mirror of https://github.com/wolfSSL/wolfssl
Use same sequence number calculation in tls.c and internal.c
The DTLS sequence number used when decrypting CCM/GCM was taken from the internal state, instead of from the actual message record. If any DTLS messages were dropped, the expectation of the next sequence number was wrong. This lead to a failed MAC check on the next message to arrive, and an alert was generated.
This commit is contained in:
parent
4ebd5a0717
commit
277598e34a
|
@ -4740,6 +4740,14 @@ static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx,
|
|||
|| defined(HAVE_AESGCM)
|
||||
static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify)
|
||||
{
|
||||
#ifdef CYASSL_DTLS
|
||||
if (ssl->options.dtls) {
|
||||
if (verify)
|
||||
return ssl->keys.dtls_state.curSeq; /* explicit from peer */
|
||||
else
|
||||
return ssl->keys.dtls_sequence_number - 1; /* already incremented */
|
||||
}
|
||||
#endif
|
||||
if (verify)
|
||||
return ssl->keys.peer_sequence_number++;
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue