1 files changed, 20 insertions, 18 deletions
diff --git a/networking/tls.c b/networking/tls.c
index 8fa532947..b111e4bb4 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -226,24 +226,28 @@ struct record_hdr {
 };
 typedef struct tls_state {
-        int fd;
+        int     fd;
+        int     min_encrypted_len_on_read;
+        uint8_t encrypt_on_write;
+        uint8_t *outbuf;
+        int     outbuf_size;
+        int     inbuf_size;
+        int     ofs_to_buffered;
+        int     buffered_size;
+        uint8_t *inbuf;
 //TODO: store just the DER key here, parse/use/delete it when sending client key
 //this way it will stay key type agnostic here.
        psRsaKey_t server_rsa_pub_key;
+// this is also unused after client key is sent
-        sha256_ctx_t handshake_sha256_ctx;
        uint8_t client_and_server_rand32[2 * 32];
+// these two are unused after finished messages are exchanged:
+        sha256_ctx_t handshake_sha256_ctx;
        uint8_t master_secret[48];
-        uint8_t encrypt_on_write;
-        int     min_encrypted_len_on_read;
-        uint8_t client_write_MAC_key[SHA256_OUTSIZE];
-        uint8_t server_write_MAC_key[SHA256_OUTSIZE];
-        uint8_t client_write_key[AES256_KEYSIZE];
-        uint8_t server_write_key[AES256_KEYSIZE];
        // RFC 5246
        // sequence number
        //   Each connection state contains a sequence number, which is
@@ -251,15 +255,13 @@ typedef struct tls_state {
        //   number MUST be set to zero whenever a connection state is made the
        //   active state.  Sequence numbers are of type uint64 and may not
        //   exceed 2^64-1.
+        /*uint64_t read_seq64_be;*/
        uint64_t write_seq64_be;
-        int outbuf_size;
+        uint8_t client_write_MAC_key[SHA256_OUTSIZE];
-        uint8_t *outbuf;
+        uint8_t server_write_MAC_key[SHA256_OUTSIZE];
+        uint8_t client_write_key[AES256_KEYSIZE];
-        int inbuf_size;
+        uint8_t server_write_key[AES256_KEYSIZE];
-        int ofs_to_buffered;
-        int buffered_size;
-        uint8_t *inbuf;
 } tls_state_t;

diff --git a/networking/tls.c b/networking/tls.c index 8fa532947..b111e4bb4 100644 --- a/networking/tls.c +++ b/networking/tls.c
@@ -226,24 +226,28 @@ struct record_hdr {
226	};	226	};
227		227
228	typedef struct tls_state {	228	typedef struct tls_state {
229	int fd;	229	int fd;
		230
		231	int min_encrypted_len_on_read;
		232	uint8_t encrypt_on_write;
		233
		234	uint8_t *outbuf;
		235	int outbuf_size;
		236
		237	int inbuf_size;
		238	int ofs_to_buffered;
		239	int buffered_size;
		240	uint8_t *inbuf;
230		241
231	//TODO: store just the DER key here, parse/use/delete it when sending client key	242	//TODO: store just the DER key here, parse/use/delete it when sending client key
232	//this way it will stay key type agnostic here.	243	//this way it will stay key type agnostic here.
233	psRsaKey_t server_rsa_pub_key;	244	psRsaKey_t server_rsa_pub_key;
234		245	// this is also unused after client key is sent
235	sha256_ctx_t handshake_sha256_ctx;
236
237	uint8_t client_and_server_rand32[2 * 32];	246	uint8_t client_and_server_rand32[2 * 32];
		247	// these two are unused after finished messages are exchanged:
		248	sha256_ctx_t handshake_sha256_ctx;
238	uint8_t master_secret[48];	249	uint8_t master_secret[48];
239		250
240	uint8_t encrypt_on_write;
241	int min_encrypted_len_on_read;
242	uint8_t client_write_MAC_key[SHA256_OUTSIZE];
243	uint8_t server_write_MAC_key[SHA256_OUTSIZE];
244	uint8_t client_write_key[AES256_KEYSIZE];
245	uint8_t server_write_key[AES256_KEYSIZE];
246
247	// RFC 5246	251	// RFC 5246
248	// sequence number	252	// sequence number
249	// Each connection state contains a sequence number, which is	253	// Each connection state contains a sequence number, which is
@@ -251,15 +255,13 @@ typedef struct tls_state {
251	// number MUST be set to zero whenever a connection state is made the	255	// number MUST be set to zero whenever a connection state is made the
252	// active state. Sequence numbers are of type uint64 and may not	256	// active state. Sequence numbers are of type uint64 and may not
253	// exceed 2^64-1.	257	// exceed 2^64-1.
		258	/uint64_t read_seq64_be;/
254	uint64_t write_seq64_be;	259	uint64_t write_seq64_be;
255		260
256	int outbuf_size;	261	uint8_t client_write_MAC_key[SHA256_OUTSIZE];
257	uint8_t *outbuf;	262	uint8_t server_write_MAC_key[SHA256_OUTSIZE];
258		263	uint8_t client_write_key[AES256_KEYSIZE];
259	int inbuf_size;	264	uint8_t server_write_key[AES256_KEYSIZE];
260	int ofs_to_buffered;
261	int buffered_size;
262	uint8_t *inbuf;
263	} tls_state_t;	265	} tls_state_t;
264		266
265		267