diff options
| author | jsing <> | 2021-06-19 16:52:47 +0000 |
|---|---|---|
| committer | jsing <> | 2021-06-19 16:52:47 +0000 |
| commit | 25a25bb407e9ed4f33e3dd3ec0f0cf289c46ee5e (patch) | |
| tree | 7d820c1c57ea372d0362ea2f1759e36cace4a21a | |
| parent | 13bc1028f3bea79117c0675c4741f12c61a65586 (diff) | |
| download | openbsd-25a25bb407e9ed4f33e3dd3ec0f0cf289c46ee5e.tar.gz openbsd-25a25bb407e9ed4f33e3dd3ec0f0cf289c46ee5e.tar.bz2 openbsd-25a25bb407e9ed4f33e3dd3ec0f0cf289c46ee5e.zip | |
Provide the ability to set the initial DTLS epoch value.
This allows for regress to test edge cases for epoch handling.
ok tb@
| -rw-r--r-- | src/lib/libssl/d1_lib.c | 5 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 8 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/tls12_record_layer.c | 18 |
4 files changed, 29 insertions, 7 deletions
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c index bc00ab8ca4..66895a361f 100644 --- a/src/lib/libssl/d1_lib.c +++ b/src/lib/libssl/d1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_lib.c,v 1.55 2021/06/19 16:38:27 jsing Exp $ */ | 1 | /* $OpenBSD: d1_lib.c,v 1.56 2021/06/19 16:52:47 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -197,6 +197,9 @@ dtls1_clear(SSL *s) | |||
| 197 | memset(s->d1, 0, sizeof(*s->d1)); | 197 | memset(s->d1, 0, sizeof(*s->d1)); |
| 198 | s->d1->internal = internal; | 198 | s->d1->internal = internal; |
| 199 | 199 | ||
| 200 | D1I(s)->r_epoch = | ||
| 201 | tls12_record_layer_initial_epoch(s->internal->rl); | ||
| 202 | |||
| 200 | D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch; | 203 | D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch; |
| 201 | D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1; | 204 | D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1; |
| 202 | 205 | ||
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 8aa774a241..dd46bf9423 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.260 2021/06/11 11:13:53 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.261 2021/06/19 16:52:47 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -253,6 +253,9 @@ SSL_new(SSL_CTX *ctx) | |||
| 253 | if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL) | 253 | if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL) |
| 254 | goto err; | 254 | goto err; |
| 255 | 255 | ||
| 256 | if ((s->internal->rl = tls12_record_layer_new()) == NULL) | ||
| 257 | goto err; | ||
| 258 | |||
| 256 | s->internal->min_tls_version = ctx->internal->min_tls_version; | 259 | s->internal->min_tls_version = ctx->internal->min_tls_version; |
| 257 | s->internal->max_tls_version = ctx->internal->max_tls_version; | 260 | s->internal->max_tls_version = ctx->internal->max_tls_version; |
| 258 | s->internal->min_proto_version = ctx->internal->min_proto_version; | 261 | s->internal->min_proto_version = ctx->internal->min_proto_version; |
| @@ -342,9 +345,6 @@ SSL_new(SSL_CTX *ctx) | |||
| 342 | if (!s->method->internal->ssl_new(s)) | 345 | if (!s->method->internal->ssl_new(s)) |
| 343 | goto err; | 346 | goto err; |
| 344 | 347 | ||
| 345 | if ((s->internal->rl = tls12_record_layer_new()) == NULL) | ||
| 346 | goto err; | ||
| 347 | |||
| 348 | s->references = 1; | 348 | s->references = 1; |
| 349 | s->server = ctx->method->internal->server; | 349 | s->server = ctx->method->internal->server; |
| 350 | 350 | ||
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index e6b5576545..18509438ae 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.348 2021/06/13 15:34:41 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.349 2021/06/19 16:52:47 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -548,6 +548,9 @@ void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl, | |||
| 548 | const EVP_MD *mac_hash); | 548 | const EVP_MD *mac_hash); |
| 549 | void tls12_record_layer_set_version(struct tls12_record_layer *rl, | 549 | void tls12_record_layer_set_version(struct tls12_record_layer *rl, |
| 550 | uint16_t version); | 550 | uint16_t version); |
| 551 | void tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl, | ||
| 552 | uint16_t epoch); | ||
| 553 | uint16_t tls12_record_layer_initial_epoch(struct tls12_record_layer *rl); | ||
| 551 | uint16_t tls12_record_layer_write_epoch(struct tls12_record_layer *rl); | 554 | uint16_t tls12_record_layer_write_epoch(struct tls12_record_layer *rl); |
| 552 | int tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl, | 555 | int tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl, |
| 553 | uint16_t epoch); | 556 | uint16_t epoch); |
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c index 481680d9cc..43edb6f0f5 100644 --- a/src/lib/libssl/tls12_record_layer.c +++ b/src/lib/libssl/tls12_record_layer.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls12_record_layer.c,v 1.31 2021/06/14 14:22:52 jsing Exp $ */ | 1 | /* $OpenBSD: tls12_record_layer.c,v 1.32 2021/06/19 16:52:47 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -161,6 +161,7 @@ tls12_record_protection_mac_len(struct tls12_record_protection *rp, | |||
| 161 | 161 | ||
| 162 | struct tls12_record_layer { | 162 | struct tls12_record_layer { |
| 163 | uint16_t version; | 163 | uint16_t version; |
| 164 | uint16_t initial_epoch; | ||
| 164 | int dtls; | 165 | int dtls; |
| 165 | 166 | ||
| 166 | uint8_t alert_desc; | 167 | uint8_t alert_desc; |
| @@ -283,6 +284,19 @@ tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version) | |||
| 283 | rl->dtls = ((version >> 8) == DTLS1_VERSION_MAJOR); | 284 | rl->dtls = ((version >> 8) == DTLS1_VERSION_MAJOR); |
| 284 | } | 285 | } |
| 285 | 286 | ||
| 287 | void | ||
| 288 | tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl, | ||
| 289 | uint16_t epoch) | ||
| 290 | { | ||
| 291 | rl->initial_epoch = epoch; | ||
| 292 | } | ||
| 293 | |||
| 294 | uint16_t | ||
| 295 | tls12_record_layer_initial_epoch(struct tls12_record_layer *rl) | ||
| 296 | { | ||
| 297 | return rl->initial_epoch; | ||
| 298 | } | ||
| 299 | |||
| 286 | uint16_t | 300 | uint16_t |
| 287 | tls12_record_layer_write_epoch(struct tls12_record_layer *rl) | 301 | tls12_record_layer_write_epoch(struct tls12_record_layer *rl) |
| 288 | { | 302 | { |
| @@ -324,12 +338,14 @@ void | |||
| 324 | tls12_record_layer_clear_read_state(struct tls12_record_layer *rl) | 338 | tls12_record_layer_clear_read_state(struct tls12_record_layer *rl) |
| 325 | { | 339 | { |
| 326 | tls12_record_protection_clear(rl->read); | 340 | tls12_record_protection_clear(rl->read); |
| 341 | rl->read->epoch = rl->initial_epoch; | ||
| 327 | } | 342 | } |
| 328 | 343 | ||
| 329 | void | 344 | void |
| 330 | tls12_record_layer_clear_write_state(struct tls12_record_layer *rl) | 345 | tls12_record_layer_clear_write_state(struct tls12_record_layer *rl) |
| 331 | { | 346 | { |
| 332 | tls12_record_protection_clear(rl->write); | 347 | tls12_record_protection_clear(rl->write); |
| 348 | rl->write->epoch = rl->initial_epoch; | ||
| 333 | 349 | ||
| 334 | tls12_record_protection_free(rl->write_previous); | 350 | tls12_record_protection_free(rl->write_previous); |
| 335 | rl->write_previous = NULL; | 351 | rl->write_previous = NULL; |