openssl/ssl/record/methods/recmethod_local.h

480 lines
19 KiB
C
Raw Normal View History

/*
* Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "../../ssl_local.h"
#include "../record_local.h"
typedef struct dtls_bitmap_st {
/* Track 64 packets */
uint64_t map;
/* Max record number seen so far, 64-bit value in big-endian encoding */
unsigned char max_seq_num[SEQ_NUM_SIZE];
} DTLS_BITMAP;
/* Protocol version specific function pointers */
struct record_functions_st
{
/*
* Returns either OSSL_RECORD_RETURN_SUCCESS, OSSL_RECORD_RETURN_FATAL or
* OSSL_RECORD_RETURN_NON_FATAL_ERR if we can keep trying to find an
* alternative record layer.
*/
int (*set_crypto_state)(OSSL_RECORD_LAYER *rl, int level,
unsigned char *key, size_t keylen,
unsigned char *iv, size_t ivlen,
unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph,
size_t taglen,
int mactype,
const EVP_MD *md,
COMP_METHOD *comp);
/*
* Returns:
* 0: if the record is publicly invalid, or an internal error, or AEAD
* decryption failed, or EtM decryption failed.
* 1: Success or MtE decryption failed (MAC will be randomised)
*/
int (*cipher)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *recs, size_t n_recs,
int sending, SSL_MAC_BUF *macs, size_t macsize);
/* Returns 1 for success or 0 for error */
int (*mac)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec, unsigned char *md,
int sending);
/* Return 1 for success or 0 for error */
int (*set_protocol_version)(OSSL_RECORD_LAYER *rl, int version);
/* Read related functions */
int (*read_n)(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
int clearold, size_t *readbytes);
int (*get_more_records)(OSSL_RECORD_LAYER *rl);
/* Return 1 for success or 0 for error */
int (*validate_record_header)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec);
/* Return 1 for success or 0 for error */
int (*post_process_record)(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec);
/* Write related functions */
size_t (*get_max_records)(OSSL_RECORD_LAYER *rl, int type, size_t len,
size_t maxfrag, size_t *preffrag);
/* Return 1 for success or 0 for error */
int (*write_records)(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates,
size_t numtempl);
/* Allocate the rl->wbuf buffers. Return 1 for success or 0 for error */
int (*allocate_write_buffers)(OSSL_RECORD_LAYER *rl,
OSSL_RECORD_TEMPLATE *templates,
size_t numtempl, size_t *prefix);
/*
* Initialise the packets in the |pkt| array using the buffers in |rl->wbuf|.
* Some protocol versions may use the space in |prefixtempl| to add
* an artificial template in front of the |templates| array and hence may
* initialise 1 more WPACKET than there are templates. |*wpinited|
* returns the number of WPACKETs in |pkt| that were successfully
* initialised. This must be 0 on entry and will be filled in even on error.
*/
int (*initialise_write_packets)(OSSL_RECORD_LAYER *rl,
OSSL_RECORD_TEMPLATE *templates,
size_t numtempl,
OSSL_RECORD_TEMPLATE *prefixtempl,
WPACKET *pkt,
SSL3_BUFFER *bufs,
size_t *wpinited);
/* Get the actual record type to be used for a given template */
unsigned int (*get_record_type)(OSSL_RECORD_LAYER *rl,
OSSL_RECORD_TEMPLATE *template);
/* Write the record header data to the WPACKET */
int (*prepare_record_header)(OSSL_RECORD_LAYER *rl, WPACKET *thispkt,
OSSL_RECORD_TEMPLATE *templ,
unsigned int rectype,
unsigned char **recdata);
int (*add_record_padding)(OSSL_RECORD_LAYER *rl,
OSSL_RECORD_TEMPLATE *thistempl,
WPACKET *thispkt,
SSL3_RECORD *thiswr);
/*
* This applies any mac that might be necessary, ensures that we have enough
* space in the WPACKET to perform the encryption and sets up the
* SSL3_RECORD ready for that encryption.
*/
int (*prepare_for_encryption)(OSSL_RECORD_LAYER *rl,
size_t mac_size,
WPACKET *thispkt,
SSL3_RECORD *thiswr);
/*
* Any updates required to the record after encryption has been applied. For
* example, adding a MAC if using encrypt-then-mac
*/
int (*post_encryption_processing)(OSSL_RECORD_LAYER *rl,
size_t mac_size,
OSSL_RECORD_TEMPLATE *thistempl,
WPACKET *thispkt,
SSL3_RECORD *thiswr);
/*
* Some record layer implementations need to do some custom preparation of
* the BIO before we write to it. KTLS does this to prevent coalescing of
* control and data messages.
*/
int (*prepare_write_bio)(OSSL_RECORD_LAYER *rl, int type);
};
struct ossl_record_layer_st
{
OSSL_LIB_CTX *libctx;
const char *propq;
int isdtls;
int version;
int role;
int direction;
int level;
const EVP_MD *md;
/* DTLS only */
uint16_t epoch;
/*
* A BIO containing any data read in the previous epoch that was destined
* for this epoch
*/
BIO *prev;
/* The transport BIO */
BIO *bio;
/*
* A BIO where we will send any data read by us that is destined for the
* next epoch.
*/
BIO *next;
/* Types match the equivalent fields in the SSL object */
uint64_t options;
uint32_t mode;
/* write IO goes into here */
SSL3_BUFFER wbuf[SSL_MAX_PIPELINES + 1];
/* Next wbuf with pending data still to write */
size_t nextwbuf;
/* How many pipelines can be used to write data */
size_t numwpipes;
/* read IO goes into here */
SSL3_BUFFER rbuf;
/* each decoded record goes in here */
SSL3_RECORD rrec[SSL_MAX_PIPELINES];
/* How many records have we got available in the rrec bufer */
size_t num_recs;
/* The record number in the rrec buffer that can be read next */
size_t curr_rec;
/* The number of records that have been released via tls_release_record */
size_t num_released;
/* where we are when reading */
int rstate;
/* used internally to point at a raw packet */
unsigned char *packet;
size_t packet_length;
/* Sequence number for the next record */
unsigned char sequence[SEQ_NUM_SIZE];
/* Alert code to be used if an error occurs */
int alert;
/*
* Read as many input bytes as possible (for non-blocking reads)
*/
int read_ahead;
/* The number of consecutive empty records we have received */
size_t empty_record_count;
/*
* Do we need to send a prefix empty record before application data as a
* countermeasure against known-IV weakness (necessary for SSLv3 and
* TLSv1.0)
*/
int need_empty_fragments;
/* cryptographic state */
EVP_CIPHER_CTX *enc_ctx;
/* Explicit IV length */
size_t eivlen;
/* used for mac generation */
EVP_MD_CTX *md_ctx;
/* compress/uncompress */
COMP_CTX *compctx;
/* Set to 1 if this is the first handshake. 0 otherwise */
int is_first_handshake;
/*
* The smaller of the configured and negotiated maximum fragment length
* or SSL3_RT_MAX_PLAIN_LENGTH if none
*/
unsigned int max_frag_len;
/* The maxium amount of early data we can receive/send */
uint32_t max_early_data;
/* The amount of early data that we have sent/received */
size_t early_data_count;
/* TLSv1.3 record padding */
size_t block_padding;
/* Only used by SSLv3 */
unsigned char mac_secret[EVP_MAX_MD_SIZE];
/* TLSv1.0/TLSv1.1/TLSv1.2 */
int use_etm;
/* Flags for GOST ciphers */
int stream_mac;
int tlstree;
/* TLSv1.3 fields */
/* static IV */
unsigned char iv[EVP_MAX_IV_LENGTH];
/* static read IV */
unsigned char read_iv[EVP_MAX_IV_LENGTH];
int allow_plain_alerts;
/* TLS "any" fields */
/* Set to true if this is the first record in a connection */
unsigned int is_first_record;
size_t taglen;
/* DTLS received handshake records (processed and unprocessed) */
record_pqueue unprocessed_rcds;
record_pqueue processed_rcds;
/* records being received in the current epoch */
DTLS_BITMAP bitmap;
/* renegotiation starts a new set of sequence numbers */
DTLS_BITMAP next_bitmap;
/*
* Whether we are currently in a hanshake or not. Only maintained for DTLS
*/
int in_init;
/* Callbacks */
void *cbarg;
OSSL_FUNC_rlayer_skip_early_data_fn *skip_early_data;
OSSL_FUNC_rlayer_msg_callback_fn *msg_callback;
OSSL_FUNC_rlayer_security_fn *security;
OSSL_FUNC_rlayer_padding_fn *padding;
size_t max_pipelines;
/* Function pointers for version specific functions */
struct record_functions_st *funcs;
};
typedef struct dtls_rlayer_record_data_st {
unsigned char *packet;
size_t packet_length;
SSL3_BUFFER rbuf;
SSL3_RECORD rrec;
} DTLS_RLAYER_RECORD_DATA;
extern struct record_functions_st ssl_3_0_funcs;
extern struct record_functions_st tls_1_funcs;
extern struct record_functions_st tls_1_3_funcs;
extern struct record_functions_st tls_any_funcs;
extern struct record_functions_st dtls_1_funcs;
extern struct record_functions_st dtls_any_funcs;
void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
const char *fmt, ...);
#define RLAYERfatal(rl, al, r) RLAYERfatal_data((rl), (al), (r), NULL)
#define RLAYERfatal_data \
(ERR_new(), \
ERR_set_debug(OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC), \
ossl_rlayer_fatal)
#define RLAYER_USE_EXPLICIT_IV(rl) ((rl)->version == TLS1_1_VERSION \
|| (rl)->version == TLS1_2_VERSION \
|| (rl)->isdtls)
int ossl_set_tls_provider_parameters(OSSL_RECORD_LAYER *rl,
EVP_CIPHER_CTX *ctx,
const EVP_CIPHER *ciph,
const EVP_MD *md);
/* ssl3_cbc.c */
__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
__owur int ssl3_cbc_digest_record(const EVP_MD *md,
unsigned char *md_out,
size_t *md_out_size,
const unsigned char *header,
const unsigned char *data,
size_t data_size,
size_t data_plus_mac_plus_padding_size,
const unsigned char *mac_secret,
size_t mac_secret_length, char is_sslv3);
int tls_increment_sequence_ctr(OSSL_RECORD_LAYER *rl);
int tls_alloc_buffers(OSSL_RECORD_LAYER *rl);
int tls_free_buffers(OSSL_RECORD_LAYER *rl);
int tls_default_read_n(OSSL_RECORD_LAYER *rl, size_t n, size_t max, int extend,
int clearold, size_t *readbytes);
int tls_get_more_records(OSSL_RECORD_LAYER *rl);
int dtls_get_more_records(OSSL_RECORD_LAYER *rl);
int dtls_prepare_record_header(OSSL_RECORD_LAYER *rl,
WPACKET *thispkt,
OSSL_RECORD_TEMPLATE *templ,
unsigned int rectype,
unsigned char **recdata);
int dtls_post_encryption_processing(OSSL_RECORD_LAYER *rl,
size_t mac_size,
OSSL_RECORD_TEMPLATE *thistempl,
WPACKET *thispkt,
SSL3_RECORD *thiswr);
int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
int tls_default_validate_record_header(OSSL_RECORD_LAYER *rl, SSL3_RECORD *re);
int tls_do_compress(OSSL_RECORD_LAYER *rl, SSL3_RECORD *wr);
int tls_do_uncompress(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec);
int tls_default_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec);
int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, SSL3_RECORD *rec);
int
tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
int role, int direction, int level, unsigned char *key,
size_t keylen, unsigned char *iv, size_t ivlen,
unsigned char *mackey, size_t mackeylen,
const EVP_CIPHER *ciph, size_t taglen,
int mactype,
const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
BIO *transport, BIO *next,
BIO_ADDR *local, BIO_ADDR *peer,
const OSSL_PARAM *settings, const OSSL_PARAM *options,
const OSSL_DISPATCH *fns, void *cbarg,
OSSL_RECORD_LAYER **retrl);
int tls_free(OSSL_RECORD_LAYER *rl);
int tls_reset(OSSL_RECORD_LAYER *rl);
int tls_unprocessed_read_pending(OSSL_RECORD_LAYER *rl);
int tls_processed_read_pending(OSSL_RECORD_LAYER *rl);
size_t tls_app_data_pending(OSSL_RECORD_LAYER *rl);
size_t tls_get_max_records(OSSL_RECORD_LAYER *rl, int type, size_t len,
size_t maxfrag, size_t *preffrag);
int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates,
size_t numtempl);
int tls_retry_write_records(OSSL_RECORD_LAYER *rl);
int tls_get_alert_code(OSSL_RECORD_LAYER *rl);
int tls_set1_bio(OSSL_RECORD_LAYER *rl, BIO *bio);
int tls_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,
int *type, unsigned char **data, size_t *datalen,
uint16_t *epoch, unsigned char *seq_num);
int tls_release_record(OSSL_RECORD_LAYER *rl, void *rechandle);
int tls_default_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
int tls_set_protocol_version(OSSL_RECORD_LAYER *rl, int version);
void tls_set_plain_alerts(OSSL_RECORD_LAYER *rl, int allow);
void tls_set_first_handshake(OSSL_RECORD_LAYER *rl, int first);
void tls_set_max_pipelines(OSSL_RECORD_LAYER *rl, size_t max_pipelines);
void tls_get_state(OSSL_RECORD_LAYER *rl, const char **shortstr,
const char **longstr);
int tls_set_options(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options);
const COMP_METHOD *tls_get_compression(OSSL_RECORD_LAYER *rl);
void tls_set_max_frag_len(OSSL_RECORD_LAYER *rl, size_t max_frag_len);
int tls_setup_read_buffer(OSSL_RECORD_LAYER *rl);
int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes,
size_t firstlen, size_t nextlen);
int tls_write_records_multiblock(OSSL_RECORD_LAYER *rl,
OSSL_RECORD_TEMPLATE *templates,
size_t numtempl);
size_t tls_get_max_records_default(OSSL_RECORD_LAYER *rl, int type, size_t len,
size_t maxfrag, size_t *preffrag);
size_t tls_get_max_records_multiblock(OSSL_RECORD_LAYER *rl, int type,
size_t len, size_t maxfrag,
size_t *preffrag);
int tls_allocate_write_buffers_default(OSSL_RECORD_LAYER *rl,
OSSL_RECORD_TEMPLATE *templates,
size_t numtempl, size_t *prefix);
int tls_initialise_write_packets_default(OSSL_RECORD_LAYER *rl,
OSSL_RECORD_TEMPLATE *templates,
size_t numtempl,
OSSL_RECORD_TEMPLATE *prefixtempl,
WPACKET *pkt,
SSL3_BUFFER *bufs,
size_t *wpinited);
int tls1_allocate_write_buffers(OSSL_RECORD_LAYER *rl,
OSSL_RECORD_TEMPLATE *templates,
size_t numtempl, size_t *prefix);
int tls1_initialise_write_packets(OSSL_RECORD_LAYER *rl,
OSSL_RECORD_TEMPLATE *templates,
size_t numtempl,
OSSL_RECORD_TEMPLATE *prefixtempl,
WPACKET *pkt,
SSL3_BUFFER *bufs,
size_t *wpinited);
int tls_prepare_record_header_default(OSSL_RECORD_LAYER *rl,
WPACKET *thispkt,
OSSL_RECORD_TEMPLATE *templ,
unsigned int rectype,
unsigned char **recdata);
int tls_prepare_for_encryption_default(OSSL_RECORD_LAYER *rl,
size_t mac_size,
WPACKET *thispkt,
SSL3_RECORD *thiswr);
int tls_post_encryption_processing_default(OSSL_RECORD_LAYER *rl,
size_t mac_size,
OSSL_RECORD_TEMPLATE *thistempl,
WPACKET *thispkt,
SSL3_RECORD *thiswr);
int tls_write_records_default(OSSL_RECORD_LAYER *rl,
OSSL_RECORD_TEMPLATE *templates,
size_t numtempl);
/* Macros/functions provided by the SSL3_BUFFER component */
#define SSL3_BUFFER_get_buf(b) ((b)->buf)
#define SSL3_BUFFER_set_buf(b, n) ((b)->buf = (n))
#define SSL3_BUFFER_get_len(b) ((b)->len)
#define SSL3_BUFFER_get_left(b) ((b)->left)
#define SSL3_BUFFER_set_left(b, l) ((b)->left = (l))
#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l))
#define SSL3_BUFFER_get_offset(b) ((b)->offset)
#define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o))
#define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o))
#define SSL3_BUFFER_set_app_buffer(b, l) ((b)->app_buffer = (l))
#define SSL3_BUFFER_is_app_buffer(b) ((b)->app_buffer)
void SSL3_BUFFER_release(SSL3_BUFFER *b);