Correct TLSv1.3 sequence number increment and wrapping check.

Fix proposed by tb@
author: jsing <> 2020-03-13 16:03:27 +0000
committer: jsing <> 2020-03-13 16:03:27 +0000
commit: 45c61f88aabb42b7213e428bcb556df63b9b6db8 (patch)
tree: 930c590ec908194ad93ecdb99968bc89cd7c2482 /src
parent: fcefbfe7d30d5ac7d8736a65effaae08da14a201 (diff)
download: openbsd-45c61f88aabb42b7213e428bcb556df63b9b6db8.tar.gz
openbsd-45c61f88aabb42b7213e428bcb556df63b9b6db8.tar.bz2
openbsd-45c61f88aabb42b7213e428bcb556df63b9b6db8.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index 1ad8ed33f1..341bceeabc 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.28 2020/02/18 16:12:14 tb Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.29 2020/03/13 16:03:27 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -166,7 +166,7 @@ tls13_record_layer_rbuf(struct tls13_record_layer *rl, CBS *cbs)
        CBS_dup(&rl->rbuf_cbs, cbs);
 }
-static int
+int
 tls13_record_layer_inc_seq_num(uint8_t *seq_num)
 {
        size_t i;
@@ -177,7 +177,7 @@ tls13_record_layer_inc_seq_num(uint8_t *seq_num)
        }
        /* RFC 8446 section 5.3 - sequence numbers must not wrap. */
-        return (i != 0 || seq_num[0] != 0);
+        return (i != 0 || ++seq_num[0] != 0);
 }
 static int
author	jsing <>	2020-03-13 16:03:27 +0000
committer	jsing <>	2020-03-13 16:03:27 +0000
commit	45c61f88aabb42b7213e428bcb556df63b9b6db8 (patch)
tree	930c590ec908194ad93ecdb99968bc89cd7c2482 /src
parent	fcefbfe7d30d5ac7d8736a65effaae08da14a201 (diff)
download	openbsd-45c61f88aabb42b7213e428bcb556df63b9b6db8.tar.gz openbsd-45c61f88aabb42b7213e428bcb556df63b9b6db8.tar.bz2 openbsd-45c61f88aabb42b7213e428bcb556df63b9b6db8.zip

diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index 1ad8ed33f1..341bceeabc 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_record_layer.c,v 1.28 2020/02/18 16:12:14 tb Exp $ */	1	/* $OpenBSD: tls13_record_layer.c,v 1.29 2020/03/13 16:03:27 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -166,7 +166,7 @@ tls13_record_layer_rbuf(struct tls13_record_layer rl, CBS cbs)
166	CBS_dup(&rl->rbuf_cbs, cbs);	166	CBS_dup(&rl->rbuf_cbs, cbs);
167	}	167	}
168		168
169	static int	169	int
170	tls13_record_layer_inc_seq_num(uint8_t *seq_num)	170	tls13_record_layer_inc_seq_num(uint8_t *seq_num)
171	{	171	{
172	size_t i;	172	size_t i;
@@ -177,7 +177,7 @@ tls13_record_layer_inc_seq_num(uint8_t *seq_num)
177	}	177	}
178		178
179	/* RFC 8446 section 5.3 - sequence numbers must not wrap. */	179	/* RFC 8446 section 5.3 - sequence numbers must not wrap. */
180	return (i != 0 \|\| seq_num[0] != 0);	180	return (i != 0 \|\| ++seq_num[0] != 0);
181	}	181	}
182		182
183	static int	183	static int