wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

SCR cookie exchange shouldn't change seq and epoch numbers

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2021-03-10 18:34:09 +01:00
parent 4ad1b52108
commit 26fb658206
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/internal.c
View File

@ -29759,10 +29759,16 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
output = ssl->buffers.outputBuffer.buffer +
ssl->buffers.outputBuffer.length;
/* Hello Verify Request should use the same sequence number as the
* Client Hello. */
ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
/* Hello Verify Request should use the same sequence number
* as the Client Hello unless we are in renegotiation then
* don't change numbers */
#ifdef HAVE_SECURE_RENEGOTIATION
if (!IsSCR(ssl))
#endif
{
ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
}
AddHeaders(output, length, hello_verify_request, ssl);
#ifdef OPENSSL_EXTRA