1 files changed, 10 insertions, 20 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index c4d53af556..373c2d0060 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.62 2014/06/21 14:45:22 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.63 2014/06/21 17:02:25 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -795,11 +795,8 @@ tls1_enc(SSL *s, int send)
                ssize_t n;
                if (SSL_IS_DTLS(s)) {
-                        unsigned char dtlsseq[9], *p = dtlsseq;
+                        dtls1_build_sequence_number(ad, seq,
+                            send ? s->d1->w_epoch : s->d1->r_epoch);
-                        s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
-                        memcpy(p, &seq[2], 6);
-                        memcpy(ad, dtlsseq, 8);
                } else {
                        memcpy(ad, seq, SSL3_SEQUENCE_SIZE);
                        ssl3_record_sequence_increment(seq);
@@ -948,11 +945,8 @@ tls1_enc(SSL *s, int send)
                        unsigned char buf[13];
                        if (SSL_IS_DTLS(s)) {
-                                unsigned char dtlsseq[9], *p = dtlsseq;
+                                dtls1_build_sequence_number(buf, seq,
+                                    send ? s->d1->w_epoch : s->d1->r_epoch);
-                                s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
-                                memcpy(p, &seq[2], 6);
-                                memcpy(buf, dtlsseq, 8);
                        } else {
                                memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
                                ssl3_record_sequence_increment(seq);
@@ -1131,15 +1125,11 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
                mac_ctx = &hmac;
        }
-        if (SSL_IS_DTLS(ssl)) {
+        if (SSL_IS_DTLS(ssl))
-                unsigned char dtlsseq[8], *p = dtlsseq;
+                dtls1_build_sequence_number(header, seq,
+                    send ? ssl->d1->w_epoch : ssl->d1->r_epoch);
-                s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
+        else
-                memcpy(p, &seq[2], 6);
+                memcpy(header, seq, SSL3_SEQUENCE_SIZE);
-                memcpy(header, dtlsseq, 8);
-        } else
-                memcpy(header, seq, 8);
        /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
        orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index c4d53af556..373c2d0060 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_enc.c,v 1.62 2014/06/21 14:45:22 jsing Exp $ */	1	/* $OpenBSD: t1_enc.c,v 1.63 2014/06/21 17:02:25 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -795,11 +795,8 @@ tls1_enc(SSL *s, int send)
795	ssize_t n;	795	ssize_t n;
796		796
797	if (SSL_IS_DTLS(s)) {	797	if (SSL_IS_DTLS(s)) {
798	unsigned char dtlsseq[9], *p = dtlsseq;	798	dtls1_build_sequence_number(ad, seq,
799		799	send ? s->d1->w_epoch : s->d1->r_epoch);
800	s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
801	memcpy(p, &seq[2], 6);
802	memcpy(ad, dtlsseq, 8);
803	} else {	800	} else {
804	memcpy(ad, seq, SSL3_SEQUENCE_SIZE);	801	memcpy(ad, seq, SSL3_SEQUENCE_SIZE);
805	ssl3_record_sequence_increment(seq);	802	ssl3_record_sequence_increment(seq);
@@ -948,11 +945,8 @@ tls1_enc(SSL *s, int send)
948	unsigned char buf[13];	945	unsigned char buf[13];
949		946
950	if (SSL_IS_DTLS(s)) {	947	if (SSL_IS_DTLS(s)) {
951	unsigned char dtlsseq[9], *p = dtlsseq;	948	dtls1_build_sequence_number(buf, seq,
952		949	send ? s->d1->w_epoch : s->d1->r_epoch);
953	s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
954	memcpy(p, &seq[2], 6);
955	memcpy(buf, dtlsseq, 8);
956	} else {	950	} else {
957	memcpy(buf, seq, SSL3_SEQUENCE_SIZE);	951	memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
958	ssl3_record_sequence_increment(seq);	952	ssl3_record_sequence_increment(seq);
@@ -1131,15 +1125,11 @@ tls1_mac(SSL ssl, unsigned char md, int send)
1131	mac_ctx = &hmac;	1125	mac_ctx = &hmac;
1132	}	1126	}
1133		1127
1134	if (SSL_IS_DTLS(ssl)) {	1128	if (SSL_IS_DTLS(ssl))
1135	unsigned char dtlsseq[8], *p = dtlsseq;	1129	dtls1_build_sequence_number(header, seq,
1136		1130	send ? ssl->d1->w_epoch : ssl->d1->r_epoch);
1137	s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);	1131	else
1138	memcpy(p, &seq[2], 6);	1132	memcpy(header, seq, SSL3_SEQUENCE_SIZE);
1139
1140	memcpy(header, dtlsseq, 8);
1141	} else
1142	memcpy(header, seq, 8);
1143		1133
1144	/* kludge: tls1_cbc_remove_padding passes padding length in rec->type */	1134	/* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
1145	orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);	1135	orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);