kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Fix flipped DTLS checks. 

09bd58d1f1 flipped a condition. Doing that
memset in the DTLS case breaks retransmits across a CCS and fails to memset in
the TLS case.

Strangely, it didn't break any tests, but I think that's a function of us
lacking renego tests. The sequence number doesn't seem to be used in the
initial handshake for TLS, so it stayed at zero. After a renego, that codepath
is relevant.

Change-Id: I369a524021857a82e181af7798c7a10fe6279550
Reviewed-on: https://boringssl-review.googlesource.com/1601
Reviewed-by: Adam Langley <agl@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 10 years ago
committed by Adam Langley
parent
2a0c496ab3
commit
f9b96fa493
1 changed files with 2 additions and 3 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -3
      ssl/t1_enc.c

+ 2
- 3
ssl/t1_enc.c View File

@@ -495,9 +495,8 @@ int tls1_change_cipher_state(SSL *s, int which)
unsigned key_len, iv_len, mac_secret_len;
const unsigned char *key_data;

/* Reset sequence number to zero.
* TODO(davidben): Is this redundant with dtls1_reset_seq_numbers? */
if (SSL_IS_DTLS(s))
/* Reset sequence number to zero. */
if (!SSL_IS_DTLS(s))
memset(is_read ? s->s3->read_sequence : s->s3->write_sequence, 0, 8);

/* key_arg is used for SSLv2. We don't need it for TLS. */


Write Preview
Loading…
Cancel
Save