Refactor sequence number reset for DTLS into one function

2023-02-21 18:25:18 +01:00 · 2023-02-21 18:25:18 +01:00 · a432502a98
parent db1f199a11
commit a432502a98
4 changed files with 24 additions and 14 deletions
--- a/src/dtls.c
+++ b/src/dtls.c
@ -99,6 +99,26 @@ int DtlsIgnoreError(int err)
    }
 }

+void DtlsSetSeqNumForReply(WOLFSSL* ssl)
+{
+    /* We cover both DTLS 1.2 and 1.3 cases because we may be negotiating
+     * protocols. */
+    /* We should continue with the same sequence number as the
+     * Client Hello. */
+    ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
+    ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
+#ifdef WOLFSSL_DTLS13
+    if (ssl->dtls13EncryptEpoch != NULL) {
+        ssl->dtls13EncryptEpoch->nextSeqNumber =
+                w64From32(ssl->keys.curSeq_hi, ssl->keys.curSeq_lo);
+    }
+#endif
+    /* We should continue with the same handshake number as the
+     * Client Hello. */
+    ssl->keys.dtls_handshake_number =
+            ssl->keys.dtls_peer_handshake_number;
+}
+
 #if !defined(NO_WOLFSSL_SERVER)

 #if defined(NO_SHA) && defined(NO_SHA256)
--- a/src/internal.c
+++ b/src/internal.c
@ -33186,14 +33186,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
        /* Update the ssl->options.dtlsStateful setting `if` statement in
         * wolfSSL_accept when changing this one. */
        if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) {
-            /* We should continue with the same sequence number as the
-             * Client Hello. */
-            ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
-            ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
-            /* We should continue with the same handshake number as the
-             * Client Hello. */
-            ssl->keys.dtls_handshake_number =
-                    ssl->keys.dtls_peer_handshake_number;
+            DtlsSetSeqNumForReply(ssl);
            ret = DoClientHelloStateless(ssl, input, inOutIdx, helloSz);
            if (ret != 0 || !ssl->options.dtlsStateful) {
                int alertType = TranslateErrorToAlert(ret);
--- a/src/tls13.c
+++ b/src/tls13.c
@ -11084,12 +11084,8 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,

    if (alertType != invalid_alert) {
 #ifdef WOLFSSL_DTLS13
-        if (type == client_hello && ssl->options.dtls) {
-            /* We should continue with the same sequence number as the
-             * Client Hello. */
-            ssl->dtls13EncryptEpoch->nextSeqNumber =
-                    w64From32(ssl->keys.curSeq_hi, ssl->keys.curSeq_lo);
-        }
+        if (type == client_hello && ssl->options.dtls)
+            DtlsSetSeqNumForReply(ssl);
 #endif
        SendAlert(ssl, alert_fatal, alertType);
    }
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -6077,6 +6077,7 @@ WOLFSSL_API int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo,
        word16* next_hi, word32* next_lo, word32 *window);
 WOLFSSL_LOCAL void DtlsResetState(WOLFSSL *ssl);
 WOLFSSL_LOCAL int DtlsIgnoreError(int err);
+WOLFSSL_LOCAL void DtlsSetSeqNumForReply(WOLFSSL* ssl);
 #endif

 #ifdef WOLFSSL_DTLS13