diff options
| author | jsing <> | 2014-06-08 13:32:32 +0000 |
|---|---|---|
| committer | jsing <> | 2014-06-08 13:32:32 +0000 |
| commit | 6a02f02ad158f15d118cb88807d13ace8249ce97 (patch) | |
| tree | 224d84bbb8f9361f689f24336646cada5eb4238e /src | |
| parent | f938e59a39afcefe04f923207fc52f93c5c6aa95 (diff) | |
| download | openbsd-6a02f02ad158f15d118cb88807d13ace8249ce97.tar.gz openbsd-6a02f02ad158f15d118cb88807d13ace8249ce97.tar.bz2 openbsd-6a02f02ad158f15d118cb88807d13ace8249ce97.zip | |
Factor out the sequence number reset code to aid in upcoming changes.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_enc.c | 18 | ||||
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 18 |
2 files changed, 20 insertions, 16 deletions
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index 59c0c487ef..55f4d72073 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c | |||
| @@ -311,7 +311,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 311 | const unsigned char *client_write_iv, *server_write_iv; | 311 | const unsigned char *client_write_iv, *server_write_iv; |
| 312 | const unsigned char *mac_secret, *key, *iv; | 312 | const unsigned char *mac_secret, *key, *iv; |
| 313 | int mac_secret_size, key_len, iv_len; | 313 | int mac_secret_size, key_len, iv_len; |
| 314 | unsigned char *key_block, *exp_label; | 314 | unsigned char *key_block, *exp_label, *seq; |
| 315 | 315 | ||
| 316 | EVP_CIPHER_CTX *cipher_ctx; | 316 | EVP_CIPHER_CTX *cipher_ctx; |
| 317 | const EVP_CIPHER *cipher; | 317 | const EVP_CIPHER *cipher; |
| @@ -398,10 +398,6 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 398 | if ((mac_ctx = EVP_MD_CTX_create()) == NULL) | 398 | if ((mac_ctx = EVP_MD_CTX_create()) == NULL) |
| 399 | goto err; | 399 | goto err; |
| 400 | s->read_hash = mac_ctx; | 400 | s->read_hash = mac_ctx; |
| 401 | |||
| 402 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | ||
| 403 | if (s->version != DTLS1_VERSION) | ||
| 404 | memset(&(s->s3->read_sequence[0]), 0, 8); | ||
| 405 | } else { | 401 | } else { |
| 406 | if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) | 402 | if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) |
| 407 | s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; | 403 | s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; |
| @@ -428,9 +424,15 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 428 | goto err; | 424 | goto err; |
| 429 | s->write_hash = mac_ctx; | 425 | s->write_hash = mac_ctx; |
| 430 | 426 | ||
| 431 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | 427 | } |
| 432 | if (s->version != DTLS1_VERSION) | 428 | |
| 433 | memset(&(s->s3->write_sequence[0]), 0, 8); | 429 | /* |
| 430 | * Reset sequence number to zero - for DTLS this is handled in | ||
| 431 | * dtls1_reset_seq_numbers(). | ||
| 432 | */ | ||
| 433 | if (!SSL_IS_DTLS(s)) { | ||
| 434 | seq = is_read ? s->s3->read_sequence : s->s3->write_sequence; | ||
| 435 | memset(seq, 0, 8); | ||
| 434 | } | 436 | } |
| 435 | 437 | ||
| 436 | key_len = EVP_CIPHER_key_length(cipher); | 438 | key_len = EVP_CIPHER_key_length(cipher); |
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 59c0c487ef..55f4d72073 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -311,7 +311,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 311 | const unsigned char *client_write_iv, *server_write_iv; | 311 | const unsigned char *client_write_iv, *server_write_iv; |
| 312 | const unsigned char *mac_secret, *key, *iv; | 312 | const unsigned char *mac_secret, *key, *iv; |
| 313 | int mac_secret_size, key_len, iv_len; | 313 | int mac_secret_size, key_len, iv_len; |
| 314 | unsigned char *key_block, *exp_label; | 314 | unsigned char *key_block, *exp_label, *seq; |
| 315 | 315 | ||
| 316 | EVP_CIPHER_CTX *cipher_ctx; | 316 | EVP_CIPHER_CTX *cipher_ctx; |
| 317 | const EVP_CIPHER *cipher; | 317 | const EVP_CIPHER *cipher; |
| @@ -398,10 +398,6 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 398 | if ((mac_ctx = EVP_MD_CTX_create()) == NULL) | 398 | if ((mac_ctx = EVP_MD_CTX_create()) == NULL) |
| 399 | goto err; | 399 | goto err; |
| 400 | s->read_hash = mac_ctx; | 400 | s->read_hash = mac_ctx; |
| 401 | |||
| 402 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | ||
| 403 | if (s->version != DTLS1_VERSION) | ||
| 404 | memset(&(s->s3->read_sequence[0]), 0, 8); | ||
| 405 | } else { | 401 | } else { |
| 406 | if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) | 402 | if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) |
| 407 | s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; | 403 | s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; |
| @@ -428,9 +424,15 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 428 | goto err; | 424 | goto err; |
| 429 | s->write_hash = mac_ctx; | 425 | s->write_hash = mac_ctx; |
| 430 | 426 | ||
| 431 | /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ | 427 | } |
| 432 | if (s->version != DTLS1_VERSION) | 428 | |
| 433 | memset(&(s->s3->write_sequence[0]), 0, 8); | 429 | /* |
| 430 | * Reset sequence number to zero - for DTLS this is handled in | ||
| 431 | * dtls1_reset_seq_numbers(). | ||
| 432 | */ | ||
| 433 | if (!SSL_IS_DTLS(s)) { | ||
| 434 | seq = is_read ? s->s3->read_sequence : s->s3->write_sequence; | ||
| 435 | memset(seq, 0, 8); | ||
| 434 | } | 436 | } |
| 435 | 437 | ||
| 436 | key_len = EVP_CIPHER_key_length(cipher); | 438 | key_len = EVP_CIPHER_key_length(cipher); |