Enable the record layer to call the ssl_security callback

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

ssl/record/methods/recmethod_local.h

@@ -172,6 +172,7 @@ struct ossl_record_layer_st
     void *cbarg;
     OSSL_FUNC_rlayer_skip_early_data_fn *skip_early_data;
     OSSL_FUNC_rlayer_msg_callback_fn *msg_callback;
+    OSSL_FUNC_rlayer_security_fn *security;
 
     /* Function pointers for version specific functions */
     struct record_functions_st *funcs;

ssl/record/methods/tls_common.c

@@ -90,12 +90,8 @@ static int rlayer_allow_compression(OSSL_RECORD_LAYER *rl)
 {
     if (rl->options & SSL_OP_NO_COMPRESSION)
         return 0;
-# if 0
-    /* TODO(RECLAYER): Implement ssl_security inside the record layer */
-    return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL);
-# else
-    return 1;
-# endif
+
+    return rl->security(rl->cbarg, SSL_SECOP_COMPRESSION, 0, 0, NULL);
 }
 #endif
 
@@ -1132,6 +1128,9 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
         case OSSL_FUNC_RLAYER_MSG_CALLBACK:
             rl->msg_callback = OSSL_FUNC_rlayer_msg_callback(fns);
             break;
+        case OSSL_FUNC_RLAYER_SECURITY:
+            rl->security = OSSL_FUNC_rlayer_security(fns);
+            break;
         default:
             /* Just ignore anything we don't understand */
             break;

ssl/record/rec_layer_s3.c

@@ -1749,6 +1749,7 @@ size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
     return SSL3_RECORD_get_length(&rl->rrec[0]);
 }
 
+static OSSL_FUNC_rlayer_msg_callback_fn rlayer_msg_callback_wrapper;
 static void rlayer_msg_callback_wrapper(int write_p, int version,
                                         int content_type, const void *buf,
                                         size_t len, void *cbarg)
@@ -1761,9 +1762,19 @@ static void rlayer_msg_callback_wrapper(int write_p, int version,
                         s->msg_callback_arg);
 }
 
+static OSSL_FUNC_rlayer_security_fn rlayer_security_wrapper;
+static int rlayer_security_wrapper(void *cbarg, int op, int bits, int nid,
+                                   void *other)
+{
+    SSL_CONNECTION *s = cbarg;
+
+    return ssl_security(s, op, bits, nid, other);
+}
+
 static const OSSL_DISPATCH rlayer_dispatch[] = {
     { OSSL_FUNC_RLAYER_SKIP_EARLY_DATA, (void (*)(void))ossl_statem_skip_early_data },
     { OSSL_FUNC_RLAYER_MSG_CALLBACK, (void (*)(void))rlayer_msg_callback_wrapper },
+    { OSSL_FUNC_RLAYER_SECURITY, (void (*)(void))rlayer_security_wrapper },
     { 0, NULL }
 };
 

ssl/record/record.h

@@ -299,3 +299,6 @@ OSSL_CORE_MAKE_FUNC(void, rlayer_msg_callback, (int write_p, int version,
                                                 int content_type,
                                                 const void *buf, size_t len,
                                                 void *cbarg))
+# define OSSL_FUNC_RLAYER_SECURITY               3
+OSSL_CORE_MAKE_FUNC(int, rlayer_security, (void *cbarg, int op, int bits,
+                                           int nid, void *other))