generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move read_sequence and write_sequence from s->s3 to s->rlayer

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell 2015-02-03 14:26:50 +00:00
parent f8caa3c813
commit de07f311ce
10 changed files with 61 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ssl/d1_both.c
View File

@ -961,7 +961,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
/*-
* for these 2 messages, we need to
* ssl->enc_read_ctx re-init
* ssl->s3->read_sequence zero
* ssl->rlayer.read_sequence zero
* ssl->s3->read_mac_secret re-init
* ssl->session->read_sym_enc assign
* ssl->session->read_compression assign
@ -1198,10 +1198,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
if (frag->msg_header.saved_retransmit_state.epoch ==
saved_state.epoch - 1) {
memcpy(save_write_sequence, s->s3->write_sequence,
sizeof(s->s3->write_sequence));
memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
sizeof(s->s3->write_sequence));
memcpy(save_write_sequence, RECORD_LAYER_get_write_sequence(&s->rlayer),
sizeof(save_write_sequence));
RECORD_LAYER_set_write_sequence(&s->rlayer, s->d1->last_write_sequence);
}
ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
@ -1216,10 +1216,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
if (frag->msg_header.saved_retransmit_state.epoch ==
saved_state.epoch - 1) {
memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
sizeof(s->s3->write_sequence));
memcpy(s->s3->write_sequence, save_write_sequence,
sizeof(s->s3->write_sequence));
memcpy(s->d1->last_write_sequence,
RECORD_LAYER_get_write_sequence(&s->rlayer),
sizeof(s->d1->last_write_sequence));
RECORD_LAYER_set_write_sequence(&s->rlayer, save_write_sequence);
}
s->d1->retransmitting = 0;

4
ssl/d1_srvr.c
View File

@ -330,8 +330,8 @@ int dtls1_accept(SSL *s)
* listening
*/
if (listen) {
memcpy(s->s3->write_sequence, s->s3->read_sequence,
sizeof(s->s3->write_sequence));
RECORD_LAYER_set_write_sequence(&s->rlayer,
RECORD_LAYER_get_read_sequence(&s->rlayer));
}
/* If we're just listening, stop here */

18
ssl/record/d1_pkt.c
View File

@ -199,7 +199,7 @@ static int dtls1_copy_record(SSL *s, pitem *item)
memcpy(&s->rlayer.rrec, &(rdata->rrec), sizeof(SSL3_RECORD));
/* Set proper sequence number for mac calculation */
memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
memcpy(&(s->rlayer.read_sequence[2]), &(rdata->packet[5]), 6);
return (1);
}
@ -1179,7 +1179,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
* else s2n(s->d1->handshake_epoch, pseq);
*/
memcpy(pseq, &(s->s3->write_sequence[2]), 6);
memcpy(pseq, &(s->rlayer.write_sequence[2]), 6);
pseq += 6;
s2n(wr->length, pseq);
@ -1194,7 +1194,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
wr->type = type; /* not needed but helps for debugging */
wr->length += DTLS1_RT_HEADER_LENGTH;
ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
ssl3_record_sequence_update(&(s->rlayer.write_sequence[0]));
if (create_empty_fragment) {
/*
@ -1227,7 +1227,7 @@ int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
{
int cmp;
unsigned int shift;
const unsigned char *seq = s->s3->read_sequence;
const unsigned char *seq = s->rlayer.read_sequence;
cmp = satsub64be(seq, bitmap->max_seq_num);
if (cmp > 0) {
@ -1248,7 +1248,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
{
int cmp;
unsigned int shift;
const unsigned char *seq = s->s3->read_sequence;
const unsigned char *seq = s->rlayer.read_sequence;
cmp = satsub64be(seq, bitmap->max_seq_num);
if (cmp > 0) {
@ -1288,17 +1288,17 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
void dtls1_reset_seq_numbers(SSL *s, int rw)
{
unsigned char *seq;
unsigned int seq_bytes = sizeof(s->s3->read_sequence);
unsigned int seq_bytes = sizeof(s->rlayer.read_sequence);
if (rw & SSL3_CC_READ) {
seq = s->s3->read_sequence;
seq = s->rlayer.read_sequence;
s->d1->r_epoch++;
memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
} else {
seq = s->s3->write_sequence;
seq = s->rlayer.write_sequence;
memcpy(s->d1->last_write_sequence, seq,
sizeof(s->s3->write_sequence));
sizeof(s->rlayer.write_sequence));
s->d1->w_epoch++;
}

8
ssl/record/rec_layer.h
View File

@ -174,6 +174,9 @@ typedef struct record_layer_st {
/* number of bytes submitted */
int wpend_ret;
const unsigned char *wpend_buf;
unsigned char read_sequence[8];
unsigned char write_sequence[8];
} RECORD_LAYER;
@ -190,6 +193,8 @@ typedef struct record_layer_st {
#define RECORD_LAYER_get_packet(rl) ((rl)->packet)
#define RECORD_LAYER_get_packet_length(rl) ((rl)->packet_length)
#define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc))
#define RECORD_LAYER_get_read_sequence(rl) ((rl)->read_sequence)
#define RECORD_LAYER_get_write_sequence(rl) ((rl)->write_sequence)
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
void RECORD_LAYER_clear(RECORD_LAYER *rl);
@ -198,6 +203,9 @@ int RECORD_LAYER_read_pending(RECORD_LAYER *rl);
int RECORD_LAYER_write_pending(RECORD_LAYER *rl);
int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len);
void RECORD_LAYER_dup(RECORD_LAYER *dst, RECORD_LAYER *src);
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws);
__owur int ssl3_pending(const SSL *s);
__owur int ssl23_read_bytes(SSL *s, int n);
__owur int ssl23_write_bytes(SSL *s);

23
ssl/record/s3_pkt.c
View File

@ -211,6 +211,21 @@ void RECORD_LAYER_dup(RECORD_LAYER *dst, RECORD_LAYER *src)
dst->rstate = src->rstate;
}
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
{
memset(rl->read_sequence, 0, 8);
}
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
{
memset(rl->write_sequence, 0, 8);
}
void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws)
{
memcpy(rl->write_sequence, ws, sizeof(rl->write_sequence));
}
int ssl3_pending(const SSL *s)
{
if (s->rlayer.rstate == SSL_ST_READ_BODY)
@ -541,7 +556,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
else
nw = max_send_fragment * (mb_param.interleave = 4);
memcpy(aad, s->s3->write_sequence, 8);
memcpy(aad, s->rlayer.write_sequence, 8);
aad[8] = type;
aad[9] = (unsigned char)(s->version >> 8);
aad[10] = (unsigned char)(s->version);
@ -570,10 +585,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
sizeof(mb_param), &mb_param) <= 0)
return -1;
s->s3->write_sequence[7] += mb_param.interleave;
if (s->s3->write_sequence[7] < mb_param.interleave) {
s->rlayer.write_sequence[7] += mb_param.interleave;
if (s->rlayer.write_sequence[7] < mb_param.interleave) {
int j = 6;
while (j >= 0 && (++s->s3->write_sequence[j--]) == 0) ;
while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) ;
}
wb->offset = 0;

16
ssl/record/ssl3_record.c
View File

@ -659,7 +659,8 @@ int tls1_enc(SSL *s, int send)
if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
unsigned char buf[13], *seq;
seq = send ? s->s3->write_sequence : s->s3->read_sequence;
seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer)
: RECORD_LAYER_get_read_sequence(&s->rlayer);
if (SSL_IS_DTLS(s)) {
unsigned char dtlsseq[9], *p = dtlsseq;
@ -773,12 +774,12 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
if (send) {
rec = RECORD_LAYER_get_wrec(&ssl->rlayer);
mac_sec = &(ssl->s3->write_mac_secret[0]);
seq = &(ssl->s3->write_sequence[0]);
seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
hash = ssl->write_hash;
} else {
rec = RECORD_LAYER_get_rrec(&ssl->rlayer);
mac_sec = &(ssl->s3->read_mac_secret[0]);
seq = &(ssl->s3->read_sequence[0]);
seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
hash = ssl->read_hash;
}
@ -869,11 +870,11 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
if (send) {
rec = RECORD_LAYER_get_wrec(&ssl->rlayer);
seq = &(ssl->s3->write_sequence[0]);
seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
hash = ssl->write_hash;
} else {
rec = RECORD_LAYER_get_rrec(&ssl->rlayer);
seq = &(ssl->s3->read_sequence[0]);
seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
hash = ssl->read_hash;
}
@ -1045,7 +1046,8 @@ int tls1_cbc_remove_padding(const SSL *s,
*/
if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
/* First packet is even in size, so check */
if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
if ((memcmp(RECORD_LAYER_get_read_sequence(&s->rlayer),
"\0\0\0\0\0\0\0\0", 8) == 0) &&
!(padding_length & 1)) {
s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG;
}
@ -1431,7 +1433,7 @@ int dtls1_get_record(SSL *s)
/* sequence number is 64 bits, with top 2 bytes = epoch */
n2s(p, rr->epoch);
memcpy(&(s->s3->read_sequence[2]), p, 6);
memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);
p += 6;
n2s(p, rr->length);

2
ssl/s3_both.c
View File

@ -292,7 +292,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
/*-
* for these 2 messages, we need to
* ssl->enc_read_ctx re-init
* ssl->s3->read_sequence zero
* ssl->rlayer.read_sequence zero
* ssl->s3->read_mac_secret re-init
* ssl->session->read_sym_enc assign
* ssl->session->read_compression assign

4
ssl/s3_enc.c
View File

@ -274,7 +274,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
goto err;
}
#endif
memset(&(s->s3->read_sequence[0]), 0, 8);
RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3->read_mac_secret[0]);
} else {
if (s->enc_write_ctx != NULL)
@ -307,7 +307,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
}
}
#endif
memset(&(s->s3->write_sequence[0]), 0, 8);
RECORD_LAYER_reset_write_sequence(&s->rlayer);
mac_secret = &(s->s3->write_mac_secret[0]);
}

2
ssl/ssl_locl.h
View File

@ -1224,10 +1224,8 @@ struct ssl_st {
typedef struct ssl3_state_st {
long flags;
int delay_buf_pop_ret;
unsigned char read_sequence[8];
int read_mac_secret_size;
unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
unsigned char write_sequence[8];
int write_mac_secret_size;
unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
unsigned char server_random[SSL3_RANDOM_SIZE];

4
ssl/t1_enc.c
View File

@ -404,7 +404,7 @@ int tls1_change_cipher_state(SSL *s, int which)
* this is done by dtls1_reset_seq_numbers for DTLS
*/
if (!SSL_IS_DTLS(s))
memset(&(s->s3->read_sequence[0]), 0, 8);
RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3->read_mac_secret[0]);
mac_secret_size = &(s->s3->read_mac_secret_size);
} else {
@ -442,7 +442,7 @@ int tls1_change_cipher_state(SSL *s, int which)
* this is done by dtls1_reset_seq_numbers for DTLS
*/
if (!SSL_IS_DTLS(s))
memset(&(s->s3->write_sequence[0]), 0, 8);
RECORD_LAYER_reset_write_sequence(&s->rlayer);
mac_secret = &(s->s3->write_mac_secret[0]);
mac_secret_size = &(s->s3->write_mac_secret_size);
}