diff options
author | Matt Caswell <matt@openssl.org> | 2022-05-25 17:10:38 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2022-08-18 16:38:13 +0100 |
commit | ed0e298fb8a3864b232e1d3801e849935a7a7f7e (patch) | |
tree | 5652d89a7cfbb48df74f7f63e3e8896be1c1c9fb /ssl | |
parent | 3c7b9ef9c56a8066e0e6f4c61bc2ac2648bb1e42 (diff) |
Enable the record layer to call the ssl_security callback
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/record/methods/recmethod_local.h | 1 | ||||
-rw-r--r-- | ssl/record/methods/tls_common.c | 11 | ||||
-rw-r--r-- | ssl/record/rec_layer_s3.c | 11 | ||||
-rw-r--r-- | ssl/record/record.h | 3 |
4 files changed, 20 insertions, 6 deletions
diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h index dc5e67d84f..9284783b36 100644 --- a/ssl/record/methods/recmethod_local.h +++ b/ssl/record/methods/recmethod_local.h @@ -172,6 +172,7 @@ struct ossl_record_layer_st void *cbarg; OSSL_FUNC_rlayer_skip_early_data_fn *skip_early_data; OSSL_FUNC_rlayer_msg_callback_fn *msg_callback; + OSSL_FUNC_rlayer_security_fn *security; /* Function pointers for version specific functions */ struct record_functions_st *funcs; diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 29da7a11ad..a5a0b08af0 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -90,12 +90,8 @@ static int rlayer_allow_compression(OSSL_RECORD_LAYER *rl) { if (rl->options & SSL_OP_NO_COMPRESSION) return 0; -# if 0 - /* TODO(RECLAYER): Implement ssl_security inside the record layer */ - return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL); -# else - return 1; -# endif + + return rl->security(rl->cbarg, SSL_SECOP_COMPRESSION, 0, 0, NULL); } #endif @@ -1132,6 +1128,9 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, case OSSL_FUNC_RLAYER_MSG_CALLBACK: rl->msg_callback = OSSL_FUNC_rlayer_msg_callback(fns); break; + case OSSL_FUNC_RLAYER_SECURITY: + rl->security = OSSL_FUNC_rlayer_security(fns); + break; default: /* Just ignore anything we don't understand */ break; diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index f12599e8c5..b49bf30de1 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1749,6 +1749,7 @@ size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl) return SSL3_RECORD_get_length(&rl->rrec[0]); } +static OSSL_FUNC_rlayer_msg_callback_fn rlayer_msg_callback_wrapper; static void rlayer_msg_callback_wrapper(int write_p, int version, int content_type, const void *buf, size_t len, void *cbarg) @@ -1761,9 +1762,19 @@ static void rlayer_msg_callback_wrapper(int write_p, int version, s->msg_callback_arg); } +static OSSL_FUNC_rlayer_security_fn rlayer_security_wrapper; +static int rlayer_security_wrapper(void *cbarg, int op, int bits, int nid, + void *other) +{ + SSL_CONNECTION *s = cbarg; + + return ssl_security(s, op, bits, nid, other); +} + static const OSSL_DISPATCH rlayer_dispatch[] = { { OSSL_FUNC_RLAYER_SKIP_EARLY_DATA, (void (*)(void))ossl_statem_skip_early_data }, { OSSL_FUNC_RLAYER_MSG_CALLBACK, (void (*)(void))rlayer_msg_callback_wrapper }, + { OSSL_FUNC_RLAYER_SECURITY, (void (*)(void))rlayer_security_wrapper }, { 0, NULL } }; diff --git a/ssl/record/record.h b/ssl/record/record.h index d3bb1a8979..51d96f2606 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -299,3 +299,6 @@ OSSL_CORE_MAKE_FUNC(void, rlayer_msg_callback, (int write_p, int version, int content_type, const void *buf, size_t len, void *cbarg)) +# define OSSL_FUNC_RLAYER_SECURITY 3 +OSSL_CORE_MAKE_FUNC(int, rlayer_security, (void *cbarg, int op, int bits, + int nid, void *other)) |