summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_server.c
diff options
context:
space:
mode:
authorjsing <>2022-07-24 14:16:29 +0000
committerjsing <>2022-07-24 14:16:29 +0000
commitd82a186f8c966e9a7dddbe974f3492a8d6fc42c8 (patch)
tree513bd66d8a8e45ea9b3a80cfdde2155254f69204 /src/lib/libssl/tls13_server.c
parentd7c47c20d5f183b9417a79c956e0563e69e243cc (diff)
downloadopenbsd-d82a186f8c966e9a7dddbe974f3492a8d6fc42c8.tar.gz
openbsd-d82a186f8c966e9a7dddbe974f3492a8d6fc42c8.tar.bz2
openbsd-d82a186f8c966e9a7dddbe974f3492a8d6fc42c8.zip
Provide QUIC encryption levels.
QUIC wants to know what "encryption level" handshake messages should be sent at. Provide an ssl_encryption_level_t enum (via BoringSSL) that defines these (of course quictls decided to make this an OSSL_ENCRYPTION_LEVEL typedef, so provide that as well). Wire these through to tls13_record_layer_set_{read,write}_traffic_key() so that they can be used in upcoming commits. ok tb@
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/tls13_server.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index c5c86ab95f..5aee5f1a93 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_server.c,v 1.99 2022/07/02 16:00:12 tb Exp $ */ 1/* $OpenBSD: tls13_server.c,v 1.100 2022/07/24 14:16:29 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -403,10 +403,10 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx)
403 tls13_record_layer_set_hash(ctx->rl, ctx->hash); 403 tls13_record_layer_set_hash(ctx->rl, ctx->hash);
404 404
405 if (!tls13_record_layer_set_read_traffic_key(ctx->rl, 405 if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
406 &secrets->client_handshake_traffic)) 406 &secrets->client_handshake_traffic, ssl_encryption_handshake))
407 goto err; 407 goto err;
408 if (!tls13_record_layer_set_write_traffic_key(ctx->rl, 408 if (!tls13_record_layer_set_write_traffic_key(ctx->rl,
409 &secrets->server_handshake_traffic)) 409 &secrets->server_handshake_traffic, ssl_encryption_handshake))
410 goto err; 410 goto err;
411 411
412 ctx->handshake_stage.hs_type |= NEGOTIATED; 412 ctx->handshake_stage.hs_type |= NEGOTIATED;
@@ -850,7 +850,7 @@ tls13_server_finished_sent(struct tls13_ctx *ctx)
850 * using the server application traffic keys. 850 * using the server application traffic keys.
851 */ 851 */
852 return tls13_record_layer_set_write_traffic_key(ctx->rl, 852 return tls13_record_layer_set_write_traffic_key(ctx->rl,
853 &secrets->server_application_traffic); 853 &secrets->server_application_traffic, ssl_encryption_application);
854} 854}
855 855
856int 856int
@@ -1094,7 +1094,7 @@ tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
1094 * using the client application traffic keys. 1094 * using the client application traffic keys.
1095 */ 1095 */
1096 if (!tls13_record_layer_set_read_traffic_key(ctx->rl, 1096 if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
1097 &secrets->client_application_traffic)) 1097 &secrets->client_application_traffic, ssl_encryption_application))
1098 goto err; 1098 goto err;
1099 1099
1100 tls13_record_layer_allow_ccs(ctx->rl, 0); 1100 tls13_record_layer_allow_ccs(ctx->rl, 0);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-16 00:44:23 +0000