diff options
author | Andy Polyakov <appro@openssl.org> | 2007-09-30 19:36:32 +0000 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2007-09-30 19:36:32 +0000 |
commit | 4c860910df4417f7229c4c864c726e4b187b65b2 (patch) | |
tree | 184d62f54af8b18aa57dfa439f11ef0db43c8fce | |
parent | 0fc3d51b7dc65e27484c3a22f27d14388bb7c208 (diff) | |
download | openssl-new-4c860910df4417f7229c4c864c726e4b187b65b2.tar.gz |
DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. From HEAD with a
twist: server allows for non-compliant Finished calculations in order to
enable interop with pre-0.9.8f.
-rw-r--r-- | ssl/d1_clnt.c | 6 | ||||
-rw-r--r-- | ssl/d1_srvr.c | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 8d2b9a6ea8..5e59dc845a 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -214,8 +214,6 @@ int dtls1_connect(SSL *s) /* don't push the buffering BIO quite yet */ - ssl3_init_finished_mac(s); - s->state=SSL3_ST_CW_CLNT_HELLO_A; s->ctx->stats.sess_connect++; s->init_num=0; @@ -227,6 +225,10 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_CLNT_HELLO_B: s->shutdown=0; + + /* every DTLS ClientHello resets Finished MAC */ + ssl3_init_finished_mac(s); + ret=dtls1_client_hello(s); if (ret <= 0) goto end; diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 77431bbe18..7ebba51b8e 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -285,6 +285,10 @@ int dtls1_accept(SSL *s) s->d1->send_cookie = 0; s->state=SSL3_ST_SW_FLUSH; s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; + + /* HelloVerifyRequests resets Finished MAC */ + if (s->client_version != DTLS1_BAD_VER) + ssl3_init_finished_mac(s); break; case SSL3_ST_SW_SRVR_HELLO_A: |