diff options
| author | jsing <> | 2021-05-05 10:05:27 +0000 |
|---|---|---|
| committer | jsing <> | 2021-05-05 10:05:27 +0000 |
| commit | 61ec18da26d0571bc925e8f60b9f8b60ce5ca1fb (patch) | |
| tree | 07f64696b23229ab3deb8b5ecb2d4da5b3116265 /src/lib/libssl/ssl_locl.h | |
| parent | c157b585ad23f1585c90daafcbac523ea9685e35 (diff) | |
| download | openbsd-61ec18da26d0571bc925e8f60b9f8b60ce5ca1fb.tar.gz openbsd-61ec18da26d0571bc925e8f60b9f8b60ce5ca1fb.tar.bz2 openbsd-61ec18da26d0571bc925e8f60b9f8b60ce5ca1fb.zip | |
Rewrite TLSv1.2 key block handling.
For TLSv1.2 a single key block is generated, then partitioned into
individual secrets for use as IVs and keys. The previous implementation
splits this across two functions tls1_setup_key_block() and
tls1_change_cipher_state(), which means that the IV and key sizes have to
be known in multiple places.
This implementation generates and partitions the key block in a single
step, meaning that the secrets are then simply handed out when requested.
ok inoguchi@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_locl.h')
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 9dfa1243c9..1f7e1fa587 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.341 2021/05/02 17:46:58 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.342 2021/05/05 10:05:27 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -431,12 +431,8 @@ typedef struct ssl_handshake_tls12_st { | |||
| 431 | int cert_request; | 431 | int cert_request; |
| 432 | STACK_OF(X509_NAME) *ca_names; | 432 | STACK_OF(X509_NAME) *ca_names; |
| 433 | 433 | ||
| 434 | /* Size of the MAC secret. */ | ||
| 435 | int mac_secret_size; | ||
| 436 | |||
| 437 | /* Record-layer key block for TLS 1.2 and earlier. */ | 434 | /* Record-layer key block for TLS 1.2 and earlier. */ |
| 438 | unsigned char *key_block; | 435 | struct tls12_key_block *key_block; |
| 439 | size_t key_block_len; | ||
| 440 | 436 | ||
| 441 | /* Transcript hash prior to sending certificate verify message. */ | 437 | /* Transcript hash prior to sending certificate verify message. */ |
| 442 | uint8_t cert_verify[EVP_MAX_MD_SIZE]; | 438 | uint8_t cert_verify[EVP_MAX_MD_SIZE]; |
| @@ -522,6 +518,17 @@ typedef struct ssl_handshake_st { | |||
| 522 | SSL_HANDSHAKE_TLS13 tls13; | 518 | SSL_HANDSHAKE_TLS13 tls13; |
| 523 | } SSL_HANDSHAKE; | 519 | } SSL_HANDSHAKE; |
| 524 | 520 | ||
| 521 | struct tls12_key_block; | ||
| 522 | |||
| 523 | struct tls12_key_block *tls12_key_block_new(void); | ||
| 524 | void tls12_key_block_free(struct tls12_key_block *kb); | ||
| 525 | void tls12_key_block_client_write(struct tls12_key_block *kb, CBS *mac_key, | ||
| 526 | CBS *key, CBS *iv); | ||
| 527 | void tls12_key_block_server_write(struct tls12_key_block *kb, CBS *mac_key, | ||
| 528 | CBS *key, CBS *iv); | ||
| 529 | int tls12_key_block_generate(struct tls12_key_block *kb, SSL *s, | ||
| 530 | const EVP_AEAD *aead, const EVP_CIPHER *cipher, const EVP_MD *mac_hash); | ||
| 531 | |||
| 525 | struct tls12_record_layer; | 532 | struct tls12_record_layer; |
| 526 | 533 | ||
| 527 | struct tls12_record_layer *tls12_record_layer_new(void); | 534 | struct tls12_record_layer *tls12_record_layer_new(void); |
| @@ -532,8 +539,6 @@ int tls12_record_layer_write_overhead(struct tls12_record_layer *rl, | |||
| 532 | size_t *overhead); | 539 | size_t *overhead); |
| 533 | int tls12_record_layer_read_protected(struct tls12_record_layer *rl); | 540 | int tls12_record_layer_read_protected(struct tls12_record_layer *rl); |
| 534 | int tls12_record_layer_write_protected(struct tls12_record_layer *rl); | 541 | int tls12_record_layer_write_protected(struct tls12_record_layer *rl); |
| 535 | const EVP_AEAD *tls12_record_layer_aead(struct tls12_record_layer *rl); | ||
| 536 | const EVP_CIPHER *tls12_record_layer_cipher(struct tls12_record_layer *rl); | ||
| 537 | void tls12_record_layer_set_aead(struct tls12_record_layer *rl, | 542 | void tls12_record_layer_set_aead(struct tls12_record_layer *rl, |
| 538 | const EVP_AEAD *aead); | 543 | const EVP_AEAD *aead); |
| 539 | void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl, | 544 | void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl, |
| @@ -553,11 +558,9 @@ void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl); | |||
| 553 | void tls12_record_layer_read_cipher_hash(struct tls12_record_layer *rl, | 558 | void tls12_record_layer_read_cipher_hash(struct tls12_record_layer *rl, |
| 554 | EVP_CIPHER_CTX **cipher, EVP_MD_CTX **hash); | 559 | EVP_CIPHER_CTX **cipher, EVP_MD_CTX **hash); |
| 555 | int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, | 560 | int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, |
| 556 | const uint8_t *mac_key, size_t mac_key_len, const uint8_t *key, | 561 | CBS *mac_key, CBS *key, CBS *iv); |
| 557 | size_t key_len, const uint8_t *iv, size_t iv_len); | ||
| 558 | int tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl, | 562 | int tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl, |
| 559 | const uint8_t *mac_key, size_t mac_key_len, const uint8_t *key, | 563 | CBS *mac_key, CBS *key, CBS *iv); |
| 560 | size_t key_len, const uint8_t *iv, size_t iv_len); | ||
| 561 | int tls12_record_layer_open_record(struct tls12_record_layer *rl, | 564 | int tls12_record_layer_open_record(struct tls12_record_layer *rl, |
| 562 | uint8_t *buf, size_t buf_len, uint8_t **out, size_t *out_len); | 565 | uint8_t *buf, size_t buf_len, uint8_t **out, size_t *out_len); |
| 563 | int tls12_record_layer_seal_record(struct tls12_record_layer *rl, | 566 | int tls12_record_layer_seal_record(struct tls12_record_layer *rl, |
| @@ -1381,6 +1384,7 @@ void tls1_cleanup_key_block(SSL *s); | |||
| 1381 | int tls1_change_read_cipher_state(SSL *s); | 1384 | int tls1_change_read_cipher_state(SSL *s); |
| 1382 | int tls1_change_write_cipher_state(SSL *s); | 1385 | int tls1_change_write_cipher_state(SSL *s); |
| 1383 | int tls1_setup_key_block(SSL *s); | 1386 | int tls1_setup_key_block(SSL *s); |
| 1387 | int tls1_generate_key_block(SSL *s, uint8_t *key_block, size_t key_block_len); | ||
| 1384 | int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, | 1388 | int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, |
| 1385 | const char *label, size_t llen, const unsigned char *p, size_t plen, | 1389 | const char *label, size_t llen, const unsigned char *p, size_t plen, |
| 1386 | int use_context); | 1390 | int use_context); |