsigned char header[13];
int t;
int ret = 0;
- /* TODO(RECLAYER): FIXME */
- SSL_CONNECTION *ssl = (SSL_CONNECTION *)rl->cbarg;
hash = rl->md_ctx;
/* TODO(RECLAYER): FIX ME */
unsigned char dtlsseq[8], *p = dtlsseq;
- s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) :
- DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p);
+ s2n(rl->epoch, p);
memcpy(p, &seq[2], 6);
memcpy(header, dtlsseq, 8);
tls_set_plain_alerts,
tls_set_first_handshake,
tls_set_max_pipelines,
+ NULL,
/*
* TODO(RECLAYER): Remove these. These function pointers are temporary hacks
void (*set_plain_alerts)(OSSL_RECORD_LAYER *rl, int allow);
/*
- * Called immediately after creation of the recory layer if we are in a
+ * Called immediately after creation of the record layer if we are in a
* first handshake. Also called at the end of the first handshake
*/
void (*set_first_handshake)(OSSL_RECORD_LAYER *rl, int first);
*/
void (*set_max_pipelines)(OSSL_RECORD_LAYER *rl, size_t max_pipelines);
+ /*
+ * Called to tell the record layer whether we are currently "in init" or
+ * not. Default at creation of the record layer is "yes".
+ */
+ void (*set_in_init)(OSSL_RECORD_LAYER *rl, int in_init);
+
/*
* TODO(RECLAYER): Remove these. These function pointers are temporary hacks
* during the record layer refactoring. They need to be removed before the
{
s->statem.state = MSG_FLOW_UNINITED;
s->statem.hand_state = TLS_ST_BEFORE;
- s->statem.in_init = 1;
+ ossl_statem_set_in_init(s, 1);
s->statem.no_cert_verify = 0;
}
*/
void ossl_statem_set_renegotiate(SSL_CONNECTION *s)
{
- s->statem.in_init = 1;
+ ossl_statem_set_in_init(s, 1);
s->statem.request_state = TLS_ST_SW_HELLO_REQ;
}
/* We shouldn't call SSLfatal() twice. Once is enough */
if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
return;
- s->statem.in_init = 1;
+ ossl_statem_set_in_init(s, 1);
s->statem.state = MSG_FLOW_ERROR;
if (al != SSL_AD_NO_ALERT
&& s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
void ossl_statem_set_in_init(SSL_CONNECTION *s, int init)
{
s->statem.in_init = init;
+ if (s->rrlmethod != NULL && s->rrlmethod->set_in_init != NULL)
+ s->rrlmethod->set_in_init(s->rrl, init);
}
int ossl_statem_get_in_handshake(SSL_CONNECTION *s)
void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s)
{
s->statem.state = MSG_FLOW_UNINITED;
- s->statem.in_init = 1;
+ ossl_statem_set_in_init(s, 1);
/*
* This will get reset (briefly) back to TLS_ST_BEFORE when we enter
* state_machine() because |state| is MSG_FLOW_UNINITED, but until then any