diff options
author | Andy Polyakov <appro@openssl.org> | 2007-10-17 21:15:48 +0000 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2007-10-17 21:15:48 +0000 |
commit | 659f7f3168f1116427a297e1aa36a74ea191d976 (patch) | |
tree | 0eb83d3d0413ead0dff3eb26df9407021f334905 | |
parent | 3d3bf9c73029cdc8101bece5a9e15325920ad3a2 (diff) | |
download | openssl-659f7f3168f1116427a297e1aa36a74ea191d976.tar.gz |
Don't let DTLS ChangeCipherSpec increment handshake sequence number.
PR: 1587
-rw-r--r-- | ssl/d1_both.c | 6 | ||||
-rw-r--r-- | ssl/d1_pkt.c | 3 |
2 files changed, 4 insertions, 5 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 87a119dfee..87c8c9306f 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -774,8 +774,6 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) p=(unsigned char *)s->init_buf->data; *p++=SSL3_MT_CCS; s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; - s->d1->next_handshake_write_seq++; - s->init_num=DTLS1_CCS_HEADER_LENGTH; s->init_off=0; @@ -965,6 +963,7 @@ dtls1_buffer_message(SSL *s, int is_ccs) pitem *item; hm_fragment *frag; unsigned char seq64be[8]; + unsigned int epoch = s->d1->w_epoch; /* this function is called immediately after a message has * been serialized */ @@ -978,6 +977,7 @@ dtls1_buffer_message(SSL *s, int is_ccs) { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num); + epoch++; } else { @@ -993,6 +993,8 @@ dtls1_buffer_message(SSL *s, int is_ccs) frag->msg_header.is_ccs = is_ccs; memset(seq64be,0,sizeof(seq64be)); + seq64be[0] = (unsigned char)(epoch>>8); + seq64be[1] = (unsigned char)(epoch); seq64be[6] = (unsigned char)(frag->msg_header.seq>>8); seq64be[7] = (unsigned char)(frag->msg_header.seq); diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index b9bbbd4826..2e35db83e6 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1044,9 +1044,6 @@ start: /* do this whenever CCS is processed */ dtls1_reset_seq_numbers(s, SSL3_CC_READ); - /* handshake read seq is reset upon handshake completion */ - s->d1->handshake_read_seq++; - goto start; } |