wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3860 from julek-wolfssl/scr-hello-verify

Browse Source 
SCR cookie exchange shouldn't change seq and epoch numbers
This commit is contained in:
John Safranek
2021-03-10 16:11:03 -08:00
committed by GitHub
parent 72eebd6e75 26fb658206
commit fceba6eb6f
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/internal.c
View File

@ -29768,10 +29768,16 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
output = ssl->buffers.outputBuffer.buffer + output = ssl->buffers.outputBuffer.buffer +
ssl->buffers.outputBuffer.length; ssl->buffers.outputBuffer.length;
/* Hello Verify Request should use the same sequence number as the /* Hello Verify Request should use the same sequence number
* Client Hello. */ * as the Client Hello unless we are in renegotiation then
ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi; * don't change numbers */
ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo; #ifdef HAVE_SECURE_RENEGOTIATION
if (!IsSCR(ssl))
#endif
{
ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
}
AddHeaders(output, length, hello_verify_request, ssl); AddHeaders(output, length, hello_verify_request, ssl);
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA