Loading ssl/d1_both.c +9 −9 Original line number Diff line number Diff line Loading @@ -961,7 +961,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) /*- * for these 2 messages, we need to * ssl->enc_read_ctx re-init * ssl->s3->read_sequence zero * ssl->rlayer.read_sequence zero * ssl->s3->read_mac_secret re-init * ssl->session->read_sym_enc assign * ssl->session->read_compression assign Loading Loading @@ -1198,10 +1198,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence)); memcpy(save_write_sequence, RECORD_LAYER_get_write_sequence(&s->rlayer), sizeof(save_write_sequence)); RECORD_LAYER_set_write_sequence(&s->rlayer, s->d1->last_write_sequence); } ret = dtls1_do_write(s, frag->msg_header.is_ccs ? Loading @@ -1216,10 +1216,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence)); memcpy(s->d1->last_write_sequence, RECORD_LAYER_get_write_sequence(&s->rlayer), sizeof(s->d1->last_write_sequence)); RECORD_LAYER_set_write_sequence(&s->rlayer, save_write_sequence); } s->d1->retransmitting = 0; Loading ssl/d1_srvr.c +2 −2 Original line number Diff line number Diff line Loading @@ -330,8 +330,8 @@ int dtls1_accept(SSL *s) * listening */ if (listen) { memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); RECORD_LAYER_set_write_sequence(&s->rlayer, RECORD_LAYER_get_read_sequence(&s->rlayer)); } /* If we're just listening, stop here */ Loading ssl/record/d1_pkt.c +9 −9 Original line number Diff line number Diff line Loading @@ -199,7 +199,7 @@ static int dtls1_copy_record(SSL *s, pitem *item) memcpy(&s->rlayer.rrec, &(rdata->rrec), sizeof(SSL3_RECORD)); /* Set proper sequence number for mac calculation */ memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); memcpy(&(s->rlayer.read_sequence[2]), &(rdata->packet[5]), 6); return (1); } Loading Loading @@ -1179,7 +1179,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * else s2n(s->d1->handshake_epoch, pseq); */ memcpy(pseq, &(s->s3->write_sequence[2]), 6); memcpy(pseq, &(s->rlayer.write_sequence[2]), 6); pseq += 6; s2n(wr->length, pseq); Loading @@ -1194,7 +1194,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, wr->type = type; /* not needed but helps for debugging */ wr->length += DTLS1_RT_HEADER_LENGTH; ssl3_record_sequence_update(&(s->s3->write_sequence[0])); ssl3_record_sequence_update(&(s->rlayer.write_sequence[0])); if (create_empty_fragment) { /* Loading Loading @@ -1227,7 +1227,7 @@ int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) { int cmp; unsigned int shift; const unsigned char *seq = s->s3->read_sequence; const unsigned char *seq = s->rlayer.read_sequence; cmp = satsub64be(seq, bitmap->max_seq_num); if (cmp > 0) { Loading @@ -1248,7 +1248,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) { int cmp; unsigned int shift; const unsigned char *seq = s->s3->read_sequence; const unsigned char *seq = s->rlayer.read_sequence; cmp = satsub64be(seq, bitmap->max_seq_num); if (cmp > 0) { Loading Loading @@ -1288,17 +1288,17 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, void dtls1_reset_seq_numbers(SSL *s, int rw) { unsigned char *seq; unsigned int seq_bytes = sizeof(s->s3->read_sequence); unsigned int seq_bytes = sizeof(s->rlayer.read_sequence); if (rw & SSL3_CC_READ) { seq = s->s3->read_sequence; seq = s->rlayer.read_sequence; s->d1->r_epoch++; memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); } else { seq = s->s3->write_sequence; seq = s->rlayer.write_sequence; memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence)); sizeof(s->rlayer.write_sequence)); s->d1->w_epoch++; } Loading ssl/record/rec_layer.h +8 −0 Original line number Diff line number Diff line Loading @@ -174,6 +174,9 @@ typedef struct record_layer_st { /* number of bytes submitted */ int wpend_ret; const unsigned char *wpend_buf; unsigned char read_sequence[8]; unsigned char write_sequence[8]; } RECORD_LAYER; Loading @@ -190,6 +193,8 @@ typedef struct record_layer_st { #define RECORD_LAYER_get_packet(rl) ((rl)->packet) #define RECORD_LAYER_get_packet_length(rl) ((rl)->packet_length) #define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc)) #define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence) #define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence) void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s); void RECORD_LAYER_clear(RECORD_LAYER *rl); Loading @@ -198,6 +203,9 @@ int RECORD_LAYER_read_pending(RECORD_LAYER *rl); int RECORD_LAYER_write_pending(RECORD_LAYER *rl); int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len); void RECORD_LAYER_dup(RECORD_LAYER *dst, RECORD_LAYER *src); void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl); void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl); void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws); __owur int ssl3_pending(const SSL *s); __owur int ssl23_read_bytes(SSL *s, int n); __owur int ssl23_write_bytes(SSL *s); Loading ssl/record/s3_pkt.c +19 −4 Original line number Diff line number Diff line Loading @@ -211,6 +211,21 @@ void RECORD_LAYER_dup(RECORD_LAYER *dst, RECORD_LAYER *src) dst->rstate = src->rstate; } void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl) { memset(rl->read_sequence, 0, 8); } void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl) { memset(rl->write_sequence, 0, 8); } void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws) { memcpy(rl->write_sequence, ws, sizeof(rl->write_sequence)); } int ssl3_pending(const SSL *s) { if (s->rlayer.rstate == SSL_ST_READ_BODY) Loading Loading @@ -541,7 +556,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) else nw = max_send_fragment * (mb_param.interleave = 4); memcpy(aad, s->s3->write_sequence, 8); memcpy(aad, s->rlayer.write_sequence, 8); aad[8] = type; aad[9] = (unsigned char)(s->version >> 8); aad[10] = (unsigned char)(s->version); Loading Loading @@ -570,10 +585,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) sizeof(mb_param), &mb_param) <= 0) return -1; s->s3->write_sequence[7] += mb_param.interleave; if (s->s3->write_sequence[7] < mb_param.interleave) { s->rlayer.write_sequence[7] += mb_param.interleave; if (s->rlayer.write_sequence[7] < mb_param.interleave) { int j = 6; while (j >= 0 && (++s->s3->write_sequence[j--]) == 0) ; while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) ; } wb->offset = 0; Loading Loading
ssl/d1_both.c +9 −9 Original line number Diff line number Diff line Loading @@ -961,7 +961,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) /*- * for these 2 messages, we need to * ssl->enc_read_ctx re-init * ssl->s3->read_sequence zero * ssl->rlayer.read_sequence zero * ssl->s3->read_mac_secret re-init * ssl->session->read_sym_enc assign * ssl->session->read_compression assign Loading Loading @@ -1198,10 +1198,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence)); memcpy(save_write_sequence, RECORD_LAYER_get_write_sequence(&s->rlayer), sizeof(save_write_sequence)); RECORD_LAYER_set_write_sequence(&s->rlayer, s->d1->last_write_sequence); } ret = dtls1_do_write(s, frag->msg_header.is_ccs ? Loading @@ -1216,10 +1216,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) { memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence)); memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence)); memcpy(s->d1->last_write_sequence, RECORD_LAYER_get_write_sequence(&s->rlayer), sizeof(s->d1->last_write_sequence)); RECORD_LAYER_set_write_sequence(&s->rlayer, save_write_sequence); } s->d1->retransmitting = 0; Loading
ssl/d1_srvr.c +2 −2 Original line number Diff line number Diff line Loading @@ -330,8 +330,8 @@ int dtls1_accept(SSL *s) * listening */ if (listen) { memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); RECORD_LAYER_set_write_sequence(&s->rlayer, RECORD_LAYER_get_read_sequence(&s->rlayer)); } /* If we're just listening, stop here */ Loading
ssl/record/d1_pkt.c +9 −9 Original line number Diff line number Diff line Loading @@ -199,7 +199,7 @@ static int dtls1_copy_record(SSL *s, pitem *item) memcpy(&s->rlayer.rrec, &(rdata->rrec), sizeof(SSL3_RECORD)); /* Set proper sequence number for mac calculation */ memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); memcpy(&(s->rlayer.read_sequence[2]), &(rdata->packet[5]), 6); return (1); } Loading Loading @@ -1179,7 +1179,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * else s2n(s->d1->handshake_epoch, pseq); */ memcpy(pseq, &(s->s3->write_sequence[2]), 6); memcpy(pseq, &(s->rlayer.write_sequence[2]), 6); pseq += 6; s2n(wr->length, pseq); Loading @@ -1194,7 +1194,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, wr->type = type; /* not needed but helps for debugging */ wr->length += DTLS1_RT_HEADER_LENGTH; ssl3_record_sequence_update(&(s->s3->write_sequence[0])); ssl3_record_sequence_update(&(s->rlayer.write_sequence[0])); if (create_empty_fragment) { /* Loading Loading @@ -1227,7 +1227,7 @@ int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) { int cmp; unsigned int shift; const unsigned char *seq = s->s3->read_sequence; const unsigned char *seq = s->rlayer.read_sequence; cmp = satsub64be(seq, bitmap->max_seq_num); if (cmp > 0) { Loading @@ -1248,7 +1248,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) { int cmp; unsigned int shift; const unsigned char *seq = s->s3->read_sequence; const unsigned char *seq = s->rlayer.read_sequence; cmp = satsub64be(seq, bitmap->max_seq_num); if (cmp > 0) { Loading Loading @@ -1288,17 +1288,17 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, void dtls1_reset_seq_numbers(SSL *s, int rw) { unsigned char *seq; unsigned int seq_bytes = sizeof(s->s3->read_sequence); unsigned int seq_bytes = sizeof(s->rlayer.read_sequence); if (rw & SSL3_CC_READ) { seq = s->s3->read_sequence; seq = s->rlayer.read_sequence; s->d1->r_epoch++; memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); } else { seq = s->s3->write_sequence; seq = s->rlayer.write_sequence; memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence)); sizeof(s->rlayer.write_sequence)); s->d1->w_epoch++; } Loading
ssl/record/rec_layer.h +8 −0 Original line number Diff line number Diff line Loading @@ -174,6 +174,9 @@ typedef struct record_layer_st { /* number of bytes submitted */ int wpend_ret; const unsigned char *wpend_buf; unsigned char read_sequence[8]; unsigned char write_sequence[8]; } RECORD_LAYER; Loading @@ -190,6 +193,8 @@ typedef struct record_layer_st { #define RECORD_LAYER_get_packet(rl) ((rl)->packet) #define RECORD_LAYER_get_packet_length(rl) ((rl)->packet_length) #define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc)) #define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence) #define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence) void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s); void RECORD_LAYER_clear(RECORD_LAYER *rl); Loading @@ -198,6 +203,9 @@ int RECORD_LAYER_read_pending(RECORD_LAYER *rl); int RECORD_LAYER_write_pending(RECORD_LAYER *rl); int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len); void RECORD_LAYER_dup(RECORD_LAYER *dst, RECORD_LAYER *src); void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl); void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl); void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws); __owur int ssl3_pending(const SSL *s); __owur int ssl23_read_bytes(SSL *s, int n); __owur int ssl23_write_bytes(SSL *s); Loading
ssl/record/s3_pkt.c +19 −4 Original line number Diff line number Diff line Loading @@ -211,6 +211,21 @@ void RECORD_LAYER_dup(RECORD_LAYER *dst, RECORD_LAYER *src) dst->rstate = src->rstate; } void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl) { memset(rl->read_sequence, 0, 8); } void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl) { memset(rl->write_sequence, 0, 8); } void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws) { memcpy(rl->write_sequence, ws, sizeof(rl->write_sequence)); } int ssl3_pending(const SSL *s) { if (s->rlayer.rstate == SSL_ST_READ_BODY) Loading Loading @@ -541,7 +556,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) else nw = max_send_fragment * (mb_param.interleave = 4); memcpy(aad, s->s3->write_sequence, 8); memcpy(aad, s->rlayer.write_sequence, 8); aad[8] = type; aad[9] = (unsigned char)(s->version >> 8); aad[10] = (unsigned char)(s->version); Loading Loading @@ -570,10 +585,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) sizeof(mb_param), &mb_param) <= 0) return -1; s->s3->write_sequence[7] += mb_param.interleave; if (s->s3->write_sequence[7] < mb_param.interleave) { s->rlayer.write_sequence[7] += mb_param.interleave; if (s->rlayer.write_sequence[7] < mb_param.interleave) { int j = 6; while (j >= 0 && (++s->s3->write_sequence[j--]) == 0) ; while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) ; } wb->offset = 0; Loading
Richard Levitte <levitte@openssl.org>Richard Levitte <levitte@openssl.org>