generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't let DTLS ChangeCipherSpec increment handshake sequence number.

Browse Source 
PR: 1587
This commit is contained in:
Andy Polyakov
2007-10-17 21:15:48 +00:00
parent 3d3bf9c730
commit 659f7f3168
2 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/d1_both.c
View File

@@ -774,8 +774,6 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
p=(unsigned char *)s->init_buf->data; p=(unsigned char *)s->init_buf->data;
*p++=SSL3_MT_CCS; *p++=SSL3_MT_CCS;
s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
s->d1->next_handshake_write_seq++;
s->init_num=DTLS1_CCS_HEADER_LENGTH; s->init_num=DTLS1_CCS_HEADER_LENGTH;
s->init_off=0; s->init_off=0;
@@ -965,6 +963,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
pitem *item; pitem *item;
hm_fragment *frag; hm_fragment *frag;
unsigned char seq64be[8]; unsigned char seq64be[8];
unsigned int epoch = s->d1->w_epoch;
/* this function is called immediately after a message has /* this function is called immediately after a message has
* been serialized */ * been serialized */
@@ -978,6 +977,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
{ {
OPENSSL_assert(s->d1->w_msg_hdr.msg_len + OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num); DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
epoch++;
} }
else else
{ {
@@ -993,6 +993,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
frag->msg_header.is_ccs = is_ccs; frag->msg_header.is_ccs = is_ccs;
memset(seq64be,0,sizeof(seq64be)); memset(seq64be,0,sizeof(seq64be));
seq64be[0] = (unsigned char)(epoch>>8);
seq64be[1] = (unsigned char)(epoch);
seq64be[6] = (unsigned char)(frag->msg_header.seq>>8); seq64be[6] = (unsigned char)(frag->msg_header.seq>>8);
seq64be[7] = (unsigned char)(frag->msg_header.seq); seq64be[7] = (unsigned char)(frag->msg_header.seq);

3
ssl/d1_pkt.c
View File

@@ -1044,9 +1044,6 @@ start:
/* do this whenever CCS is processed */ /* do this whenever CCS is processed */
dtls1_reset_seq_numbers(s, SSL3_CC_READ); dtls1_reset_seq_numbers(s, SSL3_CC_READ);
/* handshake read seq is reset upon handshake completion */
s->d1->handshake_read_seq++;
goto start; goto start;
} }