diff options
| author | Matt Caswell <matt@openssl.org> | 2022-08-19 16:54:09 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2022-09-23 14:43:24 +0100 |
| commit | 2b71b042202d11854801682d48ccf4e4e34cd5cf (patch) | |
| tree | 058aca485755d1945564780dea3f8fc8e17c2f3f /ssl/tls13_enc.c | |
| parent | a566864b607317fc95cbe190bbf0b8b928fcfa77 (diff) | |
Create the write record layer method and object and use it
Make sure we set the write record layer method and create the object
where appropriate. Move the newly restructured writing code into the
record layer object.
For now we are cheating and still accessing the underlying SSL_CONNECTION
object. This will be removed in subsequent commits.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
Diffstat (limited to 'ssl/tls13_enc.c')
| -rw-r--r-- | ssl/tls13_enc.c | 50 |
1 files changed, 27 insertions, 23 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 539dcd2f91..829dfe3c10 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -458,6 +458,9 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which) const EVP_CIPHER *cipher = NULL; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); size_t keylen, ivlen, taglen; + int level; + int direction = (which & SSL3_CC_READ) != 0 ? OSSL_RECORD_DIRECTION_READ + : OSSL_RECORD_DIRECTION_WRITE; #if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13) ktls_crypto_info_t crypto_info; void *rl_sequence; @@ -702,20 +705,21 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which) else s->statem.enc_write_state = ENC_WRITE_STATE_VALID; + level = (which & SSL3_CC_EARLY) != 0 + ? OSSL_RECORD_PROTECTION_LEVEL_EARLY + : ((which &SSL3_CC_HANDSHAKE) != 0 + ? OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE + : OSSL_RECORD_PROTECTION_LEVEL_APPLICATION); + + if (!ssl_set_new_record_layer(s, s->version, + direction, + level, key, keylen, iv, ivlen, NULL, 0, + cipher, taglen, NID_undef, NULL, NULL)) { + /* SSLfatal already called */ + goto err; + } + if ((which & SSL3_CC_READ) != 0) { - int level = (which & SSL3_CC_EARLY) != 0 - ? OSSL_RECORD_PROTECTION_LEVEL_EARLY - : ((which &SSL3_CC_HANDSHAKE) != 0 - ? OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE - : OSSL_RECORD_PROTECTION_LEVEL_APPLICATION); - - if (!ssl_set_new_record_layer(s, s->version, - OSSL_RECORD_DIRECTION_READ, - level, key, keylen, iv, ivlen, NULL, 0, - cipher, taglen, NID_undef, NULL, NULL)) { - /* SSLfatal already called */ - goto err; - } /* TODO(RECLAYER): Remove me when write rlayer done */ goto skip_ktls; } @@ -797,6 +801,8 @@ int tls13_update_key(SSL_CONNECTION *s, int sending) EVP_CIPHER_CTX *ciph_ctx; size_t keylen, ivlen, taglen; int ret = 0, l; + int direction = sending ? OSSL_RECORD_DIRECTION_WRITE + : OSSL_RECORD_DIRECTION_READ; if ((l = EVP_MD_get_size(md)) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -830,16 +836,14 @@ int tls13_update_key(SSL_CONNECTION *s, int sending) memcpy(insecret, secret, hashlen); - if (!sending) { - if (!ssl_set_new_record_layer(s, s->version, - OSSL_RECORD_DIRECTION_READ, - OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, - key, keylen, iv, ivlen, NULL, 0, - s->s3.tmp.new_sym_enc, taglen, NID_undef, NULL, - NULL)) { - /* SSLfatal already called */ - goto err; - } + if (!ssl_set_new_record_layer(s, s->version, + direction, + OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, + key, keylen, iv, ivlen, NULL, 0, + s->s3.tmp.new_sym_enc, taglen, NID_undef, NULL, + NULL)) { + /* SSLfatal already called */ + goto err; } s->statem.enc_write_state = ENC_WRITE_STATE_VALID; |