diff options
| author | jsing <> | 2021-01-19 19:07:39 +0000 |
|---|---|---|
| committer | jsing <> | 2021-01-19 19:07:39 +0000 |
| commit | e99005f53b351b3c662664891d988adaa02c4d0b (patch) | |
| tree | 05f28e11dfa0755554909e35637b6e3f6f3a076b /src/lib/libssl/t1_enc.c | |
| parent | eb720c630d40660f4bf00d58faa6f6d59ba82ea2 (diff) | |
| download | openbsd-e99005f53b351b3c662664891d988adaa02c4d0b.tar.gz openbsd-e99005f53b351b3c662664891d988adaa02c4d0b.tar.bz2 openbsd-e99005f53b351b3c662664891d988adaa02c4d0b.zip | |
Add code to handle change of cipher state in the new TLSv1.2 record layer.
This provides the basic framework for handling change of cipher state in
the new TLSv1.2 record layer, creating new record protection. In the DTLS
case we retain the previous write record protection and can switch back to
it when retransmitting. This will allow the record layer to start owning
sequence numbers and encryption/decryption state.
ok inoguchi@ tb@
Diffstat (limited to 'src/lib/libssl/t1_enc.c')
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 6c376be2e0..875aae36b0 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.128 2021/01/07 15:32:59 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.129 2021/01/19 19:07:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -562,7 +562,21 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 562 | 562 | ||
| 563 | if (key_block - S3I(s)->hs.key_block != S3I(s)->hs.key_block_len) { | 563 | if (key_block - S3I(s)->hs.key_block != S3I(s)->hs.key_block_len) { |
| 564 | SSLerror(s, ERR_R_INTERNAL_ERROR); | 564 | SSLerror(s, ERR_R_INTERNAL_ERROR); |
| 565 | goto err2; | 565 | goto err; |
| 566 | } | ||
| 567 | |||
| 568 | if (is_read) { | ||
| 569 | if (!tls12_record_layer_change_read_cipher_state(s->internal->rl, | ||
| 570 | mac_secret, mac_secret_size, key, key_len, iv, iv_len)) | ||
| 571 | goto err; | ||
| 572 | tls12_record_layer_set_read_seq_num(s->internal->rl, | ||
| 573 | S3I(s)->read_sequence); | ||
| 574 | } else { | ||
| 575 | if (!tls12_record_layer_change_write_cipher_state(s->internal->rl, | ||
| 576 | mac_secret, mac_secret_size, key, key_len, iv, iv_len)) | ||
| 577 | goto err; | ||
| 578 | tls12_record_layer_set_write_seq_num(s->internal->rl, | ||
| 579 | S3I(s)->write_sequence); | ||
| 566 | } | 580 | } |
| 567 | 581 | ||
| 568 | if (aead != NULL) { | 582 | if (aead != NULL) { |
| @@ -573,7 +587,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 573 | return tls1_change_cipher_state_cipher(s, is_read, | 587 | return tls1_change_cipher_state_cipher(s, is_read, |
| 574 | mac_secret, mac_secret_size, key, key_len, iv, iv_len); | 588 | mac_secret, mac_secret_size, key, key_len, iv, iv_len); |
| 575 | 589 | ||
| 576 | err2: | 590 | err: |
| 577 | return (0); | 591 | return (0); |
| 578 | } | 592 | } |
| 579 | 593 | ||