diff options
author | Matt Caswell <matt@openssl.org> | 2022-04-18 08:57:32 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2022-08-18 16:38:12 +0100 |
commit | aedbb71b6334a6cb616cf31cbb5de02109a2c5ed (patch) | |
tree | 53b3c40066e4fbb71198bd02963e4305e54c1fb1 /ssl/ssl_lib.c | |
parent | 4030869d24309bfb5292e7bec41cd2b3012ba99d (diff) |
Move the TLS1.0/1.1/1.2 record crypto code into the new record layer
Only done for the read side so far. Still need to do TLS1.3 and SSL3.0.
Also need to separate out KTLS.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 41 |
1 files changed, 25 insertions, 16 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c61ad65063..f1c2db02e2 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -657,6 +657,31 @@ int ossl_ssl_connection_reset(SSL *s) RECORD_LAYER_clear(&sc->rlayer); + if (sc->rrlmethod != NULL) + sc->rrlmethod->free(sc->rrl); + + /* + * TODO(RECLAYER): This assignment should probably initialy come from the + * SSL_METHOD, and potentially be updated later. For now though we just + * assign it. + */ + if (SSL_CONNECTION_IS_DTLS(sc)) + sc->rrlmethod = &ossl_dtls_record_method; + else + sc->rrlmethod = &ossl_tls_record_method; + + sc->rrl = sc->rrlmethod->new_record_layer(s->ctx->libctx, s->ctx->propq, + TLS_ANY_VERSION, sc->server, + OSSL_RECORD_DIRECTION_READ, + OSSL_RECORD_PROTECTION_LEVEL_NONE, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, + NID_undef, NULL, NULL, sc->rbio, + NULL, NULL, NULL, NULL, sc); + if (sc->rrl == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); + return 0; + } + return 1; } @@ -885,22 +910,6 @@ SSL *ossl_ssl_connection_new(SSL_CTX *ctx) goto err; #endif - /* - * TODO(RECLAYER): This assignment should probably initialy come from the - * SSL_METHOD, and potentially be updated later. For now though we just - * assign it. - */ - if (SSL_CONNECTION_IS_DTLS(s)) - s->rrlmethod = &ossl_dtls_record_method; - else - s->rrlmethod = &ossl_tls_record_method; - - /* BIO is NULL initially. It will get updated later */ - s->rrl = s->rrlmethod->new_record_layer(s->version, s->server, - OSSL_RECORD_DIRECTION_READ, - 0, 0, 0, NULL, NULL, NULL, - NULL, NULL, NULL); - return ssl; err: SSL_free(ssl); |