Start replacing the existing TLSv1.2 record layer.

This takes the same design/approach used in TLSv1.3 and provides an opaque struct that is self contained and cannot reach back into other layers. For now this just implements/replaces the writing of records for DTLSv1/TLSv1.0/TLSv1.1/TLSv1.2. In doing so we stop copying the plaintext into the same buffer that is used to transmit to the wire. ok inoguchi@ tb@
author: jsing <> 2020-08-30 15:40:20 +0000
committer: jsing <> 2020-08-30 15:40:20 +0000
commit: 5df2cd671a3bb55e3ec34638a6a36eef237c529f (patch)
tree: 18ad8015f1e0ba01f043e52b0e4feb24b04656f8 /src/lib/libssl/ssl_locl.h
parent: 830241e4747844d045ac58c547d98af86f77e717 (diff)
download: openbsd-5df2cd671a3bb55e3ec34638a6a36eef237c529f.tar.gz
openbsd-5df2cd671a3bb55e3ec34638a6a36eef237c529f.tar.bz2
openbsd-5df2cd671a3bb55e3ec34638a6a36eef237c529f.zip
1 files changed, 31 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 676f404352..e41465419a 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.283 2020/08/11 18:40:24 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.284 2020/08/30 15:40:20 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -475,6 +475,34 @@ typedef struct ssl_handshake_tls13_st {
 } SSL_HANDSHAKE_TLS13;
+struct tls12_record_layer;
+struct tls12_record_layer *tls12_record_layer_new(void);
+void tls12_record_layer_free(struct tls12_record_layer *rl);
+void tls12_record_layer_set_version(struct tls12_record_layer *rl,
+    uint16_t version);
+void tls12_record_layer_set_read_epoch(struct tls12_record_layer *rl,
+    uint16_t epoch);
+void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl,
+    uint16_t epoch);
+void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl);
+void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl);
+void tls12_record_layer_set_read_seq_num(struct tls12_record_layer *rl,
+    uint8_t *seq_num);
+void tls12_record_layer_set_write_seq_num(struct tls12_record_layer *rl,
+    uint8_t *seq_num);
+int tls12_record_layer_set_read_aead(struct tls12_record_layer *rl,
+    SSL_AEAD_CTX *aead_ctx);
+int tls12_record_layer_set_write_aead(struct tls12_record_layer *rl,
+    SSL_AEAD_CTX *aead_ctx);
+int tls12_record_layer_set_read_cipher_hash(struct tls12_record_layer *rl,
+    EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac);
+int tls12_record_layer_set_write_cipher_hash(struct tls12_record_layer *rl,
+    EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac);
+int tls12_record_layer_seal_record(struct tls12_record_layer *rl,
+    uint8_t content_type, const uint8_t *content, size_t content_len,
+    CBB *out);
 typedef struct ssl_ctx_internal_st {
        uint16_t min_version;
        uint16_t max_version;
@@ -736,6 +764,8 @@ typedef struct ssl_internal_st {
        EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
        EVP_MD_CTX *write_hash;                 /* used for mac generation */
+        struct tls12_record_layer *rl;
        /* session info */
        /* extra application data */
@@ -826,7 +856,6 @@ typedef struct ssl3_state_internal_st {
        int empty_fragment_done;
        SSL3_RECORD_INTERNAL rrec;      /* each decoded record goes in here */
-        SSL3_RECORD_INTERNAL wrec;      /* goes out from here */
        /* storage for Alert/Handshake protocol data received but not
         * yet processed by ssl3_read_bytes: */
author	jsing <>	2020-08-30 15:40:20 +0000
committer	jsing <>	2020-08-30 15:40:20 +0000
commit	5df2cd671a3bb55e3ec34638a6a36eef237c529f (patch)
tree	18ad8015f1e0ba01f043e52b0e4feb24b04656f8 /src/lib/libssl/ssl_locl.h
parent	830241e4747844d045ac58c547d98af86f77e717 (diff)
download	openbsd-5df2cd671a3bb55e3ec34638a6a36eef237c529f.tar.gz openbsd-5df2cd671a3bb55e3ec34638a6a36eef237c529f.tar.bz2 openbsd-5df2cd671a3bb55e3ec34638a6a36eef237c529f.zip

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 676f404352..e41465419a 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.283 2020/08/11 18:40:24 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.284 2020/08/30 15:40:20 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -475,6 +475,34 @@ typedef struct ssl_handshake_tls13_st {
475		475
476	} SSL_HANDSHAKE_TLS13;	476	} SSL_HANDSHAKE_TLS13;
477		477
		478	struct tls12_record_layer;
		479
		480	struct tls12_record_layer *tls12_record_layer_new(void);
		481	void tls12_record_layer_free(struct tls12_record_layer *rl);
		482	void tls12_record_layer_set_version(struct tls12_record_layer *rl,
		483	uint16_t version);
		484	void tls12_record_layer_set_read_epoch(struct tls12_record_layer *rl,
		485	uint16_t epoch);
		486	void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl,
		487	uint16_t epoch);
		488	void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl);
		489	void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl);
		490	void tls12_record_layer_set_read_seq_num(struct tls12_record_layer *rl,
		491	uint8_t *seq_num);
		492	void tls12_record_layer_set_write_seq_num(struct tls12_record_layer *rl,
		493	uint8_t *seq_num);
		494	int tls12_record_layer_set_read_aead(struct tls12_record_layer *rl,
		495	SSL_AEAD_CTX *aead_ctx);
		496	int tls12_record_layer_set_write_aead(struct tls12_record_layer *rl,
		497	SSL_AEAD_CTX *aead_ctx);
		498	int tls12_record_layer_set_read_cipher_hash(struct tls12_record_layer *rl,
		499	EVP_CIPHER_CTX cipher_ctx, EVP_MD_CTX hash_ctx, int stream_mac);
		500	int tls12_record_layer_set_write_cipher_hash(struct tls12_record_layer *rl,
		501	EVP_CIPHER_CTX cipher_ctx, EVP_MD_CTX hash_ctx, int stream_mac);
		502	int tls12_record_layer_seal_record(struct tls12_record_layer *rl,
		503	uint8_t content_type, const uint8_t *content, size_t content_len,
		504	CBB *out);
		505
478	typedef struct ssl_ctx_internal_st {	506	typedef struct ssl_ctx_internal_st {
479	uint16_t min_version;	507	uint16_t min_version;
480	uint16_t max_version;	508	uint16_t max_version;
@@ -736,6 +764,8 @@ typedef struct ssl_internal_st {
736	EVP_CIPHER_CTX enc_write_ctx; / cryptographic state */	764	EVP_CIPHER_CTX enc_write_ctx; / cryptographic state */
737	EVP_MD_CTX write_hash; / used for mac generation */	765	EVP_MD_CTX write_hash; / used for mac generation */
738		766
		767	struct tls12_record_layer *rl;
		768
739	/* session info */	769	/* session info */
740		770
741	/* extra application data */	771	/* extra application data */
@@ -826,7 +856,6 @@ typedef struct ssl3_state_internal_st {
826	int empty_fragment_done;	856	int empty_fragment_done;
827		857
828	SSL3_RECORD_INTERNAL rrec; /* each decoded record goes in here */	858	SSL3_RECORD_INTERNAL rrec; /* each decoded record goes in here */
829	SSL3_RECORD_INTERNAL wrec; /* goes out from here */
830		859
831	/* storage for Alert/Handshake protocol data received but not	860	/* storage for Alert/Handshake protocol data received but not
832	* yet processed by ssl3_read_bytes: */	861	* yet processed by ssl3_read_bytes: */