From 659f7f3168f1116427a297e1aa36a74ea191d976 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Wed, 17 Oct 2007 21:15:48 +0000 Subject: [PATCH] Don't let DTLS ChangeCipherSpec increment handshake sequence number. PR: 1587 --- ssl/d1_both.c | 6 ++++-- ssl/d1_pkt.c | 3 --- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 87a119dfee..87c8c9306f 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -774,8 +774,6 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) p=(unsigned char *)s->init_buf->data; *p++=SSL3_MT_CCS; s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; - s->d1->next_handshake_write_seq++; - s->init_num=DTLS1_CCS_HEADER_LENGTH; s->init_off=0; @@ -965,6 +963,7 @@ dtls1_buffer_message(SSL *s, int is_ccs) pitem *item; hm_fragment *frag; unsigned char seq64be[8]; + unsigned int epoch = s->d1->w_epoch; /* this function is called immediately after a message has * been serialized */ @@ -978,6 +977,7 @@ dtls1_buffer_message(SSL *s, int is_ccs) { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num); + epoch++; } else { @@ -993,6 +993,8 @@ dtls1_buffer_message(SSL *s, int is_ccs) frag->msg_header.is_ccs = is_ccs; memset(seq64be,0,sizeof(seq64be)); + seq64be[0] = (unsigned char)(epoch>>8); + seq64be[1] = (unsigned char)(epoch); seq64be[6] = (unsigned char)(frag->msg_header.seq>>8); seq64be[7] = (unsigned char)(frag->msg_header.seq); diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index b9bbbd4826..2e35db83e6 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1044,9 +1044,6 @@ start: /* do this whenever CCS is processed */ dtls1_reset_seq_numbers(s, SSL3_CC_READ); - /* handshake read seq is reset upon handshake completion */ - s->d1->handshake_read_seq++; - goto start; } -- 2.25.1