TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d9ba0d96b6e47614a565df766c07fa8fcf6393a7^! / .
commitd9ba0d96b6e47614a565df766c07fa8fcf6393a7[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Tue Sep 02 18:30:26 2014 +0200
committerPaul Bakker <p.j.bakker@polarssl.org>Tue Oct 21 16:30:23 2014 +0200
treeb8e7a75b2188d4361a4b1dd89072cf3fbeaef10f
parent0c4cbc7895d78e6ea42a18859c3fbbad1c9c9ff8 [diff]
Prepare for checking incoming handshake seqnum

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 7474c14..0b5f912 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -620,7 +620,8 @@
 #endif
 #endif /* POLARSSL_X509_CRT_PARSE_C */
 #if defined(POLARSSL_SSL_PROTO_DTLS)
-    unsigned int msg_seq;               /*!<  DTLS handshake sequence number */
+    unsigned int out_msg_seq;           /*!<  Outgoing handshake sequence number */
+    unsigned int in_msg_seq;            /*!<  Incoming handshake sequence number */
     unsigned char *verify_cookie;       /*!<  Cli: HelloVerifyRequest cookie
                                               Srv: unused                    */
     unsigned char verify_cookie_len;    /*!<  Cli: cookie length

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e97bd2a..dce8b74 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -1292,7 +1292,10 @@
          * Copy the client's handshake message_seq on initial handshakes
          */
         if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
-            ssl->handshake->msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
+        {
+            ssl->handshake->out_msg_seq = ( ssl->in_msg[4] << 8 ) |
+                                            ssl->in_msg[5];
+        }
 
         // TODO: DTLS: check message_seq on non-initial handshakes?
         // (or already done in ssl_read_record?)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d73333a..7b47766 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -2033,9 +2033,9 @@
             /* Write message_seq and update it, except for HelloRequest */
             if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST )
             {
-                ssl->out_msg[4] = ( ssl->handshake->msg_seq >> 8 ) & 0xFF;
-                ssl->out_msg[5] = ( ssl->handshake->msg_seq      ) & 0xFF;
-                ++( ssl->handshake->msg_seq );
+                ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
+                ssl->out_msg[5] = ( ssl->handshake->out_msg_seq      ) & 0xFF;
+                ++( ssl->handshake->out_msg_seq );
             }
             else
             {
@@ -4784,7 +4784,7 @@
         ssl->endpoint == SSL_IS_SERVER &&
         ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
     {
-        ssl->handshake->msg_seq = 1;
+        ssl->handshake->out_msg_seq = 1;
     }
 #endif