summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2019-02-14 17:55:32 +0000
committerjsing <>2019-02-14 17:55:32 +0000
commit9507004da76db0b4a0cef78dcdb9e35596e20f68 (patch)
tree8d33d71ecb17eab8b569e6964abf8e5bd7fb0729 /src
parent5518a6b41f13c34882ea1415c4f1e65ba5678603 (diff)
downloadopenbsd-9507004da76db0b4a0cef78dcdb9e35596e20f68.tar.gz
openbsd-9507004da76db0b4a0cef78dcdb9e35596e20f68.tar.bz2
openbsd-9507004da76db0b4a0cef78dcdb9e35596e20f68.zip
Split tls13_record_layer_set_traffic_keys() into two separate functions.
This allows the read traffic key to be set independently of the write traffic key. This will become necessary for KeyUpdate handling, however also allows for switching to application traffic keys at more appropriate stages of the handshake. ok tb@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/tls13_client.c8
-rw-r--r--src/lib/libssl/tls13_internal.h8
-rw-r--r--src/lib/libssl/tls13_record_layer.c24
3 files changed, 23 insertions, 17 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index c8345f3a36..5353b5a3c8 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.8 2019/02/13 16:29:18 jsing Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.9 2019/02/14 17:55:31 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -308,8 +308,10 @@ tls13_server_hello_recv(struct tls13_ctx *ctx)
308 tls13_record_layer_set_aead(ctx->rl, ctx->aead); 308 tls13_record_layer_set_aead(ctx->rl, ctx->aead);
309 tls13_record_layer_set_hash(ctx->rl, ctx->hash); 309 tls13_record_layer_set_hash(ctx->rl, ctx->hash);
310 310
311 if (!tls13_record_layer_set_traffic_keys(ctx->rl, 311 if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
312 &secrets->server_handshake_traffic, 312 &secrets->server_handshake_traffic))
313 goto err;
314 if (!tls13_record_layer_set_write_traffic_key(ctx->rl,
313 &secrets->client_handshake_traffic)) 315 &secrets->client_handshake_traffic))
314 goto err; 316 goto err;
315 317
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 2d23e6609b..71abb6c443 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_internal.h,v 1.18 2019/02/14 17:50:07 jsing Exp $ */ 1/* $OpenBSD: tls13_internal.h,v 1.19 2019/02/14 17:55:32 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -114,8 +114,10 @@ void tls13_record_layer_set_aead(struct tls13_record_layer *rl,
114void tls13_record_layer_set_hash(struct tls13_record_layer *rl, 114void tls13_record_layer_set_hash(struct tls13_record_layer *rl,
115 const EVP_MD *hash); 115 const EVP_MD *hash);
116void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl); 116void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl);
117int tls13_record_layer_set_traffic_keys(struct tls13_record_layer *rl, 117int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
118 struct tls13_secret *read_key, struct tls13_secret *write_key); 118 struct tls13_secret *read_key);
119int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
120 struct tls13_secret *write_key);
119 121
120ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n); 122ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
121ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf, 123ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index b70f9f174e..dbb5695d5e 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_record_layer.c,v 1.1 2019/01/20 10:31:54 jsing Exp $ */ 1/* $OpenBSD: tls13_record_layer.c,v 1.2 2019/02/14 17:55:32 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -260,21 +260,23 @@ tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, EVP_AEAD_CTX *aead_ctx,
260} 260}
261 261
262int 262int
263tls13_record_layer_set_traffic_keys(struct tls13_record_layer *rl, 263tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
264 struct tls13_secret *read_key, struct tls13_secret *write_key) 264 struct tls13_secret *read_key)
265{ 265{
266 memset(rl->read_seq_num, 0, TLS13_RECORD_SEQ_NUM_LEN); 266 memset(rl->read_seq_num, 0, TLS13_RECORD_SEQ_NUM_LEN);
267 memset(rl->write_seq_num, 0, TLS13_RECORD_SEQ_NUM_LEN);
268 267
269 if (!tls13_record_layer_set_traffic_key(rl->aead, &rl->read_aead_ctx, 268 return tls13_record_layer_set_traffic_key(rl->aead, &rl->read_aead_ctx,
270 rl->hash, &rl->read_iv, &rl->read_nonce, read_key)) 269 rl->hash, &rl->read_iv, &rl->read_nonce, read_key);
271 return 0; 270}
272 271
273 if (!tls13_record_layer_set_traffic_key(rl->aead, &rl->write_aead_ctx, 272int
274 rl->hash, &rl->write_iv, &rl->write_nonce, write_key)) 273tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
275 return 0; 274 struct tls13_secret *write_key)
275{
276 memset(rl->write_seq_num, 0, TLS13_RECORD_SEQ_NUM_LEN);
276 277
277 return 1; 278 return tls13_record_layer_set_traffic_key(rl->aead, &rl->write_aead_ctx,
279 rl->hash, &rl->write_iv, &rl->write_nonce, write_key);
278} 280}
279 281
280static int 282static int
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-24 05:26:54 +0000