From d9ba0d96b6e47614a565df766c07fa8fcf6393a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Tue, 2 Sep 2014 18:30:26 +0200
Subject: [PATCH] Prepare for checking incoming handshake seqnum

---
 include/polarssl/ssl.h | 3 ++-
 library/ssl_srv.c      | 5 ++++-
 library/ssl_tls.c      | 8 ++++----
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 7474c14ab..0b5f91225 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -620,7 +620,8 @@ struct _ssl_handshake_params
 #endif
 #endif /* POLARSSL_X509_CRT_PARSE_C */
 #if defined(POLARSSL_SSL_PROTO_DTLS)
-    unsigned int msg_seq;               /*!<  DTLS handshake sequence number */
+    unsigned int out_msg_seq;           /*!<  Outgoing handshake sequence number */
+    unsigned int in_msg_seq;            /*!<  Incoming handshake sequence number */
     unsigned char *verify_cookie;       /*!<  Cli: HelloVerifyRequest cookie
                                               Srv: unused                    */
     unsigned char verify_cookie_len;    /*!<  Cli: cookie length
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index e97bd2a86..dce8b748f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1292,7 +1292,10 @@ static int ssl_parse_client_hello( ssl_context *ssl )
          * Copy the client's handshake message_seq on initial handshakes
          */
         if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
-            ssl->handshake->msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
+        {
+            ssl->handshake->out_msg_seq = ( ssl->in_msg[4] << 8 ) |
+                                            ssl->in_msg[5];
+        }
 
         // TODO: DTLS: check message_seq on non-initial handshakes?
         // (or already done in ssl_read_record?)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d73333a78..7b4776699 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2033,9 +2033,9 @@ int ssl_write_record( ssl_context *ssl )
             /* Write message_seq and update it, except for HelloRequest */
             if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST )
             {
-                ssl->out_msg[4] = ( ssl->handshake->msg_seq >> 8 ) & 0xFF;
-                ssl->out_msg[5] = ( ssl->handshake->msg_seq      ) & 0xFF;
-                ++( ssl->handshake->msg_seq );
+                ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
+                ssl->out_msg[5] = ( ssl->handshake->out_msg_seq      ) & 0xFF;
+                ++( ssl->handshake->out_msg_seq );
             }
             else
             {
@@ -4784,7 +4784,7 @@ static int ssl_start_renegotiation( ssl_context *ssl )
         ssl->endpoint == SSL_IS_SERVER &&
         ssl->renegotiation == SSL_RENEGOTIATION_PENDING )
     {
-        ssl->handshake->msg_seq = 1;
+        ssl->handshake->out_msg_seq = 1;
     }
 #endif