Provide QUIC encryption levels.

QUIC wants to know what "encryption level" handshake messages should be sent at. Provide an ssl_encryption_level_t enum (via BoringSSL) that defines these (of course quictls decided to make this an OSSL_ENCRYPTION_LEVEL typedef, so provide that as well). Wire these through to tls13_record_layer_set_{read,write}_traffic_key() so that they can be used in upcoming commits. ok tb@
author: jsing <> 2022-07-24 14:16:29 +0000
committer: jsing <> 2022-07-24 14:16:29 +0000
commit: d82a186f8c966e9a7dddbe974f3492a8d6fc42c8 (patch)
tree: 513bd66d8a8e45ea9b3a80cfdde2155254f69204 /src/lib/libssl/tls13_client.c
parent: d7c47c20d5f183b9417a79c956e0563e69e243cc (diff)
download: openbsd-d82a186f8c966e9a7dddbe974f3492a8d6fc42c8.tar.gz
openbsd-d82a186f8c966e9a7dddbe974f3492a8d6fc42c8.tar.bz2
openbsd-d82a186f8c966e9a7dddbe974f3492a8d6fc42c8.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index cc01329e51..b1efafdfdd 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.96 2022/07/22 14:53:07 tb Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.97 2022/07/24 14:16:29 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -382,10 +382,10 @@ tls13_client_engage_record_protection(struct tls13_ctx *ctx)
        tls13_record_layer_set_hash(ctx->rl, ctx->hash);
        if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
-            &secrets->server_handshake_traffic))
+            &secrets->server_handshake_traffic, ssl_encryption_handshake))
                goto err;
        if (!tls13_record_layer_set_write_traffic_key(ctx->rl,
-            &secrets->client_handshake_traffic))
+            &secrets->client_handshake_traffic, ssl_encryption_handshake))
                goto err;
        ret = 1;
@@ -801,7 +801,7 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
         * using the server application traffic keys.
         */
        if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
-            &secrets->server_application_traffic))
+            &secrets->server_application_traffic, ssl_encryption_application))
                goto err;
        tls13_record_layer_allow_ccs(ctx->rl, 0);
@@ -1080,5 +1080,5 @@ tls13_client_finished_sent(struct tls13_ctx *ctx)
         * using the client application traffic keys.
         */
        return tls13_record_layer_set_write_traffic_key(ctx->rl,
-            &secrets->client_application_traffic);
+            &secrets->client_application_traffic, ssl_encryption_application);
 }
author	jsing <>	2022-07-24 14:16:29 +0000
committer	jsing <>	2022-07-24 14:16:29 +0000
commit	d82a186f8c966e9a7dddbe974f3492a8d6fc42c8 (patch)
tree	513bd66d8a8e45ea9b3a80cfdde2155254f69204 /src/lib/libssl/tls13_client.c
parent	d7c47c20d5f183b9417a79c956e0563e69e243cc (diff)
download	openbsd-d82a186f8c966e9a7dddbe974f3492a8d6fc42c8.tar.gz openbsd-d82a186f8c966e9a7dddbe974f3492a8d6fc42c8.tar.bz2 openbsd-d82a186f8c966e9a7dddbe974f3492a8d6fc42c8.zip

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index cc01329e51..b1efafdfdd 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.96 2022/07/22 14:53:07 tb Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.97 2022/07/24 14:16:29 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -382,10 +382,10 @@ tls13_client_engage_record_protection(struct tls13_ctx *ctx)
382	tls13_record_layer_set_hash(ctx->rl, ctx->hash);	382	tls13_record_layer_set_hash(ctx->rl, ctx->hash);
383		383
384	if (!tls13_record_layer_set_read_traffic_key(ctx->rl,	384	if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
385	&secrets->server_handshake_traffic))	385	&secrets->server_handshake_traffic, ssl_encryption_handshake))
386	goto err;	386	goto err;
387	if (!tls13_record_layer_set_write_traffic_key(ctx->rl,	387	if (!tls13_record_layer_set_write_traffic_key(ctx->rl,
388	&secrets->client_handshake_traffic))	388	&secrets->client_handshake_traffic, ssl_encryption_handshake))
389	goto err;	389	goto err;
390		390
391	ret = 1;	391	ret = 1;
@@ -801,7 +801,7 @@ tls13_server_finished_recv(struct tls13_ctx ctx, CBS cbs)
801	* using the server application traffic keys.	801	* using the server application traffic keys.
802	*/	802	*/
803	if (!tls13_record_layer_set_read_traffic_key(ctx->rl,	803	if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
804	&secrets->server_application_traffic))	804	&secrets->server_application_traffic, ssl_encryption_application))
805	goto err;	805	goto err;
806		806
807	tls13_record_layer_allow_ccs(ctx->rl, 0);	807	tls13_record_layer_allow_ccs(ctx->rl, 0);
@@ -1080,5 +1080,5 @@ tls13_client_finished_sent(struct tls13_ctx *ctx)
1080	* using the client application traffic keys.	1080	* using the client application traffic keys.
1081	*/	1081	*/
1082	return tls13_record_layer_set_write_traffic_key(ctx->rl,	1082	return tls13_record_layer_set_write_traffic_key(ctx->rl,
1083	&secrets->client_application_traffic);	1083	&secrets->client_application_traffic, ssl_encryption_application);
1084	}	1084	}