Replace DTLS w_epoch with epoch from TLSv1.2 record layer.

ok inoguchi@ tb@

1 files changed, 8 insertions, 4 deletions

diff --git a/lib/libssl/tls12_record_layer.c b/lib/libssl/tls12_record_layer.c
index b9a3320de8a..652ca873a6a 100644
--- a/lib/libssl/tls12_record_layer.c
+++ b/lib/libssl/tls12_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.27 2021/05/05 10:05:27 jsing Exp $ */
+/* $OpenBSD: tls12_record_layer.c,v 1.28 2021/05/05 19:52:00 jsing Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -277,10 +277,10 @@ tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version)
 	rl->dtls = ((version >> 8) == DTLS1_VERSION_MAJOR);
 }
 
-void
-tls12_record_layer_set_write_epoch(struct tls12_record_layer *rl, uint16_t epoch)
+uint16_t
+tls12_record_layer_write_epoch(struct tls12_record_layer *rl)
 {
-	rl->write->epoch = epoch;
+	return rl->write->epoch;
 }
 
 int
@@ -583,6 +583,10 @@ tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl,
 
 	/* Write sequence number gets reset to zero. */
 
+	/* DTLS epoch is incremented and is permitted to wrap. */
+	if (rl->dtls)
+		write_new->epoch = rl->write_current->epoch + 1;
+
 	if (!tls12_record_layer_change_cipher_state(rl, write_new, 1,
 	    mac_key, key, iv))
 		goto err;