diff options
Diffstat (limited to 'src/lib/libssl/t1_enc.c')
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 875aae36b0..a0b377389b 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.129 2021/01/19 19:07:39 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.130 2021/01/26 14:22:20 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -494,7 +494,7 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 494 | const unsigned char *client_write_iv, *server_write_iv; | 494 | const unsigned char *client_write_iv, *server_write_iv; |
| 495 | const unsigned char *mac_secret, *key, *iv; | 495 | const unsigned char *mac_secret, *key, *iv; |
| 496 | int mac_secret_size, key_len, iv_len; | 496 | int mac_secret_size, key_len, iv_len; |
| 497 | unsigned char *key_block, *seq; | 497 | unsigned char *key_block; |
| 498 | const EVP_CIPHER *cipher; | 498 | const EVP_CIPHER *cipher; |
| 499 | const EVP_AEAD *aead; | 499 | const EVP_AEAD *aead; |
| 500 | char is_read, use_client_keys; | 500 | char is_read, use_client_keys; |
| @@ -517,15 +517,6 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 517 | use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | 517 | use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || |
| 518 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)); | 518 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)); |
| 519 | 519 | ||
| 520 | /* | ||
| 521 | * Reset sequence number to zero - for DTLS this is handled in | ||
| 522 | * dtls1_reset_seq_numbers(). | ||
| 523 | */ | ||
| 524 | if (!SSL_is_dtls(s)) { | ||
| 525 | seq = is_read ? S3I(s)->read_sequence : S3I(s)->write_sequence; | ||
| 526 | memset(seq, 0, SSL3_SEQUENCE_SIZE); | ||
| 527 | } | ||
| 528 | |||
| 529 | if (aead != NULL) { | 520 | if (aead != NULL) { |
| 530 | key_len = EVP_AEAD_key_length(aead); | 521 | key_len = EVP_AEAD_key_length(aead); |
| 531 | iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->hs.new_cipher); | 522 | iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(S3I(s)->hs.new_cipher); |
| @@ -569,14 +560,10 @@ tls1_change_cipher_state(SSL *s, int which) | |||
| 569 | if (!tls12_record_layer_change_read_cipher_state(s->internal->rl, | 560 | if (!tls12_record_layer_change_read_cipher_state(s->internal->rl, |
| 570 | mac_secret, mac_secret_size, key, key_len, iv, iv_len)) | 561 | mac_secret, mac_secret_size, key, key_len, iv, iv_len)) |
| 571 | goto err; | 562 | goto err; |
| 572 | tls12_record_layer_set_read_seq_num(s->internal->rl, | ||
| 573 | S3I(s)->read_sequence); | ||
| 574 | } else { | 563 | } else { |
| 575 | if (!tls12_record_layer_change_write_cipher_state(s->internal->rl, | 564 | if (!tls12_record_layer_change_write_cipher_state(s->internal->rl, |
| 576 | mac_secret, mac_secret_size, key, key_len, iv, iv_len)) | 565 | mac_secret, mac_secret_size, key, key_len, iv, iv_len)) |
| 577 | goto err; | 566 | goto err; |
| 578 | tls12_record_layer_set_write_seq_num(s->internal->rl, | ||
| 579 | S3I(s)->write_sequence); | ||
| 580 | } | 567 | } |
| 581 | 568 | ||
| 582 | if (aead != NULL) { | 569 | if (aead != NULL) { |