Don't let DTLS ChangeCipherSpec increment handshake sequence number.

author Andy Polyakov <appro@openssl.org>

Wed, 17 Oct 2007 21:15:48 +0000 (21:15 +0000)

committer Andy Polyakov <appro@openssl.org>

Wed, 17 Oct 2007 21:15:48 +0000 (21:15 +0000)
author Andy Polyakov <appro@openssl.org>
Wed, 17 Oct 2007 21:15:48 +0000 (21:15 +0000)
committer Andy Polyakov <appro@openssl.org>
Wed, 17 Oct 2007 21:15:48 +0000 (21:15 +0000)
diff --git a/ssl/d1_both.c b/ssl/d1_both.c

index 87a119dfee53fb039b09709a2d37940927c76e28..87c8c9306f4d090d24e4e11d25860c03dfeda3c5 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -774,8 +774,6 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
                 p=(unsigned char *)s->init_buf->data;
                 *p++=SSL3_MT_CCS;
                 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
-               s->d1->next_handshake_write_seq++;
-
                 s->init_num=DTLS1_CCS_HEADER_LENGTH;
                 s->init_off=0;
  
@@ -965,6 +963,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
         pitem *item;
         hm_fragment *frag;
         unsigned char seq64be[8];
+       unsigned int epoch = s->d1->w_epoch;
  
         /* this function is called immediately after a message has 
          * been serialized */
@@ -978,6 +977,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
                 {
                 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 
                         DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
+               epoch++;
                 }
         else
                 {
@@ -993,6 +993,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
         frag->msg_header.is_ccs = is_ccs;
  
         memset(seq64be,0,sizeof(seq64be));
+       seq64be[0] = (unsigned char)(epoch>>8);
+       seq64be[1] = (unsigned char)(epoch);
         seq64be[6] = (unsigned char)(frag->msg_header.seq>>8);
         seq64be[7] = (unsigned char)(frag->msg_header.seq);
  
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c

index b9bbbd482629f7f06d5e849c3cbf9889c053dde4..2e35db83e64bc2f2316f2dd6b7691d556c6b6aef 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1044,9 +1044,6 @@ start:
                 /* do this whenever CCS is processed */
                 dtls1_reset_seq_numbers(s, SSL3_CC_READ);
  
-               /* handshake read seq is reset upon handshake completion */
-               s->d1->handshake_read_seq++;
-
                 goto start;
                 }
author	Andy Polyakov <appro@openssl.org>
	Wed, 17 Oct 2007 21:15:48 +0000 (21:15 +0000)
committer	Andy Polyakov <appro@openssl.org>
	Wed, 17 Oct 2007 21:15:48 +0000 (21:15 +0000)
ssl/d1_both.c		patch \| blob \| history
ssl/d1_pkt.c		patch \| blob \| history