diff options
| author | jsing <> | 2021-02-27 14:20:50 +0000 |
|---|---|---|
| committer | jsing <> | 2021-02-27 14:20:50 +0000 |
| commit | b8b749ab9cb50a2020474c26ae7d5e4c211b5f54 (patch) | |
| tree | 9d9bf203c33aecbd476a400682a4176e3a1e9c21 /src/lib/libssl/ssl_locl.h | |
| parent | 3bc7015b0673a7431028b69c0d56d0217b79bebd (diff) | |
| download | openbsd-b8b749ab9cb50a2020474c26ae7d5e4c211b5f54.tar.gz openbsd-b8b749ab9cb50a2020474c26ae7d5e4c211b5f54.tar.bz2 openbsd-b8b749ab9cb50a2020474c26ae7d5e4c211b5f54.zip | |
Move handling of cipher/hash based cipher suites into the new record layer.
ok tb@
Diffstat (limited to 'src/lib/libssl/ssl_locl.h')
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 26 |
1 files changed, 8 insertions, 18 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 7ed3094c3e..b2af8fd7c9 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.323 2021/02/25 17:06:05 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.324 2021/02/27 14:20:50 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -483,6 +483,9 @@ int tls12_record_layer_read_protected(struct tls12_record_layer *rl); | |||
| 483 | int tls12_record_layer_write_protected(struct tls12_record_layer *rl); | 483 | int tls12_record_layer_write_protected(struct tls12_record_layer *rl); |
| 484 | void tls12_record_layer_set_aead(struct tls12_record_layer *rl, | 484 | void tls12_record_layer_set_aead(struct tls12_record_layer *rl, |
| 485 | const EVP_AEAD *aead); | 485 | const EVP_AEAD *aead); |
| 486 | void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl, | ||
| 487 | const EVP_CIPHER *cipher, const EVP_MD *handshake_hash, | ||
| 488 | const EVP_MD *mac_hash); | ||
| 486 | void tls12_record_layer_set_version(struct tls12_record_layer *rl, | 489 | void tls12_record_layer_set_version(struct tls12_record_layer *rl, |
| 487 | uint16_t version); | 490 | uint16_t version); |
| 488 | void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl, | 491 | void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl, |
| @@ -494,16 +497,8 @@ void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl, | |||
| 494 | void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl); | 497 | void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl); |
| 495 | void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl); | 498 | void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl); |
| 496 | void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl); | 499 | void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl); |
| 497 | int tls12_record_layer_set_read_aead(struct tls12_record_layer *rl, | 500 | void tls12_record_layer_read_cipher_hash(struct tls12_record_layer *rl, |
| 498 | SSL_AEAD_CTX *aead_ctx); | 501 | EVP_CIPHER_CTX **cipher, EVP_MD_CTX **hash); |
| 499 | int tls12_record_layer_set_write_aead(struct tls12_record_layer *rl, | ||
| 500 | SSL_AEAD_CTX *aead_ctx); | ||
| 501 | int tls12_record_layer_set_read_cipher_hash(struct tls12_record_layer *rl, | ||
| 502 | EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac); | ||
| 503 | int tls12_record_layer_set_write_cipher_hash(struct tls12_record_layer *rl, | ||
| 504 | EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac); | ||
| 505 | int tls12_record_layer_set_read_mac_key(struct tls12_record_layer *rl, | ||
| 506 | const uint8_t *mac_key, size_t mac_key_len); | ||
| 507 | int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, | 502 | int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, |
| 508 | const uint8_t *mac_key, size_t mac_key_len, const uint8_t *key, | 503 | const uint8_t *mac_key, size_t mac_key_len, const uint8_t *key, |
| 509 | size_t key_len, const uint8_t *iv, size_t iv_len); | 504 | size_t key_len, const uint8_t *iv, size_t iv_len); |
| @@ -774,9 +769,6 @@ typedef struct ssl_internal_st { | |||
| 774 | 769 | ||
| 775 | STACK_OF(SSL_CIPHER) *cipher_list_tls13; | 770 | STACK_OF(SSL_CIPHER) *cipher_list_tls13; |
| 776 | 771 | ||
| 777 | EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ | ||
| 778 | EVP_MD_CTX *write_hash; /* used for mac generation */ | ||
| 779 | |||
| 780 | struct tls12_record_layer *rl; | 772 | struct tls12_record_layer *rl; |
| 781 | 773 | ||
| 782 | /* session info */ | 774 | /* session info */ |
| @@ -902,8 +894,6 @@ typedef struct ssl3_state_internal_st { | |||
| 902 | SSL_HANDSHAKE_TLS13 hs_tls13; | 894 | SSL_HANDSHAKE_TLS13 hs_tls13; |
| 903 | 895 | ||
| 904 | struct { | 896 | struct { |
| 905 | int new_mac_secret_size; | ||
| 906 | |||
| 907 | unsigned char cert_verify_md[EVP_MAX_MD_SIZE]; | 897 | unsigned char cert_verify_md[EVP_MAX_MD_SIZE]; |
| 908 | 898 | ||
| 909 | unsigned char finish_md[EVP_MAX_MD_SIZE]; | 899 | unsigned char finish_md[EVP_MAX_MD_SIZE]; |
| @@ -931,8 +921,8 @@ typedef struct ssl3_state_internal_st { | |||
| 931 | 921 | ||
| 932 | const EVP_CIPHER *new_sym_enc; | 922 | const EVP_CIPHER *new_sym_enc; |
| 933 | const EVP_AEAD *new_aead; | 923 | const EVP_AEAD *new_aead; |
| 934 | const EVP_MD *new_hash; | 924 | int new_mac_secret_size; |
| 935 | int new_mac_pkey_type; | 925 | |
| 936 | int cert_request; | 926 | int cert_request; |
| 937 | } tmp; | 927 | } tmp; |
| 938 | 928 | ||