From d82a186f8c966e9a7dddbe974f3492a8d6fc42c8 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 24 Jul 2022 14:16:29 +0000
Subject: Provide QUIC encryption levels.

QUIC wants to know what "encryption level" handshake messages should be
sent at. Provide an ssl_encryption_level_t enum (via BoringSSL) that
defines these (of course quictls decided to make this an
OSSL_ENCRYPTION_LEVEL typedef, so provide that as well).

Wire these through to tls13_record_layer_set_{read,write}_traffic_key() so
that they can be used in upcoming commits.

ok tb@
---
 src/lib/libssl/ssl.h | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl.h')

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 03e30441e0..14fb094e71 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.221 2022/07/17 14:49:01 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.222 2022/07/24 14:16:29 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1577,6 +1577,17 @@ void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
 int SSL_CTX_get_security_level(const SSL_CTX *ctx);
 
 #if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL)
+/*
+ * ssl_encryption_level_t specifies the QUIC encryption level used to transmit
+ * handshake messages.
+ */
+typedef enum ssl_encryption_level_t {
+	ssl_encryption_initial = 0,
+	ssl_encryption_early_data,
+	ssl_encryption_handshake,
+	ssl_encryption_application,
+} OSSL_ENCRYPTION_LEVEL;
+
 int SSL_is_quic(const SSL *ssl);
 
 /*
-- 
cgit v1.2.3-55-g6feb