From 9204e7ef0d186ed5005794ae0d6b14ad42ba274d Mon Sep 17 00:00:00 2001
From: Michael Tuexen <tuexen@fh-muenster.de>
Date: Tue, 13 Aug 2013 18:53:19 +0100
Subject: [PATCH] DTLS message_sequence number wrong in rehandshake ServerHello

This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.

Conflicts:

	ssl/d1_pkt.c
(cherry picked from commit 6f87807e629ee10ec0006b39d8851af8c5ade67b)
---
 ssl/d1_pkt.c  | 1 +
 ssl/d1_srvr.c | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 5bb3939bff..d12604e657 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -946,6 +946,7 @@ start:
 			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
 			!s->s3->renegotiate)
 			{
+			s->d1->handshake_read_seq++;
 			ssl3_renegotiate(s);
 			if (ssl3_renegotiate_check(s))
 				{
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 2efaa19ddc..c0246c94ea 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -246,10 +246,11 @@ int dtls1_accept(SSL *s)
 		case SSL3_ST_SW_HELLO_REQ_B:
 
 			s->shutdown=0;
+			dtls1_clear_record_buffer(s);
 			dtls1_start_timer(s);
 			ret=dtls1_send_hello_request(s);
 			if (ret <= 0) goto end;
-			s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
+			s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
 			s->state=SSL3_ST_SW_FLUSH;
 			s->init_num=0;
 
-- 
2.25.1