Fix flipped DTLS checks. 09bd58d1f1c71ed7ea687d0295e23793ad3d98fa flipped a condition. Doing that memset in the DTLS case breaks retransmits across a CCS and fails to memset in the TLS case. Strangely, it didn't break any tests, but I think that's a function of us lacking renego tests. The sequence number doesn't seem to be used in the initial handshake for TLS, so it stayed at zero. After a renego, that codepath is relevant. Change-Id: I369a524021857a82e181af7798c7a10fe6279550 Reviewed-on: https://boringssl-review.googlesource.com/1601 Reviewed-by: Adam Langley <agl@google.com>

commit: f9b96fa4935e16ae4e44507606f612cf6d0054c9 [log] [tgz]
author: David Benjamin <davidben@chromium.org> Sat Aug 23 03:13:11 2014 -0400
committer: Adam Langley <agl@google.com> Mon Aug 25 21:49:36 2014 +0000
tree: e66635fd42bc153488a35e27e6bf414a2ab267bf
parent: 2a0c496ab3218d294ab4857811e188dd4c19005d [diff]
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 743c359..7bbf446 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c

@@ -495,9 +495,8 @@
 	unsigned key_len, iv_len, mac_secret_len;
 	const unsigned char *key_data;
 
-	/* Reset sequence number to zero.
-	 * TODO(davidben): Is this redundant with dtls1_reset_seq_numbers? */
-	if (SSL_IS_DTLS(s))
+	/* Reset sequence number to zero. */
+	if (!SSL_IS_DTLS(s))
 		memset(is_read ? s->s3->read_sequence : s->s3->write_sequence, 0, 8);
 
 	/* key_arg is used for SSLv2. We don't need it for TLS. */
commit	f9b96fa4935e16ae4e44507606f612cf6d0054c9	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Sat Aug 23 03:13:11 2014 -0400
committer	Adam Langley <agl@google.com>	Mon Aug 25 21:49:36 2014 +0000
tree	e66635fd42bc153488a35e27e6bf414a2ab267bf
parent	2a0c496ab3218d294ab4857811e188dd4c19005d [diff]