Add code to handle change of cipher state in the new TLSv1.2 record layer.

This provides the basic framework for handling change of cipher state in the new TLSv1.2 record layer, creating new record protection. In the DTLS case we retain the previous write record protection and can switch back to it when retransmitting. This will allow the record layer to start owning sequence numbers and encryption/decryption state. ok inoguchi@ tb@
author: jsing <> 2021-01-19 19:07:39 +0000
committer: jsing <> 2021-01-19 19:07:39 +0000
commit: e99005f53b351b3c662664891d988adaa02c4d0b (patch)
tree: 05f28e11dfa0755554909e35637b6e3f6f3a076b /src/lib/libssl/ssl_locl.h
parent: eb720c630d40660f4bf00d58faa6f6d59ba82ea2 (diff)
download: openbsd-e99005f53b351b3c662664891d988adaa02c4d0b.tar.gz
openbsd-e99005f53b351b3c662664891d988adaa02c4d0b.tar.bz2
openbsd-e99005f53b351b3c662664891d988adaa02c4d0b.zip
1 files changed, 11 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index e0a4c49ccb..5a3e3ff726 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.314 2021/01/19 18:57:09 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.315 2021/01/19 19:07:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -485,6 +485,10 @@ void tls12_record_layer_set_version(struct tls12_record_layer *rl,
    uint16_t version);
 void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl,
    uint16_t epoch);
+int tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl,
+    uint16_t epoch);
+void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl,
+    uint16_t epoch);
 void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl);
 void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl);
 void tls12_record_layer_set_read_seq_num(struct tls12_record_layer *rl,
@@ -501,6 +505,12 @@ int tls12_record_layer_set_write_cipher_hash(struct tls12_record_layer *rl,
    EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *hash_ctx, int stream_mac);
 int tls12_record_layer_set_read_mac_key(struct tls12_record_layer *rl,
    const uint8_t *mac_key, size_t mac_key_len);
+int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl,
+    const uint8_t *mac_key, size_t mac_key_len, const uint8_t *key,
+    size_t key_len, const uint8_t *iv, size_t iv_len);
+int tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl,
+    const uint8_t *mac_key, size_t mac_key_len, const uint8_t *key,
+    size_t key_len, const uint8_t *iv, size_t iv_len);
 int tls12_record_layer_open_record(struct tls12_record_layer *rl,
    uint8_t *buf, size_t buf_len, uint8_t **out, size_t *out_len);
 int tls12_record_layer_seal_record(struct tls12_record_layer *rl,
author	jsing <>	2021-01-19 19:07:39 +0000
committer	jsing <>	2021-01-19 19:07:39 +0000
commit	e99005f53b351b3c662664891d988adaa02c4d0b (patch)
tree	05f28e11dfa0755554909e35637b6e3f6f3a076b /src/lib/libssl/ssl_locl.h
parent	eb720c630d40660f4bf00d58faa6f6d59ba82ea2 (diff)
download	openbsd-e99005f53b351b3c662664891d988adaa02c4d0b.tar.gz openbsd-e99005f53b351b3c662664891d988adaa02c4d0b.tar.bz2 openbsd-e99005f53b351b3c662664891d988adaa02c4d0b.zip