1 /* $OpenBSD: tls13_record_layer.c,v 1.9 2019/03/17 15:13:23 jsing Exp $ */ 2 /* 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include "ssl_locl.h" 19 20 #include <openssl/curve25519.h> 21 22 #include "tls13_internal.h" 23 #include "tls13_record.h" 24 25 struct tls13_record_layer { 26 int change_cipher_spec_seen; 27 int handshake_completed; 28 29 /* 30 * Read and/or write channels are closed due to an alert being 31 * sent or received. In the case of an error alert both channels 32 * are closed, whereas in the case of a close notify only one 33 * channel is closed. 34 */ 35 int read_closed; 36 int write_closed; 37 38 struct tls13_record *rrec; 39 struct tls13_record *wrec; 40 41 /* Buffer containing plaintext from opened records. */ 42 uint8_t rbuf_content_type; 43 uint8_t *rbuf; 44 size_t rbuf_len; 45 CBS rbuf_cbs; 46 47 /* Record protection. */ 48 const EVP_MD *hash; 49 const EVP_AEAD *aead; 50 EVP_AEAD_CTX read_aead_ctx; 51 EVP_AEAD_CTX write_aead_ctx; 52 struct tls13_secret read_iv; 53 struct tls13_secret write_iv; 54 struct tls13_secret read_nonce; 55 struct tls13_secret write_nonce; 56 uint8_t read_seq_num[TLS13_RECORD_SEQ_NUM_LEN]; 57 uint8_t write_seq_num[TLS13_RECORD_SEQ_NUM_LEN]; 58 59 /* Record callbacks. */ 60 tls13_alert_cb alert_cb; 61 tls13_post_handshake_cb post_handshake_cb; 62 63 /* Wire read/write callbacks. */ 64 tls13_read_cb wire_read; 65 tls13_write_cb wire_write; 66 void *cb_arg; 67 }; 68 69 static void 70 tls13_record_layer_rbuf_free(struct tls13_record_layer *rl) 71 { 72 CBS_init(&rl->rbuf_cbs, NULL, 0); 73 freezero(rl->rbuf, rl->rbuf_len); 74 rl->rbuf = NULL; 75 rl->rbuf_len = 0; 76 rl->rbuf_content_type = 0; 77 } 78 79 static void 80 tls13_record_layer_rrec_free(struct tls13_record_layer *rl) 81 { 82 tls13_record_free(rl->rrec); 83 rl->rrec = NULL; 84 } 85 86 static void 87 tls13_record_layer_wrec_free(struct tls13_record_layer *rl) 88 { 89 tls13_record_free(rl->wrec); 90 rl->wrec = NULL; 91 } 92 93 struct tls13_record_layer * 94 tls13_record_layer_new(tls13_read_cb wire_read, tls13_write_cb wire_write, 95 tls13_alert_cb alert_cb, tls13_post_handshake_cb post_handshake_cb, 96 void *cb_arg) 97 { 98 struct tls13_record_layer *rl; 99 100 if ((rl = calloc(1, sizeof(struct tls13_record_layer))) == NULL) 101 return NULL; 102 103 rl->wire_read = wire_read; 104 rl->wire_write = wire_write; 105 rl->alert_cb = alert_cb; 106 rl->post_handshake_cb = post_handshake_cb; 107 rl->cb_arg = cb_arg; 108 109 return rl; 110 } 111 112 void 113 tls13_record_layer_free(struct tls13_record_layer *rl) 114 { 115 if (rl == NULL) 116 return; 117 118 tls13_record_layer_rbuf_free(rl); 119 120 tls13_record_layer_rrec_free(rl); 121 tls13_record_layer_wrec_free(rl); 122 123 EVP_AEAD_CTX_cleanup(&rl->read_aead_ctx); 124 EVP_AEAD_CTX_cleanup(&rl->write_aead_ctx); 125 126 freezero(rl->read_iv.data, rl->read_iv.len); 127 freezero(rl->write_iv.data, rl->write_iv.len); 128 freezero(rl->read_nonce.data, rl->read_nonce.len); 129 freezero(rl->write_nonce.data, rl->write_nonce.len); 130 131 freezero(rl, sizeof(struct tls13_record_layer)); 132 } 133 134 static int 135 tls13_record_layer_inc_seq_num(uint8_t *seq_num) 136 { 137 size_t i; 138 139 for (i = TLS13_RECORD_SEQ_NUM_LEN - 1; i > 0; i--) { 140 if (++seq_num[i] != 0) 141 break; 142 } 143 144 /* RFC 8446 section 5.3 - sequence numbers must not wrap. */ 145 return (i != 0 || seq_num[0] != 0); 146 } 147 148 static int 149 tls13_record_layer_update_nonce(struct tls13_secret *nonce, 150 struct tls13_secret *iv, uint8_t *seq_num) 151 { 152 ssize_t i, j; 153 154 if (nonce->len != iv->len) 155 return 0; 156 157 /* 158 * RFC 8446 section 5.3 - sequence number is zero padded and XOR'd 159 * with the IV to produce a per-record nonce. The IV will also be 160 * at least 8-bytes in length. 161 */ 162 for (i = nonce->len - 1, j = TLS13_RECORD_SEQ_NUM_LEN - 1; i >= 0; i--, j--) 163 nonce->data[i] = iv->data[i] ^ (j >= 0 ? seq_num[j] : 0); 164 165 return 1; 166 } 167 168 void 169 tls13_record_layer_set_aead(struct tls13_record_layer *rl, 170 const EVP_AEAD *aead) 171 { 172 rl->aead = aead; 173 } 174 175 void 176 tls13_record_layer_set_hash(struct tls13_record_layer *rl, 177 const EVP_MD *hash) 178 { 179 rl->hash = hash; 180 } 181 182 void 183 tls13_record_layer_handshake_completed(struct tls13_record_layer *rl) 184 { 185 rl->handshake_completed = 1; 186 } 187 188 static ssize_t 189 tls13_record_layer_process_alert(struct tls13_record_layer *rl) 190 { 191 uint8_t alert_level, alert_desc; 192 ssize_t ret = TLS13_IO_FAILURE; 193 194 /* 195 * RFC 8446 - sections 5.1 and 6. 196 * 197 * A TLSv1.3 alert record can only contain a single alert - this means 198 * that processing the alert must consume all of the record. The alert 199 * will result in one of three things - continuation (user_cancelled), 200 * read channel closure (close_notify) or termination (all others). 201 */ 202 if (rl->rbuf == NULL) 203 goto err; 204 if (rl->rbuf_content_type != SSL3_RT_ALERT) 205 goto err; 206 207 if (!CBS_get_u8(&rl->rbuf_cbs, &alert_level)) 208 goto err; /* XXX - decode error alert. */ 209 if (!CBS_get_u8(&rl->rbuf_cbs, &alert_desc)) 210 goto err; /* XXX - decode error alert. */ 211 212 if (CBS_len(&rl->rbuf_cbs) != 0) 213 goto err; /* XXX - decode error alert. */ 214 215 tls13_record_layer_rbuf_free(rl); 216 217 /* 218 * Alert level is ignored for closure alerts (RFC 8446 section 6.1), 219 * however for error alerts (RFC 8446 section 6.2), the alert level 220 * must be specified as fatal. 221 */ 222 if (alert_desc == SSL_AD_CLOSE_NOTIFY) { 223 rl->read_closed = 1; 224 ret = TLS13_IO_EOF; 225 } else if (alert_desc == SSL_AD_USER_CANCELLED) { 226 /* Ignored at the record layer. */ 227 ret = TLS13_IO_WANT_POLLIN; 228 } else if (alert_level == SSL3_AL_FATAL) { 229 rl->read_closed = 1; 230 rl->write_closed = 1; 231 ret = TLS13_IO_EOF; 232 } else { 233 /* XXX - decode error alert. */ 234 return TLS13_IO_FAILURE; 235 } 236 237 rl->alert_cb(alert_desc, rl->cb_arg); 238 239 err: 240 return ret; 241 } 242 243 int 244 tls13_record_layer_send_alert(struct tls13_record_layer *rl, 245 uint8_t alert_level, uint8_t alert_desc) 246 { 247 /* XXX - implement. */ 248 return -1; 249 } 250 251 static int 252 tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, EVP_AEAD_CTX *aead_ctx, 253 const EVP_MD *hash, struct tls13_secret *iv, struct tls13_secret *nonce, 254 struct tls13_secret *traffic_key) 255 { 256 struct tls13_secret context = { .data = "", .len = 0 }; 257 struct tls13_secret key = { .data = NULL, .len = 0 }; 258 int ret = 0; 259 260 freezero(iv->data, iv->len); 261 iv->data = NULL; 262 iv->len = 0; 263 264 freezero(nonce->data, nonce->len); 265 nonce->data = NULL; 266 nonce->len = 0; 267 268 if ((iv->data = calloc(1, EVP_AEAD_nonce_length(aead))) == NULL) 269 goto err; 270 iv->len = EVP_AEAD_nonce_length(aead); 271 272 if ((nonce->data = calloc(1, EVP_AEAD_nonce_length(aead))) == NULL) 273 goto err; 274 nonce->len = EVP_AEAD_nonce_length(aead); 275 276 if ((key.data = calloc(1, EVP_AEAD_key_length(aead))) == NULL) 277 goto err; 278 key.len = EVP_AEAD_key_length(aead); 279 280 if (!tls13_hkdf_expand_label(iv, hash, traffic_key, "iv", &context)) 281 goto err; 282 if (!tls13_hkdf_expand_label(&key, hash, traffic_key, "key", &context)) 283 goto err; 284 285 if (!EVP_AEAD_CTX_init(aead_ctx, aead, key.data, key.len, 286 EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) 287 goto err; 288 289 ret = 1; 290 291 err: 292 freezero(key.data, key.len); 293 294 return ret; 295 } 296 297 int 298 tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl, 299 struct tls13_secret *read_key) 300 { 301 memset(rl->read_seq_num, 0, TLS13_RECORD_SEQ_NUM_LEN); 302 303 return tls13_record_layer_set_traffic_key(rl->aead, &rl->read_aead_ctx, 304 rl->hash, &rl->read_iv, &rl->read_nonce, read_key); 305 } 306 307 int 308 tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl, 309 struct tls13_secret *write_key) 310 { 311 memset(rl->write_seq_num, 0, TLS13_RECORD_SEQ_NUM_LEN); 312 313 return tls13_record_layer_set_traffic_key(rl->aead, &rl->write_aead_ctx, 314 rl->hash, &rl->write_iv, &rl->write_nonce, write_key); 315 } 316 317 static int 318 tls13_record_layer_open_record_plaintext(struct tls13_record_layer *rl) 319 { 320 CBS cbs; 321 322 if (rl->aead != NULL) 323 return 0; 324 325 /* 326 * We're still operating in plaintext mode, so just copy the 327 * content from the record to the plaintext buffer. 328 */ 329 if (!tls13_record_content(rl->rrec, &cbs)) 330 return 0; 331 332 tls13_record_layer_rbuf_free(rl); 333 334 if (!CBS_stow(&cbs, &rl->rbuf, &rl->rbuf_len)) 335 return 0; 336 337 rl->rbuf_content_type = tls13_record_content_type(rl->rrec); 338 339 CBS_init(&rl->rbuf_cbs, rl->rbuf, rl->rbuf_len); 340 341 return 1; 342 } 343 344 static int 345 tls13_record_layer_open_record_protected(struct tls13_record_layer *rl) 346 { 347 CBS header, enc_record; 348 uint8_t *content = NULL; 349 ssize_t content_len = 0; 350 uint8_t content_type; 351 size_t out_len; 352 353 if (rl->aead == NULL) 354 goto err; 355 356 if (!tls13_record_header(rl->rrec, &header)) 357 goto err; 358 if (!tls13_record_content(rl->rrec, &enc_record)) 359 goto err; 360 361 if ((content = calloc(1, CBS_len(&enc_record))) == NULL) 362 goto err; 363 content_len = CBS_len(&enc_record); 364 365 if (!tls13_record_layer_update_nonce(&rl->read_nonce, &rl->read_iv, 366 rl->read_seq_num)) 367 goto err; 368 369 if (!EVP_AEAD_CTX_open(&rl->read_aead_ctx, 370 content, &out_len, content_len, 371 rl->read_nonce.data, rl->read_nonce.len, 372 CBS_data(&enc_record), CBS_len(&enc_record), 373 CBS_data(&header), CBS_len(&header))) 374 goto err; 375 376 if (!tls13_record_layer_inc_seq_num(rl->read_seq_num)) 377 goto err; 378 379 /* 380 * The real content type is hidden at the end of the record content and 381 * it may be followed by padding that consists of one or more zeroes. 382 * Time to hunt for that elusive content type! 383 */ 384 /* XXX - CBS from end? CBS_get_end_u8()? */ 385 content_len = out_len - 1; 386 while (content_len >= 0 && content[content_len] == 0) 387 content_len--; 388 if (content_len < 0) 389 goto err; 390 content_type = content[content_len]; 391 392 tls13_record_layer_rbuf_free(rl); 393 394 rl->rbuf_content_type = content_type; 395 rl->rbuf = content; 396 rl->rbuf_len = content_len; 397 398 CBS_init(&rl->rbuf_cbs, rl->rbuf, rl->rbuf_len); 399 400 return 1; 401 402 err: 403 freezero(content, content_len); 404 405 return 0; 406 } 407 408 static int 409 tls13_record_layer_open_record(struct tls13_record_layer *rl) 410 { 411 if (rl->aead == NULL) 412 return tls13_record_layer_open_record_plaintext(rl); 413 414 return tls13_record_layer_open_record_protected(rl); 415 } 416 417 static int 418 tls13_record_layer_seal_record_plaintext(struct tls13_record_layer *rl, 419 uint8_t content_type, const uint8_t *content, size_t content_len) 420 { 421 uint8_t *data = NULL; 422 size_t data_len = 0; 423 uint16_t version; 424 CBB cbb, body; 425 426 if (rl->aead != NULL) 427 return 0; 428 429 /* XXX - TLS1_VERSION for first client hello... */ 430 version = TLS1_2_VERSION; 431 432 /* 433 * We're still operating in plaintext mode, so just copy the 434 * content into the record. 435 */ 436 if (!CBB_init(&cbb, TLS13_RECORD_HEADER_LEN + content_len)) 437 goto err; 438 439 if (!CBB_add_u8(&cbb, content_type)) 440 goto err; 441 if (!CBB_add_u16(&cbb, version)) 442 goto err; 443 if (!CBB_add_u16_length_prefixed(&cbb, &body)) 444 goto err; 445 if (!CBB_add_bytes(&body, content, content_len)) 446 goto err; 447 448 if (!CBB_finish(&cbb, &data, &data_len)) 449 goto err; 450 451 if (!tls13_record_set_data(rl->wrec, data, data_len)) 452 goto err; 453 454 return 1; 455 456 err: 457 CBB_cleanup(&cbb); 458 freezero(data, data_len); 459 460 return 0; 461 } 462 463 static int 464 tls13_record_layer_seal_record_protected(struct tls13_record_layer *rl, 465 uint8_t content_type, const uint8_t *content, size_t content_len) 466 { 467 uint8_t *data = NULL, *header = NULL, *inner = NULL; 468 size_t data_len = 0, header_len = 0, inner_len = 0; 469 uint8_t *enc_record; 470 size_t enc_record_len; 471 ssize_t ret = 0; 472 size_t out_len; 473 CBB cbb; 474 475 if (rl->aead == NULL) 476 return 0; 477 478 memset(&cbb, 0, sizeof(cbb)); 479 480 /* Build inner plaintext. */ 481 if (!CBB_init(&cbb, content_len + 1)) 482 goto err; 483 if (!CBB_add_bytes(&cbb, content, content_len)) 484 goto err; 485 if (!CBB_add_u8(&cbb, content_type)) 486 goto err; 487 /* XXX - padding? */ 488 if (!CBB_finish(&cbb, &inner, &inner_len)) 489 goto err; 490 491 if (inner_len > TLS13_RECORD_MAX_INNER_PLAINTEXT_LEN) 492 goto err; 493 494 /* XXX EVP_AEAD_max_tag_len vs EVP_AEAD_CTX_tag_len. */ 495 enc_record_len = inner_len + EVP_AEAD_max_tag_len(rl->aead); 496 if (enc_record_len > TLS13_RECORD_MAX_CIPHERTEXT_LEN) 497 goto err; 498 499 /* Build the record header. */ 500 if (!CBB_init(&cbb, TLS13_RECORD_HEADER_LEN)) 501 goto err; 502 if (!CBB_add_u8(&cbb, SSL3_RT_APPLICATION_DATA)) 503 goto err; 504 if (!CBB_add_u16(&cbb, TLS1_2_VERSION)) 505 goto err; 506 if (!CBB_add_u16(&cbb, enc_record_len)) 507 goto err; 508 if (!CBB_finish(&cbb, &header, &header_len)) 509 goto err; 510 511 /* Build the actual record. */ 512 if (!CBB_init(&cbb, TLS13_RECORD_HEADER_LEN + enc_record_len)) 513 goto err; 514 if (!CBB_add_bytes(&cbb, header, header_len)) 515 goto err; 516 if (!CBB_add_space(&cbb, &enc_record, enc_record_len)) 517 goto err; 518 if (!CBB_finish(&cbb, &data, &data_len)) 519 goto err; 520 521 if (!tls13_record_layer_update_nonce(&rl->write_nonce, 522 &rl->write_iv, rl->write_seq_num)) 523 goto err; 524 525 /* 526 * XXX - consider a EVP_AEAD_CTX_seal_iov() that takes an iovec... 527 * this would avoid a copy since the inner would be passed as two 528 * separate pieces. 529 */ 530 if (!EVP_AEAD_CTX_seal(&rl->write_aead_ctx, 531 enc_record, &out_len, enc_record_len, 532 rl->write_nonce.data, rl->write_nonce.len, 533 inner, inner_len, header, header_len)) 534 goto err; 535 536 if (out_len != enc_record_len) 537 goto err; 538 539 if (!tls13_record_layer_inc_seq_num(rl->write_seq_num)) 540 goto err; 541 542 if (!tls13_record_set_data(rl->wrec, data, data_len)) 543 goto err; 544 545 data = NULL; 546 data_len = 0; 547 548 ret = 1; 549 550 err: 551 CBB_cleanup(&cbb); 552 553 freezero(data, data_len); 554 freezero(header, header_len); 555 freezero(inner, inner_len); 556 557 return ret; 558 } 559 560 static int 561 tls13_record_layer_seal_record(struct tls13_record_layer *rl, 562 uint8_t content_type, const uint8_t *content, size_t content_len) 563 { 564 tls13_record_layer_wrec_free(rl); 565 566 if ((rl->wrec = tls13_record_new()) == NULL) 567 return 0; 568 569 if (rl->aead == NULL) 570 return tls13_record_layer_seal_record_plaintext(rl, 571 content_type, content, content_len); 572 573 return tls13_record_layer_seal_record_protected(rl, content_type, 574 content, content_len); 575 } 576 577 static ssize_t 578 tls13_record_layer_read_record(struct tls13_record_layer *rl) 579 { 580 uint8_t content_type, ccs; 581 ssize_t ret; 582 CBS cbs; 583 584 if (rl->rrec == NULL) { 585 if ((rl->rrec = tls13_record_new()) == NULL) 586 goto err; 587 } 588 589 if ((ret = tls13_record_recv(rl->rrec, rl->wire_read, rl->cb_arg)) <= 0) 590 return ret; 591 592 /* XXX - record version checks. */ 593 594 content_type = tls13_record_content_type(rl->rrec); 595 596 /* 597 * Bag of hacks ahead... after the first ClientHello message has been 598 * sent or received and before the peer's Finished message has been 599 * received, we may receive an unencrypted ChangeCipherSpec record 600 * (see RFC 8446 section 5 and appendix D.4). This record must be 601 * ignored. 602 */ 603 if (content_type == SSL3_RT_CHANGE_CIPHER_SPEC) { 604 /* XXX - need to check after ClientHello, before Finished. */ 605 if (rl->handshake_completed || rl->change_cipher_spec_seen) { 606 /* XXX - unexpected message alert. */ 607 goto err; 608 } 609 if (!tls13_record_content(rl->rrec, &cbs)) { 610 /* XXX - decode error alert. */ 611 goto err; 612 } 613 if (!CBS_get_u8(&cbs, &ccs)) { 614 /* XXX - decode error alert. */ 615 goto err; 616 } 617 if (ccs != 1) { 618 /* XXX - something alert. */ 619 goto err; 620 } 621 rl->change_cipher_spec_seen = 1; 622 tls13_record_layer_rrec_free(rl); 623 return TLS13_IO_WANT_POLLIN; 624 } 625 626 /* 627 * Once record protection is engaged, we should only receive 628 * protected application data messages (aside from the 629 * dummy ChangeCipherSpec messages, handled above). 630 */ 631 if (rl->aead != NULL && content_type != SSL3_RT_APPLICATION_DATA) { 632 /* XXX - unexpected message alert. */ 633 goto err; 634 } 635 636 if (!tls13_record_layer_open_record(rl)) 637 goto err; 638 639 tls13_record_layer_rrec_free(rl); 640 641 switch (rl->rbuf_content_type) { 642 case SSL3_RT_ALERT: 643 return tls13_record_layer_process_alert(rl); 644 645 case SSL3_RT_HANDSHAKE: 646 break; 647 648 case SSL3_RT_APPLICATION_DATA: 649 if (!rl->handshake_completed) { 650 /* XXX - unexpected message alert. */ 651 goto err; 652 } 653 break; 654 655 default: 656 /* XXX - unexpected message alert. */ 657 goto err; 658 } 659 660 return TLS13_IO_SUCCESS; 661 662 err: 663 return TLS13_IO_FAILURE; 664 } 665 666 ssize_t 667 tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type, 668 uint8_t *buf, size_t n) 669 { 670 ssize_t ret; 671 672 if (rl->read_closed) 673 return TLS13_IO_EOF; 674 675 /* XXX - loop here with record and byte limits. */ 676 /* XXX - send alert... */ 677 678 /* If necessary, pull up the next record. */ 679 if (CBS_len(&rl->rbuf_cbs) == 0) { 680 if ((ret = tls13_record_layer_read_record(rl)) <= 0) 681 return ret; 682 683 /* XXX - need to check record version. */ 684 } 685 if (rl->rbuf_content_type != content_type) { 686 /* 687 * Handshake content can appear as post-handshake messages (yup, 688 * the RFC reused the same content type...), which means we can 689 * be trying to read application data and need to handle a 690 * post-handshake handshake message instead... 691 */ 692 if (rl->rbuf_content_type == SSL3_RT_HANDSHAKE) { 693 if (rl->handshake_completed) { 694 /* XXX - call callback, drop for now... */ 695 tls13_record_layer_rbuf_free(rl); 696 return TLS13_IO_WANT_POLLIN; 697 } 698 } 699 700 /* XXX - unexpected message alert. */ 701 goto err; 702 } 703 704 if (n > CBS_len(&rl->rbuf_cbs)) 705 n = CBS_len(&rl->rbuf_cbs); 706 707 /* XXX - CBS_memcpy? CBS_copy_bytes? */ 708 memcpy(buf, CBS_data(&rl->rbuf_cbs), n); 709 if (!CBS_skip(&rl->rbuf_cbs, n)) 710 goto err; 711 712 if (CBS_len(&rl->rbuf_cbs) == 0) 713 tls13_record_layer_rbuf_free(rl); 714 715 return n; 716 717 err: 718 return TLS13_IO_FAILURE; 719 } 720 721 static ssize_t 722 tls13_record_layer_write_record(struct tls13_record_layer *rl, 723 uint8_t content_type, const uint8_t *content, size_t content_len) 724 { 725 ssize_t ret; 726 727 if (rl->write_closed) 728 return TLS13_IO_EOF; 729 730 /* See if there is an existing record and attempt to push it out... */ 731 if (rl->wrec != NULL) { 732 if ((ret = tls13_record_send(rl->wrec, rl->wire_write, 733 rl->cb_arg)) <= 0) 734 return ret; 735 736 tls13_record_layer_wrec_free(rl); 737 738 /* XXX - could be pushing out different data... */ 739 return content_len; 740 } 741 742 if (content_len > TLS13_RECORD_MAX_PLAINTEXT_LEN) 743 goto err; 744 745 if (!tls13_record_layer_seal_record(rl, content_type, content, content_len)) 746 goto err; 747 748 if ((ret = tls13_record_send(rl->wrec, rl->wire_write, rl->cb_arg)) <= 0) 749 return ret; 750 751 tls13_record_layer_wrec_free(rl); 752 753 return content_len; 754 755 err: 756 return TLS13_IO_FAILURE; 757 } 758 759 static ssize_t 760 tls13_record_layer_write(struct tls13_record_layer *rl, uint8_t content_type, 761 const uint8_t *buf, size_t n) 762 { 763 if (n > TLS13_RECORD_MAX_PLAINTEXT_LEN) 764 n = TLS13_RECORD_MAX_PLAINTEXT_LEN; 765 766 return tls13_record_layer_write_record(rl, content_type, buf, n); 767 } 768 769 ssize_t 770 tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n) 771 { 772 return tls13_record_layer_read(rl, SSL3_RT_HANDSHAKE, buf, n); 773 } 774 775 ssize_t 776 tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf, 777 size_t n) 778 { 779 return tls13_record_layer_write(rl, SSL3_RT_HANDSHAKE, buf, n); 780 } 781 782 ssize_t 783 tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n) 784 { 785 if (!rl->handshake_completed) 786 return TLS13_IO_FAILURE; 787 788 return tls13_record_layer_read(rl, SSL3_RT_APPLICATION_DATA, buf, n); 789 } 790 791 ssize_t 792 tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf, 793 size_t n) 794 { 795 if (!rl->handshake_completed) 796 return TLS13_IO_FAILURE; 797 798 return tls13_record_layer_write(rl, SSL3_RT_APPLICATION_DATA, buf, n); 799 } 800