Start replacing the existing TLSv1.2 record layer.

This takes the same design/approach used in TLSv1.3 and provides an opaque struct that is self contained and cannot reach back into other layers. For now this just implements/replaces the writing of records for DTLSv1/TLSv1.0/TLSv1.1/TLSv1.2. In doing so we stop copying the plaintext into the same buffer that is used to transmit to the wire. ok inoguchi@ tb@
author: jsing <> 2020-08-30 15:40:20 +0000
committer: jsing <> 2020-08-30 15:40:20 +0000
commit: 09997f3d41692022beb138f1e238f51af93a8024 (patch)
tree: 18ad8015f1e0ba01f043e52b0e4feb24b04656f8 /src/lib/libssl/ssl_lib.c
parent: 3a0362608e329661831d8a0de2005821d2cc1fe0 (diff)
download: openbsd-09997f3d41692022beb138f1e238f51af93a8024.tar.gz
openbsd-09997f3d41692022beb138f1e238f51af93a8024.tar.bz2
openbsd-09997f3d41692022beb138f1e238f51af93a8024.zip
1 files changed, 14 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index bd3188cdf6..bf10cea685 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.220 2020/08/11 18:39:40 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.221 2020/08/30 15:40:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -344,6 +344,9 @@ SSL_new(SSL_CTX *ctx)
        if (!s->method->internal->ssl_new(s))
                goto err;
+        if ((s->internal->rl = tls12_record_layer_new()) == NULL)
+                goto err;
        s->references = 1;
        s->server = (ctx->method->internal->ssl_accept == ssl_undefined_function) ? 0 : 1;
@@ -564,6 +567,8 @@ SSL_free(SSL *s)
        sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles);
 #endif
+        tls12_record_layer_free(s->internal->rl);
        free(s->internal);
        free(s);
 }
@@ -2535,6 +2540,10 @@ ssl_clear_cipher_read_state(SSL *s)
        EVP_MD_CTX_free(s->read_hash);
        s->read_hash = NULL;
+        tls12_record_layer_clear_read_state(s->internal->rl);
+        tls12_record_layer_set_read_seq_num(s->internal->rl,
+            S3I(s)->read_sequence);
        if (s->internal->aead_read_ctx != NULL) {
                EVP_AEAD_CTX_cleanup(&s->internal->aead_read_ctx->ctx);
                free(s->internal->aead_read_ctx);
@@ -2550,6 +2559,10 @@ ssl_clear_cipher_write_state(SSL *s)
        EVP_MD_CTX_free(s->internal->write_hash);
        s->internal->write_hash = NULL;
+        tls12_record_layer_clear_write_state(s->internal->rl);
+        tls12_record_layer_set_write_seq_num(s->internal->rl,
+            S3I(s)->write_sequence);
        if (s->internal->aead_write_ctx != NULL) {
                EVP_AEAD_CTX_cleanup(&s->internal->aead_write_ctx->ctx);
                free(s->internal->aead_write_ctx);
author	jsing <>	2020-08-30 15:40:20 +0000
committer	jsing <>	2020-08-30 15:40:20 +0000
commit	09997f3d41692022beb138f1e238f51af93a8024 (patch)
tree	18ad8015f1e0ba01f043e52b0e4feb24b04656f8 /src/lib/libssl/ssl_lib.c
parent	3a0362608e329661831d8a0de2005821d2cc1fe0 (diff)
download	openbsd-09997f3d41692022beb138f1e238f51af93a8024.tar.gz openbsd-09997f3d41692022beb138f1e238f51af93a8024.tar.bz2 openbsd-09997f3d41692022beb138f1e238f51af93a8024.zip