summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2021-05-05 19:52:00 +0000
committerjsing <>2021-05-05 19:52:00 +0000
commit1eebeb9109e671264bf25c3b53a93919a15a80d9 (patch)
treec4972b111b85c35ea051ffda0557306d1ed130c8 /src
parent1a056896b1f8722603712ec9956a081ee5b6c651 (diff)
downloadopenbsd-1eebeb9109e671264bf25c3b53a93919a15a80d9.tar.gz
openbsd-1eebeb9109e671264bf25c3b53a93919a15a80d9.tar.bz2
openbsd-1eebeb9109e671264bf25c3b53a93919a15a80d9.zip
Replace DTLS w_epoch with epoch from TLSv1.2 record layer.
ok inoguchi@ tb@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_both.c17
-rw-r--r--src/lib/libssl/d1_pkt.c9
-rw-r--r--src/lib/libssl/ssl_locl.h7
-rw-r--r--src/lib/libssl/t1_enc.c4
-rw-r--r--src/lib/libssl/tls12_record_layer.c12
5 files changed, 20 insertions, 29 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index ba05c2a354..3b9880b600 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.69 2021/04/19 16:51:56 jsing Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.70 2021/05/05 19:52:00 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -972,7 +972,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
972 972
973 /* save current state*/ 973 /* save current state*/
974 frag->msg_header.saved_retransmit_state.session = s->session; 974 frag->msg_header.saved_retransmit_state.session = s->session;
975 frag->msg_header.saved_retransmit_state.epoch = D1I(s)->w_epoch; 975 frag->msg_header.saved_retransmit_state.epoch =
976 tls12_record_layer_write_epoch(s->internal->rl);
976 977
977 memset(seq64be, 0, sizeof(seq64be)); 978 memset(seq64be, 0, sizeof(seq64be));
978 seq64be[6] = (unsigned char)(dtls1_get_queue_priority( 979 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(
@@ -1039,15 +1040,14 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1039 1040
1040 /* save current state */ 1041 /* save current state */
1041 saved_state.session = s->session; 1042 saved_state.session = s->session;
1042 saved_state.epoch = D1I(s)->w_epoch; 1043 saved_state.epoch = tls12_record_layer_write_epoch(s->internal->rl);
1043 1044
1044 D1I(s)->retransmitting = 1; 1045 D1I(s)->retransmitting = 1;
1045 1046
1046 /* restore state in which the message was originally sent */ 1047 /* restore state in which the message was originally sent */
1047 s->session = frag->msg_header.saved_retransmit_state.session; 1048 s->session = frag->msg_header.saved_retransmit_state.session;
1048 D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch; 1049 if (!tls12_record_layer_use_write_epoch(s->internal->rl,
1049 1050 frag->msg_header.saved_retransmit_state.epoch))
1050 if (!tls12_record_layer_use_write_epoch(s->internal->rl, D1I(s)->w_epoch))
1051 return 0; 1051 return 0;
1052 1052
1053 ret = dtls1_do_write(s, frag->msg_header.is_ccs ? 1053 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
@@ -1055,9 +1055,8 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1055 1055
1056 /* restore current state */ 1056 /* restore current state */
1057 s->session = saved_state.session; 1057 s->session = saved_state.session;
1058 D1I(s)->w_epoch = saved_state.epoch; 1058 if (!tls12_record_layer_use_write_epoch(s->internal->rl,
1059 1059 saved_state.epoch))
1060 if (!tls12_record_layer_use_write_epoch(s->internal->rl, D1I(s)->w_epoch))
1061 return 0; 1060 return 0;
1062 1061
1063 D1I(s)->retransmitting = 0; 1062 D1I(s)->retransmitting = 0;
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 4cb26d7ea1..31ee5a679a 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.94 2021/05/02 17:18:10 jsing Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.95 2021/05/05 19:52:00 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1222,10 +1222,3 @@ dtls1_reset_read_seq_numbers(SSL *s)
1222 memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP)); 1222 memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));
1223 memset(&(D1I(s)->next_bitmap), 0, sizeof(DTLS1_BITMAP)); 1223 memset(&(D1I(s)->next_bitmap), 0, sizeof(DTLS1_BITMAP));
1224} 1224}
1225
1226void
1227dtls1_reset_write_seq_numbers(SSL *s)
1228{
1229 D1I(s)->w_epoch++;
1230 tls12_record_layer_set_write_epoch(s->internal->rl, D1I(s)->w_epoch);
1231}
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 1f7e1fa587..50ed47d7d8 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.342 2021/05/05 10:05:27 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.343 2021/05/05 19:52:00 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -546,8 +546,7 @@ void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl,
546 const EVP_MD *mac_hash); 546 const EVP_MD *mac_hash);
547void tls12_record_layer_set_version(struct tls12_record_layer *rl, 547void tls12_record_layer_set_version(struct tls12_record_layer *rl,
548 uint16_t version); 548 uint16_t version);
549void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl, 549uint16_t tls12_record_layer_write_epoch(struct tls12_record_layer *rl);
550 uint16_t epoch);
551int tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl, 550int tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl,
552 uint16_t epoch); 551 uint16_t epoch);
553void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl, 552void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl,
@@ -997,7 +996,6 @@ typedef struct dtls1_state_internal_st {
997 * completed 996 * completed
998 */ 997 */
999 unsigned short r_epoch; 998 unsigned short r_epoch;
1000 unsigned short w_epoch;
1001 999
1002 /* records being received in the current epoch */ 1000 /* records being received in the current epoch */
1003 DTLS1_BITMAP bitmap; 1001 DTLS1_BITMAP bitmap;
@@ -1297,7 +1295,6 @@ int dtls1_get_message_header(unsigned char *data,
1297 struct hm_header_st *msg_hdr); 1295 struct hm_header_st *msg_hdr);
1298void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); 1296void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
1299void dtls1_reset_read_seq_numbers(SSL *s); 1297void dtls1_reset_read_seq_numbers(SSL *s);
1300void dtls1_reset_write_seq_numbers(SSL *s);
1301struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); 1298struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
1302int dtls1_check_timeout_num(SSL *s); 1299int dtls1_check_timeout_num(SSL *s);
1303int dtls1_handle_timeout(SSL *s); 1300int dtls1_handle_timeout(SSL *s);
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 5a626fb880..57ddecbd77 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.143 2021/05/05 10:05:27 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.144 2021/05/05 19:52:00 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -319,8 +319,6 @@ tls1_change_cipher_state(SSL *s, int is_write)
319 if (!tls12_record_layer_change_write_cipher_state(s->internal->rl, 319 if (!tls12_record_layer_change_write_cipher_state(s->internal->rl,
320 &mac_key, &key, &iv)) 320 &mac_key, &key, &iv))
321 goto err; 321 goto err;
322 if (SSL_is_dtls(s))
323 dtls1_reset_write_seq_numbers(s);
324 } 322 }
325 return (1); 323 return (1);
326 324
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c
index b9a3320de8..652ca873a6 100644
--- a/src/lib/libssl/tls12_record_layer.c
+++ b/src/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls12_record_layer.c,v 1.27 2021/05/05 10:05:27 jsing Exp $ */ 1/* $OpenBSD: tls12_record_layer.c,v 1.28 2021/05/05 19:52:00 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -277,10 +277,10 @@ tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version)
277 rl->dtls = ((version >> 8) == DTLS1_VERSION_MAJOR); 277 rl->dtls = ((version >> 8) == DTLS1_VERSION_MAJOR);
278} 278}
279 279
280void 280uint16_t
281tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl, uint16_t epoch) 281tls12_record_layer_write_epoch(struct tls12_record_layer *rl)
282{ 282{
283 rl->write->epoch = epoch; 283 return rl->write->epoch;
284} 284}
285 285
286int 286int
@@ -583,6 +583,10 @@ tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl,
583 583
584 /* Write sequence number gets reset to zero. */ 584 /* Write sequence number gets reset to zero. */
585 585
586 /* DTLS epoch is incremented and is permitted to wrap. */
587 if (rl->dtls)
588 write_new->epoch = rl->write_current->epoch + 1;
589
586 if (!tls12_record_layer_change_cipher_state(rl, write_new, 1, 590 if (!tls12_record_layer_change_cipher_state(rl, write_new, 1,
587 mac_key, key, iv)) 591 mac_key, key, iv))
588 goto err; 592 goto err;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-15 15:24:09 +0000