BIO_ADDR_clear(client);
/* Buffer the record for use by the record layer */
- if (BIO_write(s->rrlnext, buf, n) != n) {
+ if (BIO_write(s->rlayer.rrlnext, buf, n) != n) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
ret = -1;
goto end;
/*
* Reset the record layer - but this time we can use the record we just
- * buffered in s->rrlnext
+ * buffered in s->rlayer.rrlnext
*/
if (!ssl_set_new_record_layer(s,
DTLS_ANY_VERSION,
rr = &sc->rlayer.tlsrecs[sc->rlayer.num_recs];
ret = HANDLE_RLAYER_RETURN(sc,
- sc->rrlmethod->read_record(sc->rrl, &rr->rechandle,
- &rr->version, &rr->type,
- &rr->data, &rr->length,
- &rr->epoch, rr->seq_num));
+ sc->rlayer.rrlmethod->read_record(sc->rlayer.rrl,
+ &rr->rechandle,
+ &rr->version, &rr->type,
+ &rr->data, &rr->length,
+ &rr->epoch, rr->seq_num));
if (ret <= 0) {
ret = dtls1_read_failed(sc, ret);
/*
}
rr->off = 0;
sc->rlayer.num_recs++;
- } while (sc->rrlmethod->processed_read_pending(sc->rrl)
+ } while (sc->rlayer.rrlmethod->processed_read_pending(sc->rlayer.rrl)
&& sc->rlayer.num_recs < SSL_MAX_PIPELINES);
}
rr = &sc->rlayer.tlsrecs[sc->rlayer.curr_rec];
}
ssl_release_record(sc, rr);
if (!(sc->mode & SSL_MODE_AUTO_RETRY)) {
- if (!sc->rrlmethod->unprocessed_read_pending(sc->rrl)) {
+ if (!sc->rlayer.rrlmethod->unprocessed_read_pending(sc->rlayer.rrl)) {
/* no read-ahead left? */
BIO *bio;
return -1;
if (!(sc->mode & SSL_MODE_AUTO_RETRY)) {
- if (!sc->rrlmethod->unprocessed_read_pending(sc->rrl)) {
+ if (!sc->rlayer.rrlmethod->unprocessed_read_pending(sc->rlayer.rrl)) {
/* no read-ahead left? */
BIO *bio;
/*
RECORD_LAYER_reset_read_sequence(rl);
RECORD_LAYER_reset_write_sequence(rl);
+ if (rl->rrlmethod != NULL)
+ rl->rrlmethod->free(rl->rrl); /* Ignore return value */
+ BIO_free(rl->rrlnext);
+ rl->rrlmethod = NULL;
+ rl->rrlnext = NULL;
+
if (rl->d)
DTLS_RECORD_LAYER_clear(rl);
}
/* Checks if we have unprocessed read ahead data pending */
int RECORD_LAYER_read_pending(const RECORD_LAYER *rl)
{
- return rl->s->rrlmethod->unprocessed_read_pending(rl->s->rrl);
+ return rl->rrlmethod->unprocessed_read_pending(rl->rrl);
}
/* Checks if we have decrypted unread record data pending */
int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl)
{
return (rl->curr_rec < rl->num_recs)
- || rl->s->rrlmethod->processed_read_pending(rl->s->rrl);
+ || rl->rrlmethod->processed_read_pending(rl->rrl);
}
int RECORD_LAYER_write_pending(const RECORD_LAYER *rl)
num += sc->rlayer.tlsrecs[i].length;
}
- num += sc->rrlmethod->app_data_pending(sc->rrl);
+ num += sc->rlayer.rrlmethod->app_data_pending(sc->rlayer.rrl);
return num;
}
if (sc == NULL)
return;
- sc->default_read_buf_len = len;
+ sc->rlayer.default_read_buf_len = len;
}
const char *SSL_rstate_string_long(const SSL *s)
} else if (ret == OSSL_RECORD_RETURN_FATAL) {
ERR_new();
ERR_set_debug(file, line, 0);
- ossl_statem_fatal(s, s->rrlmethod->get_alert_code(s->rrl),
+ ossl_statem_fatal(s, s->rlayer.rrlmethod->get_alert_code(s->rlayer.rrl),
SSL_R_RECORD_LAYER_FAILURE, NULL);
}
/*
{
if (rr->rechandle != NULL) {
/* The record layer allocated the buffers for this record */
- s->rrlmethod->release_record(s->rrl, rr->rechandle);
+ s->rlayer.rrlmethod->release_record(s->rlayer.rrl, rr->rechandle);
} else {
/* We allocated the buffers for this record (only happens with DTLS) */
OPENSSL_free(rr->data);
rr = &s->rlayer.tlsrecs[s->rlayer.num_recs];
ret = HANDLE_RLAYER_RETURN(s,
- s->rrlmethod->read_record(s->rrl, &rr->rechandle,
- &rr->version, &rr->type,
- &rr->data, &rr->length,
- NULL, NULL));
+ s->rlayer.rrlmethod->read_record(s->rlayer.rrl,
+ &rr->rechandle,
+ &rr->version, &rr->type,
+ &rr->data, &rr->length,
+ NULL, NULL));
if (ret <= 0) {
/* SSLfatal() already called if appropriate */
return ret;
}
rr->off = 0;
s->rlayer.num_recs++;
- } while (s->rrlmethod->processed_read_pending(s->rrl)
+ } while (s->rlayer.rrlmethod->processed_read_pending(s->rlayer.rrl)
&& s->rlayer.num_recs < SSL_MAX_PIPELINES);
}
rr = &s->rlayer.tlsrecs[s->rlayer.curr_rec];
#endif
/* Default to the current OSSL_RECORD_METHOD */
- return s->rrlmethod;
+ return s->rlayer.rrlmethod;
}
static int ssl_post_record_layer_select(SSL_CONNECTION *s)
#ifndef OPENSSL_NO_KTLS
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
- if (s->rrlmethod == &ossl_ktls_record_method) {
+ if (s->rlayer.rrlmethod == &ossl_ktls_record_method) {
/* KTLS does not support renegotiation so disallow it */
SSL_set_options(ssl, SSL_OP_NO_RENEGOTIATION);
}
#endif
- if (SSL_IS_FIRST_HANDSHAKE(s) && s->rrlmethod->set_first_handshake != NULL)
- s->rrlmethod->set_first_handshake(s->rrl, 1);
+ if (SSL_IS_FIRST_HANDSHAKE(s) && s->rlayer.rrlmethod->set_first_handshake != NULL)
+ s->rlayer.rrlmethod->set_first_handshake(s->rlayer.rrl, 1);
- if (s->max_pipelines != 0 && s->rrlmethod->set_max_pipelines != NULL)
- s->rrlmethod->set_max_pipelines(s->rrl, s->max_pipelines);
+ if (s->max_pipelines != 0 && s->rlayer.rrlmethod->set_max_pipelines != NULL)
+ s->rlayer.rrlmethod->set_max_pipelines(s->rlayer.rrl, s->max_pipelines);
return 1;
}
{
OSSL_PARAM options[5], *opts = options;
OSSL_PARAM settings[6], *set = settings;
- const OSSL_RECORD_METHOD *origmeth = s->rrlmethod;
+ const OSSL_RECORD_METHOD *origmeth = s->rlayer.rrlmethod;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
const OSSL_RECORD_METHOD *meth;
int use_etm, stream_mac = 0, tlstree = 0;
meth = ssl_select_next_record_layer(s, level);
- if (s->rrlmethod != NULL && !s->rrlmethod->free(s->rrl)) {
+ if (s->rlayer.rrlmethod != NULL && !s->rlayer.rrlmethod->free(s->rlayer.rrl)) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
if (meth != NULL)
- s->rrlmethod = meth;
+ s->rlayer.rrlmethod = meth;
- if (!ossl_assert(s->rrlmethod != NULL)) {
+ if (!ossl_assert(s->rlayer.rrlmethod != NULL)) {
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
*opts++ = OSSL_PARAM_construct_uint32(OSSL_LIBSSL_RECORD_LAYER_PARAM_MODE,
&s->mode);
*opts++ = OSSL_PARAM_construct_size_t(OSSL_LIBSSL_RECORD_LAYER_READ_BUFFER_LEN,
- &s->default_read_buf_len);
+ &s->rlayer.default_read_buf_len);
*opts++ = OSSL_PARAM_construct_int(OSSL_LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD,
&s->rlayer.read_ahead);
*opts = OSSL_PARAM_construct_end();
for (;;) {
int rlret;
- BIO *prev = s->rrlnext;
+ BIO *prev = s->rlayer.rrlnext;
unsigned int epoch = 0;;
if (SSL_CONNECTION_IS_DTLS(s)
epoch = DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer) + 1; /* new epoch */
if (SSL_CONNECTION_IS_DTLS(s))
- s->rrlnext = BIO_new(BIO_s_dgram_mem());
+ s->rlayer.rrlnext = BIO_new(BIO_s_dgram_mem());
else
- s->rrlnext = BIO_new(BIO_s_mem());
+ s->rlayer.rrlnext = BIO_new(BIO_s_mem());
- if (s->rrlnext == NULL) {
+ if (s->rlayer.rrlnext == NULL) {
BIO_free(prev);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
- rlret = s->rrlmethod->new_record_layer(sctx->libctx, sctx->propq,
- version, s->server, direction,
- level, epoch, key, keylen, iv,
- ivlen, mackey, mackeylen, ciph,
- taglen, mactype, md, comp, prev,
- s->rbio, s->rrlnext, NULL, NULL,
- settings, options,
- rlayer_dispatch, s, &s->rrl);
+ rlret = s->rlayer.rrlmethod->new_record_layer(sctx->libctx,
+ sctx->propq,
+ version, s->server,
+ direction, level, epoch,
+ key, keylen, iv, ivlen,
+ mackey, mackeylen, ciph,
+ taglen, mactype, md, comp,
+ prev, s->rbio,
+ s->rlayer.rrlnext, NULL,
+ NULL, settings, options,
+ rlayer_dispatch, s,
+ &s->rlayer.rrl);
BIO_free(prev);
switch (rlret) {
case OSSL_RECORD_RETURN_FATAL:
return 0;
case OSSL_RECORD_RETURN_NON_FATAL_ERR:
- if (s->rrlmethod != origmeth && origmeth != NULL) {
+ if (s->rlayer.rrlmethod != origmeth && origmeth != NULL) {
/*
* We tried a new record layer method, but it didn't work out,
* so we fallback to the original method and try again
*/
- s->rrlmethod = origmeth;
+ s->rlayer.rrlmethod = origmeth;
continue;
}
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_RECORD_LAYER);
typedef struct record_layer_st {
/* The parent SSL_CONNECTION structure */
SSL_CONNECTION *s;
+
+ /* Method to use for the read record layer*/
+ const OSSL_RECORD_METHOD *rrlmethod;
+ /* The read record layer object itself */
+ OSSL_RECORD_LAYER *rrl;
+ /* BIO to store data destined for the next read record layer epoch */
+ BIO *rrlnext;
+ /* Default read buffer length to be passed to the record layer */
+ size_t default_read_buf_len;
+
/*
* Read as many input bytes as possible (for
* non-blocking reads)
}
RECORD_LAYER_clear(&sc->rlayer);
- BIO_free(sc->rrlnext);
- sc->rrlnext = NULL;
+ BIO_free(sc->rlayer.rrlnext);
+ sc->rlayer.rrlnext = NULL;
if (!ssl_set_new_record_layer(sc,
SSL_CONNECTION_IS_DTLS(sc) ? DTLS_ANY_VERSION : TLS_ANY_VERSION,
s->max_send_fragment = ctx->max_send_fragment;
s->split_send_fragment = ctx->split_send_fragment;
s->max_pipelines = ctx->max_pipelines;
- s->default_read_buf_len = ctx->default_read_buf_len;
+ s->rlayer.default_read_buf_len = ctx->default_read_buf_len;
s->ext.debug_cb = 0;
s->ext.debug_arg = NULL;
if (s == NULL)
return;
- if (s->rrlmethod != NULL)
- s->rrlmethod->free(s->rrl); /* Ignore return value */
- BIO_free(s->rrlnext);
-
X509_VERIFY_PARAM_free(s->param);
dane_final(&s->dane);
- RECORD_LAYER_release(&s->rlayer);
+ RECORD_LAYER_clear(&s->rlayer);
/* Ignore return value */
ssl_free_wbio_buffer(s);
BIO_free_all(sc->rbio);
sc->rbio = rbio;
- sc->rrlmethod->set1_bio(sc->rrl, sc->rbio);
+ sc->rlayer.rrlmethod->set1_bio(sc->rlayer.rrl, sc->rbio);
}
void SSL_set0_wbio(SSL *s, BIO *wbio)
if (larg < 1 || larg > SSL_MAX_PIPELINES)
return 0;
sc->max_pipelines = larg;
- if (sc->rrlmethod->set_max_pipelines != NULL)
- sc->rrlmethod->set_max_pipelines(sc->rrl, (size_t)larg);
+ if (sc->rlayer.rrlmethod->set_max_pipelines != NULL)
+ sc->rlayer.rrlmethod->set_max_pipelines(sc->rlayer.rrl, (size_t)larg);
return 1;
case SSL_CTRL_GET_RI_SUPPORT:
return sc->s3.send_connection_binding;
*/
int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
- /* Old RECORD_LAYER structure - to be removed eventually */
+ /* Record layer data */
RECORD_LAYER rlayer;
- /* New read direciton OSSL_RECORD_LAYER - to replace rlayer above */
- const OSSL_RECORD_METHOD *rrlmethod;
- /* The read direction record layer */
- OSSL_RECORD_LAYER *rrl;
- /* BIO to store data destined for the next record layer epoch */
- BIO *rrlnext;
- /* Default read buffer length to be passed to the record layer */
- size_t default_read_buf_len;
-
/* Default password callback. */
pem_password_cb *default_passwd_callback;
/* Default password callback user data. */
/* We just set it here. We validate it in ssl_choose_client_version */
s->version = version;
- s->rrlmethod->set_protocol_version(s->rrl, version);
+ s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, version);
return 1;
}
void ossl_statem_set_in_init(SSL_CONNECTION *s, int init)
{
s->statem.in_init = init;
- if (s->rrlmethod != NULL && s->rrlmethod->set_in_init != NULL)
- s->rrlmethod->set_in_init(s->rrl, init);
+ if (s->rlayer.rrlmethod != NULL && s->rlayer.rrlmethod->set_in_init != NULL)
+ s->rlayer.rrlmethod->set_in_init(s->rlayer.rrl, init);
}
int ossl_statem_get_in_handshake(SSL_CONNECTION *s)
}
s->hello_retry_request = SSL_HRR_PENDING;
/* Tell the record layer that we know we're going to get TLSv1.3 */
- s->rrlmethod->set_protocol_version(s->rrl, s->version);
+ s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, s->version);
hrr = 1;
if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH);
* no longer tolerate unencrypted alerts. This is ignored if less than
* TLSv1.3
*/
- if (s->rrlmethod->set_plain_alerts != NULL)
- s->rrlmethod->set_plain_alerts(s->rrl, 0);
+ if (s->rlayer.rrlmethod->set_plain_alerts != NULL)
+ s->rlayer.rrlmethod->set_plain_alerts(s->rlayer.rrl, 0);
if (s->post_handshake_auth != SSL_PHA_REQUESTED)
s->statem.cleanuphand = 1;
if (SSL_CONNECTION_IS_TLS13(s)
if (was_first
&& !SSL_IS_FIRST_HANDSHAKE(s)
- && s->rrlmethod->set_first_handshake != NULL)
- s->rrlmethod->set_first_handshake(s->rrl, 0);
+ && s->rlayer.rrlmethod->set_first_handshake != NULL)
+ s->rlayer.rrlmethod->set_first_handshake(s->rlayer.rrl, 0);
return MSG_PROCESS_FINISHED_READING;
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;
ssl->method = best_method;
- if (!s->rrlmethod->set_protocol_version(s->rrl, best_vers))
+ if (!s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl,
+ best_vers))
return ERR_R_INTERNAL_ERROR;
return 0;
check_for_downgrade(s, vent->version, dgrd);
s->version = vent->version;
ssl->method = method;
- if (!s->rrlmethod->set_protocol_version(s->rrl, s->version))
+ if (!s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl,
+ s->version))
return ERR_R_INTERNAL_ERROR;
return 0;
* versions they don't want. If not, then easy to fix, just return
* ssl_method_error(s, s->method)
*/
- if (!s->rrlmethod->set_protocol_version(s->rrl, s->version)) {
+ if (!s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl,
+ s->version)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
continue;
ssl->method = vent->cmeth();
- if (!s->rrlmethod->set_protocol_version(s->rrl, s->version)) {
+ if (!s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl,
+ s->version)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
* we read the ServerHello. So we need to tell the record layer
* about this immediately.
*/
- s->rrlmethod->set_protocol_version(s->rrl, ver_max);
+ s->rlayer.rrlmethod->set_protocol_version(s->rlayer.rrl, ver_max);
}
} else if (ver_max > TLS1_2_VERSION) {
/* TLS1.3 always uses TLS1.2 in the legacy_version field */
* is an unencrypted alert, an encrypted alert, or an encrypted
* handshake message. We temporarily tolerate unencrypted alerts.
*/
- if (s->rrlmethod->set_plain_alerts != NULL)
- s->rrlmethod->set_plain_alerts(s->rrl, 1);
+ if (s->rlayer.rrlmethod->set_plain_alerts != NULL)
+ s->rlayer.rrlmethod->set_plain_alerts(s->rlayer.rrl, 1);
break;
}
* To get this far we must have read encrypted data from the client. We no
* longer tolerate unencrypted alerts. This is ignored if less than TLSv1.3
*/
- if (s->rrlmethod->set_plain_alerts != NULL)
- s->rrlmethod->set_plain_alerts(s->rrl, 0);
+ if (s->rlayer.rrlmethod->set_plain_alerts != NULL)
+ s->rlayer.rrlmethod->set_plain_alerts(s->rlayer.rrl, 0);
if ((sk = sk_X509_new_null()) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
cbuf[0] = count++;
memcpy(crec_wseq_before, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
- memcpy(crec_rseq_before, &clientsc->rrl->sequence, SEQ_NUM_SIZE);
+ memcpy(crec_rseq_before, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_before, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
- memcpy(srec_rseq_before, &serversc->rrl->sequence, SEQ_NUM_SIZE);
+ memcpy(srec_rseq_before, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf)))
goto end;
}
memcpy(crec_wseq_after, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE);
- memcpy(crec_rseq_after, &clientsc->rrl->sequence, SEQ_NUM_SIZE);
+ memcpy(crec_rseq_after, &clientsc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
memcpy(srec_wseq_after, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE);
- memcpy(srec_rseq_after, &serversc->rrl->sequence, SEQ_NUM_SIZE);
+ memcpy(srec_rseq_after, &serversc->rlayer.rrl->sequence, SEQ_NUM_SIZE);
/* verify the payload */
if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf)))