From: jsing Date: Wed, 5 May 2021 19:52:00 +0000 (+0000) Subject: Replace DTLS w_epoch with epoch from TLSv1.2 record layer. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=2f4e7cfa05a8adca584e21130bef9f794aa4fec0;p=openbsd Replace DTLS w_epoch with epoch from TLSv1.2 record layer. ok inoguchi@ tb@ --- diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index ba05c2a3543..3b9880b6008 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.69 2021/04/19 16:51:56 jsing Exp $ */ +/* $OpenBSD: d1_both.c,v 1.70 2021/05/05 19:52:00 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -972,7 +972,8 @@ dtls1_buffer_message(SSL *s, int is_ccs) /* save current state*/ frag->msg_header.saved_retransmit_state.session = s->session; - frag->msg_header.saved_retransmit_state.epoch = D1I(s)->w_epoch; + frag->msg_header.saved_retransmit_state.epoch = + tls12_record_layer_write_epoch(s->internal->rl); memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char)(dtls1_get_queue_priority( @@ -1039,15 +1040,14 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, /* save current state */ saved_state.session = s->session; - saved_state.epoch = D1I(s)->w_epoch; + saved_state.epoch = tls12_record_layer_write_epoch(s->internal->rl); D1I(s)->retransmitting = 1; /* restore state in which the message was originally sent */ s->session = frag->msg_header.saved_retransmit_state.session; - D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch; - - if (!tls12_record_layer_use_write_epoch(s->internal->rl, D1I(s)->w_epoch)) + if (!tls12_record_layer_use_write_epoch(s->internal->rl, + frag->msg_header.saved_retransmit_state.epoch)) return 0; ret = dtls1_do_write(s, frag->msg_header.is_ccs ? @@ -1055,9 +1055,8 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, /* restore current state */ s->session = saved_state.session; - D1I(s)->w_epoch = saved_state.epoch; - - if (!tls12_record_layer_use_write_epoch(s->internal->rl, D1I(s)->w_epoch)) + if (!tls12_record_layer_use_write_epoch(s->internal->rl, + saved_state.epoch)) return 0; D1I(s)->retransmitting = 0; diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 4cb26d7ea18..31ee5a679a0 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.94 2021/05/02 17:18:10 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.95 2021/05/05 19:52:00 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -1222,10 +1222,3 @@ dtls1_reset_read_seq_numbers(SSL *s) memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP)); memset(&(D1I(s)->next_bitmap), 0, sizeof(DTLS1_BITMAP)); } - -void -dtls1_reset_write_seq_numbers(SSL *s) -{ - D1I(s)->w_epoch++; - tls12_record_layer_set_write_epoch(s->internal->rl, D1I(s)->w_epoch); -} diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 1f7e1fa5877..50ed47d7d81 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.342 2021/05/05 10:05:27 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.343 2021/05/05 19:52:00 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -546,8 +546,7 @@ void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl, const EVP_MD *mac_hash); void tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version); -void tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl, - uint16_t epoch); +uint16_t tls12_record_layer_write_epoch(struct tls12_record_layer *rl); int tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl, uint16_t epoch); void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl, @@ -997,7 +996,6 @@ typedef struct dtls1_state_internal_st { * completed */ unsigned short r_epoch; - unsigned short w_epoch; /* records being received in the current epoch */ DTLS1_BITMAP bitmap; @@ -1297,7 +1295,6 @@ int dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_read_seq_numbers(SSL *s); -void dtls1_reset_write_seq_numbers(SSL *s); struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); int dtls1_check_timeout_num(SSL *s); int dtls1_handle_timeout(SSL *s); diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 5a626fb8808..57ddecbd77a 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.143 2021/05/05 10:05:27 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.144 2021/05/05 19:52:00 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -319,8 +319,6 @@ tls1_change_cipher_state(SSL *s, int is_write) if (!tls12_record_layer_change_write_cipher_state(s->internal->rl, &mac_key, &key, &iv)) goto err; - if (SSL_is_dtls(s)) - dtls1_reset_write_seq_numbers(s); } return (1); diff --git a/lib/libssl/tls12_record_layer.c b/lib/libssl/tls12_record_layer.c index b9a3320de8a..652ca873a6a 100644 --- a/lib/libssl/tls12_record_layer.c +++ b/lib/libssl/tls12_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls12_record_layer.c,v 1.27 2021/05/05 10:05:27 jsing Exp $ */ +/* $OpenBSD: tls12_record_layer.c,v 1.28 2021/05/05 19:52:00 jsing Exp $ */ /* * Copyright (c) 2020 Joel Sing * @@ -277,10 +277,10 @@ tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version) rl->dtls = ((version >> 8) == DTLS1_VERSION_MAJOR); } -void -tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl, uint16_t epoch) +uint16_t +tls12_record_layer_write_epoch(struct tls12_record_layer *rl) { - rl->write->epoch = epoch; + return rl->write->epoch; } int @@ -583,6 +583,10 @@ tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl, /* Write sequence number gets reset to zero. */ + /* DTLS epoch is incremented and is permitted to wrap. */ + if (rl->dtls) + write_new->epoch = rl->write_current->epoch + 1; + if (!tls12_record_layer_change_cipher_state(rl, write_new, 1, mac_key, key, iv)) goto err;