Clean up dtls1_reset_seq_numbers().

Rather than doing flag gymnastics, split dtls1_reset_seq_numbers() into
separate read and write functions. Move the calls of these functions into
tls1_change_cipher_state() so they directly follow the change of cipher
state in the record layer, which avoids having to duplicate the calls in
the client and server.

ok inoguchi@ tb@

1 files changed, 5 insertions, 1 deletions

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 642c210900..6cdae0caed 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.140 2021/04/30 19:26:45 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.141 2021/05/02 17:18:10 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -369,12 +369,16 @@ tls1_change_cipher_state(SSL *s, int which)
                 if (!tls12_record_layer_change_read_cipher_state(s->internal->rl,
                     mac_secret, mac_secret_size, key, key_len, iv, iv_len))
                         goto err;
+                if (SSL_is_dtls(s))
+                        dtls1_reset_read_seq_numbers(s);
                 tls12_record_layer_read_cipher_hash(s->internal->rl,
                     &s->enc_read_ctx, &s->read_hash);
         } else {
                 if (!tls12_record_layer_change_write_cipher_state(s->internal->rl,
                     mac_secret, mac_secret_size, key, key_len, iv, iv_len))
                         goto err;
+                if (SSL_is_dtls(s))
+                        dtls1_reset_write_seq_numbers(s);
         }
         return (1);