1 /* 2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <openssl/core_dispatch.h> 11 #include "internal/recordmethod.h" 12 13 /***************************************************************************** 14 * * 15 * These structures should be considered PRIVATE to the record layer. No * 16 * non-record layer code should be using these structures in any way. * 17 * * 18 *****************************************************************************/ 19 20 #define SEQ_NUM_SIZE 8 21 22 typedef struct tls_record_st { 23 void *rechandle; 24 int version; 25 uint8_t type; 26 /* The data buffer containing bytes from the record */ 27 const unsigned char *data; 28 /* 29 * Buffer that we allocated to store data. If non NULL always the same as 30 * data (but non-const) 31 */ 32 unsigned char *allocdata; 33 /* Number of remaining to be read in the data buffer */ 34 size_t length; 35 /* Offset into the data buffer where to start reading */ 36 size_t off; 37 /* epoch number. DTLS only */ 38 uint16_t epoch; 39 /* sequence number. DTLS only */ 40 unsigned char seq_num[SEQ_NUM_SIZE]; 41 #ifndef OPENSSL_NO_SCTP 42 struct bio_dgram_sctp_rcvinfo recordinfo; 43 #endif 44 } TLS_RECORD; 45 46 typedef struct dtls_record_layer_st { 47 /* 48 * The current data and handshake epoch. This is initially 49 * undefined, and starts at zero once the initial handshake is 50 * completed 51 */ 52 uint16_t r_epoch; 53 uint16_t w_epoch; 54 55 /* 56 * Buffered application records. Only for records between CCS and 57 * Finished to prevent either protocol violation or unnecessary message 58 * loss. 59 */ 60 struct pqueue_st *buffered_app_data; 61 } DTLS_RECORD_LAYER; 62 63 /***************************************************************************** 64 * * 65 * This structure should be considered "opaque" to anything outside of the * 66 * record layer. No non-record layer code should be accessing the members of * 67 * this structure. * 68 * * 69 *****************************************************************************/ 70 71 typedef struct record_layer_st { 72 /* The parent SSL_CONNECTION structure */ 73 SSL_CONNECTION *s; 74 75 /* Custom record layer: always selected if set */ 76 const OSSL_RECORD_METHOD *custom_rlmethod; 77 /* Record layer specific argument */ 78 void *rlarg; 79 /* Method to use for the read record layer*/ 80 const OSSL_RECORD_METHOD *rrlmethod; 81 /* Method to use for the write record layer*/ 82 const OSSL_RECORD_METHOD *wrlmethod; 83 /* The read record layer object itself */ 84 OSSL_RECORD_LAYER *rrl; 85 /* The write record layer object itself */ 86 OSSL_RECORD_LAYER *wrl; 87 /* BIO to store data destined for the next read record layer epoch */ 88 BIO *rrlnext; 89 /* Default read buffer length to be passed to the record layer */ 90 size_t default_read_buf_len; 91 92 /* 93 * Read as many input bytes as possible (for 94 * non-blocking reads) 95 */ 96 int read_ahead; 97 98 /* number of bytes sent so far */ 99 size_t wnum; 100 unsigned char handshake_fragment[4]; 101 size_t handshake_fragment_len; 102 /* partial write - check the numbers match */ 103 /* number bytes written */ 104 size_t wpend_tot; 105 uint8_t wpend_type; 106 const unsigned char *wpend_buf; 107 108 /* Count of the number of consecutive warning alerts received */ 109 unsigned int alert_count; 110 DTLS_RECORD_LAYER *d; 111 112 /* TLS1.3 padding callback */ 113 size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg); 114 void *record_padding_arg; 115 size_t block_padding; 116 size_t hs_padding; 117 118 /* How many records we have read from the record layer */ 119 size_t num_recs; 120 /* The next record from the record layer that we need to process */ 121 size_t curr_rec; 122 /* Record layer data to be processed */ 123 TLS_RECORD tlsrecs[SSL_MAX_PIPELINES]; 124 125 } RECORD_LAYER; 126 127 /***************************************************************************** 128 * * 129 * The following macros/functions represent the libssl internal API to the * 130 * record layer. Any libssl code may call these functions/macros * 131 * * 132 *****************************************************************************/ 133 134 #define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra)) 135 #define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead) 136 137 void RECORD_LAYER_init(RECORD_LAYER *rl, SSL_CONNECTION *s); 138 int RECORD_LAYER_clear(RECORD_LAYER *rl); 139 int RECORD_LAYER_reset(RECORD_LAYER *rl); 140 int RECORD_LAYER_read_pending(const RECORD_LAYER *rl); 141 int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl); 142 int RECORD_LAYER_write_pending(const RECORD_LAYER *rl); 143 int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl); 144 __owur size_t ssl3_pending(const SSL *s); 145 __owur int ssl3_write_bytes(SSL *s, uint8_t type, const void *buf, size_t len, 146 size_t *written); 147 __owur int ssl3_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type, 148 unsigned char *buf, size_t len, int peek, 149 size_t *readbytes); 150 151 int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl); 152 void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl); 153 void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl); 154 __owur int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type, 155 unsigned char *buf, size_t len, int peek, 156 size_t *readbytes); 157 __owur int dtls1_write_bytes(SSL_CONNECTION *s, uint8_t type, const void *buf, 158 size_t len, size_t *written); 159 int do_dtls1_write(SSL_CONNECTION *s, uint8_t type, const unsigned char *buf, 160 size_t len, size_t *written); 161 void dtls1_increment_epoch(SSL_CONNECTION *s, int rw); 162 uint16_t dtls1_get_epoch(SSL_CONNECTION *s, int rw); 163 int ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr, size_t length); 164 165 # define HANDLE_RLAYER_READ_RETURN(s, ret) \ 166 ossl_tls_handle_rlayer_return(s, 0, ret, OPENSSL_FILE, OPENSSL_LINE) 167 168 # define HANDLE_RLAYER_WRITE_RETURN(s, ret) \ 169 ossl_tls_handle_rlayer_return(s, 1, ret, OPENSSL_FILE, OPENSSL_LINE) 170 171 int ossl_tls_handle_rlayer_return(SSL_CONNECTION *s, int writing, int ret, 172 char *file, int line); 173 174 int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, 175 int direction, int level, 176 unsigned char *secret, size_t secretlen, 177 unsigned char *key, size_t keylen, 178 unsigned char *iv, size_t ivlen, 179 unsigned char *mackey, size_t mackeylen, 180 const EVP_CIPHER *ciph, size_t taglen, 181 int mactype, const EVP_MD *md, 182 const SSL_COMP *comp, const EVP_MD *kdfdigest); 183 int ssl_set_record_protocol_version(SSL_CONNECTION *s, int vers); 184 185 # define OSSL_FUNC_RLAYER_SKIP_EARLY_DATA 1 186 OSSL_CORE_MAKE_FUNC(int, rlayer_skip_early_data, (void *cbarg)) 187 # define OSSL_FUNC_RLAYER_MSG_CALLBACK 2 188 OSSL_CORE_MAKE_FUNC(void, rlayer_msg_callback, (int write_p, int version, 189 int content_type, 190 const void *buf, size_t len, 191 void *cbarg)) 192 # define OSSL_FUNC_RLAYER_SECURITY 3 193 OSSL_CORE_MAKE_FUNC(int, rlayer_security, (void *cbarg, int op, int bits, 194 int nid, void *other)) 195 # define OSSL_FUNC_RLAYER_PADDING 4 196 OSSL_CORE_MAKE_FUNC(size_t, rlayer_padding, (void *cbarg, int type, size_t len)) 197
