fixed sequence numbering and iv of TLS protection layer

author Andreas Steffen <andreas.steffen@strongswan.org>

Thu, 12 Aug 2010 21:58:29 +0000 (23:58 +0200)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Thu, 12 Aug 2010 21:58:54 +0000 (23:58 +0200)
author Andreas Steffen <andreas.steffen@strongswan.org>
Thu, 12 Aug 2010 21:58:29 +0000 (23:58 +0200)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Thu, 12 Aug 2010 21:58:54 +0000 (23:58 +0200)
diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c

index 5ea0a83..51a4808 100644 (file)
--- a/src/libtls/tls_protection.c
+++ b/src/libtls/tls_protection.c
@@ -241,8 +241,8 @@ METHOD(tls_protection_t, build, status_t,
  
                                 if (this->iv_out.len)
                                 {       /* next record IV is last ciphertext block of this record */
-                                       memcpy(this->iv_out.ptr, data->ptr - this->iv_out.len,
-                                                  this->iv_out.len);
+                                       memcpy(this->iv_out.ptr, data->ptr + data->len -
+                                                  this->iv_out.len, this->iv_out.len);
                                 }
                                 else
                                 {       /* prepend IV */
@@ -254,8 +254,8 @@ METHOD(tls_protection_t, build, status_t,
                                 *data = chunk_cat("mm", *data, mac);
                         }
                 }
+               this->seq_out++;
         }
-       this->seq_out++;
         return status;
  }
author	Andreas Steffen <andreas.steffen@strongswan.org>
	Thu, 12 Aug 2010 21:58:29 +0000 (23:58 +0200)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Thu, 12 Aug 2010 21:58:54 +0000 (23:58 +0200)