From c9bfbd055ab424bf13a4790d2321f6dc32aac555 Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Wed, 15 Apr 2020 23:53:16 +0300
Subject: [PATCH 83/87] ssl: merge read and write sequence/secrets into common
 state

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 src/lib/libssl/d1_both.c  | 16 ++++++++--------
 src/lib/libssl/d1_pkt.c   | 22 +++++++++++-----------
 src/lib/libssl/ssl_locl.h | 14 ++++++++------
 src/lib/libssl/ssl_srvr.c |  6 +++---
 src/lib/libssl/t1_enc.c   | 25 +++++++++++--------------
 5 files changed, 41 insertions(+), 42 deletions(-)

diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 8f3cc610b..4859bdea2 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1084,10 +1084,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
 
 	if (frag->msg_header.saved_retransmit_state.epoch ==
 	    saved_state.epoch - 1) {
-		memcpy(save_write_sequence, S3I(s)->write_sequence,
-		    sizeof(S3I(s)->write_sequence));
-		memcpy(S3I(s)->write_sequence, D1I(s)->last_write_sequence,
-		    sizeof(S3I(s)->write_sequence));
+		memcpy(save_write_sequence, S3I(s)->write.sequence,
+		    sizeof(S3I(s)->write.sequence));
+		memcpy(S3I(s)->write.sequence, D1I(s)->last_write_sequence,
+		    sizeof(S3I(s)->write.sequence));
 	}
 
 	ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
@@ -1101,10 +1101,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
 
 	if (frag->msg_header.saved_retransmit_state.epoch ==
 	    saved_state.epoch - 1) {
-		memcpy(D1I(s)->last_write_sequence, S3I(s)->write_sequence,
-		    sizeof(S3I(s)->write_sequence));
-		memcpy(S3I(s)->write_sequence, save_write_sequence,
-		    sizeof(S3I(s)->write_sequence));
+		memcpy(D1I(s)->last_write_sequence, S3I(s)->write.sequence,
+		    sizeof(S3I(s)->write.sequence));
+		memcpy(S3I(s)->write.sequence, save_write_sequence,
+		    sizeof(S3I(s)->write.sequence));
 	}
 
 	D1I(s)->retransmitting = 0;
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 36090533a..8c18bcdb8 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -208,7 +208,7 @@ dtls1_copy_record(SSL *s, pitem *item)
 	memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
 
 	/* Set proper sequence number for mac calculation */
-	memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6);
+	memcpy(&(S3I(s)->read.sequence[2]), &(rdata->packet[5]), 6);
 
 	return (1);
 }
@@ -520,8 +520,8 @@ again:
 		    !CBS_get_bytes(&header, &seq_no, 6))
 			goto again;
 
-		if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]),
-		    sizeof(S3I(s)->read_sequence) - 2, NULL))
+		if (!CBS_write_bytes(&seq_no, &(S3I(s)->read.sequence[2]),
+		    sizeof(S3I(s)->read.sequence) - 2, NULL))
 			goto again;
 		if (!CBS_get_u16(&header, &len))
 			goto again;
@@ -1232,7 +1232,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 		goto err;
 	if (!CBB_add_u16(&cbb, D1I(s)->w_epoch))
 		goto err;
-	if (!CBB_add_bytes(&cbb, &(S3I(s)->write_sequence[2]), 6))
+	if (!CBB_add_bytes(&cbb, &(S3I(s)->write.sequence[2]), 6))
 		goto err;
 
 	p += DTLS1_RT_HEADER_LENGTH;
@@ -1296,7 +1296,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 	wr->type = type; /* not needed but helps for debugging */
 	wr->length += DTLS1_RT_HEADER_LENGTH;
 
-	tls1_record_sequence_increment(S3I(s)->write_sequence);
+	tls1_record_sequence_increment(S3I(s)->write.sequence);
 
 	/* now let's set up wb */
 	wb->left = wr->length;
@@ -1324,7 +1324,7 @@ dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
 {
 	int cmp;
 	unsigned int shift;
-	const unsigned char *seq = S3I(s)->read_sequence;
+	const unsigned char *seq = S3I(s)->read.sequence;
 
 	cmp = satsub64be(seq, bitmap->max_seq_num);
 	if (cmp > 0) {
@@ -1347,7 +1347,7 @@ dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
 {
 	int cmp;
 	unsigned int shift;
-	const unsigned char *seq = S3I(s)->read_sequence;
+	const unsigned char *seq = S3I(s)->read.sequence;
 
 	cmp = satsub64be(seq, bitmap->max_seq_num);
 	if (cmp > 0) {
@@ -1429,16 +1429,16 @@ void
 dtls1_reset_seq_numbers(SSL *s, int rw)
 {
 	unsigned char *seq;
-	unsigned int seq_bytes = sizeof(S3I(s)->read_sequence);
+	unsigned int seq_bytes = sizeof(S3I(s)->read.sequence);
 
 	if (rw & SSL3_CC_READ) {
-		seq = S3I(s)->read_sequence;
+		seq = S3I(s)->read.sequence;
 		D1I(s)->r_epoch++;
 		memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP));
 		memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
 	} else {
-		seq = S3I(s)->write_sequence;
-		memcpy(D1I(s)->last_write_sequence, seq, sizeof(S3I(s)->write_sequence));
+		seq = S3I(s)->write.sequence;
+		memcpy(D1I(s)->last_write_sequence, seq, sizeof(S3I(s)->write.sequence));
 		D1I(s)->w_epoch++;
 	}
 
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 858010b87..2ef7e58f6 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -808,13 +808,15 @@ typedef struct ssl3_buffer_internal_st {
 	int left;		/* how many bytes left */
 } SSL3_BUFFER_INTERNAL;
 
+typedef struct ssl3_rw_state_internal_st {
+	unsigned char sequence[SSL3_SEQUENCE_SIZE];
+	int mac_secret_size;
+	unsigned char mac_secret[EVP_MAX_MD_SIZE];
+} SSL3_RW_STATE_INTERNAL;
+
 typedef struct ssl3_state_internal_st {
-	unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
-	int read_mac_secret_size;
-	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
-	unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
-	int write_mac_secret_size;
-	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
+	SSL3_RW_STATE_INTERNAL read;
+	SSL3_RW_STATE_INTERNAL write;
 
 	SSL3_BUFFER_INTERNAL rbuf;	/* read IO goes into here */
 	SSL3_BUFFER_INTERNAL wbuf;	/* write IO goes into here */
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 1d924617c..e620a563d 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -328,9 +328,9 @@ ssl3_accept(SSL *s)
 				 * stateless while listening.
 				 */
 				if (listen) {
-					memcpy(S3I(s)->write_sequence,
-					    S3I(s)->read_sequence,
-					    sizeof(S3I(s)->write_sequence));
+					memcpy(S3I(s)->write.sequence,
+					    S3I(s)->read.sequence,
+					    sizeof(S3I(s)->write.sequence));
 				}
 
 				/* If we're just listening, stop here */
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 363447b52..05c45fc31 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -510,6 +510,7 @@ tls1_change_cipher_state(SSL *s, int which)
 	const EVP_CIPHER *cipher;
 	const EVP_AEAD *aead;
 	char is_read, use_client_keys;
+	SSL3_RW_STATE_INTERNAL *rws;
 
 	cipher = S3I(s)->tmp.new_sym_enc;
 	aead = S3I(s)->tmp.new_aead;
@@ -520,6 +521,7 @@ tls1_change_cipher_state(SSL *s, int which)
 	 * just written one.
 	 */
 	is_read = (which & SSL3_CC_READ) != 0;
+	rws = is_read ? &S3I(s)->read : &S3I(s)->write;
 
 	/*
 	 * use_client_keys is true if we wish to use the keys for the "client
@@ -534,7 +536,7 @@ tls1_change_cipher_state(SSL *s, int which)
 	 * dtls1_reset_seq_numbers().
 	 */
 	if (!SSL_IS_DTLS(s)) {
-		seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence;
+		seq = rws->sequence;
 		memset(seq, 0, SSL3_SEQUENCE_SIZE);
 	}
 
@@ -577,13 +579,8 @@ tls1_change_cipher_state(SSL *s, int which)
 		goto err2;
 	}
 
-	if (is_read) {
-		memcpy(S3I(s)->read_mac_secret, mac_secret, mac_secret_size);
-		S3I(s)->read_mac_secret_size = mac_secret_size;
-	} else {
-		memcpy(S3I(s)->write_mac_secret, mac_secret, mac_secret_size);
-		S3I(s)->write_mac_secret_size = mac_secret_size;
-	}
+	memcpy(rws->mac_secret, mac_secret, mac_secret_size);
+	rws->mac_secret_size = mac_secret_size;
 
 	if (aead != NULL) {
 		return tls1_change_cipher_state_aead(s, is_read, key, key_len,
@@ -700,11 +697,11 @@ tls1_enc(SSL *s, int send)
 	if (send) {
 		aead = s->internal->aead_write_ctx;
 		rec = &S3I(s)->wrec;
-		seq = S3I(s)->write_sequence;
+		seq = S3I(s)->write.sequence;
 	} else {
 		aead = s->internal->aead_read_ctx;
 		rec = &S3I(s)->rrec;
-		seq = S3I(s)->read_sequence;
+		seq = S3I(s)->read.sequence;
 	}
 
 	if (aead) {
@@ -968,12 +965,12 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
 
 	if (send) {
 		rec = &(ssl->s3->internal->wrec);
-		seq = &(ssl->s3->internal->write_sequence[0]);
+		seq = &(ssl->s3->internal->write.sequence[0]);
 		hash = ssl->internal->write_hash;
 		t = ssl->internal->write_mac_size;
 	} else {
 		rec = &(ssl->s3->internal->rrec);
-		seq = &(ssl->s3->internal->read_sequence[0]);
+		seq = &(ssl->s3->internal->read.sequence[0]);
 		hash = ssl->read_hash;
 		t = ssl->read_mac_size;
 	}
@@ -1014,8 +1011,8 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
 		if (!ssl3_cbc_digest_record(mac_ctx,
 		    md, &md_size, header, rec->input,
 		    rec->length + md_size, orig_len,
-		    ssl->s3->internal->read_mac_secret,
-		    ssl->s3->internal->read_mac_secret_size))
+		    ssl->s3->internal->read.mac_secret,
+		    ssl->s3->internal->read.mac_secret_size))
 			return -1;
 	} else {
 		EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
-- 
2.17.1