diff options
| author |   jsing <jsing@openbsd.org> | 2020-08-30 15:40:19 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-08-30 15:40:19 +0000 |
| commit | acef91a04bad05a857d0fd8af28c5795c0afc5ec (patch) | |
| tree | 13fe517f18a9b3c3b4fa02d6dfff5061d8c6356e /lib/libssl/ssl_lib.c | |
| parent | add missing wakeup for the unlikely dying case (diff) | |
| download | wireguard-openbsd-acef91a04bad05a857d0fd8af28c5795c0afc5ec.tar.xz wireguard-openbsd-acef91a04bad05a857d0fd8af28c5795c0afc5ec.zip | |
Start replacing the existing TLSv1.2 record layer.
This takes the same design/approach used in TLSv1.3 and provides an
opaque struct that is self contained and cannot reach back into other
layers. For now this just implements/replaces the writing of records
for DTLSv1/TLSv1.0/TLSv1.1/TLSv1.2. In doing so we stop copying the
plaintext into the same buffer that is used to transmit to the wire.
ok inoguchi@ tb@
Diffstat (limited to 'lib/libssl/ssl_lib.c')
| -rw-r--r-- | lib/libssl/ssl_lib.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index bd3188cdf6d..bf10cea6857 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.220 2020/08/11 18:39:40 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.221 2020/08/30 15:40:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -344,6 +344,9 @@ SSL_new(SSL_CTX *ctx) if (!s->method->internal->ssl_new(s)) goto err; + if ((s->internal->rl = tls12_record_layer_new()) == NULL) + goto err; + s->references = 1; s->server = (ctx->method->internal->ssl_accept == ssl_undefined_function) ? 0 : 1; @@ -564,6 +567,8 @@ SSL_free(SSL *s) sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles); #endif + tls12_record_layer_free(s->internal->rl); + free(s->internal); free(s); } @@ -2535,6 +2540,10 @@ ssl_clear_cipher_read_state(SSL *s) EVP_MD_CTX_free(s->read_hash); s->read_hash = NULL; + tls12_record_layer_clear_read_state(s->internal->rl); + tls12_record_layer_set_read_seq_num(s->internal->rl, + S3I(s)->read_sequence); + if (s->internal->aead_read_ctx != NULL) { EVP_AEAD_CTX_cleanup(&s->internal->aead_read_ctx->ctx); free(s->internal->aead_read_ctx); @@ -2550,6 +2559,10 @@ ssl_clear_cipher_write_state(SSL *s) EVP_MD_CTX_free(s->internal->write_hash); s->internal->write_hash = NULL; + tls12_record_layer_clear_write_state(s->internal->rl); + tls12_record_layer_set_write_seq_num(s->internal->rl, + S3I(s)->write_sequence); + if (s->internal->aead_write_ctx != NULL) { EVP_AEAD_CTX_cleanup(&s->internal->aead_write_ctx->ctx); free(s->internal->aead_write_ctx); |