commit de9423821705341a2be0ae98e8aab8c3a06887a3
author David Benjamin <davidben@google.com> Thu Feb 11 12:02:01 2016 -0500
committer Adam Langley <agl@google.com> Wed Feb 17 22:05:29 2016 +0000
tree c816280f3273c55ba1d637a5ac907b4f245a9432
parent d3a49953d884d25eee0af77030ec205ef0e0a6a1

Fix SSL_get_{read,write}_sequence.

I switched up the endianness. Add some tests to make sure those work right.

Also tweak the DTLS semantics. SSL_get_read_sequence should return the highest
sequence number received so far. Include the epoch number in both so we don't
need a second API for it.

Change-Id: I9901a1665b41224c46fadb7ce0b0881dcb466bcc
Reviewed-on: https://boringssl-review.googlesource.com/7141
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 54c5a22..41813b2 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2600,12 +2600,15 @@
 OPENSSL_EXPORT int SSL_generate_key_block(const SSL *ssl, uint8_t *out,
                                           size_t out_len);
 
-/* SSL_get_read_sequence returns the expected sequence number of the next
- * incoming record in the current epoch. It always returns zero in DTLS. */
+/* SSL_get_read_sequence returns, in TLS, the expected sequence number of the
+ * next incoming record in the current epoch. In DTLS, it returns the maximum
+ * sequence number received in the current epoch and includes the epoch number
+ * in the two most significant bytes. */
 OPENSSL_EXPORT uint64_t SSL_get_read_sequence(const SSL *ssl);
 
 /* SSL_get_write_sequence returns the sequence number of the next outgoing
- * record in the current epoch. */
+ * record in the current epoch. In DTLS, it includes the epoch number in the
+ * two most significant bytes. */
 OPENSSL_EXPORT uint64_t SSL_get_write_sequence(const SSL *ssl);