Merge OpenSSL 0.9.8m into head.

This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL.  The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.

MFC after:	3 weeks

1 files changed, 3 insertions, 3 deletions

diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c
index 7cb3e29..dab6e44 100644
--- a/crypto/openssl/ssl/t1_enc.c
+++ b/crypto/openssl/ssl/t1_enc.c
@@ -765,10 +765,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 	HMAC_CTX_init(&hmac);
 	HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
 
-	if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
+	if (ssl->version == DTLS1_BAD_VER ||
+	    (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER))
 		{
 		unsigned char dtlsseq[8],*p=dtlsseq;
-
 		s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
 		memcpy (p,&seq[2],6);
 
@@ -793,7 +793,7 @@ printf("rec=");
 {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
 #endif
 
-	if ( SSL_version(ssl) != DTLS1_VERSION)
+	if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER)
 		{
 		for (i=7; i>=0; i--)
 			{