From 9316af05a25df3b8d29b339ff7a98068c3a1e25c Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Sat, 21 Jun 2014 17:02:26 +0000 Subject: Pull the code that builds a DTLS sequence number out into its own function to avoid duplication. Also use fewer magic numbers. ok miod@ --- lib/libssl/src/ssl/d1_lib.c | 15 ++++++++++++++- lib/libssl/src/ssl/ssl_locl.h | 7 +++++-- lib/libssl/src/ssl/t1_enc.c | 30 ++++++++++-------------------- 3 files changed, 29 insertions(+), 23 deletions(-) (limited to 'lib/libssl') diff --git a/lib/libssl/src/ssl/d1_lib.c b/lib/libssl/src/ssl/d1_lib.c index 13c93a77cfc..b90cc8eed3a 100644 --- a/lib/libssl/src/ssl/d1_lib.c +++ b/lib/libssl/src/ssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.20 2014/06/13 04:29:13 miod Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.21 2014/06/21 17:02:25 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -460,3 +460,16 @@ dtls1_listen(SSL *s, struct sockaddr *client) (void)BIO_dgram_get_peer(SSL_get_rbio(s), client); return 1; } + +void +dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq, + unsigned short epoch) +{ + unsigned char dtlsseq[SSL3_SEQUENCE_SIZE]; + unsigned char *p; + + p = dtlsseq; + s2n(epoch, p); + memcpy(p, &seq[2], SSL3_SEQUENCE_SIZE - 2); + memcpy(dst, dtlsseq, SSL3_SEQUENCE_SIZE); +} diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index e7fdda69a98..09d4b203346 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.52 2014/06/15 15:29:25 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.53 2014/06/21 17:02:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -759,9 +759,12 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, int dtls1_get_queue_priority(unsigned short seq, int is_ccs); int dtls1_retransmit_buffered_messages(SSL *s); void dtls1_clear_record_buffer(SSL *s); -void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); +void dtls1_get_message_header(unsigned char *data, + struct hm_header_st *msg_hdr); void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_seq_numbers(SSL *s, int rw); +void dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq, + unsigned short epoch); long dtls1_default_timeout(void); struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); int dtls1_check_timeout_num(SSL *s); diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c index c4d53af556f..373c2d0060f 100644 --- a/lib/libssl/src/ssl/t1_enc.c +++ b/lib/libssl/src/ssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.62 2014/06/21 14:45:22 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.63 2014/06/21 17:02:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -795,11 +795,8 @@ tls1_enc(SSL *s, int send) ssize_t n; if (SSL_IS_DTLS(s)) { - unsigned char dtlsseq[9], *p = dtlsseq; - - s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p); - memcpy(p, &seq[2], 6); - memcpy(ad, dtlsseq, 8); + dtls1_build_sequence_number(ad, seq, + send ? s->d1->w_epoch : s->d1->r_epoch); } else { memcpy(ad, seq, SSL3_SEQUENCE_SIZE); ssl3_record_sequence_increment(seq); @@ -948,11 +945,8 @@ tls1_enc(SSL *s, int send) unsigned char buf[13]; if (SSL_IS_DTLS(s)) { - unsigned char dtlsseq[9], *p = dtlsseq; - - s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p); - memcpy(p, &seq[2], 6); - memcpy(buf, dtlsseq, 8); + dtls1_build_sequence_number(buf, seq, + send ? s->d1->w_epoch : s->d1->r_epoch); } else { memcpy(buf, seq, SSL3_SEQUENCE_SIZE); ssl3_record_sequence_increment(seq); @@ -1131,15 +1125,11 @@ tls1_mac(SSL *ssl, unsigned char *md, int send) mac_ctx = &hmac; } - if (SSL_IS_DTLS(ssl)) { - unsigned char dtlsseq[8], *p = dtlsseq; - - s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p); - memcpy(p, &seq[2], 6); - - memcpy(header, dtlsseq, 8); - } else - memcpy(header, seq, 8); + if (SSL_IS_DTLS(ssl)) + dtls1_build_sequence_number(header, seq, + send ? ssl->d1->w_epoch : ssl->d1->r_epoch); + else + memcpy(header, seq, SSL3_SEQUENCE_SIZE); /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */ orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8); -- cgit v1.2.3