Move the TLSv1.2 record number increment into the new record layer.

This adds checks (based on the TLSv1.3 implementation) to ensure that the TLS/DTLS sequence numbers do not wrap, as required by the respective RFCs. ok inoguchi@ tb@
author: jsing <> 2021-03-29 16:19:15 +0000
committer: jsing <> 2021-03-29 16:19:15 +0000
commit: 84b53cb9086e02b898c2ed561177d37a66d2e659 (patch)
tree: 208986f6a978755c10c6497025772040ee9e9d33 /src/lib/libssl/t1_enc.c
parent: d9dfab150e9c80a3bafbf4effd23e943ab9ba197 (diff)
download: openbsd-84b53cb9086e02b898c2ed561177d37a66d2e659.tar.gz
openbsd-84b53cb9086e02b898c2ed561177d37a66d2e659.tar.bz2
openbsd-84b53cb9086e02b898c2ed561177d37a66d2e659.zip
1 files changed, 1 insertions, 12 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index b9dcbac661..0ddd52b530 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.135 2021/03/24 18:44:00 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.136 2021/03/29 16:19:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -157,17 +157,6 @@ tls1_cleanup_key_block(SSL *s)
        S3I(s)->hs.tls12.key_block_len = 0;
 }
-void
-tls1_record_sequence_increment(unsigned char *seq)
-{
-        int i;
-        for (i = SSL3_SEQUENCE_SIZE - 1; i >= 0; i--) {
-                if (++seq[i] != 0)
-                        break;
-        }
-}
 /*
 * TLS P_hash() data expansion function - see RFC 5246, section 5.
 */
author	jsing <>	2021-03-29 16:19:15 +0000
committer	jsing <>	2021-03-29 16:19:15 +0000
commit	84b53cb9086e02b898c2ed561177d37a66d2e659 (patch)
tree	208986f6a978755c10c6497025772040ee9e9d33 /src/lib/libssl/t1_enc.c
parent	d9dfab150e9c80a3bafbf4effd23e943ab9ba197 (diff)
download	openbsd-84b53cb9086e02b898c2ed561177d37a66d2e659.tar.gz openbsd-84b53cb9086e02b898c2ed561177d37a66d2e659.tar.bz2 openbsd-84b53cb9086e02b898c2ed561177d37a66d2e659.zip

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index b9dcbac661..0ddd52b530 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.135 2021/03/24 18:44:00 jsing Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.136 2021/03/29 16:19:15 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -157,17 +157,6 @@ tls1_cleanup_key_block(SSL *s)
157	S3I(s)->hs.tls12.key_block_len = 0;	157	S3I(s)->hs.tls12.key_block_len = 0;
158	}	158	}
159		159
160	void
161	tls1_record_sequence_increment(unsigned char *seq)
162	{
163	int i;
164
165	for (i = SSL3_SEQUENCE_SIZE - 1; i >= 0; i--) {
166	if (++seq[i] != 0)
167	break;
168	}
169	}
170
171	/*	160	/*
172	* TLS P_hash() data expansion function - see RFC 5246, section 5.	161	* TLS P_hash() data expansion function - see RFC 5246, section 5.
173	*/	162	*/