From c8e2fc2ba41689d84b1196d61aa7c4abf11c82fb Mon Sep 17 00:00:00 2001 From: jsing Date: Sat, 19 Jun 2021 16:52:47 +0000 Subject: [PATCH] Provide the ability to set the initial DTLS epoch value. This allows for regress to test edge cases for epoch handling. ok tb@ --- lib/libssl/d1_lib.c | 5 ++++- lib/libssl/ssl_lib.c | 8 ++++---- lib/libssl/ssl_locl.h | 5 ++++- lib/libssl/tls12_record_layer.c | 18 +++++++++++++++++- 4 files changed, 29 insertions(+), 7 deletions(-) diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c index bc00ab8ca40..66895a361f2 100644 --- a/lib/libssl/d1_lib.c +++ b/lib/libssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.55 2021/06/19 16:38:27 jsing Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.56 2021/06/19 16:52:47 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -197,6 +197,9 @@ dtls1_clear(SSL *s) memset(s->d1, 0, sizeof(*s->d1)); s->d1->internal = internal; + D1I(s)->r_epoch = + tls12_record_layer_initial_epoch(s->internal->rl); + D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch; D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1; diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 8aa774a2416..dd46bf94231 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.260 2021/06/11 11:13:53 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.261 2021/06/19 16:52:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -253,6 +253,9 @@ SSL_new(SSL_CTX *ctx) if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL) goto err; + if ((s->internal->rl = tls12_record_layer_new()) == NULL) + goto err; + s->internal->min_tls_version = ctx->internal->min_tls_version; s->internal->max_tls_version = ctx->internal->max_tls_version; s->internal->min_proto_version = ctx->internal->min_proto_version; @@ -342,9 +345,6 @@ SSL_new(SSL_CTX *ctx) if (!s->method->internal->ssl_new(s)) goto err; - if ((s->internal->rl = tls12_record_layer_new()) == NULL) - goto err; - s->references = 1; s->server = ctx->method->internal->server; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index e6b55765451..18509438aed 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.348 2021/06/13 15:34:41 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.349 2021/06/19 16:52:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -548,6 +548,9 @@ void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl, const EVP_MD *mac_hash); void tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version); +void tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl, + uint16_t epoch); +uint16_t tls12_record_layer_initial_epoch(struct tls12_record_layer *rl); uint16_t tls12_record_layer_write_epoch(struct tls12_record_layer *rl); int tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl, uint16_t epoch); diff --git a/lib/libssl/tls12_record_layer.c b/lib/libssl/tls12_record_layer.c index 481680d9cc9..43edb6f0f53 100644 --- a/lib/libssl/tls12_record_layer.c +++ b/lib/libssl/tls12_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls12_record_layer.c,v 1.31 2021/06/14 14:22:52 jsing Exp $ */ +/* $OpenBSD: tls12_record_layer.c,v 1.32 2021/06/19 16:52:47 jsing Exp $ */ /* * Copyright (c) 2020 Joel Sing * @@ -161,6 +161,7 @@ tls12_record_protection_mac_len(struct tls12_record_protection *rp, struct tls12_record_layer { uint16_t version; + uint16_t initial_epoch; int dtls; uint8_t alert_desc; @@ -283,6 +284,19 @@ tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version) rl->dtls = ((version >> 8) == DTLS1_VERSION_MAJOR); } +void +tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl, + uint16_t epoch) +{ + rl->initial_epoch = epoch; +} + +uint16_t +tls12_record_layer_initial_epoch(struct tls12_record_layer *rl) +{ + return rl->initial_epoch; +} + uint16_t tls12_record_layer_write_epoch(struct tls12_record_layer *rl) { @@ -324,12 +338,14 @@ void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl) { tls12_record_protection_clear(rl->read); + rl->read->epoch = rl->initial_epoch; } void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl) { tls12_record_protection_clear(rl->write); + rl->write->epoch = rl->initial_epoch; tls12_record_protection_free(rl->write_previous); rl->write_previous = NULL; -- 2.20.1