libressl/0083-ssl-merge-read-and-write-sequence-secrets-into-commo.patch

From c9bfbd055ab424bf13a4790d2321f6dc32aac555 Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Wed, 15 Apr 2020 23:53:16 +0300
Subject: [PATCH 83/87] ssl: merge read and write sequence/secrets into common
 state

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 src/lib/libssl/d1_both.c  | 16 ++++++++--------
 src/lib/libssl/d1_pkt.c   | 22 +++++++++++-----------
 src/lib/libssl/ssl_locl.h | 14 ++++++++------
 src/lib/libssl/ssl_srvr.c |  6 +++---
 src/lib/libssl/t1_enc.c   | 25 +++++++++++--------------
 5 files changed, 41 insertions(+), 42 deletions(-)

diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 8f3cc610b..4859bdea2 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1084,10 +1084,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
 
 	if (frag->msg_header.saved_retransmit_state.epoch ==
 	    saved_state.epoch - 1) {
-		memcpy(save_write_sequence, S3I(s)->write_sequence,
-		    sizeof(S3I(s)->write_sequence));
-		memcpy(S3I(s)->write_sequence, D1I(s)->last_write_sequence,
-		    sizeof(S3I(s)->write_sequence));
+		memcpy(save_write_sequence, S3I(s)->write.sequence,
+		    sizeof(S3I(s)->write.sequence));
+		memcpy(S3I(s)->write.sequence, D1I(s)->last_write_sequence,
+		    sizeof(S3I(s)->write.sequence));
 	}
 
 	ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
@@ -1101,10 +1101,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
 
 	if (frag->msg_header.saved_retransmit_state.epoch ==
 	    saved_state.epoch - 1) {
-		memcpy(D1I(s)->last_write_sequence, S3I(s)->write_sequence,
-		    sizeof(S3I(s)->write_sequence));
-		memcpy(S3I(s)->write_sequence, save_write_sequence,
-		    sizeof(S3I(s)->write_sequence));
+		memcpy(D1I(s)->last_write_sequence, S3I(s)->write.sequence,
+		    sizeof(S3I(s)->write.sequence));
+		memcpy(S3I(s)->write.sequence, save_write_sequence,
+		    sizeof(S3I(s)->write.sequence));
 	}
 
 	D1I(s)->retransmitting = 0;
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 36090533a..8c18bcdb8 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -208,7 +208,7 @@ dtls1_copy_record(SSL *s, pitem *item)
 	memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
 
 	/* Set proper sequence number for mac calculation */
-	memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6);
+	memcpy(&(S3I(s)->read.sequence[2]), &(rdata->packet[5]), 6);
 
 	return (1);
 }
@@ -520,8 +520,8 @@ again:
 		    !CBS_get_bytes(&header, &seq_no, 6))
 			goto again;
 
-		if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]),
-		    sizeof(S3I(s)->read_sequence) - 2, NULL))
+		if (!CBS_write_bytes(&seq_no, &(S3I(s)->read.sequence[2]),
+		    sizeof(S3I(s)->read.sequence) - 2, NULL))
 			goto again;
 		if (!CBS_get_u16(&header, &len))
 			goto again;
@@ -1232,7 +1232,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 		goto err;
 	if (!CBB_add_u16(&cbb, D1I(s)->w_epoch))
 		goto err;
-	if (!CBB_add_bytes(&cbb, &(S3I(s)->write_sequence[2]), 6))
+	if (!CBB_add_bytes(&cbb, &(S3I(s)->write.sequence[2]), 6))
 		goto err;
 
 	p += DTLS1_RT_HEADER_LENGTH;
@@ -1296,7 +1296,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 	wr->type = type; /* not needed but helps for debugging */
 	wr->length += DTLS1_RT_HEADER_LENGTH;
 
-	tls1_record_sequence_increment(S3I(s)->write_sequence);
+	tls1_record_sequence_increment(S3I(s)->write.sequence);
 
 	/* now let's set up wb */
 	wb->left = wr->length;
@@ -1324,7 +1324,7 @@ dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
 {
 	int cmp;
 	unsigned int shift;
-	const unsigned char *seq = S3I(s)->read_sequence;
+	const unsigned char *seq = S3I(s)->read.sequence;
 
 	cmp = satsub64be(seq, bitmap->max_seq_num);
 	if (cmp > 0) {
@@ -1347,7 +1347,7 @@ dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
 {
 	int cmp;
 	unsigned int shift;
-	const unsigned char *seq = S3I(s)->read_sequence;
+	const unsigned char *seq = S3I(s)->read.sequence;
 
 	cmp = satsub64be(seq, bitmap->max_seq_num);
 	if (cmp > 0) {
@@ -1429,16 +1429,16 @@ void
 dtls1_reset_seq_numbers(SSL *s, int rw)
 {
 	unsigned char *seq;
-	unsigned int seq_bytes = sizeof(S3I(s)->read_sequence);
+	unsigned int seq_bytes = sizeof(S3I(s)->read.sequence);
 
 	if (rw & SSL3_CC_READ) {
-		seq = S3I(s)->read_sequence;
+		seq = S3I(s)->read.sequence;
 		D1I(s)->r_epoch++;
 		memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));
 		memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
 	} else {
-		seq = S3I(s)->write_sequence;
-		memcpy(D1I(s)->last_write_sequence, seq, sizeof(S3I(s)->write_sequence));
+		seq = S3I(s)->write.sequence;
+		memcpy(D1I(s)->last_write_sequence, seq, sizeof(S3I(s)->write.sequence));
 		D1I(s)->w_epoch++;
 	}
 
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 858010b87..2ef7e58f6 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -808,13 +808,15 @@ typedef struct ssl3_buffer_internal_st {
 	int left;		/* how many bytes left */
 } SSL3_BUFFER_INTERNAL;
 
+typedef struct ssl3_rw_state_internal_st {
+	unsigned char sequence[SSL3_SEQUENCE_SIZE];
+	int mac_secret_size;
+	unsigned char mac_secret[EVP_MAX_MD_SIZE];
+} SSL3_RW_STATE_INTERNAL;
+
 typedef struct ssl3_state_internal_st {
-	unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
-	int read_mac_secret_size;
-	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
-	unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
-	int write_mac_secret_size;
-	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
+	SSL3_RW_STATE_INTERNAL read;
+	SSL3_RW_STATE_INTERNAL write;
 
 	SSL3_BUFFER_INTERNAL rbuf;	/* read IO goes into here */
 	SSL3_BUFFER_INTERNAL wbuf;	/* write IO goes into here */
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 1d924617c..e620a563d 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -328,9 +328,9 @@ ssl3_accept(SSL *s)
 				 * stateless while listening.
 				 */
 				if (listen) {
-					memcpy(S3I(s)->write_sequence,
-					    S3I(s)->read_sequence,
-					    sizeof(S3I(s)->write_sequence));
+					memcpy(S3I(s)->write.sequence,
+					    S3I(s)->read.sequence,
+					    sizeof(S3I(s)->write.sequence));
 				}
 
 				/* If we're just listening, stop here */
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 363447b52..05c45fc31 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -510,6 +510,7 @@ tls1_change_cipher_state(SSL *s, int which)
 	const EVP_CIPHER *cipher;
 	const EVP_AEAD *aead;
 	char is_read, use_client_keys;
+	SSL3_RW_STATE_INTERNAL *rws;
 
 	cipher = S3I(s)->tmp.new_sym_enc;
 	aead = S3I(s)->tmp.new_aead;
@@ -520,6 +521,7 @@ tls1_change_cipher_state(SSL *s, int which)
 	 * just written one.
 	 */
 	is_read = (which & SSL3_CC_READ) != 0;
+	rws = is_read ? &S3I(s)->read : &S3I(s)->write;
 
 	/*
 	 * use_client_keys is true if we wish to use the keys for the "client
@@ -534,7 +536,7 @@ tls1_change_cipher_state(SSL *s, int which)
 	 * dtls1_reset_seq_numbers().
 	 */
 	if (!SSL_IS_DTLS(s)) {
-		seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence;
+		seq = rws->sequence;
 		memset(seq, 0, SSL3_SEQUENCE_SIZE);
 	}
 
@@ -577,13 +579,8 @@ tls1_change_cipher_state(SSL *s, int which)
 		goto err2;
 	}
 
-	if (is_read) {
-		memcpy(S3I(s)->read_mac_secret, mac_secret, mac_secret_size);
-		S3I(s)->read_mac_secret_size = mac_secret_size;
-	} else {
-		memcpy(S3I(s)->write_mac_secret, mac_secret, mac_secret_size);
-		S3I(s)->write_mac_secret_size = mac_secret_size;
-	}
+	memcpy(rws->mac_secret, mac_secret, mac_secret_size);
+	rws->mac_secret_size = mac_secret_size;
 
 	if (aead != NULL) {
 		return tls1_change_cipher_state_aead(s, is_read, key, key_len,
@@ -700,11 +697,11 @@ tls1_enc(SSL *s, int send)
 	if (send) {
 		aead = s->internal->aead_write_ctx;
 		rec = &S3I(s)->wrec;
-		seq = S3I(s)->write_sequence;
+		seq = S3I(s)->write.sequence;
 	} else {
 		aead = s->internal->aead_read_ctx;
 		rec = &S3I(s)->rrec;
-		seq = S3I(s)->read_sequence;
+		seq = S3I(s)->read.sequence;
 	}
 
 	if (aead) {
@@ -968,12 +965,12 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
 
 	if (send) {
 		rec = &(ssl->s3->internal->wrec);
-		seq = &(ssl->s3->internal->write_sequence[0]);
+		seq = &(ssl->s3->internal->write.sequence[0]);
 		hash = ssl->internal->write_hash;
 		t = ssl->internal->write_mac_size;
 	} else {
 		rec = &(ssl->s3->internal->rrec);
-		seq = &(ssl->s3->internal->read_sequence[0]);
+		seq = &(ssl->s3->internal->read.sequence[0]);
 		hash = ssl->read_hash;
 		t = ssl->read_mac_size;
 	}
@@ -1014,8 +1011,8 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
 		if (!ssl3_cbc_digest_record(mac_ctx,
 		    md, &md_size, header, rec->input,
 		    rec->length + md_size, orig_len,
-		    ssl->s3->internal->read_mac_secret,
-		    ssl->s3->internal->read_mac_secret_size))
+		    ssl->s3->internal->read.mac_secret,
+		    ssl->s3->internal->read.mac_secret_size))
 			return -1;
 	} else {
 		EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
-- 
2.17.1
Add gost-new patches sponsored by ROSA Linux TODO: add tests 2020-08-05 12:55:25 +03:00			`From c9bfbd055ab424bf13a4790d2321f6dc32aac555 Mon Sep 17 00:00:00 2001`
			`From: Dmitry Baryshkov <dbaryshkov@gmail.com>`
			`Date: Wed, 15 Apr 2020 23:53:16 +0300`
			`Subject: [PATCH 83/87] ssl: merge read and write sequence/secrets into common`
			`state`

			`Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>`
			`---`
			`src/lib/libssl/d1_both.c \| 16 ++++++++--------`
			`src/lib/libssl/d1_pkt.c \| 22 +++++++++++-----------`
			`src/lib/libssl/ssl_locl.h \| 14 ++++++++------`
			`src/lib/libssl/ssl_srvr.c \| 6 +++---`
			`src/lib/libssl/t1_enc.c \| 25 +++++++++++--------------`
			`5 files changed, 41 insertions(+), 42 deletions(-)`

			`diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c`
			`index 8f3cc610b..4859bdea2 100644`
			`--- a/src/lib/libssl/d1_both.c`
			`+++ b/src/lib/libssl/d1_both.c`
			`@@ -1084,10 +1084,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,`

			`if (frag->msg_header.saved_retransmit_state.epoch ==`
			`saved_state.epoch - 1) {`
			`- memcpy(save_write_sequence, S3I(s)->write_sequence,`
			`- sizeof(S3I(s)->write_sequence));`
			`- memcpy(S3I(s)->write_sequence, D1I(s)->last_write_sequence,`
			`- sizeof(S3I(s)->write_sequence));`
			`+ memcpy(save_write_sequence, S3I(s)->write.sequence,`
			`+ sizeof(S3I(s)->write.sequence));`
			`+ memcpy(S3I(s)->write.sequence, D1I(s)->last_write_sequence,`
			`+ sizeof(S3I(s)->write.sequence));`
			`}`

			`ret = dtls1_do_write(s, frag->msg_header.is_ccs ?`
			`@@ -1101,10 +1101,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,`

			`if (frag->msg_header.saved_retransmit_state.epoch ==`
			`saved_state.epoch - 1) {`
			`- memcpy(D1I(s)->last_write_sequence, S3I(s)->write_sequence,`
			`- sizeof(S3I(s)->write_sequence));`
			`- memcpy(S3I(s)->write_sequence, save_write_sequence,`
			`- sizeof(S3I(s)->write_sequence));`
			`+ memcpy(D1I(s)->last_write_sequence, S3I(s)->write.sequence,`
			`+ sizeof(S3I(s)->write.sequence));`
			`+ memcpy(S3I(s)->write.sequence, save_write_sequence,`
			`+ sizeof(S3I(s)->write.sequence));`
			`}`

			`D1I(s)->retransmitting = 0;`
			`diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c`
			`index 36090533a..8c18bcdb8 100644`
			`--- a/src/lib/libssl/d1_pkt.c`
			`+++ b/src/lib/libssl/d1_pkt.c`
			`@@ -208,7 +208,7 @@ dtls1_copy_record(SSL s, pitem item)`
			`memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));`

			`/* Set proper sequence number for mac calculation */`
			`- memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6);`
			`+ memcpy(&(S3I(s)->read.sequence[2]), &(rdata->packet[5]), 6);`

			`return (1);`
			`}`
			`@@ -520,8 +520,8 @@ again:`
			`!CBS_get_bytes(&header, &seq_no, 6))`
			`goto again;`

			`- if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]),`
			`- sizeof(S3I(s)->read_sequence) - 2, NULL))`
			`+ if (!CBS_write_bytes(&seq_no, &(S3I(s)->read.sequence[2]),`
			`+ sizeof(S3I(s)->read.sequence) - 2, NULL))`
			`goto again;`
			`if (!CBS_get_u16(&header, &len))`
			`goto again;`
			`@@ -1232,7 +1232,7 @@ do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)`
			`goto err;`
			`if (!CBB_add_u16(&cbb, D1I(s)->w_epoch))`
			`goto err;`
			`- if (!CBB_add_bytes(&cbb, &(S3I(s)->write_sequence[2]), 6))`
			`+ if (!CBB_add_bytes(&cbb, &(S3I(s)->write.sequence[2]), 6))`
			`goto err;`

			`p += DTLS1_RT_HEADER_LENGTH;`
			`@@ -1296,7 +1296,7 @@ do_dtls1_write(SSL s, int type, const unsigned char buf, unsigned int len)`
			`wr->type = type; /* not needed but helps for debugging */`
			`wr->length += DTLS1_RT_HEADER_LENGTH;`

			`- tls1_record_sequence_increment(S3I(s)->write_sequence);`
			`+ tls1_record_sequence_increment(S3I(s)->write.sequence);`

			`/* now let's set up wb */`
			`wb->left = wr->length;`
			`@@ -1324,7 +1324,7 @@ dtls1_record_replay_check(SSL s, DTLS1_BITMAP bitmap)`
			`{`
			`int cmp;`
			`unsigned int shift;`
			`- const unsigned char *seq = S3I(s)->read_sequence;`
			`+ const unsigned char *seq = S3I(s)->read.sequence;`

			`cmp = satsub64be(seq, bitmap->max_seq_num);`
			`if (cmp > 0) {`
			`@@ -1347,7 +1347,7 @@ dtls1_record_bitmap_update(SSL s, DTLS1_BITMAP bitmap)`
			`{`
			`int cmp;`
			`unsigned int shift;`
			`- const unsigned char *seq = S3I(s)->read_sequence;`
			`+ const unsigned char *seq = S3I(s)->read.sequence;`

			`cmp = satsub64be(seq, bitmap->max_seq_num);`
			`if (cmp > 0) {`
			`@@ -1429,16 +1429,16 @@ void`
			`dtls1_reset_seq_numbers(SSL *s, int rw)`
			`{`
			`unsigned char *seq;`
			`- unsigned int seq_bytes = sizeof(S3I(s)->read_sequence);`
			`+ unsigned int seq_bytes = sizeof(S3I(s)->read.sequence);`

			`if (rw & SSL3_CC_READ) {`
			`- seq = S3I(s)->read_sequence;`
			`+ seq = S3I(s)->read.sequence;`
			`D1I(s)->r_epoch++;`
			`memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));`
			`memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));`
			`} else {`
			`- seq = S3I(s)->write_sequence;`
			`- memcpy(D1I(s)->last_write_sequence, seq, sizeof(S3I(s)->write_sequence));`
			`+ seq = S3I(s)->write.sequence;`
			`+ memcpy(D1I(s)->last_write_sequence, seq, sizeof(S3I(s)->write.sequence));`
			`D1I(s)->w_epoch++;`
			`}`

			`diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h`
			`index 858010b87..2ef7e58f6 100644`
			`--- a/src/lib/libssl/ssl_locl.h`
			`+++ b/src/lib/libssl/ssl_locl.h`
			`@@ -808,13 +808,15 @@ typedef struct ssl3_buffer_internal_st {`
			`int left; /* how many bytes left */`
			`} SSL3_BUFFER_INTERNAL;`

			`+typedef struct ssl3_rw_state_internal_st {`
			`+ unsigned char sequence[SSL3_SEQUENCE_SIZE];`
			`+ int mac_secret_size;`
			`+ unsigned char mac_secret[EVP_MAX_MD_SIZE];`
			`+} SSL3_RW_STATE_INTERNAL;`
			`+`
			`typedef struct ssl3_state_internal_st {`
			`- unsigned char read_sequence[SSL3_SEQUENCE_SIZE];`
			`- int read_mac_secret_size;`
			`- unsigned char read_mac_secret[EVP_MAX_MD_SIZE];`
			`- unsigned char write_sequence[SSL3_SEQUENCE_SIZE];`
			`- int write_mac_secret_size;`
			`- unsigned char write_mac_secret[EVP_MAX_MD_SIZE];`
			`+ SSL3_RW_STATE_INTERNAL read;`
			`+ SSL3_RW_STATE_INTERNAL write;`

			`SSL3_BUFFER_INTERNAL rbuf; /* read IO goes into here */`
			`SSL3_BUFFER_INTERNAL wbuf; /* write IO goes into here */`
			`diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c`
			`index 1d924617c..e620a563d 100644`
			`--- a/src/lib/libssl/ssl_srvr.c`
			`+++ b/src/lib/libssl/ssl_srvr.c`
			`@@ -328,9 +328,9 @@ ssl3_accept(SSL *s)`
			`* stateless while listening.`
			`*/`
			`if (listen) {`
			`- memcpy(S3I(s)->write_sequence,`
			`- S3I(s)->read_sequence,`
			`- sizeof(S3I(s)->write_sequence));`
			`+ memcpy(S3I(s)->write.sequence,`
			`+ S3I(s)->read.sequence,`
			`+ sizeof(S3I(s)->write.sequence));`
			`}`

			`/* If we're just listening, stop here */`
			`diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c`
			`index 363447b52..05c45fc31 100644`
			`--- a/src/lib/libssl/t1_enc.c`
			`+++ b/src/lib/libssl/t1_enc.c`
			`@@ -510,6 +510,7 @@ tls1_change_cipher_state(SSL *s, int which)`
			`const EVP_CIPHER *cipher;`
			`const EVP_AEAD *aead;`
			`char is_read, use_client_keys;`
			`+ SSL3_RW_STATE_INTERNAL *rws;`

			`cipher = S3I(s)->tmp.new_sym_enc;`
			`aead = S3I(s)->tmp.new_aead;`
			`@@ -520,6 +521,7 @@ tls1_change_cipher_state(SSL *s, int which)`
			`* just written one.`
			`*/`
			`is_read = (which & SSL3_CC_READ) != 0;`
			`+ rws = is_read ? &S3I(s)->read : &S3I(s)->write;`

			`/*`
			`* use_client_keys is true if we wish to use the keys for the "client`
			`@@ -534,7 +536,7 @@ tls1_change_cipher_state(SSL *s, int which)`
			`* dtls1_reset_seq_numbers().`
			`*/`
			`if (!SSL_IS_DTLS(s)) {`
			`- seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence;`
			`+ seq = rws->sequence;`
			`memset(seq, 0, SSL3_SEQUENCE_SIZE);`
			`}`

			`@@ -577,13 +579,8 @@ tls1_change_cipher_state(SSL *s, int which)`
			`goto err2;`
			`}`

			`- if (is_read) {`
			`- memcpy(S3I(s)->read_mac_secret, mac_secret, mac_secret_size);`
			`- S3I(s)->read_mac_secret_size = mac_secret_size;`
			`- } else {`
			`- memcpy(S3I(s)->write_mac_secret, mac_secret, mac_secret_size);`
			`- S3I(s)->write_mac_secret_size = mac_secret_size;`
			`- }`
			`+ memcpy(rws->mac_secret, mac_secret, mac_secret_size);`
			`+ rws->mac_secret_size = mac_secret_size;`

			`if (aead != NULL) {`
			`return tls1_change_cipher_state_aead(s, is_read, key, key_len,`
			`@@ -700,11 +697,11 @@ tls1_enc(SSL *s, int send)`
			`if (send) {`
			`aead = s->internal->aead_write_ctx;`
			`rec = &S3I(s)->wrec;`
			`- seq = S3I(s)->write_sequence;`
			`+ seq = S3I(s)->write.sequence;`
			`} else {`
			`aead = s->internal->aead_read_ctx;`
			`rec = &S3I(s)->rrec;`
			`- seq = S3I(s)->read_sequence;`
			`+ seq = S3I(s)->read.sequence;`
			`}`

			`if (aead) {`
			`@@ -968,12 +965,12 @@ tls1_mac(SSL ssl, unsigned char md, int send)`

			`if (send) {`
			`rec = &(ssl->s3->internal->wrec);`
			`- seq = &(ssl->s3->internal->write_sequence[0]);`
			`+ seq = &(ssl->s3->internal->write.sequence[0]);`
			`hash = ssl->internal->write_hash;`
			`t = ssl->internal->write_mac_size;`
			`} else {`
			`rec = &(ssl->s3->internal->rrec);`
			`- seq = &(ssl->s3->internal->read_sequence[0]);`
			`+ seq = &(ssl->s3->internal->read.sequence[0]);`
			`hash = ssl->read_hash;`
			`t = ssl->read_mac_size;`
			`}`
			`@@ -1014,8 +1011,8 @@ tls1_mac(SSL ssl, unsigned char md, int send)`
			`if (!ssl3_cbc_digest_record(mac_ctx,`
			`md, &md_size, header, rec->input,`
			`rec->length + md_size, orig_len,`
			`- ssl->s3->internal->read_mac_secret,`
			`- ssl->s3->internal->read_mac_secret_size))`
			`+ ssl->s3->internal->read.mac_secret,`
			`+ ssl->s3->internal->read.mac_secret_size))`
			`return -1;`
			`} else {`
			`EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));`
			`--`
			`2.17.1`