From cedbde20c0ecfb870c00ce4fe4401f89a9397b6d Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 30 Aug 2021 19:12:25 +0000 Subject: Replace DTLS r_epoch with the read epoch from the TLSv1.2 record layer. ok inoguchi@ tb@ --- src/lib/libssl/tls12_record_layer.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'src/lib/libssl/tls12_record_layer.c') diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c index f59364bb67..6d7d8696eb 100644 --- a/src/lib/libssl/tls12_record_layer.c +++ b/src/lib/libssl/tls12_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls12_record_layer.c,v 1.33 2021/08/30 19:00:49 jsing Exp $ */ +/* $OpenBSD: tls12_record_layer.c,v 1.34 2021/08/30 19:12:25 jsing Exp $ */ /* * Copyright (c) 2020 Joel Sing * @@ -296,9 +296,9 @@ tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl, } uint16_t -tls12_record_layer_initial_epoch(struct tls12_record_layer *rl) +tls12_record_layer_read_epoch(struct tls12_record_layer *rl) { - return rl->initial_epoch; + return rl->read->epoch; } uint16_t @@ -580,6 +580,10 @@ tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl, /* Read sequence number gets reset to zero. */ + /* DTLS epoch is incremented and is permitted to wrap. */ + if (rl->dtls) + read_new->epoch = rl->read_current->epoch + 1; + if (!tls12_record_layer_change_cipher_state(rl, read_new, 0, mac_key, key, iv)) goto err; -- cgit v1.2.3-55-g6feb