diff options
| author | jsing <> | 2021-01-19 19:07:39 +0000 |
|---|---|---|
| committer | jsing <> | 2021-01-19 19:07:39 +0000 |
| commit | e99005f53b351b3c662664891d988adaa02c4d0b (patch) | |
| tree | 05f28e11dfa0755554909e35637b6e3f6f3a076b /src/lib/libssl/d1_both.c | |
| parent | eb720c630d40660f4bf00d58faa6f6d59ba82ea2 (diff) | |
| download | openbsd-e99005f53b351b3c662664891d988adaa02c4d0b.tar.gz openbsd-e99005f53b351b3c662664891d988adaa02c4d0b.tar.bz2 openbsd-e99005f53b351b3c662664891d988adaa02c4d0b.zip | |
Add code to handle change of cipher state in the new TLSv1.2 record layer.
This provides the basic framework for handling change of cipher state in
the new TLSv1.2 record layer, creating new record protection. In the DTLS
case we retain the previous write record protection and can switch back to
it when retransmitting. This will allow the record layer to start owning
sequence numbers and encryption/decryption state.
ok inoguchi@ tb@
Diffstat (limited to 'src/lib/libssl/d1_both.c')
| -rw-r--r-- | src/lib/libssl/d1_both.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index d6bf6dfd1b..8c4fec589f 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_both.c,v 1.64 2021/01/19 18:51:08 jsing Exp $ */ | 1 | /* $OpenBSD: d1_both.c,v 1.65 2021/01/19 19:07:39 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -1055,9 +1055,8 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, | |||
| 1055 | /* restore state in which the message was originally sent */ | 1055 | /* restore state in which the message was originally sent */ |
| 1056 | s->session = frag->msg_header.saved_retransmit_state.session; | 1056 | s->session = frag->msg_header.saved_retransmit_state.session; |
| 1057 | D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch; | 1057 | D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch; |
| 1058 | if (!tls12_record_layer_set_write_cipher_hash(s->internal->rl, | 1058 | |
| 1059 | frag->msg_header.saved_retransmit_state.enc_write_ctx, | 1059 | if (!tls12_record_layer_use_write_epoch(s->internal->rl, D1I(s)->w_epoch)) |
| 1060 | frag->msg_header.saved_retransmit_state.write_hash, 0)) | ||
| 1061 | return 0; | 1060 | return 0; |
| 1062 | 1061 | ||
| 1063 | if (frag->msg_header.saved_retransmit_state.epoch == | 1062 | if (frag->msg_header.saved_retransmit_state.epoch == |
| @@ -1074,8 +1073,8 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, | |||
| 1074 | /* restore current state */ | 1073 | /* restore current state */ |
| 1075 | s->session = saved_state.session; | 1074 | s->session = saved_state.session; |
| 1076 | D1I(s)->w_epoch = saved_state.epoch; | 1075 | D1I(s)->w_epoch = saved_state.epoch; |
| 1077 | if (!tls12_record_layer_set_write_cipher_hash(s->internal->rl, | 1076 | |
| 1078 | s->internal->enc_write_ctx, s->internal->write_hash, 0)) | 1077 | if (!tls12_record_layer_use_write_epoch(s->internal->rl, D1I(s)->w_epoch)) |
| 1079 | return 0; | 1078 | return 0; |
| 1080 | 1079 | ||
| 1081 | if (frag->msg_header.saved_retransmit_state.epoch == | 1080 | if (frag->msg_header.saved_retransmit_state.epoch == |