artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 12a1eb2)
Provide the ability to set the initial DTLS epoch value.
authorjsing <jsing@openbsd.org>
Sat, 19 Jun 2021 16:52:47 +0000 (16:52 +0000)
committerjsing <jsing@openbsd.org>
Sat, 19 Jun 2021 16:52:47 +0000 (16:52 +0000)
This allows for regress to test edge cases for epoch handling.

ok tb@

lib/libssl/d1_lib.c patch | blob | history
lib/libssl/ssl_lib.c patch | blob | history
lib/libssl/ssl_locl.h patch | blob | history
lib/libssl/tls12_record_layer.c patch | blob | history

diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c
index bc00ab8..66895a3 100644 (file)
--- a/lib/libssl/d1_lib.c
+++ b/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.55 2021/06/19 16:38:27 jsing Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.56 2021/06/19 16:52:47 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -197,6 +197,9 @@ dtls1_clear(SSL *s)
                memset(s->d1, 0, sizeof(*s->d1));
                s->d1->internal = internal;
 
+               D1I(s)->r_epoch =
+                   tls12_record_layer_initial_epoch(s->internal->rl);
+
                D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch;
                D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1;
 
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 8aa774a..dd46bf9 100644 (file)
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.260 2021/06/11 11:13:53 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.261 2021/06/19 16:52:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -253,6 +253,9 @@ SSL_new(SSL_CTX *ctx)
        if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL)
                goto err;
 
+       if ((s->internal->rl = tls12_record_layer_new()) == NULL)
+               goto err;
+
        s->internal->min_tls_version = ctx->internal->min_tls_version;
        s->internal->max_tls_version = ctx->internal->max_tls_version;
        s->internal->min_proto_version = ctx->internal->min_proto_version;
@@ -342,9 +345,6 @@ SSL_new(SSL_CTX *ctx)
        if (!s->method->internal->ssl_new(s))
                goto err;
 
-       if ((s->internal->rl = tls12_record_layer_new()) == NULL)
-               goto err;
-
        s->references = 1;
        s->server = ctx->method->internal->server;
 
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index e6b5576..1850943 100644 (file)
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.348 2021/06/13 15:34:41 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.349 2021/06/19 16:52:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -548,6 +548,9 @@ void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl,
     const EVP_MD *mac_hash);
 void tls12_record_layer_set_version(struct tls12_record_layer *rl,
     uint16_t version);
+void tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl,
+    uint16_t epoch);
+uint16_t tls12_record_layer_initial_epoch(struct tls12_record_layer *rl);
 uint16_t tls12_record_layer_write_epoch(struct tls12_record_layer *rl);
 int tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl,
     uint16_t epoch);
diff --git a/lib/libssl/tls12_record_layer.c b/lib/libssl/tls12_record_layer.c
index 481680d..43edb6f 100644 (file)
--- a/lib/libssl/tls12_record_layer.c
+++ b/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.31 2021/06/14 14:22:52 jsing Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.32 2021/06/19 16:52:47 jsing Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -161,6 +161,7 @@ tls12_record_protection_mac_len(struct tls12_record_protection *rp,
 
 struct tls12_record_layer {
        uint16_t version;
+       uint16_t initial_epoch;
        int dtls;
 
        uint8_t alert_desc;
@@ -283,6 +284,19 @@ tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version)
        rl->dtls = ((version >> 8) == DTLS1_VERSION_MAJOR);
 }
 
+void
+tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl,
+    uint16_t epoch)
+{
+       rl->initial_epoch = epoch;
+}
+
+uint16_t
+tls12_record_layer_initial_epoch(struct tls12_record_layer *rl)
+{
+       return rl->initial_epoch;
+}
+
 uint16_t
 tls12_record_layer_write_epoch(struct tls12_record_layer *rl)
 {
@@ -324,12 +338,14 @@ void
 tls12_record_layer_clear_read_state(struct tls12_record_layer *rl)
 {
        tls12_record_protection_clear(rl->read);
+       rl->read->epoch = rl->initial_epoch;
 }
 
 void
 tls12_record_layer_clear_write_state(struct tls12_record_layer *rl)
 {
        tls12_record_protection_clear(rl->write);
+       rl->write->epoch = rl->initial_epoch;
 
        tls12_record_protection_free(rl->write_previous);
        rl->write_previous = NULL;
OpenBSD src
by Ahmet Artu Yildirim