summaryrefslogtreecommitdiffstats
path: root/ssl/tls13_enc.c
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2022-08-19 16:54:09 +0100
committerMatt Caswell <matt@openssl.org>2022-09-23 14:43:24 +0100
commit2b71b042202d11854801682d48ccf4e4e34cd5cf (patch)
tree058aca485755d1945564780dea3f8fc8e17c2f3f /ssl/tls13_enc.c
parenta566864b607317fc95cbe190bbf0b8b928fcfa77 (diff)
Create the write record layer method and object and use it
Make sure we set the write record layer method and create the object where appropriate. Move the newly restructured writing code into the record layer object. For now we are cheating and still accessing the underlying SSL_CONNECTION object. This will be removed in subsequent commits. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19198)
Diffstat (limited to 'ssl/tls13_enc.c')
-rw-r--r--ssl/tls13_enc.c50
1 files changed, 27 insertions, 23 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 539dcd2f91..829dfe3c10 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -458,6 +458,9 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
const EVP_CIPHER *cipher = NULL;
SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s);
size_t keylen, ivlen, taglen;
+ int level;
+ int direction = (which & SSL3_CC_READ) != 0 ? OSSL_RECORD_DIRECTION_READ
+ : OSSL_RECORD_DIRECTION_WRITE;
#if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13)
ktls_crypto_info_t crypto_info;
void *rl_sequence;
@@ -702,20 +705,21 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
else
s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
+ level = (which & SSL3_CC_EARLY) != 0
+ ? OSSL_RECORD_PROTECTION_LEVEL_EARLY
+ : ((which &SSL3_CC_HANDSHAKE) != 0
+ ? OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE
+ : OSSL_RECORD_PROTECTION_LEVEL_APPLICATION);
+
+ if (!ssl_set_new_record_layer(s, s->version,
+ direction,
+ level, key, keylen, iv, ivlen, NULL, 0,
+ cipher, taglen, NID_undef, NULL, NULL)) {
+ /* SSLfatal already called */
+ goto err;
+ }
+
if ((which & SSL3_CC_READ) != 0) {
- int level = (which & SSL3_CC_EARLY) != 0
- ? OSSL_RECORD_PROTECTION_LEVEL_EARLY
- : ((which &SSL3_CC_HANDSHAKE) != 0
- ? OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE
- : OSSL_RECORD_PROTECTION_LEVEL_APPLICATION);
-
- if (!ssl_set_new_record_layer(s, s->version,
- OSSL_RECORD_DIRECTION_READ,
- level, key, keylen, iv, ivlen, NULL, 0,
- cipher, taglen, NID_undef, NULL, NULL)) {
- /* SSLfatal already called */
- goto err;
- }
/* TODO(RECLAYER): Remove me when write rlayer done */
goto skip_ktls;
}
@@ -797,6 +801,8 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
EVP_CIPHER_CTX *ciph_ctx;
size_t keylen, ivlen, taglen;
int ret = 0, l;
+ int direction = sending ? OSSL_RECORD_DIRECTION_WRITE
+ : OSSL_RECORD_DIRECTION_READ;
if ((l = EVP_MD_get_size(md)) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@@ -830,16 +836,14 @@ int tls13_update_key(SSL_CONNECTION *s, int sending)
memcpy(insecret, secret, hashlen);
- if (!sending) {
- if (!ssl_set_new_record_layer(s, s->version,
- OSSL_RECORD_DIRECTION_READ,
- OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
- key, keylen, iv, ivlen, NULL, 0,
- s->s3.tmp.new_sym_enc, taglen, NID_undef, NULL,
- NULL)) {
- /* SSLfatal already called */
- goto err;
- }
+ if (!ssl_set_new_record_layer(s, s->version,
+ direction,
+ OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
+ key, keylen, iv, ivlen, NULL, 0,
+ s->s3.tmp.new_sym_enc, taglen, NID_undef, NULL,
+ NULL)) {
+ /* SSLfatal already called */
+ goto err;
}
s->statem.enc_write_state = ENC_WRITE_STATE_VALID;