6 files changed, 58 insertions, 46 deletions
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 13c93a77cf..b90cc8eed3 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.20 2014/06/13 04:29:13 miod Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.21 2014/06/21 17:02:25 jsing Exp $ */
 /* 
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
@@ -460,3 +460,16 @@ dtls1_listen(SSL *s, struct sockaddr *client)
        (void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
        return 1;
 }
+void
+dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq,
+    unsigned short epoch)
+{
+        unsigned char dtlsseq[SSL3_SEQUENCE_SIZE];
+        unsigned char *p;
+        p = dtlsseq;
+        s2n(epoch, p);
+        memcpy(p, &seq[2], SSL3_SEQUENCE_SIZE - 2);
+        memcpy(dst, dtlsseq, SSL3_SEQUENCE_SIZE);
+}
diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c
index 13c93a77cf..b90cc8eed3 100644
--- a/src/lib/libssl/src/ssl/d1_lib.c
+++ b/src/lib/libssl/src/ssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.20 2014/06/13 04:29:13 miod Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.21 2014/06/21 17:02:25 jsing Exp $ */
 /* 
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
@@ -460,3 +460,16 @@ dtls1_listen(SSL *s, struct sockaddr *client)
        (void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
        return 1;
 }
+void
+dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq,
+    unsigned short epoch)
+{
+        unsigned char dtlsseq[SSL3_SEQUENCE_SIZE];
+        unsigned char *p;
+        p = dtlsseq;
+        s2n(epoch, p);
+        memcpy(p, &seq[2], SSL3_SEQUENCE_SIZE - 2);
+        memcpy(dst, dtlsseq, SSL3_SEQUENCE_SIZE);
+}
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index e7fdda69a9..09d4b20334 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.52 2014/06/15 15:29:25 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.53 2014/06/21 17:02:25 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -759,9 +759,12 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq,
 int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
 int dtls1_retransmit_buffered_messages(SSL *s);
 void dtls1_clear_record_buffer(SSL *s);
-void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
+void dtls1_get_message_header(unsigned char *data,
+    struct hm_header_st *msg_hdr);
 void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
 void dtls1_reset_seq_numbers(SSL *s, int rw);
+void dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq,
+    unsigned short epoch);
 long dtls1_default_timeout(void);
 struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
 int dtls1_check_timeout_num(SSL *s);
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index c4d53af556..373c2d0060 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.62 2014/06/21 14:45:22 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.63 2014/06/21 17:02:25 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -795,11 +795,8 @@ tls1_enc(SSL *s, int send)
                ssize_t n;
                if (SSL_IS_DTLS(s)) {
-                        unsigned char dtlsseq[9], *p = dtlsseq;
+                        dtls1_build_sequence_number(ad, seq,
+                            send ? s->d1->w_epoch : s->d1->r_epoch);
-                        s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
-                        memcpy(p, &seq[2], 6);
-                        memcpy(ad, dtlsseq, 8);
                } else {
                        memcpy(ad, seq, SSL3_SEQUENCE_SIZE);
                        ssl3_record_sequence_increment(seq);
@@ -948,11 +945,8 @@ tls1_enc(SSL *s, int send)
                        unsigned char buf[13];
                        if (SSL_IS_DTLS(s)) {
-                                unsigned char dtlsseq[9], *p = dtlsseq;
+                                dtls1_build_sequence_number(buf, seq,
+                                    send ? s->d1->w_epoch : s->d1->r_epoch);
-                                s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
-                                memcpy(p, &seq[2], 6);
-                                memcpy(buf, dtlsseq, 8);
                        } else {
                                memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
                                ssl3_record_sequence_increment(seq);
@@ -1131,15 +1125,11 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
                mac_ctx = &hmac;
        }
-        if (SSL_IS_DTLS(ssl)) {
+        if (SSL_IS_DTLS(ssl))
-                unsigned char dtlsseq[8], *p = dtlsseq;
+                dtls1_build_sequence_number(header, seq,
+                    send ? ssl->d1->w_epoch : ssl->d1->r_epoch);
-                s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
+        else
-                memcpy(p, &seq[2], 6);
+                memcpy(header, seq, SSL3_SEQUENCE_SIZE);
-                memcpy(header, dtlsseq, 8);
-        } else
-                memcpy(header, seq, 8);
        /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
        orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index e7fdda69a9..09d4b20334 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.52 2014/06/15 15:29:25 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.53 2014/06/21 17:02:25 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -759,9 +759,12 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq,
 int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
 int dtls1_retransmit_buffered_messages(SSL *s);
 void dtls1_clear_record_buffer(SSL *s);
-void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
+void dtls1_get_message_header(unsigned char *data,
+    struct hm_header_st *msg_hdr);
 void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
 void dtls1_reset_seq_numbers(SSL *s, int rw);
+void dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq,
+    unsigned short epoch);
 long dtls1_default_timeout(void);
 struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
 int dtls1_check_timeout_num(SSL *s);
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index c4d53af556..373c2d0060 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.62 2014/06/21 14:45:22 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.63 2014/06/21 17:02:25 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -795,11 +795,8 @@ tls1_enc(SSL *s, int send)
                ssize_t n;
                if (SSL_IS_DTLS(s)) {
-                        unsigned char dtlsseq[9], *p = dtlsseq;
+                        dtls1_build_sequence_number(ad, seq,
+                            send ? s->d1->w_epoch : s->d1->r_epoch);
-                        s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
-                        memcpy(p, &seq[2], 6);
-                        memcpy(ad, dtlsseq, 8);
                } else {
                        memcpy(ad, seq, SSL3_SEQUENCE_SIZE);
                        ssl3_record_sequence_increment(seq);
@@ -948,11 +945,8 @@ tls1_enc(SSL *s, int send)
                        unsigned char buf[13];
                        if (SSL_IS_DTLS(s)) {
-                                unsigned char dtlsseq[9], *p = dtlsseq;
+                                dtls1_build_sequence_number(buf, seq,
+                                    send ? s->d1->w_epoch : s->d1->r_epoch);
-                                s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
-                                memcpy(p, &seq[2], 6);
-                                memcpy(buf, dtlsseq, 8);
                        } else {
                                memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
                                ssl3_record_sequence_increment(seq);
@@ -1131,15 +1125,11 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
                mac_ctx = &hmac;
        }
-        if (SSL_IS_DTLS(ssl)) {
+        if (SSL_IS_DTLS(ssl))
-                unsigned char dtlsseq[8], *p = dtlsseq;
+                dtls1_build_sequence_number(header, seq,
+                    send ? ssl->d1->w_epoch : ssl->d1->r_epoch);
-                s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
+        else
-                memcpy(p, &seq[2], 6);
+                memcpy(header, seq, SSL3_SEQUENCE_SIZE);
-                memcpy(header, dtlsseq, 8);
-        } else
-                memcpy(header, seq, 8);
        /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
        orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);

diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c index 13c93a77cf..b90cc8eed3 100644 --- a/src/lib/libssl/d1_lib.c +++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_lib.c,v 1.20 2014/06/13 04:29:13 miod Exp $ */	1	/* $OpenBSD: d1_lib.c,v 1.21 2014/06/21 17:02:25 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -460,3 +460,16 @@ dtls1_listen(SSL s, struct sockaddr client)
460	(void)BIO_dgram_get_peer(SSL_get_rbio(s), client);	460	(void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
461	return 1;	461	return 1;
462	}	462	}
		463
		464	void
		465	dtls1_build_sequence_number(unsigned char dst, unsigned char seq,
		466	unsigned short epoch)
		467	{
		468	unsigned char dtlsseq[SSL3_SEQUENCE_SIZE];
		469	unsigned char *p;
		470
		471	p = dtlsseq;
		472	s2n(epoch, p);
		473	memcpy(p, &seq[2], SSL3_SEQUENCE_SIZE - 2);
		474	memcpy(dst, dtlsseq, SSL3_SEQUENCE_SIZE);
		475	}


diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c index 13c93a77cf..b90cc8eed3 100644 --- a/src/lib/libssl/src/ssl/d1_lib.c +++ b/src/lib/libssl/src/ssl/d1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_lib.c,v 1.20 2014/06/13 04:29:13 miod Exp $ */	1	/* $OpenBSD: d1_lib.c,v 1.21 2014/06/21 17:02:25 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -460,3 +460,16 @@ dtls1_listen(SSL s, struct sockaddr client)
460	(void)BIO_dgram_get_peer(SSL_get_rbio(s), client);	460	(void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
461	return 1;	461	return 1;
462	}	462	}
		463
		464	void
		465	dtls1_build_sequence_number(unsigned char dst, unsigned char seq,
		466	unsigned short epoch)
		467	{
		468	unsigned char dtlsseq[SSL3_SEQUENCE_SIZE];
		469	unsigned char *p;
		470
		471	p = dtlsseq;
		472	s2n(epoch, p);
		473	memcpy(p, &seq[2], SSL3_SEQUENCE_SIZE - 2);
		474	memcpy(dst, dtlsseq, SSL3_SEQUENCE_SIZE);
		475	}


diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index e7fdda69a9..09d4b20334 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.52 2014/06/15 15:29:25 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.53 2014/06/21 17:02:25 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -759,9 +759,12 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq,
759	int dtls1_get_queue_priority(unsigned short seq, int is_ccs);	759	int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
760	int dtls1_retransmit_buffered_messages(SSL *s);	760	int dtls1_retransmit_buffered_messages(SSL *s);
761	void dtls1_clear_record_buffer(SSL *s);	761	void dtls1_clear_record_buffer(SSL *s);
762	void dtls1_get_message_header(unsigned char data, struct hm_header_st msg_hdr);	762	void dtls1_get_message_header(unsigned char *data,
		763	struct hm_header_st *msg_hdr);
763	void dtls1_get_ccs_header(unsigned char data, struct ccs_header_st ccs_hdr);	764	void dtls1_get_ccs_header(unsigned char data, struct ccs_header_st ccs_hdr);
764	void dtls1_reset_seq_numbers(SSL *s, int rw);	765	void dtls1_reset_seq_numbers(SSL *s, int rw);
		766	void dtls1_build_sequence_number(unsigned char dst, unsigned char seq,
		767	unsigned short epoch);
765	long dtls1_default_timeout(void);	768	long dtls1_default_timeout(void);
766	struct timeval* dtls1_get_timeout(SSL s, struct timeval timeleft);	769	struct timeval* dtls1_get_timeout(SSL s, struct timeval timeleft);
767	int dtls1_check_timeout_num(SSL *s);	770	int dtls1_check_timeout_num(SSL *s);


diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index c4d53af556..373c2d0060 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.62 2014/06/21 14:45:22 jsing Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.63 2014/06/21 17:02:25 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -795,11 +795,8 @@ tls1_enc(SSL *s, int send)
795	ssize_t n;	795	ssize_t n;
796		796
797	if (SSL_IS_DTLS(s)) {	797	if (SSL_IS_DTLS(s)) {
798	unsigned char dtlsseq[9], *p = dtlsseq;	798	dtls1_build_sequence_number(ad, seq,
799		799	send ? s->d1->w_epoch : s->d1->r_epoch);
800	s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
801	memcpy(p, &seq[2], 6);
802	memcpy(ad, dtlsseq, 8);
803	} else {	800	} else {
804	memcpy(ad, seq, SSL3_SEQUENCE_SIZE);	801	memcpy(ad, seq, SSL3_SEQUENCE_SIZE);
805	ssl3_record_sequence_increment(seq);	802	ssl3_record_sequence_increment(seq);
@@ -948,11 +945,8 @@ tls1_enc(SSL *s, int send)
948	unsigned char buf[13];	945	unsigned char buf[13];
949		946
950	if (SSL_IS_DTLS(s)) {	947	if (SSL_IS_DTLS(s)) {
951	unsigned char dtlsseq[9], *p = dtlsseq;	948	dtls1_build_sequence_number(buf, seq,
952		949	send ? s->d1->w_epoch : s->d1->r_epoch);
953	s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
954	memcpy(p, &seq[2], 6);
955	memcpy(buf, dtlsseq, 8);
956	} else {	950	} else {
957	memcpy(buf, seq, SSL3_SEQUENCE_SIZE);	951	memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
958	ssl3_record_sequence_increment(seq);	952	ssl3_record_sequence_increment(seq);
@@ -1131,15 +1125,11 @@ tls1_mac(SSL ssl, unsigned char md, int send)
1131	mac_ctx = &hmac;	1125	mac_ctx = &hmac;
1132	}	1126	}
1133		1127
1134	if (SSL_IS_DTLS(ssl)) {	1128	if (SSL_IS_DTLS(ssl))
1135	unsigned char dtlsseq[8], *p = dtlsseq;	1129	dtls1_build_sequence_number(header, seq,
1136		1130	send ? ssl->d1->w_epoch : ssl->d1->r_epoch);
1137	s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);	1131	else
1138	memcpy(p, &seq[2], 6);	1132	memcpy(header, seq, SSL3_SEQUENCE_SIZE);
1139
1140	memcpy(header, dtlsseq, 8);
1141	} else
1142	memcpy(header, seq, 8);
1143		1133
1144	/* kludge: tls1_cbc_remove_padding passes padding length in rec->type */	1134	/* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
1145	orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);	1135	orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index e7fdda69a9..09d4b20334 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.52 2014/06/15 15:29:25 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.53 2014/06/21 17:02:25 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -759,9 +759,12 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq,
759	int dtls1_get_queue_priority(unsigned short seq, int is_ccs);	759	int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
760	int dtls1_retransmit_buffered_messages(SSL *s);	760	int dtls1_retransmit_buffered_messages(SSL *s);
761	void dtls1_clear_record_buffer(SSL *s);	761	void dtls1_clear_record_buffer(SSL *s);
762	void dtls1_get_message_header(unsigned char data, struct hm_header_st msg_hdr);	762	void dtls1_get_message_header(unsigned char *data,
		763	struct hm_header_st *msg_hdr);
763	void dtls1_get_ccs_header(unsigned char data, struct ccs_header_st ccs_hdr);	764	void dtls1_get_ccs_header(unsigned char data, struct ccs_header_st ccs_hdr);
764	void dtls1_reset_seq_numbers(SSL *s, int rw);	765	void dtls1_reset_seq_numbers(SSL *s, int rw);
		766	void dtls1_build_sequence_number(unsigned char dst, unsigned char seq,
		767	unsigned short epoch);
765	long dtls1_default_timeout(void);	768	long dtls1_default_timeout(void);
766	struct timeval* dtls1_get_timeout(SSL s, struct timeval timeleft);	769	struct timeval* dtls1_get_timeout(SSL s, struct timeval timeleft);
767	int dtls1_check_timeout_num(SSL *s);	770	int dtls1_check_timeout_num(SSL *s);


diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index c4d53af556..373c2d0060 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.62 2014/06/21 14:45:22 jsing Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.63 2014/06/21 17:02:25 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -795,11 +795,8 @@ tls1_enc(SSL *s, int send)
795	ssize_t n;	795	ssize_t n;
796		796
797	if (SSL_IS_DTLS(s)) {	797	if (SSL_IS_DTLS(s)) {
798	unsigned char dtlsseq[9], *p = dtlsseq;	798	dtls1_build_sequence_number(ad, seq,
799		799	send ? s->d1->w_epoch : s->d1->r_epoch);
800	s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
801	memcpy(p, &seq[2], 6);
802	memcpy(ad, dtlsseq, 8);
803	} else {	800	} else {
804	memcpy(ad, seq, SSL3_SEQUENCE_SIZE);	801	memcpy(ad, seq, SSL3_SEQUENCE_SIZE);
805	ssl3_record_sequence_increment(seq);	802	ssl3_record_sequence_increment(seq);
@@ -948,11 +945,8 @@ tls1_enc(SSL *s, int send)
948	unsigned char buf[13];	945	unsigned char buf[13];
949		946
950	if (SSL_IS_DTLS(s)) {	947	if (SSL_IS_DTLS(s)) {
951	unsigned char dtlsseq[9], *p = dtlsseq;	948	dtls1_build_sequence_number(buf, seq,
952		949	send ? s->d1->w_epoch : s->d1->r_epoch);
953	s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
954	memcpy(p, &seq[2], 6);
955	memcpy(buf, dtlsseq, 8);
956	} else {	950	} else {
957	memcpy(buf, seq, SSL3_SEQUENCE_SIZE);	951	memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
958	ssl3_record_sequence_increment(seq);	952	ssl3_record_sequence_increment(seq);
@@ -1131,15 +1125,11 @@ tls1_mac(SSL ssl, unsigned char md, int send)
1131	mac_ctx = &hmac;	1125	mac_ctx = &hmac;
1132	}	1126	}
1133		1127
1134	if (SSL_IS_DTLS(ssl)) {	1128	if (SSL_IS_DTLS(ssl))
1135	unsigned char dtlsseq[8], *p = dtlsseq;	1129	dtls1_build_sequence_number(header, seq,
1136		1130	send ? ssl->d1->w_epoch : ssl->d1->r_epoch);
1137	s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);	1131	else
1138	memcpy(p, &seq[2], 6);	1132	memcpy(header, seq, SSL3_SEQUENCE_SIZE);
1139
1140	memcpy(header, dtlsseq, 8);
1141	} else
1142	memcpy(header, seq, 8);
1143		1133
1144	/* kludge: tls1_cbc_remove_padding passes padding length in rec->type */	1134	/* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
1145	orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);	1135	orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);