From 74ea211ec5e7b4700067e49d7703512760086ab8 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 2 May 2021 17:18:10 +0000
Subject: Clean up dtls1_reset_seq_numbers().

Rather than doing flag gymnastics, split dtls1_reset_seq_numbers() into
separate read and write functions. Move the calls of these functions into
tls1_change_cipher_state() so they directly follow the change of cipher
state in the record layer, which avoids having to duplicate the calls in
the client and server.

ok inoguchi@ tb@
---
 src/lib/libssl/ssl_clnt.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'src/lib/libssl/ssl_clnt.c')

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index a38d1f1ed4..022efd8b3b 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.94 2021/04/30 19:26:44 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.95 2021/05/02 17:18:10 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -486,10 +486,6 @@ ssl3_connect(SSL *s)
 				ret = -1;
 				goto end;
 			}
-
-			if (SSL_is_dtls(s))
-				dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
-
 			break;
 
 		case SSL3_ST_CW_FINISHED_A:
-- 
cgit v1.2.3-55-g6feb