Move the TLS1.0/1.1/1.2 record crypto code into the new record layer

Only done for the read side so far. Still need to do TLS1.3 and SSL3.0. Also need to separate out KTLS. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
author: Matt Caswell <matt@openssl.org> 2022-04-18 08:57:32 +0100
committer: Matt Caswell <matt@openssl.org> 2022-08-18 16:38:12 +0100
commit: aedbb71b6334a6cb616cf31cbb5de02109a2c5ed (patch)
tree: 53b3c40066e4fbb71198bd02963e4305e54c1fb1 /ssl/ssl_lib.c
parent: 4030869d24309bfb5292e7bec41cd2b3012ba99d (diff)
1 files changed, 25 insertions, 16 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c61ad65063..f1c2db02e2 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -657,6 +657,31 @@ int ossl_ssl_connection_reset(SSL *s)
 
     RECORD_LAYER_clear(&sc->rlayer);
 
+    if (sc->rrlmethod != NULL)
+        sc->rrlmethod->free(sc->rrl);
+
+    /*
+     * TODO(RECLAYER): This assignment should probably initialy come from the
+     * SSL_METHOD, and potentially be updated later. For now though we just
+     * assign it.
+     */
+    if (SSL_CONNECTION_IS_DTLS(sc))
+        sc->rrlmethod = &ossl_dtls_record_method;
+    else
+        sc->rrlmethod = &ossl_tls_record_method;
+
+    sc->rrl = sc->rrlmethod->new_record_layer(s->ctx->libctx, s->ctx->propq,
+                                            TLS_ANY_VERSION, sc->server,
+                                            OSSL_RECORD_DIRECTION_READ,
+                                            OSSL_RECORD_PROTECTION_LEVEL_NONE,
+                                            NULL, 0, NULL, 0, NULL, 0, NULL, 0,
+                                            NID_undef, NULL, NULL,  sc->rbio,
+                                            NULL, NULL, NULL, NULL, sc);
+    if (sc->rrl == NULL) {
+        ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
     return 1;
 }
 
@@ -885,22 +910,6 @@ SSL *ossl_ssl_connection_new(SSL_CTX *ctx)
         goto err;
 #endif
 
-    /*
-     * TODO(RECLAYER): This assignment should probably initialy come from the
-     * SSL_METHOD, and potentially be updated later. For now though we just
-     * assign it.
-     */
-    if (SSL_CONNECTION_IS_DTLS(s))
-        s->rrlmethod = &ossl_dtls_record_method;
-    else
-        s->rrlmethod = &ossl_tls_record_method;
-
-    /* BIO is NULL initially. It will get updated later */
-    s->rrl = s->rrlmethod->new_record_layer(s->version, s->server,
-                                            OSSL_RECORD_DIRECTION_READ,
-                                            0, 0, 0, NULL, NULL, NULL,
-                                            NULL, NULL, NULL);
-
     return ssl;
  err:
     SSL_free(ssl);
author	Matt Caswell <matt@openssl.org>	2022-04-18 08:57:32 +0100
committer	Matt Caswell <matt@openssl.org>	2022-08-18 16:38:12 +0100
commit	aedbb71b6334a6cb616cf31cbb5de02109a2c5ed (patch)
tree	53b3c40066e4fbb71198bd02963e4305e54c1fb1 /ssl/ssl_lib.c
parent	4030869d24309bfb5292e7bec41cd2b3012ba99d (diff)