ENDIF
SOURCE[../../libssl]=\
- rec_layer_s3.c rec_layer_d1.c ssl3_record.c
+ rec_layer_s3.c rec_layer_d1.c
DEFINE[../../libssl]=$AESDEF
unsigned char max_seq_num[SEQ_NUM_SIZE];
} DTLS_BITMAP;
+typedef struct ssl_mac_buf_st {
+ unsigned char *mac;
+ int alloced;
+} SSL_MAC_BUF;
+
+typedef struct ssl3_buffer_st {
+ /* at least SSL3_RT_MAX_PACKET_SIZE bytes */
+ unsigned char *buf;
+ /* default buffer size (or 0 if no default set) */
+ size_t default_len;
+ /* buffer size */
+ size_t len;
+ /* where to 'copy from' */
+ size_t offset;
+ /* how many bytes left */
+ size_t left;
+ /* 'buf' is from application for KTLS */
+ int app_buffer;
+ /* The type of data stored in this buffer. Only used for writing */
+ int type;
+} SSL3_BUFFER;
+
+typedef struct ssl3_record_st {
+ /* Record layer version */
+ /* r */
+ int rec_version;
+ /* type of record */
+ /* r */
+ int type;
+ /* How many bytes available */
+ /* rw */
+ size_t length;
+ /*
+ * How many bytes were available before padding was removed? This is used
+ * to implement the MAC check in constant time for CBC records.
+ */
+ /* rw */
+ size_t orig_len;
+ /* read/write offset into 'buf' */
+ /* r */
+ size_t off;
+ /* pointer to the record data */
+ /* rw */
+ unsigned char *data;
+ /* where the decode bytes are */
+ /* rw */
+ unsigned char *input;
+ /* only used with decompression - malloc()ed */
+ /* r */
+ unsigned char *comp;
+ /* epoch number, needed by DTLS1 */
+ /* r */
+ uint16_t epoch;
+ /* sequence number, needed by DTLS1 */
+ /* r */
+ unsigned char seq_num[SEQ_NUM_SIZE];
+} SSL3_RECORD;
+
+/* Macros/functions provided by the SSL3_RECORD component */
+
+#define SSL3_RECORD_set_type(r, t) ((r)->type = (t))
+#define SSL3_RECORD_set_rec_version(r, v) ((r)->rec_version = (v))
+#define SSL3_RECORD_get_length(r) ((r)->length)
+#define SSL3_RECORD_set_length(r, l) ((r)->length = (l))
+#define SSL3_RECORD_add_length(r, l) ((r)->length += (l))
+#define SSL3_RECORD_set_data(r, d) ((r)->data = (d))
+#define SSL3_RECORD_set_input(r, i) ((r)->input = (i))
+#define SSL3_RECORD_reset_input(r) ((r)->input = (r)->data)
+
+
/* Protocol version specific function pointers */
struct record_functions_st
{
|| (rl)->version == TLS1_2_VERSION \
|| (rl)->isdtls)
+void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num);
+
int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *ciph,
const EVP_MD *md);
+
+/* tls_pad.c */
+int ssl3_cbc_remove_padding_and_mac(size_t *reclen,
+ size_t origreclen,
+ unsigned char *recdata,
+ unsigned char **mac,
+ int *alloced,
+ size_t block_size, size_t mac_size,
+ OSSL_LIB_CTX *libctx);
+
+int tls1_cbc_remove_padding_and_mac(size_t *reclen,
+ size_t origreclen,
+ unsigned char *recdata,
+ unsigned char **mac,
+ int *alloced,
+ size_t block_size, size_t mac_size,
+ int aead,
+ OSSL_LIB_CTX *libctx);
+
/* ssl3_cbc.c */
__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
__owur int ssl3_cbc_digest_record(const EVP_MD *md,
b->buf = NULL;
}
+static void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs)
+{
+ size_t i;
+
+ for (i = 0; i < num_recs; i++) {
+ OPENSSL_free(r[i].comp);
+ r[i].comp = NULL;
+ }
+}
+
+void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
+{
+ memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE);
+}
+
void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
const char *fmt, ...)
{
#include "../record_local.h"
#include "recmethod_local.h"
+#define MIN_SSL2_RECORD_LEN 9
+
static int tls_any_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
unsigned char *key, size_t keylen,
unsigned char *iv, size_t ivlen,
d->buffered_app_data.q = buffered_app_data;
}
-int dtls_buffer_record(SSL_CONNECTION *s, TLS_RECORD *rec)
+static int dtls_buffer_record(SSL_CONNECTION *s, TLS_RECORD *rec)
{
TLS_RECORD *rdata;
pitem *item;
return rl->wpend_tot > 0;
}
+static uint32_t ossl_get_max_early_data(SSL_CONNECTION *s)
+{
+ uint32_t max_early_data;
+ SSL_SESSION *sess = s->session;
+
+ /*
+ * If we are a client then we always use the max_early_data from the
+ * session/psksession. Otherwise we go with the lowest out of the max early
+ * data set in the session and the configured max_early_data.
+ */
+ if (!s->server && sess->ext.max_early_data == 0) {
+ if (!ossl_assert(s->psksession != NULL
+ && s->psksession->ext.max_early_data > 0)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ sess = s->psksession;
+ }
+
+ if (!s->server)
+ max_early_data = sess->ext.max_early_data;
+ else if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
+ max_early_data = s->recv_max_early_data;
+ else
+ max_early_data = s->recv_max_early_data < sess->ext.max_early_data
+ ? s->recv_max_early_data : sess->ext.max_early_data;
+
+ return max_early_data;
+}
+
+static int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length,
+ size_t overhead, int send)
+{
+ uint32_t max_early_data;
+
+ max_early_data = ossl_get_max_early_data(s);
+
+ if (max_early_data == 0) {
+ SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
+ SSL_R_TOO_MUCH_EARLY_DATA);
+ return 0;
+ }
+
+ /* If we are dealing with ciphertext we need to allow for the overhead */
+ max_early_data += overhead;
+
+ if (s->early_data_count + length > max_early_data) {
+ SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
+ SSL_R_TOO_MUCH_EARLY_DATA);
+ return 0;
+ }
+ s->early_data_count += length;
+
+ return 1;
+}
+
size_t ssl3_pending(const SSL *s)
{
size_t i, num = 0;
*/
typedef struct ssl_connection_st SSL_CONNECTION;
-typedef struct ssl3_buffer_st SSL3_BUFFER;
#include <openssl/core_dispatch.h>
#include "recordmethod.h"
* *
*****************************************************************************/
-struct ssl3_buffer_st {
- /* at least SSL3_RT_MAX_PACKET_SIZE bytes */
- unsigned char *buf;
- /* default buffer size (or 0 if no default set) */
- size_t default_len;
- /* buffer size */
- size_t len;
- /* where to 'copy from' */
- size_t offset;
- /* how many bytes left */
- size_t left;
- /* 'buf' is from application for KTLS */
- int app_buffer;
- /* The type of data stored in this buffer. Only used for writing */
- int type;
-};
-
#define SEQ_NUM_SIZE 8
-typedef struct ssl3_record_st {
- /* Record layer version */
- /* r */
- int rec_version;
- /* type of record */
- /* r */
- int type;
- /* How many bytes available */
- /* rw */
- size_t length;
- /*
- * How many bytes were available before padding was removed? This is used
- * to implement the MAC check in constant time for CBC records.
- */
- /* rw */
- size_t orig_len;
- /* read/write offset into 'buf' */
- /* r */
- size_t off;
- /* pointer to the record data */
- /* rw */
- unsigned char *data;
- /* where the decode bytes are */
- /* rw */
- unsigned char *input;
- /* only used with decompression - malloc()ed */
- /* r */
- unsigned char *comp;
- /* epoch number, needed by DTLS1 */
- /* r */
- uint16_t epoch;
- /* sequence number, needed by DTLS1 */
- /* r */
- unsigned char seq_num[SEQ_NUM_SIZE];
-} SSL3_RECORD;
-
typedef struct tls_record_st {
void *rechandle;
int version;
* *
*****************************************************************************/
-struct ssl_mac_buf_st {
- unsigned char *mac;
- int alloced;
-};
-typedef struct ssl_mac_buf_st SSL_MAC_BUF;
-
-#define MIN_SSL2_RECORD_LEN 9
-
#define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra))
#define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead)
-#define RECORD_LAYER_get_packet(rl) ((rl)->packet)
-#define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc))
#define DTLS_RECORD_LAYER_get_w_epoch(rl) ((rl)->d->w_epoch)
-#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf)
-#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf)
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL_CONNECTION *s);
void RECORD_LAYER_clear(RECORD_LAYER *rl);
int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl);
void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
-void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
unsigned char *buf, size_t len, int peek,
size_t *readbytes);
/* Functions/macros provided by the RECORD_LAYER component */
-#define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence)
-#define RECORD_LAYER_inc_empty_record_count(rl) ((rl)->empty_record_count++)
-#define RECORD_LAYER_reset_empty_record_count(rl) \
- ((rl)->empty_record_count = 0)
-#define RECORD_LAYER_get_empty_record_count(rl) ((rl)->empty_record_count)
#define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch)
-
-int dtls_buffer_record(SSL_CONNECTION *s, TLS_RECORD *rec);
-
-/* Macros/functions provided by the SSL3_RECORD component */
-
-#define SSL3_RECORD_get_type(r) ((r)->type)
-#define SSL3_RECORD_set_type(r, t) ((r)->type = (t))
-#define SSL3_RECORD_set_rec_version(r, v) ((r)->rec_version = (v))
-#define SSL3_RECORD_get_length(r) ((r)->length)
-#define SSL3_RECORD_set_length(r, l) ((r)->length = (l))
-#define SSL3_RECORD_add_length(r, l) ((r)->length += (l))
-#define SSL3_RECORD_sub_length(r, l) ((r)->length -= (l))
-#define SSL3_RECORD_get_data(r) ((r)->data)
-#define SSL3_RECORD_set_data(r, d) ((r)->data = (d))
-#define SSL3_RECORD_get_input(r) ((r)->input)
-#define SSL3_RECORD_set_input(r, i) ((r)->input = (i))
-#define SSL3_RECORD_reset_input(r) ((r)->input = (r)->data)
-#define SSL3_RECORD_reset_data(r) ((r)->data = (r)->input)
-#define SSL3_RECORD_get_seq_num(r) ((r)->seq_num)
-#define SSL3_RECORD_get_off(r) ((r)->off)
-#define SSL3_RECORD_set_off(r, o) ((r)->off = (o))
-#define SSL3_RECORD_add_off(r, o) ((r)->off += (o))
-#define SSL3_RECORD_get_epoch(r) ((r)->epoch)
-
-void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs);
-void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num);
-__owur int ssl3_do_compress(SSL_CONNECTION *ssl, SSL3_RECORD *wr);
-__owur int ssl3_do_uncompress(SSL_CONNECTION *ssl, SSL3_RECORD *rr);
-__owur int ssl3_cbc_remove_padding_and_mac(size_t *reclen,
- size_t origreclen,
- unsigned char *recdata,
- unsigned char **mac,
- int *alloced,
- size_t block_size, size_t mac_size,
- OSSL_LIB_CTX *libctx);
-__owur int tls1_cbc_remove_padding_and_mac(size_t *reclen,
- size_t origreclen,
- unsigned char *recdata,
- unsigned char **mac,
- int *alloced,
- size_t block_size, size_t mac_size,
- int aead,
- OSSL_LIB_CTX *libctx);
-uint32_t ossl_get_max_early_data(SSL_CONNECTION *s);
-int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length, size_t overhead,
- int send);
+++ /dev/null
-/*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <assert.h>
-#include "../ssl_local.h"
-#include <openssl/trace.h>
-#include <openssl/rand.h>
-#include <openssl/core_names.h>
-#include "record_local.h"
-#include "internal/cryptlib.h"
-
-void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs)
-{
- size_t i;
-
- for (i = 0; i < num_recs; i++) {
- OPENSSL_free(r[i].comp);
- r[i].comp = NULL;
- }
-}
-
-void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
-{
- memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE);
-}
-
-uint32_t ossl_get_max_early_data(SSL_CONNECTION *s)
-{
- uint32_t max_early_data;
- SSL_SESSION *sess = s->session;
-
- /*
- * If we are a client then we always use the max_early_data from the
- * session/psksession. Otherwise we go with the lowest out of the max early
- * data set in the session and the configured max_early_data.
- */
- if (!s->server && sess->ext.max_early_data == 0) {
- if (!ossl_assert(s->psksession != NULL
- && s->psksession->ext.max_early_data > 0)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return 0;
- }
- sess = s->psksession;
- }
-
- if (!s->server)
- max_early_data = sess->ext.max_early_data;
- else if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
- max_early_data = s->recv_max_early_data;
- else
- max_early_data = s->recv_max_early_data < sess->ext.max_early_data
- ? s->recv_max_early_data : sess->ext.max_early_data;
-
- return max_early_data;
-}
-
-int ossl_early_data_count_ok(SSL_CONNECTION *s, size_t length, size_t overhead,
- int send)
-{
- uint32_t max_early_data;
-
- max_early_data = ossl_get_max_early_data(s);
-
- if (max_early_data == 0) {
- SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
- SSL_R_TOO_MUCH_EARLY_DATA);
- return 0;
- }
-
- /* If we are dealing with ciphertext we need to allow for the overhead */
- max_early_data += overhead;
-
- if (s->early_data_count + length > max_early_data) {
- SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
- SSL_R_TOO_MUCH_EARLY_DATA);
- return 0;
- }
- s->early_data_count += length;
-
- return 1;
-}
projects / openssl.git / commitdiff