diff options
| author | David Benjamin <davidben@chromium.org> | 2014-08-23 11:13:11 +0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-08-26 01:49:36 +0400 |
| commit | f9b96fa4935e16ae4e44507606f612cf6d0054c9 (patch) | |
| tree | e66635fd42bc153488a35e27e6bf414a2ab267bf /ssl/t1_enc.c | |
| parent | 2a0c496ab3218d294ab4857811e188dd4c19005d (diff) | |
Fix flipped DTLS checks.
09bd58d1f1c71ed7ea687d0295e23793ad3d98fa flipped a condition. Doing that
memset in the DTLS case breaks retransmits across a CCS and fails to memset in
the TLS case.
Strangely, it didn't break any tests, but I think that's a function of us
lacking renego tests. The sequence number doesn't seem to be used in the
initial handshake for TLS, so it stayed at zero. After a renego, that codepath
is relevant.
Change-Id: I369a524021857a82e181af7798c7a10fe6279550
Reviewed-on: https://boringssl-review.googlesource.com/1601
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/t1_enc.c')
| -rw-r--r-- | ssl/t1_enc.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 743c3593..7bbf4463 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -495,9 +495,8 @@ int tls1_change_cipher_state(SSL *s, int which) unsigned key_len, iv_len, mac_secret_len; const unsigned char *key_data; - /* Reset sequence number to zero. - * TODO(davidben): Is this redundant with dtls1_reset_seq_numbers? */ - if (SSL_IS_DTLS(s)) + /* Reset sequence number to zero. */ + if (!SSL_IS_DTLS(s)) memset(is_read ? s->s3->read_sequence : s->s3->write_sequence, 0, 8); /* key_arg is used for SSLv2. We don't need it for TLS. */ |