Add support for setting a custom TLS Record Layer

This is just an internal API for now. Something like this will be made public API at some point - but it is likely to be based on the provider interface rather that a direct setting of a METHOD like we do for now. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
author: Matt Caswell <matt@openssl.org> 2022-11-10 16:05:16 +0000
committer: Matt Caswell <matt@openssl.org> 2023-01-24 17:16:29 +0000
commit: bea8d70498c9ad0e2cca3652c748d327be7b841e (patch)
tree: 95817d019a017fd36a10a9845a4c669434e7747a /ssl/record
parent: e5103dfc1200c2f4a450f8b4ff234ad84342d4b6 (diff)
5 files changed, 18 insertions, 4 deletions
diff --git a/ssl/record/methods/dtls_meth.c b/ssl/record/methods/dtls_meth.c
index 10a898abb4..55e49188cd 100644
--- a/ssl/record/methods/dtls_meth.c
+++ b/ssl/record/methods/dtls_meth.c
@@ -631,7 +631,7 @@ dtls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
                       const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
                       BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
                       const OSSL_PARAM *settings, const OSSL_PARAM *options,
-                      const OSSL_DISPATCH *fns, void *cbarg,
+                      const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
                       OSSL_RECORD_LAYER **retrl)
 {
     int ret;
diff --git a/ssl/record/methods/ktls_meth.c b/ssl/record/methods/ktls_meth.c
index acd94e180a..21f7c41b44 100644
--- a/ssl/record/methods/ktls_meth.c
+++ b/ssl/record/methods/ktls_meth.c
@@ -409,7 +409,7 @@ ktls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
                       const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
                       BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
                       const OSSL_PARAM *settings, const OSSL_PARAM *options,
-                      const OSSL_DISPATCH *fns, void *cbarg,
+                      const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
                       OSSL_RECORD_LAYER **retrl)
 {
     int ret;
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 0eddfa7c2f..9fca10c50e 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1331,7 +1331,7 @@ tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
                      const EVP_MD *md, COMP_METHOD *comp, BIO *prev,
                      BIO *transport, BIO *next, BIO_ADDR *local, BIO_ADDR *peer,
                      const OSSL_PARAM *settings, const OSSL_PARAM *options,
-                     const OSSL_DISPATCH *fns, void *cbarg,
+                     const OSSL_DISPATCH *fns, void *cbarg, void *rlarg,
                      OSSL_RECORD_LAYER **retrl)
 {
     int ret;
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index b4435bf020..7fa22bb02b 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1086,10 +1086,20 @@ static const OSSL_DISPATCH rlayer_dispatch[] = {
     { 0, NULL }
 };
 
+void ossl_ssl_set_custom_record_layer(SSL_CONNECTION *s,
+                                      const OSSL_RECORD_METHOD *meth,
+                                      void *rlarg)
+{
+    s->rlayer.custom_rlmethod = meth;
+    s->rlayer.rlarg = rlarg;
+}
+
 static const OSSL_RECORD_METHOD *ssl_select_next_record_layer(SSL_CONNECTION *s,
                                                               int direction,
                                                               int level)
 {
+    if (s->rlayer.custom_rlmethod != NULL)
+        return s->rlayer.custom_rlmethod;
 
     if (level == OSSL_RECORD_PROTECTION_LEVEL_NONE) {
         if (SSL_CONNECTION_IS_DTLS(s))
@@ -1324,7 +1334,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
                                        mackeylen, ciph, taglen, mactype, md,
                                        compm, prev, thisbio, next, NULL, NULL,
                                        settings, options, rlayer_dispatch_tmp,
-                                       s, &newrl);
+                                       s, s->rlayer.rlarg, &newrl);
         BIO_free(prev);
         switch (rlret) {
         case OSSL_RECORD_RETURN_FATAL:
diff --git a/ssl/record/record.h b/ssl/record/record.h
index 419e322f51..e2fdd05f0c 100644
--- a/ssl/record/record.h
+++ b/ssl/record/record.h
@@ -74,6 +74,10 @@ typedef struct record_layer_st {
     /* The parent SSL_CONNECTION structure */
     SSL_CONNECTION *s;
 
+    /* Custom record layer: always selected if set */
+    const OSSL_RECORD_METHOD *custom_rlmethod;
+    /* Record layer specific argument */
+    void *rlarg;
     /* Method to use for the read record layer*/
     const OSSL_RECORD_METHOD *rrlmethod;
     /* Method to use for the write record layer*/
author	Matt Caswell <matt@openssl.org>	2022-11-10 16:05:16 +0000
committer	Matt Caswell <matt@openssl.org>	2023-01-24 17:16:29 +0000
commit	bea8d70498c9ad0e2cca3652c748d327be7b841e (patch)
tree	95817d019a017fd36a10a9845a4c669434e7747a /ssl/record
parent	e5103dfc1200c2f4a450f8b4ff234ad84342d4b6 (diff)