143 static bool ssl_needs_record_splitting(const SSL *ssl) {  in ssl_needs_record_splitting()  argument
145   return !ssl->s3->aead_write_ctx->is_null_cipher() &&  in ssl_needs_record_splitting()
146          ssl->s3->aead_write_ctx->ProtocolVersion() < TLS1_1_VERSION &&  in ssl_needs_record_splitting()
147          (ssl->mode & SSL_MODE_CBC_RECORD_SPLITTING) != 0 &&  in ssl_needs_record_splitting()
148          SSL_CIPHER_is_block_cipher(ssl->s3->aead_write_ctx->cipher());  in ssl_needs_record_splitting()
165 size_t ssl_record_prefix_len(const SSL *ssl) {  in ssl_record_prefix_len()  argument
167   if (SSL_is_dtls(ssl)) {  in ssl_record_prefix_len()
173   return header_len + ssl->s3->aead_read_ctx->ExplicitNonceLen();  in ssl_record_prefix_len()
176 size_t ssl_seal_align_prefix_len(const SSL *ssl) {  in ssl_seal_align_prefix_len()  argument
177   if (SSL_is_dtls(ssl)) {  in ssl_seal_align_prefix_len()
178     return DTLS1_RT_HEADER_LENGTH + ssl->s3->aead_write_ctx->ExplicitNonceLen();  in ssl_seal_align_prefix_len()
182       SSL3_RT_HEADER_LENGTH + ssl->s3->aead_write_ctx->ExplicitNonceLen();  in ssl_seal_align_prefix_len()
183   if (ssl_needs_record_splitting(ssl)) {  in ssl_seal_align_prefix_len()
185     ret += ssl_cipher_get_record_split_len(ssl->s3->aead_write_ctx->cipher());  in ssl_seal_align_prefix_len()
190 static ssl_open_record_t skip_early_data(SSL *ssl, uint8_t *out_alert,  in skip_early_data()  argument
192   ssl->s3->early_data_skipped += consumed;  in skip_early_data()
193   if (ssl->s3->early_data_skipped < consumed) {  in skip_early_data()
194     ssl->s3->early_data_skipped = kMaxEarlyDataSkipped + 1;  in skip_early_data()
197   if (ssl->s3->early_data_skipped > kMaxEarlyDataSkipped) {  in skip_early_data()
206 ssl_open_record_t tls_open_record(SSL *ssl, uint8_t *out_type,  in tls_open_record()  argument
210   if (ssl->s3->read_shutdown == ssl_shutdown_close_notify) {  in tls_open_record()
216   if (!tls_can_accept_handshake_data(ssl, out_alert)) {  in tls_open_record()
233   if (ssl->s3->aead_read_ctx->is_null_cipher()) {  in tls_open_record()
238     version_ok = version == ssl->s3->aead_read_ctx->RecordVersion();  in tls_open_record()
262   ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HEADER, header);  in tls_open_record()
266   if (ssl->s3->have_version &&  in tls_open_record()
267       ssl_protocol_version(ssl) >= TLS1_3_VERSION &&  in tls_open_record()
268       SSL_in_init(ssl) &&  in tls_open_record()
272     ssl->s3->empty_record_count++;  in tls_open_record()
273     if (ssl->s3->empty_record_count > kMaxEmptyRecords) {  in tls_open_record()
283   if (ssl->s3->skip_early_data &&  in tls_open_record()
284       ssl->s3->aead_read_ctx->is_null_cipher() &&  in tls_open_record()
286     return skip_early_data(ssl, out_alert, *out_consumed);  in tls_open_record()
290   if (!ssl->s3->aead_read_ctx->Open(  in tls_open_record()
291           out, type, version, ssl->s3->read_sequence, header,  in tls_open_record()
293     if (ssl->s3->skip_early_data && !ssl->s3->aead_read_ctx->is_null_cipher()) {  in tls_open_record()
295       return skip_early_data(ssl, out_alert, *out_consumed);  in tls_open_record()
303   ssl->s3->skip_early_data = false;  in tls_open_record()
305   if (!ssl_record_sequence_update(ssl->s3->read_sequence, 8)) {  in tls_open_record()
312       !ssl->s3->aead_read_ctx->is_null_cipher() &&  in tls_open_record()
313       ssl->s3->aead_read_ctx->ProtocolVersion() >= TLS1_3_VERSION;  in tls_open_record()
346     ssl->s3->empty_record_count++;  in tls_open_record()
347     if (ssl->s3->empty_record_count > kMaxEmptyRecords) {  in tls_open_record()
355     ssl->s3->empty_record_count = 0;  in tls_open_record()
359     return ssl_process_alert(ssl, out_alert, *out);  in tls_open_record()
364       tls_has_unprocessed_handshake_data(ssl)) {  in tls_open_record()
370   ssl->s3->warning_alert_count = 0;  in tls_open_record()
376 static bool do_seal_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out,  in do_seal_record()  argument
379   SSLAEADContext *aead = ssl->s3->aead_write_ctx.get();  in do_seal_record()
397   assert(!buffers_alias(in, in_len, out_prefix, ssl_record_prefix_len(ssl)));  in do_seal_record()
415                          out_prefix[0], record_version, ssl->s3->write_sequence,  in do_seal_record()
417       !ssl_record_sequence_update(ssl->s3->write_sequence, 8)) {  in do_seal_record()
421   ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, header);  in do_seal_record()
425 static size_t tls_seal_scatter_prefix_len(const SSL *ssl, uint8_t type,  in tls_seal_scatter_prefix_len()  argument
429       ssl_needs_record_splitting(ssl)) {  in tls_seal_scatter_prefix_len()
434     ret += ssl_cipher_get_record_split_len(ssl->s3->aead_write_ctx->cipher());  in tls_seal_scatter_prefix_len()
437     ret += ssl->s3->aead_write_ctx->ExplicitNonceLen();  in tls_seal_scatter_prefix_len()
442 static bool tls_seal_scatter_suffix_len(const SSL *ssl, size_t *out_suffix_len,  in tls_seal_scatter_suffix_len()  argument
445   if (!ssl->s3->aead_write_ctx->is_null_cipher() &&  in tls_seal_scatter_suffix_len()
446       ssl->s3->aead_write_ctx->ProtocolVersion() >= TLS1_3_VERSION) {  in tls_seal_scatter_suffix_len()
453       ssl_needs_record_splitting(ssl)) {  in tls_seal_scatter_suffix_len()
459   return ssl->s3->aead_write_ctx->SuffixLen(out_suffix_len, in_len, extra_in_len);  in tls_seal_scatter_suffix_len()
469 static bool tls_seal_scatter_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out,  in tls_seal_scatter_record()  argument
473       ssl_needs_record_splitting(ssl)) {  in tls_seal_scatter_record()
474     assert(ssl->s3->aead_write_ctx->ExplicitNonceLen() == 0);  in tls_seal_scatter_record()
481     if (!do_seal_record(ssl, out_prefix, split_body, split_suffix, type, in,  in tls_seal_scatter_record()
487     if (!ssl->s3->aead_write_ctx->SuffixLen(&split_record_suffix_len, 1, 0)) {  in tls_seal_scatter_record()
493                                        ssl->s3->aead_write_ctx->cipher()) ==  in tls_seal_scatter_record()
499     if (!do_seal_record(ssl, tmp_prefix, out + 1, out_suffix, type, in + 1,  in tls_seal_scatter_record()
503     assert(tls_seal_scatter_prefix_len(ssl, type, in_len) ==  in tls_seal_scatter_record()
511   return do_seal_record(ssl, out_prefix, out, out_suffix, type, in, in_len);  in tls_seal_scatter_record()
514 bool tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len,  in tls_seal_record()  argument
522   const size_t prefix_len = tls_seal_scatter_prefix_len(ssl, type, in_len);  in tls_seal_record()
524   if (!tls_seal_scatter_suffix_len(ssl, &suffix_len, type, in_len)) {  in tls_seal_record()
540   if (!tls_seal_scatter_record(ssl, prefix, body, suffix, type, in, in_len)) {  in tls_seal_record()
548 enum ssl_open_record_t ssl_process_alert(SSL *ssl, uint8_t *out_alert,  in ssl_process_alert()  argument
557   ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_ALERT, in);  in ssl_process_alert()
563   ssl_do_info_callback(ssl, SSL_CB_READ_ALERT, alert);  in ssl_process_alert()
567       ssl->s3->read_shutdown = ssl_shutdown_close_notify;  in ssl_process_alert()
576     if (ssl->s3->have_version &&  in ssl_process_alert()
577         ssl_protocol_version(ssl) >= TLS1_3_VERSION &&  in ssl_process_alert()
584     ssl->s3->warning_alert_count++;  in ssl_process_alert()
585     if (ssl->s3->warning_alert_count > kMaxWarningAlerts) {  in ssl_process_alert()
605 OpenRecordResult OpenRecord(SSL *ssl, Span<uint8_t> *out,  in OpenRecord()  argument
610   if (SSL_in_init(ssl) ||  in OpenRecord()
611       SSL_is_dtls(ssl) ||  in OpenRecord()
612       ssl_protocol_version(ssl) > TLS1_2_VERSION) {  in OpenRecord()
621       ssl, &type, &plaintext, out_record_len, out_alert, in);  in OpenRecord()
644 size_t SealRecordPrefixLen(const SSL *ssl, const size_t record_len) {  in SealRecordPrefixLen()  argument
645   return tls_seal_scatter_prefix_len(ssl, SSL3_RT_APPLICATION_DATA, record_len);  in SealRecordPrefixLen()
648 size_t SealRecordSuffixLen(const SSL *ssl, const size_t plaintext_len) {  in SealRecordSuffixLen()  argument
651   if (!tls_seal_scatter_suffix_len(ssl, &suffix_len, SSL3_RT_APPLICATION_DATA,  in SealRecordSuffixLen()
661 bool SealRecord(SSL *ssl, const Span<uint8_t> out_prefix,  in SealRecord()  argument
666   if (SSL_in_init(ssl) ||  in SealRecord()
667       SSL_is_dtls(ssl) ||  in SealRecord()
668       ssl_protocol_version(ssl) > TLS1_2_VERSION) {  in SealRecord()
674   if (out_prefix.size() != SealRecordPrefixLen(ssl, in.size()) ||  in SealRecord()
676       out_suffix.size() != SealRecordSuffixLen(ssl, in.size())) {  in SealRecord()
680   return tls_seal_scatter_record(ssl, out_prefix.data(), out.data(),  in SealRecord()
689 size_t SSL_max_seal_overhead(const SSL *ssl) {  in SSL_max_seal_overhead()  argument
690   if (SSL_is_dtls(ssl)) {  in SSL_max_seal_overhead()
691     return dtls_max_seal_overhead(ssl, dtls1_use_current_epoch);  in SSL_max_seal_overhead()
695   ret += ssl->s3->aead_write_ctx->MaxOverhead();  in SSL_max_seal_overhead()
697   if (!ssl->s3->aead_write_ctx->is_null_cipher() &&  in SSL_max_seal_overhead()
698       ssl->s3->aead_write_ctx->ProtocolVersion() >= TLS1_3_VERSION) {  in SSL_max_seal_overhead()
701   if (ssl_needs_record_splitting(ssl)) {  in SSL_max_seal_overhead()