Enable the record layer to call the ssl_security callback

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h
index dc5e67d84f7efc45ca9bfbb53eefacbb1fb8d6ef..9284783b368363391979e4090086a8604e3bd5a1 100644 (file)
--- a/ssl/record/methods/recmethod_local.h
+++ b/ssl/record/methods/recmethod_local.h
@@ -172,6 +172,7 @@ struct ossl_record_layer_st
     void *cbarg;
     OSSL_FUNC_rlayer_skip_early_data_fn *skip_early_data;
     OSSL_FUNC_rlayer_msg_callback_fn *msg_callback;
+    OSSL_FUNC_rlayer_security_fn *security;
 
     /* Function pointers for version specific functions */
     struct record_functions_st *funcs;

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 29da7a11adf8cfb0ee1e9ef92aba2f8fd0bb0e18..a5a0b08af0fa64b183ae3b11abbc7350ac79319e 100644 (file)
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -90,12 +90,8 @@ static int rlayer_allow_compression(OSSL_RECORD_LAYER *rl)
 {
     if (rl->options & SSL_OP_NO_COMPRESSION)
         return 0;
-# if 0
-    /* TODO(RECLAYER): Implement ssl_security inside the record layer */
-    return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL);
-# else
-    return 1;
-# endif
+
+    return rl->security(rl->cbarg, SSL_SECOP_COMPRESSION, 0, 0, NULL);
 }
 #endif
 
@@ -1132,6 +1128,9 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
         case OSSL_FUNC_RLAYER_MSG_CALLBACK:
             rl->msg_callback = OSSL_FUNC_rlayer_msg_callback(fns);
             break;
+        case OSSL_FUNC_RLAYER_SECURITY:
+            rl->security = OSSL_FUNC_rlayer_security(fns);
+            break;
         default:
             /* Just ignore anything we don't understand */
             break;

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index f12599e8c51f8edf28c3d7442957b3a9b302f754..b49bf30de18e71b1c63d86095ee2365839957e3d 100644 (file)
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1749,6 +1749,7 @@ size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
     return SSL3_RECORD_get_length(&rl->rrec[0]);
 }
 
+static OSSL_FUNC_rlayer_msg_callback_fn rlayer_msg_callback_wrapper;
 static void rlayer_msg_callback_wrapper(int write_p, int version,
                                         int content_type, const void *buf,
                                         size_t len, void *cbarg)
@@ -1761,9 +1762,19 @@ static void rlayer_msg_callback_wrapper(int write_p, int version,
                         s->msg_callback_arg);
 }
 
+static OSSL_FUNC_rlayer_security_fn rlayer_security_wrapper;
+static int rlayer_security_wrapper(void *cbarg, int op, int bits, int nid,
+                                   void *other)
+{
+    SSL_CONNECTION *s = cbarg;
+
+    return ssl_security(s, op, bits, nid, other);
+}
+
 static const OSSL_DISPATCH rlayer_dispatch[] = {
     { OSSL_FUNC_RLAYER_SKIP_EARLY_DATA, (void (*)(void))ossl_statem_skip_early_data },
     { OSSL_FUNC_RLAYER_MSG_CALLBACK, (void (*)(void))rlayer_msg_callback_wrapper },
+    { OSSL_FUNC_RLAYER_SECURITY, (void (*)(void))rlayer_security_wrapper },
     { 0, NULL }
 };
 

diff --git a/ssl/record/record.h b/ssl/record/record.h
index d3bb1a8979281b7c0a0f3d0429d9c8c9fca9c8f3..51d96f26069fa269c2abbc2f880982e765c63cf4 100644 (file)
--- a/ssl/record/record.h
+++ b/ssl/record/record.h
@@ -299,3 +299,6 @@ OSSL_CORE_MAKE_FUNC(void, rlayer_msg_callback, (int write_p, int version,
                                                 int content_type,
                                                 const void *buf, size_t len,
                                                 void *cbarg))
+# define OSSL_FUNC_RLAYER_SECURITY               3
+OSSL_CORE_MAKE_FUNC(int, rlayer_security, (void *cbarg, int op, int bits,
+                                           int nid, void *other))