DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. From HEAD with a

twist: server allows for non-compliant Finished calculations in order to enable interop with pre-0.9.8f.
author: Andy Polyakov <appro@openssl.org> 2007-09-30 19:36:32 +0000
committer: Andy Polyakov <appro@openssl.org> 2007-09-30 19:36:32 +0000
commit: 4c860910df4417f7229c4c864c726e4b187b65b2 (patch)
tree: 184d62f54af8b18aa57dfa439f11ef0db43c8fce
parent: 0fc3d51b7dc65e27484c3a22f27d14388bb7c208 (diff)
download: openssl-new-4c860910df4417f7229c4c864c726e4b187b65b2.tar.gz
2 files changed, 8 insertions, 2 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 8d2b9a6ea8..5e59dc845a 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -214,8 +214,6 @@ int dtls1_connect(SSL *s)
 
 			/* don't push the buffering BIO quite yet */
 
-			ssl3_init_finished_mac(s);
-
 			s->state=SSL3_ST_CW_CLNT_HELLO_A;
 			s->ctx->stats.sess_connect++;
 			s->init_num=0;
@@ -227,6 +225,10 @@ int dtls1_connect(SSL *s)
 		case SSL3_ST_CW_CLNT_HELLO_B:
 
 			s->shutdown=0;
+
+			/* every DTLS ClientHello resets Finished MAC */
+			ssl3_init_finished_mac(s);
+
 			ret=dtls1_client_hello(s);
 			if (ret <= 0) goto end;
 
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 77431bbe18..7ebba51b8e 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -285,6 +285,10 @@ int dtls1_accept(SSL *s)
 			s->d1->send_cookie = 0;
 			s->state=SSL3_ST_SW_FLUSH;
 			s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+
+			/* HelloVerifyRequests resets Finished MAC */
+			if (s->client_version != DTLS1_BAD_VER)
+				ssl3_init_finished_mac(s);
 			break;
 			
 		case SSL3_ST_SW_SRVR_HELLO_A:
author	Andy Polyakov <appro@openssl.org>	2007-09-30 19:36:32 +0000
committer	Andy Polyakov <appro@openssl.org>	2007-09-30 19:36:32 +0000
commit	4c860910df4417f7229c4c864c726e4b187b65b2 (patch)
tree	184d62f54af8b18aa57dfa439f11ef0db43c8fce
parent	0fc3d51b7dc65e27484c3a22f27d14388bb7c208 (diff)
download	openssl-new-4c860910df4417f7229c4c864c726e4b187b65b2.tar.gz