From 13e8459deac9ab2ba24b4dfe45f8ce0f0b22dd89 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Lutz=20J=C3=A4nicke?= <jaenicke@openssl.org>
Date: Fri, 19 Oct 2007 07:39:53 +0000
Subject: [PATCH] Prepare OpenSSL 0.9.8g: cherry pick  
 http://cvs.openssl.org/chngview?cn=16694 Don't let DTLS ChangeCipherSpec
 increment handshake sequence number. From HEAD with a twist: server
 interoperates with non-compliant client. PR: 1587 Submitted by: appro

---
 ssl/d1_both.c | 6 ++++--
 ssl/d1_pkt.c  | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index ca61c18853..15a201a25c 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -777,11 +777,11 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
 		p=(unsigned char *)s->init_buf->data;
 		*p++=SSL3_MT_CCS;
 		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
-		s->d1->next_handshake_write_seq++;
 		s->init_num=DTLS1_CCS_HEADER_LENGTH;
 
 		if (s->client_version == DTLS1_BAD_VER)
 			{
+			s->d1->next_handshake_write_seq++;
 			s2n(s->d1->handshake_write_seq,p);
 			s->init_num+=2;
 			}
@@ -974,6 +974,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	pitem *item;
 	hm_fragment *frag;
 	PQ_64BIT seq64;
+	unsigned int epoch = s->d1->w_epoch;
 
 	/* this function is called immediately after a message has 
 	 * been serialized */
@@ -987,6 +988,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 		{
 		OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 
 			DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num);
+		epoch++;
 		}
 	else
 		{
@@ -1002,7 +1004,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	frag->msg_header.is_ccs = is_ccs;
 
 	pq_64bit_init(&seq64);
-	pq_64bit_assign_word(&seq64, frag->msg_header.seq);
+	pq_64bit_assign_word(&seq64, epoch<<16 | frag->msg_header.seq);
 
 	item = pitem_new(seq64, frag);
 	pq_64bit_free(&seq64);
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index b1248770b5..377696deac 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1006,8 +1006,8 @@ start:
 		/* do this whenever CCS is processed */
 		dtls1_reset_seq_numbers(s, SSL3_CC_READ);
 
-		/* handshake read seq is reset upon handshake completion */
-		s->d1->handshake_read_seq++;
+		if (s->client_version == DTLS1_BAD_VER)
+			s->d1->handshake_read_seq++;
 
 		goto start;
 		}
-- 
2.25.1