/*-
* for these 2 messages, we need to
* ssl->enc_read_ctx re-init
- * ssl->s3->read_sequence zero
+ * ssl->rlayer.read_sequence zero
* ssl->s3->read_mac_secret re-init
* ssl->session->read_sym_enc assign
* ssl->session->read_compression assign
if (frag->msg_header.saved_retransmit_state.epoch ==
saved_state.epoch - 1) {
- memcpy(save_write_sequence, s->s3->write_sequence,
- sizeof(s->s3->write_sequence));
- memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
- sizeof(s->s3->write_sequence));
+
+ memcpy(save_write_sequence, RECORD_LAYER_get_write_sequence(&s->rlayer),
+ sizeof(save_write_sequence));
+ RECORD_LAYER_set_write_sequence(&s->rlayer, s->d1->last_write_sequence);
}
ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
if (frag->msg_header.saved_retransmit_state.epoch ==
saved_state.epoch - 1) {
- memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
- sizeof(s->s3->write_sequence));
- memcpy(s->s3->write_sequence, save_write_sequence,
- sizeof(s->s3->write_sequence));
+ memcpy(s->d1->last_write_sequence,
+ RECORD_LAYER_get_write_sequence(&s->rlayer),
+ sizeof(s->d1->last_write_sequence));
+ RECORD_LAYER_set_write_sequence(&s->rlayer, save_write_sequence);
}
s->d1->retransmitting = 0;
* listening
*/
if (listen) {
- memcpy(s->s3->write_sequence, s->s3->read_sequence,
- sizeof(s->s3->write_sequence));
+ RECORD_LAYER_set_write_sequence(&s->rlayer,
+ RECORD_LAYER_get_read_sequence(&s->rlayer));
}
/* If we're just listening, stop here */
memcpy(&s->rlayer.rrec, &(rdata->rrec), sizeof(SSL3_RECORD));
/* Set proper sequence number for mac calculation */
- memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
+ memcpy(&(s->rlayer.read_sequence[2]), &(rdata->packet[5]), 6);
return (1);
}
* else s2n(s->d1->handshake_epoch, pseq);
*/
- memcpy(pseq, &(s->s3->write_sequence[2]), 6);
+ memcpy(pseq, &(s->rlayer.write_sequence[2]), 6);
pseq += 6;
s2n(wr->length, pseq);
wr->type = type; /* not needed but helps for debugging */
wr->length += DTLS1_RT_HEADER_LENGTH;
- ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
+ ssl3_record_sequence_update(&(s->rlayer.write_sequence[0]));
if (create_empty_fragment) {
/*
{
int cmp;
unsigned int shift;
- const unsigned char *seq = s->s3->read_sequence;
+ const unsigned char *seq = s->rlayer.read_sequence;
cmp = satsub64be(seq, bitmap->max_seq_num);
if (cmp > 0) {
{
int cmp;
unsigned int shift;
- const unsigned char *seq = s->s3->read_sequence;
+ const unsigned char *seq = s->rlayer.read_sequence;
cmp = satsub64be(seq, bitmap->max_seq_num);
if (cmp > 0) {
void dtls1_reset_seq_numbers(SSL *s, int rw)
{
unsigned char *seq;
- unsigned int seq_bytes = sizeof(s->s3->read_sequence);
+ unsigned int seq_bytes = sizeof(s->rlayer.read_sequence);
if (rw & SSL3_CC_READ) {
- seq = s->s3->read_sequence;
+ seq = s->rlayer.read_sequence;
s->d1->r_epoch++;
memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
} else {
- seq = s->s3->write_sequence;
+ seq = s->rlayer.write_sequence;
memcpy(s->d1->last_write_sequence, seq,
- sizeof(s->s3->write_sequence));
+ sizeof(s->rlayer.write_sequence));
s->d1->w_epoch++;
}
/* number of bytes submitted */
int wpend_ret;
const unsigned char *wpend_buf;
+
+ unsigned char read_sequence[8];
+ unsigned char write_sequence[8];
} RECORD_LAYER;
#define RECORD_LAYER_get_packet(rl) ((rl)->packet)
#define RECORD_LAYER_get_packet_length(rl) ((rl)->packet_length)
#define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc))
+#define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence)
+#define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence)
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
void RECORD_LAYER_clear(RECORD_LAYER *rl);
int RECORD_LAYER_write_pending(RECORD_LAYER *rl);
int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len);
void RECORD_LAYER_dup(RECORD_LAYER *dst, RECORD_LAYER *src);
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
+void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws);
__owur int ssl3_pending(const SSL *s);
__owur int ssl23_read_bytes(SSL *s, int n);
__owur int ssl23_write_bytes(SSL *s);
dst->rstate = src->rstate;
}
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
+{
+ memset(rl->read_sequence, 0, 8);
+}
+
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
+{
+ memset(rl->write_sequence, 0, 8);
+}
+
+void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws)
+{
+ memcpy(rl->write_sequence, ws, sizeof(rl->write_sequence));
+}
+
int ssl3_pending(const SSL *s)
{
if (s->rlayer.rstate == SSL_ST_READ_BODY)
else
nw = max_send_fragment * (mb_param.interleave = 4);
- memcpy(aad, s->s3->write_sequence, 8);
+ memcpy(aad, s->rlayer.write_sequence, 8);
aad[8] = type;
aad[9] = (unsigned char)(s->version >> 8);
aad[10] = (unsigned char)(s->version);
sizeof(mb_param), &mb_param) <= 0)
return -1;
- s->s3->write_sequence[7] += mb_param.interleave;
- if (s->s3->write_sequence[7] < mb_param.interleave) {
+ s->rlayer.write_sequence[7] += mb_param.interleave;
+ if (s->rlayer.write_sequence[7] < mb_param.interleave) {
int j = 6;
- while (j >= 0 && (++s->s3->write_sequence[j--]) == 0) ;
+ while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) ;
}
wb->offset = 0;
if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
unsigned char buf[13], *seq;
- seq = send ? s->s3->write_sequence : s->s3->read_sequence;
+ seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer)
+ : RECORD_LAYER_get_read_sequence(&s->rlayer);
if (SSL_IS_DTLS(s)) {
unsigned char dtlsseq[9], *p = dtlsseq;
if (send) {
rec = RECORD_LAYER_get_wrec(&ssl->rlayer);
mac_sec = &(ssl->s3->write_mac_secret[0]);
- seq = &(ssl->s3->write_sequence[0]);
+ seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
hash = ssl->write_hash;
} else {
rec = RECORD_LAYER_get_rrec(&ssl->rlayer);
mac_sec = &(ssl->s3->read_mac_secret[0]);
- seq = &(ssl->s3->read_sequence[0]);
+ seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
hash = ssl->read_hash;
}
if (send) {
rec = RECORD_LAYER_get_wrec(&ssl->rlayer);
- seq = &(ssl->s3->write_sequence[0]);
+ seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
hash = ssl->write_hash;
} else {
rec = RECORD_LAYER_get_rrec(&ssl->rlayer);
- seq = &(ssl->s3->read_sequence[0]);
+ seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
hash = ssl->read_hash;
}
*/
if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
/* First packet is even in size, so check */
- if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
+ if ((memcmp(RECORD_LAYER_get_read_sequence(&s->rlayer),
+ "\0\0\0\0\0\0\0\0", 8) == 0) &&
!(padding_length & 1)) {
s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG;
}
/* sequence number is 64 bits, with top 2 bytes = epoch */
n2s(p, rr->epoch);
- memcpy(&(s->s3->read_sequence[2]), p, 6);
+ memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);
p += 6;
n2s(p, rr->length);
/*-
* for these 2 messages, we need to
* ssl->enc_read_ctx re-init
- * ssl->s3->read_sequence zero
+ * ssl->rlayer.read_sequence zero
* ssl->s3->read_mac_secret re-init
* ssl->session->read_sym_enc assign
* ssl->session->read_compression assign
goto err;
}
#endif
- memset(&(s->s3->read_sequence[0]), 0, 8);
+ RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3->read_mac_secret[0]);
} else {
if (s->enc_write_ctx != NULL)
}
}
#endif
- memset(&(s->s3->write_sequence[0]), 0, 8);
+ RECORD_LAYER_reset_write_sequence(&s->rlayer);
mac_secret = &(s->s3->write_mac_secret[0]);
}
typedef struct ssl3_state_st {
long flags;
int delay_buf_pop_ret;
- unsigned char read_sequence[8];
int read_mac_secret_size;
unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
- unsigned char write_sequence[8];
int write_mac_secret_size;
unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
unsigned char server_random[SSL3_RANDOM_SIZE];
* this is done by dtls1_reset_seq_numbers for DTLS
*/
if (!SSL_IS_DTLS(s))
- memset(&(s->s3->read_sequence[0]), 0, 8);
+ RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3->read_mac_secret[0]);
mac_secret_size = &(s->s3->read_mac_secret_size);
} else {
* this is done by dtls1_reset_seq_numbers for DTLS
*/
if (!SSL_IS_DTLS(s))
- memset(&(s->s3->write_sequence[0]), 0, 8);
+ RECORD_LAYER_reset_write_sequence(&s->rlayer);
mac_secret = &(s->s3->write_mac_secret[0]);
mac_secret_size = &(s->s3->write_mac_secret_size);
}
projects / openssl / commitdiff