From 659f7f3168f1116427a297e1aa36a74ea191d976 Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Wed, 17 Oct 2007 21:15:48 +0000
Subject: Don't let DTLS ChangeCipherSpec increment handshake sequence number.
 PR: 1587

---
 ssl/d1_both.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'ssl/d1_both.c')

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 87a119dfee..87c8c9306f 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -774,8 +774,6 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
 		p=(unsigned char *)s->init_buf->data;
 		*p++=SSL3_MT_CCS;
 		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
-		s->d1->next_handshake_write_seq++;
-
 		s->init_num=DTLS1_CCS_HEADER_LENGTH;
 		s->init_off=0;
 
@@ -965,6 +963,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	pitem *item;
 	hm_fragment *frag;
 	unsigned char seq64be[8];
+	unsigned int epoch = s->d1->w_epoch;
 
 	/* this function is called immediately after a message has 
 	 * been serialized */
@@ -978,6 +977,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 		{
 		OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 
 			DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num);
+		epoch++;
 		}
 	else
 		{
@@ -993,6 +993,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	frag->msg_header.is_ccs = is_ccs;
 
 	memset(seq64be,0,sizeof(seq64be));
+	seq64be[0] = (unsigned char)(epoch>>8);
+	seq64be[1] = (unsigned char)(epoch);
 	seq64be[6] = (unsigned char)(frag->msg_header.seq>>8);
 	seq64be[7] = (unsigned char)(frag->msg_header.seq);
 
-- 
cgit v1.2.3