Skip to content

Commit

Permalink
Move increment of dtls epoch to change cipher state function
Browse files Browse the repository at this point in the history
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from openssl#23212)
  • Loading branch information
fwh-dc authored and t8m committed Jan 18, 2024
1 parent ead44e1 commit 4897bd2
Show file tree
Hide file tree
Showing 8 changed files with 25 additions and 24 deletions.
11 changes: 11 additions & 0 deletions ssl/record/rec_layer_d1.c
Original file line number Diff line number Diff line change
Expand Up @@ -679,3 +679,14 @@ void dtls1_increment_epoch(SSL_CONNECTION *s, int rw)
s->rlayer.d->w_epoch++;
}
}

uint16_t dtls1_get_epoch(SSL_CONNECTION *s, int rw) {
uint16_t epoch;

if (rw & SSL3_CC_READ)
epoch = s->rlayer.d->r_epoch;
else
epoch = s->rlayer.d->w_epoch;

return epoch;
}
4 changes: 2 additions & 2 deletions ssl/record/rec_layer_s3.c
Original file line number Diff line number Diff line change
Expand Up @@ -1322,7 +1322,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
prev = s->rlayer.rrlnext;
if (SSL_CONNECTION_IS_DTLS(s)
&& level != OSSL_RECORD_PROTECTION_LEVEL_NONE)
epoch = DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer) + 1; /* new epoch */
epoch = dtls1_get_epoch(s, SSL3_CC_READ); /* new epoch */

#ifndef OPENSSL_NO_DGRAM
if (SSL_CONNECTION_IS_DTLS(s))
Expand All @@ -1339,7 +1339,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
} else {
if (SSL_CONNECTION_IS_DTLS(s)
&& level != OSSL_RECORD_PROTECTION_LEVEL_NONE)
epoch = DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) + 1; /* new epoch */
epoch = dtls1_get_epoch(s, SSL3_CC_WRITE); /* new epoch */
}

/*
Expand Down
2 changes: 1 addition & 1 deletion ssl/record/record.h
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,6 @@ typedef struct record_layer_st {

#define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra))
#define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead)
#define DTLS_RECORD_LAYER_get_w_epoch(rl) ((rl)->d->w_epoch)

void RECORD_LAYER_init(RECORD_LAYER *rl, SSL_CONNECTION *s);
void RECORD_LAYER_clear(RECORD_LAYER *rl);
Expand All @@ -163,6 +162,7 @@ __owur int dtls1_write_bytes(SSL_CONNECTION *s, uint8_t type, const void *buf,
int do_dtls1_write(SSL_CONNECTION *s, uint8_t type, const unsigned char *buf,
size_t len, size_t *written);
void dtls1_increment_epoch(SSL_CONNECTION *s, int rw);
uint16_t dtls1_get_epoch(SSL_CONNECTION *s, int rw);
int ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr, size_t length);

# define HANDLE_RLAYER_READ_RETURN(s, ret) \
Expand Down
4 changes: 0 additions & 4 deletions ssl/record/record_local.h
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,3 @@
*****************************************************************************/

#define MAX_WARN_ALERT_COUNT 5

/* Functions/macros provided by the RECORD_LAYER component */

#define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch)
20 changes: 8 additions & 12 deletions ssl/statem/statem_clnt.c
Original file line number Diff line number Diff line change
Expand Up @@ -871,20 +871,16 @@ WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst)
return WORK_ERROR;
}

if (SSL_CONNECTION_IS_DTLS(s)) {
#ifndef OPENSSL_NO_SCTP
if (s->hit) {
/*
* Change to new shared key of SCTP-Auth, will be ignored if
* no SCTP used.
*/
BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
0, NULL);
}
#endif

dtls1_increment_epoch(s, SSL3_CC_WRITE);
if (SSL_CONNECTION_IS_DTLS(s) && s->hit) {
/*
* Change to new shared key of SCTP-Auth, will be ignored if
* no SCTP used.
*/
BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
0, NULL);
}
#endif
break;

case TLS_ST_CW_FINISHED:
Expand Down
2 changes: 0 additions & 2 deletions ssl/statem/statem_lib.c
Original file line number Diff line number Diff line change
Expand Up @@ -808,8 +808,6 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s,
}

if (SSL_CONNECTION_IS_DTLS(s)) {
dtls1_increment_epoch(s, SSL3_CC_READ);

if (s->version == DTLS1_BAD_VER)
s->d1->handshake_read_seq++;

Expand Down
3 changes: 0 additions & 3 deletions ssl/statem/statem_srvr.c
Original file line number Diff line number Diff line change
Expand Up @@ -994,9 +994,6 @@ WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst)
/* SSLfatal() already called */
return WORK_ERROR;
}

if (SSL_CONNECTION_IS_DTLS(s))
dtls1_increment_epoch(s, SSL3_CC_WRITE);
break;

case TLS_ST_SW_SRVR_DONE:
Expand Down
3 changes: 3 additions & 0 deletions ssl/t1_enc.c
Original file line number Diff line number Diff line change
Expand Up @@ -228,6 +228,9 @@ int tls1_change_cipher_state(SSL_CONNECTION *s, int which)
direction = OSSL_RECORD_DIRECTION_WRITE;
}

if (SSL_CONNECTION_IS_DTLS(s))
dtls1_increment_epoch(s, which);

if (!ssl_set_new_record_layer(s, s->version, direction,
OSSL_RECORD_PROTECTION_LEVEL_APPLICATION,
NULL, 0, key, cl, iv, (size_t)k, mac_secret,
Expand Down

0 comments on commit 4897bd2

Please sign in to comment.