X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fd1_pkt.c;h=377696deac0bd2706464fe7a807169a9c5cfd399;hb=dfbf646ac4680d6ef3602b22563a6a17b8760a16;hp=333a26c0c2845f981f94888070340721bd42a14f;hpb=0a89c575de613ff6fa3506b6ec025e786f9d0097;p=oweals%2Fopenssl.git

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 333a26c0c2..377696deac 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -120,6 +120,7 @@
 #include <openssl/evp.h>
 #include <openssl/buffer.h>
 #include <openssl/pqueue.h>
+#include <openssl/rand.h>
 
 static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, 
 	int len, int peek);
@@ -560,6 +561,7 @@ again:
 			goto f_err;
 			}
 
+		s->client_version = version;
 		/* now s->rstate == SSL_ST_READ_BODY */
 		}
 
@@ -1004,8 +1006,8 @@ start:
 		/* do this whenever CCS is processed */
 		dtls1_reset_seq_numbers(s, SSL3_CC_READ);
 
-		/* handshake read seq is reset upon handshake completion */
-		s->d1->handshake_read_seq++;
+		if (s->client_version == DTLS1_BAD_VER)
+			s->d1->handshake_read_seq++;
 
 		goto start;
 		}
@@ -1395,8 +1397,14 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 
 
 	/* ssl3_enc can only have an error on read */
-	wr->length += bs;  /* bs != 0 in case of CBC.  The enc fn provides
-						* the randomness */ 
+	if (bs)	/* bs != 0 in case of CBC */
+		{
+		RAND_pseudo_bytes(p,bs);
+		/* master IV and last CBC residue stand for
+		 * the rest of randomness */
+		wr->length += bs;
+		}
+
 	s->method->ssl3_enc->enc(s,1);
 
 	/* record length after mac and block padding */