-/* $OpenBSD: ssl.h,v 1.221 2022/07/17 14:49:01 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.222 2022/07/24 14:16:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int SSL_CTX_get_security_level(const SSL_CTX *ctx);
#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL)
+/*
+ * ssl_encryption_level_t specifies the QUIC encryption level used to transmit
+ * handshake messages.
+ */
+typedef enum ssl_encryption_level_t {
+ ssl_encryption_initial = 0,
+ ssl_encryption_early_data,
+ ssl_encryption_handshake,
+ ssl_encryption_application,
+} OSSL_ENCRYPTION_LEVEL;
+
int SSL_is_quic(const SSL *ssl);
/*
-/* $OpenBSD: tls13_client.c,v 1.96 2022/07/22 14:53:07 tb Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.97 2022/07/24 14:16:29 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
tls13_record_layer_set_hash(ctx->rl, ctx->hash);
if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
- &secrets->server_handshake_traffic))
+ &secrets->server_handshake_traffic, ssl_encryption_handshake))
goto err;
if (!tls13_record_layer_set_write_traffic_key(ctx->rl,
- &secrets->client_handshake_traffic))
+ &secrets->client_handshake_traffic, ssl_encryption_handshake))
goto err;
ret = 1;
* using the server application traffic keys.
*/
if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
- &secrets->server_application_traffic))
+ &secrets->server_application_traffic, ssl_encryption_application))
goto err;
tls13_record_layer_allow_ccs(ctx->rl, 0);
* using the client application traffic keys.
*/
return tls13_record_layer_set_write_traffic_key(ctx->rl,
- &secrets->client_application_traffic);
+ &secrets->client_application_traffic, ssl_encryption_application);
}
-/* $OpenBSD: tls13_internal.h,v 1.99 2022/07/20 06:32:24 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.100 2022/07/24 14:16:29 jsing Exp $ */
/*
* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
void tls13_record_layer_set_retry_after_phh(struct tls13_record_layer *rl, int retry);
void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl);
int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
- struct tls13_secret *read_key);
+ struct tls13_secret *read_key, enum ssl_encryption_level_t read_level);
int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
- struct tls13_secret *write_key);
+ struct tls13_secret *write_key, enum ssl_encryption_level_t write_level);
ssize_t tls13_record_layer_send_pending(struct tls13_record_layer *rl);
ssize_t tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs);
ssize_t tls13_record_layer_flush(struct tls13_record_layer *rl);
-/* $OpenBSD: tls13_lib.c,v 1.67 2022/07/20 06:32:24 jsing Exp $ */
+/* $OpenBSD: tls13_lib.c,v 1.68 2022/07/24 14:16:29 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
return 0;
}
- return tls13_record_layer_set_read_traffic_key(ctx->rl, secret);
+ return tls13_record_layer_set_read_traffic_key(ctx->rl,
+ secret, ssl_encryption_application);
}
static int
return 0;
}
- return tls13_record_layer_set_write_traffic_key(ctx->rl, secret);
+ return tls13_record_layer_set_write_traffic_key(ctx->rl,
+ secret, ssl_encryption_application);
}
/*
-/* $OpenBSD: tls13_record_layer.c,v 1.68 2022/07/20 06:32:24 jsing Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.69 2022/07/24 14:16:29 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
int
tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
- struct tls13_secret *read_key)
+ struct tls13_secret *read_key, enum ssl_encryption_level_t read_level)
{
return tls13_record_layer_set_traffic_key(rl->aead, rl->hash,
rl->read, read_key);
int
tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
- struct tls13_secret *write_key)
+ struct tls13_secret *write_key, enum ssl_encryption_level_t write_level)
{
return tls13_record_layer_set_traffic_key(rl->aead, rl->hash,
rl->write, write_key);
-/* $OpenBSD: tls13_server.c,v 1.99 2022/07/02 16:00:12 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.100 2022/07/24 14:16:29 jsing Exp $ */
/*
* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
tls13_record_layer_set_hash(ctx->rl, ctx->hash);
if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
- &secrets->client_handshake_traffic))
+ &secrets->client_handshake_traffic, ssl_encryption_handshake))
goto err;
if (!tls13_record_layer_set_write_traffic_key(ctx->rl,
- &secrets->server_handshake_traffic))
+ &secrets->server_handshake_traffic, ssl_encryption_handshake))
goto err;
ctx->handshake_stage.hs_type |= NEGOTIATED;
* using the server application traffic keys.
*/
return tls13_record_layer_set_write_traffic_key(ctx->rl,
- &secrets->server_application_traffic);
+ &secrets->server_application_traffic, ssl_encryption_application);
}
int
* using the client application traffic keys.
*/
if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
- &secrets->client_application_traffic))
+ &secrets->client_application_traffic, ssl_encryption_application))
goto err;
tls13_record_layer_allow_ccs(ctx->rl, 0);
projects / openbsd / commitdiff