Add an SSL_AEAD_CTX to enable the use of EVP_AEAD with an SSL cipher.

Read and write contexts are also added to the SSL_CTX, along with
supporting code.

Based on Adam Langley's chromium diffs.

Rides the recent SSL library bump.

1 files changed, 22 insertions, 1 deletions

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 18b329048e..ea5f8c3d4e 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.49 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.50 2014/06/13 10:52:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -578,6 +578,27 @@ typedef struct ssl3_enc_method {
 /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
 #define SSL_ENC_FLAG_TLS1_2_CIPHERS     (1 << 4)
 
+/*
+ * ssl_aead_ctx_st contains information about an AEAD that is being used to
+ * encrypt an SSL connection.
+ */
+struct ssl_aead_ctx_st {
+        EVP_AEAD_CTX ctx;
+        /*
+         * fixed_nonce contains any bytes of the nonce that are fixed for all
+         * records.
+         */
+        unsigned char fixed_nonce[8];
+        unsigned char fixed_nonce_len;
+        unsigned char variable_nonce_len;
+        unsigned char tag_len;
+        /*
+         * variable_nonce_in_record is non-zero if the variable nonce
+         * for a record is included as a prefix before the ciphertext.
+         */
+        char variable_nonce_in_record;
+};
+
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */
 typedef struct ssl3_comp_st {