Move read_sequence and write_sequence from s->s3 to s->rlayer

Reviewed-by: NRichard Levitte <levitte@openssl.org>

ssl/d1_both.c

@@ -961,7 +961,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 /*-
  * for these 2 messages, we need to
  * ssl->enc_read_ctx                    re-init
- * ssl->s3->read_sequence               zero
+ * ssl->rlayer.read_sequence            zero
  * ssl->s3->read_mac_secret             re-init
  * ssl->session->read_sym_enc           assign
  * ssl->session->read_compression       assign
@@ -1198,10 +1198,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
 
     if (frag->msg_header.saved_retransmit_state.epoch ==
         saved_state.epoch - 1) {
-        memcpy(save_write_sequence, s->s3->write_sequence,
-               sizeof(s->s3->write_sequence));
-        memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
-               sizeof(s->s3->write_sequence));
+
+        memcpy(save_write_sequence, RECORD_LAYER_get_write_sequence(&s->rlayer),
+               sizeof(save_write_sequence));
+        RECORD_LAYER_set_write_sequence(&s->rlayer, s->d1->last_write_sequence);
     }
 
     ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
@@ -1216,10 +1216,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
 
     if (frag->msg_header.saved_retransmit_state.epoch ==
         saved_state.epoch - 1) {
-        memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
-               sizeof(s->s3->write_sequence));
-        memcpy(s->s3->write_sequence, save_write_sequence,
-               sizeof(s->s3->write_sequence));
+        memcpy(s->d1->last_write_sequence,
+            RECORD_LAYER_get_write_sequence(&s->rlayer),
+            sizeof(s->d1->last_write_sequence));
+        RECORD_LAYER_set_write_sequence(&s->rlayer, save_write_sequence);
     }
 
     s->d1->retransmitting = 0;

ssl/d1_srvr.c

@@ -330,8 +330,8 @@ int dtls1_accept(SSL *s)
              * listening
              */
             if (listen) {
-                memcpy(s->s3->write_sequence, s->s3->read_sequence,
-                       sizeof(s->s3->write_sequence));
+                RECORD_LAYER_set_write_sequence(&s->rlayer,
+                    RECORD_LAYER_get_read_sequence(&s->rlayer));
             }
 
             /* If we're just listening, stop here */

ssl/record/d1_pkt.c

@@ -199,7 +199,7 @@ static int dtls1_copy_record(SSL *s, pitem *item)
     memcpy(&s->rlayer.rrec, &(rdata->rrec), sizeof(SSL3_RECORD));
 
     /* Set proper sequence number for mac calculation */
-    memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
+    memcpy(&(s->rlayer.read_sequence[2]), &(rdata->packet[5]), 6);
 
     return (1);
 }
@@ -1179,7 +1179,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
      * else s2n(s->d1->handshake_epoch, pseq);
      */
 
-    memcpy(pseq, &(s->s3->write_sequence[2]), 6);
+    memcpy(pseq, &(s->rlayer.write_sequence[2]), 6);
     pseq += 6;
     s2n(wr->length, pseq);
 
@@ -1194,7 +1194,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
     wr->type = type;            /* not needed but helps for debugging */
     wr->length += DTLS1_RT_HEADER_LENGTH;
 
-    ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
+    ssl3_record_sequence_update(&(s->rlayer.write_sequence[0]));
 
     if (create_empty_fragment) {
         /*
@@ -1227,7 +1227,7 @@ int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
 {
     int cmp;
     unsigned int shift;
-    const unsigned char *seq = s->s3->read_sequence;
+    const unsigned char *seq = s->rlayer.read_sequence;
 
     cmp = satsub64be(seq, bitmap->max_seq_num);
     if (cmp > 0) {
@@ -1248,7 +1248,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
 {
     int cmp;
     unsigned int shift;
-    const unsigned char *seq = s->s3->read_sequence;
+    const unsigned char *seq = s->rlayer.read_sequence;
 
     cmp = satsub64be(seq, bitmap->max_seq_num);
     if (cmp > 0) {
@@ -1288,17 +1288,17 @@ DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
 void dtls1_reset_seq_numbers(SSL *s, int rw)
 {
     unsigned char *seq;
-    unsigned int seq_bytes = sizeof(s->s3->read_sequence);
+    unsigned int seq_bytes = sizeof(s->rlayer.read_sequence);
 
     if (rw & SSL3_CC_READ) {
-        seq = s->s3->read_sequence;
+        seq = s->rlayer.read_sequence;
         s->d1->r_epoch++;
         memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
         memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
     } else {
-        seq = s->s3->write_sequence;
+        seq = s->rlayer.write_sequence;
         memcpy(s->d1->last_write_sequence, seq,
-               sizeof(s->s3->write_sequence));
+               sizeof(s->rlayer.write_sequence));
         s->d1->w_epoch++;
     }
 

ssl/record/rec_layer.h

@@ -174,6 +174,9 @@ typedef struct record_layer_st {
     /* number of bytes submitted */
     int wpend_ret;
     const unsigned char *wpend_buf;
+
+    unsigned char read_sequence[8];
+    unsigned char write_sequence[8];
 } RECORD_LAYER;
 
 
@@ -190,6 +193,8 @@ typedef struct record_layer_st {
 #define RECORD_LAYER_get_packet(rl)             ((rl)->packet)
 #define RECORD_LAYER_get_packet_length(rl)      ((rl)->packet_length)
 #define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc))
+#define RECORD_LAYER_get_read_sequence(rl)      ((rl)->read_sequence)
+#define RECORD_LAYER_get_write_sequence(rl)     ((rl)->write_sequence)
 
 void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
 void RECORD_LAYER_clear(RECORD_LAYER *rl);
@@ -198,6 +203,9 @@ int RECORD_LAYER_read_pending(RECORD_LAYER *rl);
 int RECORD_LAYER_write_pending(RECORD_LAYER *rl);
 int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len);
 void RECORD_LAYER_dup(RECORD_LAYER *dst, RECORD_LAYER *src);
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
+void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws);
 __owur int ssl3_pending(const SSL *s);
 __owur int ssl23_read_bytes(SSL *s, int n);
 __owur int ssl23_write_bytes(SSL *s);

ssl/record/s3_pkt.c

@@ -211,6 +211,21 @@ void RECORD_LAYER_dup(RECORD_LAYER *dst, RECORD_LAYER *src)
     dst->rstate = src->rstate;
 }
 
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
+{
+    memset(rl->read_sequence, 0, 8);
+}
+
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
+{
+    memset(rl->write_sequence, 0, 8);
+}
+
+void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws)
+{
+    memcpy(rl->write_sequence, ws, sizeof(rl->write_sequence));
+}
+
 int ssl3_pending(const SSL *s)
 {
     if (s->rlayer.rstate == SSL_ST_READ_BODY)
@@ -541,7 +556,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
             else
                 nw = max_send_fragment * (mb_param.interleave = 4);
 
-            memcpy(aad, s->s3->write_sequence, 8);
+            memcpy(aad, s->rlayer.write_sequence, 8);
             aad[8] = type;
             aad[9] = (unsigned char)(s->version >> 8);
             aad[10] = (unsigned char)(s->version);
@@ -570,10 +585,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                                     sizeof(mb_param), &mb_param) <= 0)
                 return -1;
 
-            s->s3->write_sequence[7] += mb_param.interleave;
-            if (s->s3->write_sequence[7] < mb_param.interleave) {
+            s->rlayer.write_sequence[7] += mb_param.interleave;
+            if (s->rlayer.write_sequence[7] < mb_param.interleave) {
                 int j = 6;
-                while (j >= 0 && (++s->s3->write_sequence[j--]) == 0) ;
+                while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) ;
             }
 
             wb->offset = 0;

ssl/record/ssl3_record.c

@@ -659,7 +659,8 @@ int tls1_enc(SSL *s, int send)
         if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
             unsigned char buf[13], *seq;
 
-            seq = send ? s->s3->write_sequence : s->s3->read_sequence;
+            seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer)
+                : RECORD_LAYER_get_read_sequence(&s->rlayer);
 
             if (SSL_IS_DTLS(s)) {
                 unsigned char dtlsseq[9], *p = dtlsseq;
@@ -773,12 +774,12 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
     if (send) {
         rec = RECORD_LAYER_get_wrec(&ssl->rlayer);
         mac_sec = &(ssl->s3->write_mac_secret[0]);
-        seq = &(ssl->s3->write_sequence[0]);
+        seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
         hash = ssl->write_hash;
     } else {
         rec = RECORD_LAYER_get_rrec(&ssl->rlayer);
         mac_sec = &(ssl->s3->read_mac_secret[0]);
-        seq = &(ssl->s3->read_sequence[0]);
+        seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
         hash = ssl->read_hash;
     }
 
@@ -869,11 +870,11 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 
     if (send) {
         rec = RECORD_LAYER_get_wrec(&ssl->rlayer);
-        seq = &(ssl->s3->write_sequence[0]);
+        seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
         hash = ssl->write_hash;
     } else {
         rec = RECORD_LAYER_get_rrec(&ssl->rlayer);
-        seq = &(ssl->s3->read_sequence[0]);
+        seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
         hash = ssl->read_hash;
     }
 
@@ -1045,7 +1046,8 @@ int tls1_cbc_remove_padding(const SSL *s,
      */
     if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
         /* First packet is even in size, so check */
-        if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
+        if ((memcmp(RECORD_LAYER_get_read_sequence(&s->rlayer),
+                "\0\0\0\0\0\0\0\0", 8) == 0) &&
             !(padding_length & 1)) {
             s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG;
         }
@@ -1431,7 +1433,7 @@ int dtls1_get_record(SSL *s)
         /* sequence number is 64 bits, with top 2 bytes = epoch */
         n2s(p, rr->epoch);
 
-        memcpy(&(s->s3->read_sequence[2]), p, 6);
+        memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);
         p += 6;
 
         n2s(p, rr->length);

ssl/s3_both.c

@@ -292,7 +292,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
 /*-
  * for these 2 messages, we need to
  * ssl->enc_read_ctx                    re-init
- * ssl->s3->read_sequence               zero
+ * ssl->rlayer.read_sequence            zero
  * ssl->s3->read_mac_secret             re-init
  * ssl->session->read_sym_enc           assign
  * ssl->session->read_compression       assign

ssl/s3_enc.c

@@ -274,7 +274,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                 goto err;
         }
 #endif
-        memset(&(s->s3->read_sequence[0]), 0, 8);
+        RECORD_LAYER_reset_read_sequence(&s->rlayer);
         mac_secret = &(s->s3->read_mac_secret[0]);
     } else {
         if (s->enc_write_ctx != NULL)
@@ -307,7 +307,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
             }
         }
 #endif
-        memset(&(s->s3->write_sequence[0]), 0, 8);
+        RECORD_LAYER_reset_write_sequence(&s->rlayer);
         mac_secret = &(s->s3->write_mac_secret[0]);
     }
 

ssl/ssl_locl.h

@@ -1224,10 +1224,8 @@ struct ssl_st {
 typedef struct ssl3_state_st {
     long flags;
     int delay_buf_pop_ret;
-    unsigned char read_sequence[8];
     int read_mac_secret_size;
     unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
-    unsigned char write_sequence[8];
     int write_mac_secret_size;
     unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
     unsigned char server_random[SSL3_RANDOM_SIZE];

ssl/t1_enc.c

@@ -404,7 +404,7 @@ int tls1_change_cipher_state(SSL *s, int which)
          * this is done by dtls1_reset_seq_numbers for DTLS
          */
         if (!SSL_IS_DTLS(s))
-            memset(&(s->s3->read_sequence[0]), 0, 8);
+            RECORD_LAYER_reset_read_sequence(&s->rlayer);
         mac_secret = &(s->s3->read_mac_secret[0]);
         mac_secret_size = &(s->s3->read_mac_secret_size);
     } else {
@@ -442,7 +442,7 @@ int tls1_change_cipher_state(SSL *s, int which)
          * this is done by dtls1_reset_seq_numbers for DTLS
          */
         if (!SSL_IS_DTLS(s))
-            memset(&(s->s3->write_sequence[0]), 0, 8);
+            RECORD_LAYER_reset_write_sequence(&s->rlayer);
         mac_secret = &(s->s3->write_mac_secret[0]);
         mac_secret_size = &(s->s3->write_mac_secret_size);
     }