summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2014-06-21 17:02:26 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2014-06-21 17:02:26 +0000
commitcef9f704bf7ff1454d28aa9fc3d7ff4f6b0365e5 (patch)
tree68b0d232194f6c5c0c12414bf45dbd8b873ebc40
parent5e2c4f3f8b0794d58498c9e5d01c9076e8fc6de0 (diff)
Pull the code that builds a DTLS sequence number out into its own function
to avoid duplication. Also use fewer magic numbers. ok miod@
-rw-r--r--lib/libssl/d1_lib.c15
-rw-r--r--lib/libssl/ssl_locl.h7
-rw-r--r--lib/libssl/t1_enc.c30
3 files changed, 29 insertions, 23 deletions
diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c
index 13c93a77cfc..b90cc8eed3a 100644
--- a/lib/libssl/d1_lib.c
+++ b/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.20 2014/06/13 04:29:13 miod Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.21 2014/06/21 17:02:25 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -460,3 +460,16 @@ dtls1_listen(SSL *s, struct sockaddr *client)
(void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
return 1;
}
+
+void
+dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq,
+ unsigned short epoch)
+{
+ unsigned char dtlsseq[SSL3_SEQUENCE_SIZE];
+ unsigned char *p;
+
+ p = dtlsseq;
+ s2n(epoch, p);
+ memcpy(p, &seq[2], SSL3_SEQUENCE_SIZE - 2);
+ memcpy(dst, dtlsseq, SSL3_SEQUENCE_SIZE);
+}
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index e7fdda69a98..09d4b203346 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.52 2014/06/15 15:29:25 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.53 2014/06/21 17:02:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -759,9 +759,12 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq,
int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
int dtls1_retransmit_buffered_messages(SSL *s);
void dtls1_clear_record_buffer(SSL *s);
-void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
+void dtls1_get_message_header(unsigned char *data,
+ struct hm_header_st *msg_hdr);
void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
void dtls1_reset_seq_numbers(SSL *s, int rw);
+void dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq,
+ unsigned short epoch);
long dtls1_default_timeout(void);
struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
int dtls1_check_timeout_num(SSL *s);
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index c4d53af556f..373c2d0060f 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.62 2014/06/21 14:45:22 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.63 2014/06/21 17:02:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -795,11 +795,8 @@ tls1_enc(SSL *s, int send)
ssize_t n;
if (SSL_IS_DTLS(s)) {
- unsigned char dtlsseq[9], *p = dtlsseq;
-
- s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
- memcpy(p, &seq[2], 6);
- memcpy(ad, dtlsseq, 8);
+ dtls1_build_sequence_number(ad, seq,
+ send ? s->d1->w_epoch : s->d1->r_epoch);
} else {
memcpy(ad, seq, SSL3_SEQUENCE_SIZE);
ssl3_record_sequence_increment(seq);
@@ -948,11 +945,8 @@ tls1_enc(SSL *s, int send)
unsigned char buf[13];
if (SSL_IS_DTLS(s)) {
- unsigned char dtlsseq[9], *p = dtlsseq;
-
- s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
- memcpy(p, &seq[2], 6);
- memcpy(buf, dtlsseq, 8);
+ dtls1_build_sequence_number(buf, seq,
+ send ? s->d1->w_epoch : s->d1->r_epoch);
} else {
memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
ssl3_record_sequence_increment(seq);
@@ -1131,15 +1125,11 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
mac_ctx = &hmac;
}
- if (SSL_IS_DTLS(ssl)) {
- unsigned char dtlsseq[8], *p = dtlsseq;
-
- s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
- memcpy(p, &seq[2], 6);
-
- memcpy(header, dtlsseq, 8);
- } else
- memcpy(header, seq, 8);
+ if (SSL_IS_DTLS(ssl))
+ dtls1_build_sequence_number(header, seq,
+ send ? ssl->d1->w_epoch : ssl->d1->r_epoch);
+ else
+ memcpy(header, seq, SSL3_SEQUENCE_SIZE);
/* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);