Skip to content

Commit df8d707

Browse files
julek-wolfssljulek-wolfssl
committed
wip
1 parent b02ddde commit df8d707

3 files changed

Lines changed: 31 additions & 0 deletions

File tree

src/internal.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25985,6 +25985,10 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl)
2598525985
}
2598625986
#ifdef WOLFSSL_DTLS13
2598725987
if (ssl->options.dtls) {
25988+
if (ssl->dtls13EncryptEpoch == NULL) {
25989+
WOLFSSL_MSG("DTLS 1.3 encrypt epoch not set");
25990+
return BAD_STATE_E;
25991+
}
2598825992
seq = ssl->dtls13EncryptEpoch->nextSeqNumber;
2598925993
}
2599025994
else

src/ssl.c

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -807,6 +807,31 @@ static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl)
807807
/* dup side now owns encrypt/write ciphers */
808808
XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers));
809809

810+
#ifdef WOLFSSL_DTLS13
811+
if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) {
812+
/* Copy epoch array (contains only value types — safe to memcpy). */
813+
XMEMCPY(dup->dtls13Epochs, ssl->dtls13Epochs, sizeof(ssl->dtls13Epochs));
814+
815+
/* Re-point dtls13EncryptEpoch into dup's own epoch array. */
816+
if (ssl->dtls13EncryptEpoch != NULL) {
817+
dup->dtls13EncryptEpoch =
818+
&dup->dtls13Epochs[ssl->dtls13EncryptEpoch - ssl->dtls13Epochs];
819+
}
820+
/* dtls13DecryptEpoch is not needed by the write-only side; leave NULL. */
821+
822+
/* Copy current write epoch number (checked in Dtls13SendMessage). */
823+
dup->dtls13Epoch = ssl->dtls13Epoch;
824+
825+
/* Transfer record-number encryption cipher ownership to dup.
826+
* FreeCiphers() frees the aes/chacha pointer, so sharing it would
827+
* cause a double-free; use the same ownership-transfer pattern as
828+
* for ssl->encrypt above. */
829+
XMEMCPY(&dup->dtlsRecordNumberEncrypt, &ssl->dtlsRecordNumberEncrypt,
830+
sizeof(RecordNumberCiphers));
831+
XMEMSET(&ssl->dtlsRecordNumberEncrypt, 0, sizeof(RecordNumberCiphers));
832+
}
833+
#endif /* WOLFSSL_DTLS13 */
834+
810835
dup->IOCB_WriteCtx = ssl->IOCB_WriteCtx;
811836
dup->CBIOSend = ssl->CBIOSend;
812837
#ifdef OPENSSL_EXTRA

tests/api.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32023,9 +32023,11 @@ static int test_write_dup(void)
3202332023
} methods[] = {
3202432024
#ifndef WOLFSSL_NO_TLS12
3202532025
{wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2", WOLFSSL_TLSV1_2},
32026+
{wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLS 1.2", WOLFSSL_TLSV1_2},
3202632027
#endif
3202732028
#ifdef WOLFSSL_TLS13
3202832029
{wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3", WOLFSSL_TLSV1_3},
32030+
{wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "TLS 1.3", WOLFSSL_TLSV1_3},
3202932031
#endif
3203032032
};
3203132033
struct {

0 commit comments

Comments
 (0)