Loading ssl/d1_both.c +6 −5 Original line number Diff line number Diff line Loading @@ -1110,7 +1110,8 @@ int dtls1_buffer_message(SSL *s, int is_ccs) frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; frag->msg_header.saved_retransmit_state.compress = s->compress; frag->msg_header.saved_retransmit_state.session = s->session; frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; frag->msg_header.saved_retransmit_state.epoch = DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer); memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = Loading Loading @@ -1184,8 +1185,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, saved_state.write_hash = s->write_hash; saved_state.compress = s->compress; saved_state.session = s->session; saved_state.epoch = s->d1->w_epoch; saved_state.epoch = s->d1->w_epoch; saved_state.epoch = DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer); s->d1->retransmitting = 1; Loading @@ -1194,7 +1194,8 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; s->compress = frag->msg_header.saved_retransmit_state.compress; s->session = frag->msg_header.saved_retransmit_state.session; s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; DTLS_RECORD_LAYER_set_w_epoch(&s->rlayer, frag->msg_header.saved_retransmit_state.epoch); if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { Loading @@ -1212,7 +1213,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, s->write_hash = saved_state.write_hash; s->compress = saved_state.compress; s->session = saved_state.session; s->d1->w_epoch = saved_state.epoch; DTLS_RECORD_LAYER_set_w_epoch(&s->rlayer, saved_state.epoch); if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { Loading ssl/d1_lib.c +0 −2 Original line number Diff line number Diff line Loading @@ -138,8 +138,6 @@ int dtls1_new(SSL *s) return 0; } /* d1->handshake_epoch=0; */ d1->unprocessed_rcds.q = pqueue_new(); d1->processed_rcds.q = pqueue_new(); d1->buffered_messages = pqueue_new(); Loading ssl/record/d1_pkt.c +10 −10 Original line number Diff line number Diff line Loading @@ -332,7 +332,7 @@ int dtls1_process_buffered_records(SSL *s) item = pqueue_peek(s->d1->unprocessed_rcds.q); if (item) { /* Check if epoch is current. */ if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) if (s->d1->unprocessed_rcds.epoch != s->rlayer.d->r_epoch) return (1); /* Nothing to do. */ /* Process all the records. */ Loading @@ -350,8 +350,8 @@ int dtls1_process_buffered_records(SSL *s) * sync epoch numbers once all the unprocessed records have been * processed */ s->d1->processed_rcds.epoch = s->d1->r_epoch; s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1; s->d1->processed_rcds.epoch = s->rlayer.d->r_epoch; s->d1->unprocessed_rcds.epoch = s->rlayer.d->r_epoch + 1; return (1); } Loading Loading @@ -909,7 +909,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) /* this may just be a stale retransmit */ dtls1_get_message_header(rr->data, &msg_hdr); if (rr->epoch != s->d1->r_epoch) { if (rr->epoch != s->rlayer.d->r_epoch) { rr->length = 0; goto start; } Loading Loading @@ -1201,7 +1201,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, /* there's only one epoch between handshake and app data */ s2n(s->d1->w_epoch, pseq); s2n(s->rlayer.d->w_epoch, pseq); /* XDTLS: ?? */ /* Loading Loading @@ -1301,11 +1301,11 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, *is_next_epoch = 0; /* In current epoch, accept HM, CCS, DATA, & ALERT */ if (rr->epoch == s->d1->r_epoch) if (rr->epoch == s->rlayer.d->r_epoch) return &s->d1->bitmap; /* Only HM and ALERT messages can be from the next epoch */ else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) && else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) && (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { *is_next_epoch = 1; return &s->d1->next_bitmap; Loading @@ -1321,14 +1321,14 @@ void dtls1_reset_seq_numbers(SSL *s, int rw) if (rw & SSL3_CC_READ) { seq = s->rlayer.read_sequence; s->d1->r_epoch++; s->rlayer.d->r_epoch++; memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); } else { seq = s->rlayer.write_sequence; memcpy(s->d1->last_write_sequence, seq, sizeof(s->rlayer.write_sequence)); s->d1->w_epoch++; s->rlayer.d->w_epoch++; } memset(seq, 0x00, seq_bytes); Loading ssl/record/rec_layer.h +10 −2 Original line number Diff line number Diff line Loading @@ -143,8 +143,13 @@ typedef struct dtls1_record_data_st { } DTLS1_RECORD_DATA; typedef struct dtls_record_layer_st { /* Temporary member to be removed by subsequent commits */ int dummy; /* * The current data and handshake epoch. This is initially * undefined, and starts at zero once the initial handshake is * completed */ unsigned short r_epoch; unsigned short w_epoch; } DTLS_RECORD_LAYER; typedef struct record_layer_st { Loading Loading @@ -212,6 +217,8 @@ typedef struct record_layer_st { #define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc)) #define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence) #define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence) #define DTLS_RECORD_LAYER_get_w_epoch(rl) ((rl)->d->w_epoch) #define DTLS_RECORD_LAYER_set_w_epoch(rl, e) ((rl)->d->w_epoch = (e)) void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s); void RECORD_LAYER_clear(RECORD_LAYER *rl); Loading Loading @@ -255,6 +262,7 @@ void dtls1_reset_seq_numbers(SSL *s, int rw); #define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0) #define RECORD_LAYER_get_rstate(rl) ((rl)->rstate) #define RECORD_LAYER_set_rstate(rl, st) ((rl)->rstate = (st)) #define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch) __owur int ssl3_read_n(SSL *s, int n, int max, int extend); __owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, Loading ssl/record/ssl3_record.c +4 −2 Original line number Diff line number Diff line Loading @@ -665,7 +665,8 @@ int tls1_enc(SSL *s, int send) if (SSL_IS_DTLS(s)) { unsigned char dtlsseq[9], *p = dtlsseq; s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p); s2n(send ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) : DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p); memcpy(p, &seq[2], 6); memcpy(buf, dtlsseq, 8); } else { Loading Loading @@ -894,7 +895,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) if (SSL_IS_DTLS(ssl)) { unsigned char dtlsseq[8], *p = dtlsseq; s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p); s2n(send ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) : DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p); memcpy(p, &seq[2], 6); memcpy(header, dtlsseq, 8); Loading Loading
ssl/d1_both.c +6 −5 Original line number Diff line number Diff line Loading @@ -1110,7 +1110,8 @@ int dtls1_buffer_message(SSL *s, int is_ccs) frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; frag->msg_header.saved_retransmit_state.compress = s->compress; frag->msg_header.saved_retransmit_state.session = s->session; frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; frag->msg_header.saved_retransmit_state.epoch = DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer); memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = Loading Loading @@ -1184,8 +1185,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, saved_state.write_hash = s->write_hash; saved_state.compress = s->compress; saved_state.session = s->session; saved_state.epoch = s->d1->w_epoch; saved_state.epoch = s->d1->w_epoch; saved_state.epoch = DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer); s->d1->retransmitting = 1; Loading @@ -1194,7 +1194,8 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; s->compress = frag->msg_header.saved_retransmit_state.compress; s->session = frag->msg_header.saved_retransmit_state.session; s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; DTLS_RECORD_LAYER_set_w_epoch(&s->rlayer, frag->msg_header.saved_retransmit_state.epoch); if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { Loading @@ -1212,7 +1213,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, s->write_hash = saved_state.write_hash; s->compress = saved_state.compress; s->session = saved_state.session; s->d1->w_epoch = saved_state.epoch; DTLS_RECORD_LAYER_set_w_epoch(&s->rlayer, saved_state.epoch); if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { Loading
ssl/d1_lib.c +0 −2 Original line number Diff line number Diff line Loading @@ -138,8 +138,6 @@ int dtls1_new(SSL *s) return 0; } /* d1->handshake_epoch=0; */ d1->unprocessed_rcds.q = pqueue_new(); d1->processed_rcds.q = pqueue_new(); d1->buffered_messages = pqueue_new(); Loading
ssl/record/d1_pkt.c +10 −10 Original line number Diff line number Diff line Loading @@ -332,7 +332,7 @@ int dtls1_process_buffered_records(SSL *s) item = pqueue_peek(s->d1->unprocessed_rcds.q); if (item) { /* Check if epoch is current. */ if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) if (s->d1->unprocessed_rcds.epoch != s->rlayer.d->r_epoch) return (1); /* Nothing to do. */ /* Process all the records. */ Loading @@ -350,8 +350,8 @@ int dtls1_process_buffered_records(SSL *s) * sync epoch numbers once all the unprocessed records have been * processed */ s->d1->processed_rcds.epoch = s->d1->r_epoch; s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1; s->d1->processed_rcds.epoch = s->rlayer.d->r_epoch; s->d1->unprocessed_rcds.epoch = s->rlayer.d->r_epoch + 1; return (1); } Loading Loading @@ -909,7 +909,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) /* this may just be a stale retransmit */ dtls1_get_message_header(rr->data, &msg_hdr); if (rr->epoch != s->d1->r_epoch) { if (rr->epoch != s->rlayer.d->r_epoch) { rr->length = 0; goto start; } Loading Loading @@ -1201,7 +1201,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, /* there's only one epoch between handshake and app data */ s2n(s->d1->w_epoch, pseq); s2n(s->rlayer.d->w_epoch, pseq); /* XDTLS: ?? */ /* Loading Loading @@ -1301,11 +1301,11 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, *is_next_epoch = 0; /* In current epoch, accept HM, CCS, DATA, & ALERT */ if (rr->epoch == s->d1->r_epoch) if (rr->epoch == s->rlayer.d->r_epoch) return &s->d1->bitmap; /* Only HM and ALERT messages can be from the next epoch */ else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) && else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) && (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { *is_next_epoch = 1; return &s->d1->next_bitmap; Loading @@ -1321,14 +1321,14 @@ void dtls1_reset_seq_numbers(SSL *s, int rw) if (rw & SSL3_CC_READ) { seq = s->rlayer.read_sequence; s->d1->r_epoch++; s->rlayer.d->r_epoch++; memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); } else { seq = s->rlayer.write_sequence; memcpy(s->d1->last_write_sequence, seq, sizeof(s->rlayer.write_sequence)); s->d1->w_epoch++; s->rlayer.d->w_epoch++; } memset(seq, 0x00, seq_bytes); Loading
ssl/record/rec_layer.h +10 −2 Original line number Diff line number Diff line Loading @@ -143,8 +143,13 @@ typedef struct dtls1_record_data_st { } DTLS1_RECORD_DATA; typedef struct dtls_record_layer_st { /* Temporary member to be removed by subsequent commits */ int dummy; /* * The current data and handshake epoch. This is initially * undefined, and starts at zero once the initial handshake is * completed */ unsigned short r_epoch; unsigned short w_epoch; } DTLS_RECORD_LAYER; typedef struct record_layer_st { Loading Loading @@ -212,6 +217,8 @@ typedef struct record_layer_st { #define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc)) #define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence) #define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence) #define DTLS_RECORD_LAYER_get_w_epoch(rl) ((rl)->d->w_epoch) #define DTLS_RECORD_LAYER_set_w_epoch(rl, e) ((rl)->d->w_epoch = (e)) void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s); void RECORD_LAYER_clear(RECORD_LAYER *rl); Loading Loading @@ -255,6 +262,7 @@ void dtls1_reset_seq_numbers(SSL *s, int rw); #define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0) #define RECORD_LAYER_get_rstate(rl) ((rl)->rstate) #define RECORD_LAYER_set_rstate(rl, st) ((rl)->rstate = (st)) #define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch) __owur int ssl3_read_n(SSL *s, int n, int max, int extend); __owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, Loading
ssl/record/ssl3_record.c +4 −2 Original line number Diff line number Diff line Loading @@ -665,7 +665,8 @@ int tls1_enc(SSL *s, int send) if (SSL_IS_DTLS(s)) { unsigned char dtlsseq[9], *p = dtlsseq; s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p); s2n(send ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) : DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p); memcpy(p, &seq[2], 6); memcpy(buf, dtlsseq, 8); } else { Loading Loading @@ -894,7 +895,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) if (SSL_IS_DTLS(ssl)) { unsigned char dtlsseq[8], *p = dtlsseq; s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p); s2n(send ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) : DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p); memcpy(p, &seq[2], 6); memcpy(header, dtlsseq, 8); Loading
Richard Levitte <levitte@openssl.org>Richard Levitte <levitte@openssl.org>