Ensure last_write_sequence is saved in DTLS1.2

In DTLS, immediately prior to epoch change, the write_sequence is supposed to be stored in s->d1->last_write_sequence. The write_sequence is then reset back to 00000000. In the event of retransmits of records from the previous epoch, the last_write_sequence is restored. This commit fixes a bug in DTLS1.2 where the write_sequence was being reset before last_write_sequence was saved, and therefore retransmits are sent with incorrect sequence numbers. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit d5d0a1c)
openssl · Mar 25, 2015 · 4285b85 · 4285b85
1 parent fe82be2
commit 4285b85
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
@@ -404,9 +404,9 @@ int tls1_change_cipher_state(SSL *s, int which)
         }
 #endif
         /*
-         * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION
+         * this is done by dtls1_reset_seq_numbers for DTLS
          */
-        if (s->version != DTLS1_VERSION)
+        if (!SSL_IS_DTLS(s))
             memset(&(s->s3->read_sequence[0]), 0, 8);
         mac_secret = &(s->s3->read_mac_secret[0]);
         mac_secret_size = &(s->s3->read_mac_secret_size);
@@ -442,9 +442,9 @@ int tls1_change_cipher_state(SSL *s, int which)
         }
 #endif
         /*
-         * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION
+         * this is done by dtls1_reset_seq_numbers for DTLS
          */
-        if (s->version != DTLS1_VERSION)
+        if (!SSL_IS_DTLS(s))
             memset(&(s->s3->write_sequence[0]), 0, 8);
         mac_secret = &(s->s3->write_mac_secret[0]);
         mac_secret_size = &(s->s3->write_mac_secret_size);