Reset epoch state in one place.
TLS resets it in t1_enc.c while DTLS has it sprinkled everywhere.
Change-Id: I78f0f0e646b4dc82a1058199c4b00f2e917aa5bc
Reviewed-on: https://boringssl-review.googlesource.com/6511
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index b86655c..0ed1aea 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -377,8 +377,6 @@
ret = -1;
goto end;
}
-
- dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
break;
case SSL3_ST_CW_FINISHED_A:
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 8cabdd4..12cdeac 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -426,9 +426,6 @@
goto err;
}
- /* do this whenever CCS is processed */
- dtls1_reset_seq_numbers(s, SSL3_CC_READ);
-
goto start;
}
@@ -593,20 +590,3 @@
return i;
}
-
-void dtls1_reset_seq_numbers(SSL *s, int rw) {
- uint8_t *seq;
- unsigned int seq_bytes = sizeof(s->s3->read_sequence);
-
- if (rw & SSL3_CC_READ) {
- seq = s->s3->read_sequence;
- s->d1->r_epoch++;
- memset(&s->d1->bitmap, 0, sizeof(DTLS1_BITMAP));
- } else {
- seq = s->s3->write_sequence;
- memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
- s->d1->w_epoch++;
- }
-
- memset(seq, 0x00, seq_bytes);
-}
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index f1e8826..79f762b 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -401,8 +401,6 @@
ret = -1;
goto end;
}
-
- dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
break;
case SSL3_ST_SW_FINISHED_A:
diff --git a/ssl/internal.h b/ssl/internal.h
index 520131e..77d8e58 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1079,7 +1079,6 @@
int dtls1_retransmit_buffered_messages(SSL *s);
void dtls1_clear_record_buffer(SSL *s);
void dtls1_get_message_header(uint8_t *data, struct hm_header_st *msg_hdr);
-void dtls1_reset_seq_numbers(SSL *s, int rw);
int dtls1_check_timeout_num(SSL *s);
int dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
int dtls1_handshake_write(SSL *s);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 076f8bd..51b7082 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -291,8 +291,19 @@
const uint8_t *key_data;
/* Reset sequence number to zero. */
- if (!SSL_IS_DTLS(s)) {
- memset(is_read ? s->s3->read_sequence : s->s3->write_sequence, 0, 8);
+ if (is_read) {
+ if (SSL_IS_DTLS(s)) {
+ s->d1->r_epoch++;
+ memset(&s->d1->bitmap, 0, sizeof(s->d1->bitmap));
+ }
+ memset(s->s3->read_sequence, 0, sizeof(s->s3->read_sequence));
+ } else {
+ if (SSL_IS_DTLS(s)) {
+ s->d1->w_epoch++;
+ memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
+ sizeof(s->s3->write_sequence));
+ }
+ memset(s->s3->write_sequence, 0, sizeof(s->s3->write_sequence));
}
mac_secret_len = s->s3->tmp.new_mac_secret_len;