Unbreak DTLS retransmissions for flights that include a CCS.

When retransmitting a flight that includes a CCS, the record protection from the previous epoch has to be used to send the messages up to and including the CCS, with messages after the CCS using record protection from the current epoch. The code that restores the record protection state failed to work correctly with the new TLSv1.2 record layer. ok tb@
author: jsing <> 2020-10-15 18:00:31 +0000
committer: jsing <> 2020-10-15 18:00:31 +0000
commit: 698949bfcc12ecdf8b10bdffc544350feeeb348d (patch)
tree: f3fb0ed66ad14bbab23fd0e914d2f89440281943 /src
parent: 51e760a277d50f30ec1b1c9efe5f0d448e93e3e9 (diff)
download: openbsd-698949bfcc12ecdf8b10bdffc544350feeeb348d.tar.gz
openbsd-698949bfcc12ecdf8b10bdffc544350feeeb348d.tar.bz2
openbsd-698949bfcc12ecdf8b10bdffc544350feeeb348d.zip
1 files changed, 8 insertions, 7 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 64b9818f52..f554834765 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.61 2020/10/11 03:47:59 jsing Exp $ */
+/* $OpenBSD: d1_both.c,v 1.62 2020/10/15 18:00:31 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -1055,18 +1055,18 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
            frag->msg_header.frag_len);
        /* save current state */
-        saved_state.enc_write_ctx = s->internal->enc_write_ctx;
-        saved_state.write_hash = s->internal->write_hash;
        saved_state.session = s->session;
        saved_state.epoch = D1I(s)->w_epoch;
        D1I(s)->retransmitting = 1;
        /* restore state in which the message was originally sent */
-        s->internal->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
-        s->internal->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
        s->session = frag->msg_header.saved_retransmit_state.session;
        D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
+        if (!tls12_record_layer_set_write_cipher_hash(s->internal->rl,
+            frag->msg_header.saved_retransmit_state.enc_write_ctx,
+            frag->msg_header.saved_retransmit_state.write_hash, 0))
+                return 0;
        if (frag->msg_header.saved_retransmit_state.epoch ==
            saved_state.epoch - 1) {
@@ -1080,10 +1080,11 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
            SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
        /* restore current state */
-        s->internal->enc_write_ctx = saved_state.enc_write_ctx;
-        s->internal->write_hash = saved_state.write_hash;
        s->session = saved_state.session;
        D1I(s)->w_epoch = saved_state.epoch;
+        if (!tls12_record_layer_set_write_cipher_hash(s->internal->rl,
+            s->internal->enc_write_ctx, s->internal->write_hash, 0))
+                return 0;
        if (frag->msg_header.saved_retransmit_state.epoch ==
            saved_state.epoch - 1) {
author	jsing <>	2020-10-15 18:00:31 +0000
committer	jsing <>	2020-10-15 18:00:31 +0000
commit	698949bfcc12ecdf8b10bdffc544350feeeb348d (patch)
tree	f3fb0ed66ad14bbab23fd0e914d2f89440281943 /src
parent	51e760a277d50f30ec1b1c9efe5f0d448e93e3e9 (diff)
download	openbsd-698949bfcc12ecdf8b10bdffc544350feeeb348d.tar.gz openbsd-698949bfcc12ecdf8b10bdffc544350feeeb348d.tar.bz2 openbsd-698949bfcc12ecdf8b10bdffc544350feeeb348d.zip