Reduce non-functional differences between dtls1_accept() and

ssl3_accept() - synchronise comments, whitespace, line wrapping, etc.
author: jsing <> 2017-10-08 16:56:51 +0000
committer: jsing <> 2017-10-08 16:56:51 +0000
commit: 27d175eed37a53f5fec3ea007fa00199f2eab56c (patch)
tree: cb448c39a7b9c963ef8fbf45ffd97903c78302bc
parent: 23d9764354554ecb820c49fed8f0286c5b684bbe (diff)
download: openbsd-27d175eed37a53f5fec3ea007fa00199f2eab56c.tar.gz
openbsd-27d175eed37a53f5fec3ea007fa00199f2eab56c.tar.bz2
openbsd-27d175eed37a53f5fec3ea007fa00199f2eab56c.zip
1 files changed, 42 insertions, 34 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index f0e59a8e00..05c92be46c 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.89 2017/10/08 16:24:02 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.90 2017/10/08 16:56:51 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -219,7 +219,6 @@ dtls1_accept(SSL *s)
                case SSL_ST_ACCEPT:
                case SSL_ST_BEFORE|SSL_ST_ACCEPT:
                case SSL_ST_OK|SSL_ST_ACCEPT:
                        s->server = 1;
                        if (cb != NULL)
                                cb(s, SSL_CB_HANDSHAKE_START, 1);
@@ -243,15 +242,16 @@ dtls1_accept(SSL *s)
                        s->internal->init_num = 0;
                        if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) {
-                                /* Ok, we now need to push on a buffering BIO so that
+                                /*
-                                 * the output is sent in a way that TCP likes :-)
+                                 * Ok, we now need to push on a buffering BIO
+                                 * so that the output is sent in a way that
+                                 * TCP likes :-)
                                 * ...but not with SCTP :-)
                                 */
                                if (!ssl_init_wbio_buffer(s, 1)) {
                                        ret = -1;
                                        goto end;
                                }
                                if (!tls1_init_finished_mac(s)) {
                                        ret = -1;
                                        goto end;
@@ -260,17 +260,17 @@ dtls1_accept(SSL *s)
                                S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
                                s->ctx->internal->stats.sess_accept++;
                        } else {
-                                /* S3I(s)->hs.state == SSL_ST_RENEGOTIATE,
+                                /*
-                                 * we will just send a HelloRequest */
+                                 * S3I(s)->hs.state == SSL_ST_RENEGOTIATE,
+                                 * we will just send a HelloRequest.
+                                 */
                                s->ctx->internal->stats.sess_accept_renegotiate++;
                                S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A;
                        }
                        break;
                case SSL3_ST_SW_HELLO_REQ_A:
                case SSL3_ST_SW_HELLO_REQ_B:
                        s->internal->shutdown = 0;
                        dtls1_clear_record_buffer(s);
                        dtls1_start_timer(s);
@@ -294,7 +294,6 @@ dtls1_accept(SSL *s)
                case SSL3_ST_SR_CLNT_HELLO_A:
                case SSL3_ST_SR_CLNT_HELLO_B:
                case SSL3_ST_SR_CLNT_HELLO_C:
                        s->internal->shutdown = 0;
                        ret = ssl3_get_client_hello(s);
                        if (ret <= 0)
@@ -330,7 +329,6 @@ dtls1_accept(SSL *s)
                case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
                case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
                        ret = dtls1_send_hello_verify_request(s);
                        if (ret <= 0)
                                goto end;
@@ -344,7 +342,6 @@ dtls1_accept(SSL *s)
                        }
                        break;
                case SSL3_ST_SW_SRVR_HELLO_A:
                case SSL3_ST_SW_SRVR_HELLO_B:
                        s->internal->renegotiate = 2;
@@ -352,20 +349,20 @@ dtls1_accept(SSL *s)
                        ret = ssl3_send_server_hello(s);
                        if (ret <= 0)
                                goto end;
                        if (s->internal->hit) {
                                if (s->internal->tlsext_ticket_expected)
                                        S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
                                else
                                        S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
-                        } else
+                        } else {
                                S3I(s)->hs.state = SSL3_ST_SW_CERT_A;
+                        }
                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_SW_CERT_A:
                case SSL3_ST_SW_CERT_B:
-                        /* Check if it is anon DH. */
+                        /* Check if it is anon DH or anon ECDH. */
                        if (!(S3I(s)->hs.new_cipher->algorithm_auth &
                            SSL_aNULL)) {
                                dtls1_start_timer(s);
@@ -387,7 +384,14 @@ dtls1_accept(SSL *s)
                case SSL3_ST_SW_KEY_EXCH_B:
                        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
-                        /* Only send if using a DH key exchange. */
+                        /*
+                         * Only send if using a DH key exchange.
+                         *
+                         * For ECC ciphersuites, we send a ServerKeyExchange
+                         * message only if the cipher suite is ECDHE. In other
+                         * cases, the server certificate contains the server's
+                         * public key for key exchange.
+                         */
                        if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
                                dtls1_start_timer(s);
                                ret = ssl3_send_server_key_exchange(s);
@@ -425,7 +429,7 @@ dtls1_accept(SSL *s)
                            ((S3I(s)->hs.new_cipher->algorithm_auth &
                             SSL_aNULL) && !(s->verify_mode &
                             SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
-                                /* no cert request */
+                                /* No cert request. */
                                skip = 1;
                                S3I(s)->tmp.cert_request = 0;
                                S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
@@ -452,6 +456,16 @@ dtls1_accept(SSL *s)
                        break;
                case SSL3_ST_SW_FLUSH:
+                        /*
+                         * This code originally checked to see if
+                         * any data was pending using BIO_CTRL_INFO
+                         * and then flushed. This caused problems
+                         * as documented in PR#1939. The proposed
+                         * fix doesn't completely resolve this issue
+                         * as buggy implementations of BIO_CTRL_PENDING
+                         * still exist. So instead we just flush
+                         * unconditionally.
+                         */
                        s->internal->rwstate = SSL_WRITING;
                        if (BIO_flush(s->wbio) <= 0) {
                                /* If the write error was fatal, stop trying */
@@ -488,10 +502,14 @@ dtls1_accept(SSL *s)
                        s->internal->init_num = 0;
                        if (ret == 2) {
-                                /* For the ECDH ciphersuites when
+                                /*
+                                 * For the ECDH ciphersuites when
                                 * the client sends its ECDH pub key in
                                 * a certificate, the CertificateVerify
                                 * message is not sent.
+                                 * Also for GOST ciphersuites when
+                                 * the client uses its key from the certificate
+                                 * for key exchange.
                                 */
                                S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
                                s->internal->init_num = 0;
@@ -500,7 +518,6 @@ dtls1_accept(SSL *s)
                                s->internal->init_num = 0;
                                if (!s->session->peer)
                                        break;
                                /*
                                 * For sigalgs freeze the handshake buffer
                                 * at this point and digest cached records.
@@ -541,7 +558,6 @@ dtls1_accept(SSL *s)
                case SSL3_ST_SR_CERT_VRFY_A:
                case SSL3_ST_SR_CERT_VRFY_B:
                        D1I(s)->change_cipher_spec_ok = 1;
                        /* we should decide if we expected this one */
                        ret = ssl3_get_cert_verify(s);
@@ -555,7 +571,7 @@ dtls1_accept(SSL *s)
                case SSL3_ST_SR_FINISHED_B:
                        D1I(s)->change_cipher_spec_ok = 1;
                        ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
-                        SSL3_ST_SR_FINISHED_B);
+                            SSL3_ST_SR_FINISHED_B);
                        if (ret <= 0)
                                goto end;
                        dtls1_stop_timer(s);
@@ -586,10 +602,8 @@ dtls1_accept(SSL *s)
                        s->internal->init_num = 0;
                        break;
                case SSL3_ST_SW_CHANGE_A:
                case SSL3_ST_SW_CHANGE_B:
                        s->session->cipher = S3I(s)->hs.new_cipher;
                        if (!tls1_setup_key_block(s)) {
                                ret = -1;
@@ -600,13 +614,11 @@ dtls1_accept(SSL *s)
                            SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);
                        if (ret <= 0)
                                goto end;
                        S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A;
                        s->internal->init_num = 0;
                        if (!tls1_change_cipher_state(s,
-                                SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
+                            SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
                                ret = -1;
                                goto end;
                        }
@@ -623,12 +635,10 @@ dtls1_accept(SSL *s)
                        if (ret <= 0)
                                goto end;
                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
-                        if (s->internal->hit) {
+                        if (s->internal->hit)
                                S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;
+                        else
-                        } else {
                                S3I(s)->hs.next_state = SSL_ST_OK;
-                        }
                        s->internal->init_num = 0;
                        break;
@@ -641,8 +651,8 @@ dtls1_accept(SSL *s)
                        s->internal->init_num = 0;
-                        if (s->internal->renegotiate == 2) /* skipped if we just sent a HelloRequest */
+                        /* Skipped if we just sent a HelloRequest. */
-                        {
+                        if (s->internal->renegotiate == 2) {
                                s->internal->renegotiate = 0;
                                s->internal->new_session = 0;
@@ -690,9 +700,7 @@ dtls1_accept(SSL *s)
        }
 end:
        /* BIO_flush(s->wbio); */
        s->internal->in_handshake--;
        if (cb != NULL)
                cb(s, SSL_CB_ACCEPT_EXIT, ret);
author	jsing <>	2017-10-08 16:56:51 +0000
committer	jsing <>	2017-10-08 16:56:51 +0000
commit	27d175eed37a53f5fec3ea007fa00199f2eab56c (patch)
tree	cb448c39a7b9c963ef8fbf45ffd97903c78302bc
parent	23d9764354554ecb820c49fed8f0286c5b684bbe (diff)
download	openbsd-27d175eed37a53f5fec3ea007fa00199f2eab56c.tar.gz openbsd-27d175eed37a53f5fec3ea007fa00199f2eab56c.tar.bz2 openbsd-27d175eed37a53f5fec3ea007fa00199f2eab56c.zip

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index f0e59a8e00..05c92be46c 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.89 2017/10/08 16:24:02 jsing Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.90 2017/10/08 16:56:51 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -219,7 +219,6 @@ dtls1_accept(SSL *s)
219	case SSL_ST_ACCEPT:	219	case SSL_ST_ACCEPT:
220	case SSL_ST_BEFORE\|SSL_ST_ACCEPT:	220	case SSL_ST_BEFORE\|SSL_ST_ACCEPT:
221	case SSL_ST_OK\|SSL_ST_ACCEPT:	221	case SSL_ST_OK\|SSL_ST_ACCEPT:
222
223	s->server = 1;	222	s->server = 1;
224	if (cb != NULL)	223	if (cb != NULL)
225	cb(s, SSL_CB_HANDSHAKE_START, 1);	224	cb(s, SSL_CB_HANDSHAKE_START, 1);
@@ -243,15 +242,16 @@ dtls1_accept(SSL *s)
243	s->internal->init_num = 0;	242	s->internal->init_num = 0;
244		243
245	if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) {	244	if (S3I(s)->hs.state != SSL_ST_RENEGOTIATE) {
246	/* Ok, we now need to push on a buffering BIO so that	245	/*
247	* the output is sent in a way that TCP likes :-)	246	* Ok, we now need to push on a buffering BIO
		247	* so that the output is sent in a way that
		248	* TCP likes :-)
248	* ...but not with SCTP :-)	249	* ...but not with SCTP :-)
249	*/	250	*/
250	if (!ssl_init_wbio_buffer(s, 1)) {	251	if (!ssl_init_wbio_buffer(s, 1)) {
251	ret = -1;	252	ret = -1;
252	goto end;	253	goto end;
253	}	254	}
254
255	if (!tls1_init_finished_mac(s)) {	255	if (!tls1_init_finished_mac(s)) {
256	ret = -1;	256	ret = -1;
257	goto end;	257	goto end;
@@ -260,17 +260,17 @@ dtls1_accept(SSL *s)
260	S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;	260	S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
261	s->ctx->internal->stats.sess_accept++;	261	s->ctx->internal->stats.sess_accept++;
262	} else {	262	} else {
263	/* S3I(s)->hs.state == SSL_ST_RENEGOTIATE,	263	/*
264	* we will just send a HelloRequest */	264	* S3I(s)->hs.state == SSL_ST_RENEGOTIATE,
		265	* we will just send a HelloRequest.
		266	*/
265	s->ctx->internal->stats.sess_accept_renegotiate++;	267	s->ctx->internal->stats.sess_accept_renegotiate++;
266	S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A;	268	S3I(s)->hs.state = SSL3_ST_SW_HELLO_REQ_A;
267	}	269	}
268
269	break;	270	break;
270		271
271	case SSL3_ST_SW_HELLO_REQ_A:	272	case SSL3_ST_SW_HELLO_REQ_A:
272	case SSL3_ST_SW_HELLO_REQ_B:	273	case SSL3_ST_SW_HELLO_REQ_B:
273
274	s->internal->shutdown = 0;	274	s->internal->shutdown = 0;
275	dtls1_clear_record_buffer(s);	275	dtls1_clear_record_buffer(s);
276	dtls1_start_timer(s);	276	dtls1_start_timer(s);
@@ -294,7 +294,6 @@ dtls1_accept(SSL *s)
294	case SSL3_ST_SR_CLNT_HELLO_A:	294	case SSL3_ST_SR_CLNT_HELLO_A:
295	case SSL3_ST_SR_CLNT_HELLO_B:	295	case SSL3_ST_SR_CLNT_HELLO_B:
296	case SSL3_ST_SR_CLNT_HELLO_C:	296	case SSL3_ST_SR_CLNT_HELLO_C:
297
298	s->internal->shutdown = 0;	297	s->internal->shutdown = 0;
299	ret = ssl3_get_client_hello(s);	298	ret = ssl3_get_client_hello(s);
300	if (ret <= 0)	299	if (ret <= 0)
@@ -330,7 +329,6 @@ dtls1_accept(SSL *s)
330		329
331	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:	330	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
332	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:	331	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
333
334	ret = dtls1_send_hello_verify_request(s);	332	ret = dtls1_send_hello_verify_request(s);
335	if (ret <= 0)	333	if (ret <= 0)
336	goto end;	334	goto end;
@@ -344,7 +342,6 @@ dtls1_accept(SSL *s)
344	}	342	}
345	break;	343	break;
346		344
347
348	case SSL3_ST_SW_SRVR_HELLO_A:	345	case SSL3_ST_SW_SRVR_HELLO_A:
349	case SSL3_ST_SW_SRVR_HELLO_B:	346	case SSL3_ST_SW_SRVR_HELLO_B:
350	s->internal->renegotiate = 2;	347	s->internal->renegotiate = 2;
@@ -352,20 +349,20 @@ dtls1_accept(SSL *s)
352	ret = ssl3_send_server_hello(s);	349	ret = ssl3_send_server_hello(s);
353	if (ret <= 0)	350	if (ret <= 0)
354	goto end;	351	goto end;
355
356	if (s->internal->hit) {	352	if (s->internal->hit) {
357	if (s->internal->tlsext_ticket_expected)	353	if (s->internal->tlsext_ticket_expected)
358	S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;	354	S3I(s)->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
359	else	355	else
360	S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;	356	S3I(s)->hs.state = SSL3_ST_SW_CHANGE_A;
361	} else	357	} else {
362	S3I(s)->hs.state = SSL3_ST_SW_CERT_A;	358	S3I(s)->hs.state = SSL3_ST_SW_CERT_A;
		359	}
363	s->internal->init_num = 0;	360	s->internal->init_num = 0;
364	break;	361	break;
365		362
366	case SSL3_ST_SW_CERT_A:	363	case SSL3_ST_SW_CERT_A:
367	case SSL3_ST_SW_CERT_B:	364	case SSL3_ST_SW_CERT_B:
368	/* Check if it is anon DH. */	365	/* Check if it is anon DH or anon ECDH. */
369	if (!(S3I(s)->hs.new_cipher->algorithm_auth &	366	if (!(S3I(s)->hs.new_cipher->algorithm_auth &
370	SSL_aNULL)) {	367	SSL_aNULL)) {
371	dtls1_start_timer(s);	368	dtls1_start_timer(s);
@@ -387,7 +384,14 @@ dtls1_accept(SSL *s)
387	case SSL3_ST_SW_KEY_EXCH_B:	384	case SSL3_ST_SW_KEY_EXCH_B:
388	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	385	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
389		386
390	/* Only send if using a DH key exchange. */	387	/*
		388	* Only send if using a DH key exchange.
		389	*
		390	* For ECC ciphersuites, we send a ServerKeyExchange
		391	* message only if the cipher suite is ECDHE. In other
		392	* cases, the server certificate contains the server's
		393	* public key for key exchange.
		394	*/
391	if (alg_k & (SSL_kDHE\|SSL_kECDHE)) {	395	if (alg_k & (SSL_kDHE\|SSL_kECDHE)) {
392	dtls1_start_timer(s);	396	dtls1_start_timer(s);
393	ret = ssl3_send_server_key_exchange(s);	397	ret = ssl3_send_server_key_exchange(s);
@@ -425,7 +429,7 @@ dtls1_accept(SSL *s)
425	((S3I(s)->hs.new_cipher->algorithm_auth &	429	((S3I(s)->hs.new_cipher->algorithm_auth &
426	SSL_aNULL) && !(s->verify_mode &	430	SSL_aNULL) && !(s->verify_mode &
427	SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {	431	SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
428	/* no cert request */	432	/* No cert request. */
429	skip = 1;	433	skip = 1;
430	S3I(s)->tmp.cert_request = 0;	434	S3I(s)->tmp.cert_request = 0;
431	S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;	435	S3I(s)->hs.state = SSL3_ST_SW_SRVR_DONE_A;
@@ -452,6 +456,16 @@ dtls1_accept(SSL *s)
452	break;	456	break;
453		457
454	case SSL3_ST_SW_FLUSH:	458	case SSL3_ST_SW_FLUSH:
		459	/*
		460	* This code originally checked to see if
		461	* any data was pending using BIO_CTRL_INFO
		462	* and then flushed. This caused problems
		463	* as documented in PR#1939. The proposed
		464	* fix doesn't completely resolve this issue
		465	* as buggy implementations of BIO_CTRL_PENDING
		466	* still exist. So instead we just flush
		467	* unconditionally.
		468	*/
455	s->internal->rwstate = SSL_WRITING;	469	s->internal->rwstate = SSL_WRITING;
456	if (BIO_flush(s->wbio) <= 0) {	470	if (BIO_flush(s->wbio) <= 0) {
457	/* If the write error was fatal, stop trying */	471	/* If the write error was fatal, stop trying */
@@ -488,10 +502,14 @@ dtls1_accept(SSL *s)
488	s->internal->init_num = 0;	502	s->internal->init_num = 0;
489		503
490	if (ret == 2) {	504	if (ret == 2) {
491	/* For the ECDH ciphersuites when	505	/*
		506	* For the ECDH ciphersuites when
492	* the client sends its ECDH pub key in	507	* the client sends its ECDH pub key in
493	* a certificate, the CertificateVerify	508	* a certificate, the CertificateVerify
494	* message is not sent.	509	* message is not sent.
		510	* Also for GOST ciphersuites when
		511	* the client uses its key from the certificate
		512	* for key exchange.
495	*/	513	*/
496	S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;	514	S3I(s)->hs.state = SSL3_ST_SR_FINISHED_A;
497	s->internal->init_num = 0;	515	s->internal->init_num = 0;
@@ -500,7 +518,6 @@ dtls1_accept(SSL *s)
500	s->internal->init_num = 0;	518	s->internal->init_num = 0;
501	if (!s->session->peer)	519	if (!s->session->peer)
502	break;	520	break;
503
504	/*	521	/*
505	* For sigalgs freeze the handshake buffer	522	* For sigalgs freeze the handshake buffer
506	* at this point and digest cached records.	523	* at this point and digest cached records.
@@ -541,7 +558,6 @@ dtls1_accept(SSL *s)
541		558
542	case SSL3_ST_SR_CERT_VRFY_A:	559	case SSL3_ST_SR_CERT_VRFY_A:
543	case SSL3_ST_SR_CERT_VRFY_B:	560	case SSL3_ST_SR_CERT_VRFY_B:
544
545	D1I(s)->change_cipher_spec_ok = 1;	561	D1I(s)->change_cipher_spec_ok = 1;
546	/* we should decide if we expected this one */	562	/* we should decide if we expected this one */
547	ret = ssl3_get_cert_verify(s);	563	ret = ssl3_get_cert_verify(s);
@@ -555,7 +571,7 @@ dtls1_accept(SSL *s)
555	case SSL3_ST_SR_FINISHED_B:	571	case SSL3_ST_SR_FINISHED_B:
556	D1I(s)->change_cipher_spec_ok = 1;	572	D1I(s)->change_cipher_spec_ok = 1;
557	ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,	573	ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
558	SSL3_ST_SR_FINISHED_B);	574	SSL3_ST_SR_FINISHED_B);
559	if (ret <= 0)	575	if (ret <= 0)
560	goto end;	576	goto end;
561	dtls1_stop_timer(s);	577	dtls1_stop_timer(s);
@@ -586,10 +602,8 @@ dtls1_accept(SSL *s)
586	s->internal->init_num = 0;	602	s->internal->init_num = 0;
587	break;	603	break;
588		604
589
590	case SSL3_ST_SW_CHANGE_A:	605	case SSL3_ST_SW_CHANGE_A:
591	case SSL3_ST_SW_CHANGE_B:	606	case SSL3_ST_SW_CHANGE_B:
592
593	s->session->cipher = S3I(s)->hs.new_cipher;	607	s->session->cipher = S3I(s)->hs.new_cipher;
594	if (!tls1_setup_key_block(s)) {	608	if (!tls1_setup_key_block(s)) {
595	ret = -1;	609	ret = -1;
@@ -600,13 +614,11 @@ dtls1_accept(SSL *s)
600	SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);	614	SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);
601	if (ret <= 0)	615	if (ret <= 0)
602	goto end;	616	goto end;
603
604
605	S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A;	617	S3I(s)->hs.state = SSL3_ST_SW_FINISHED_A;
606	s->internal->init_num = 0;	618	s->internal->init_num = 0;
607		619
608	if (!tls1_change_cipher_state(s,	620	if (!tls1_change_cipher_state(s,
609	SSL3_CHANGE_CIPHER_SERVER_WRITE)) {	621	SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
610	ret = -1;	622	ret = -1;
611	goto end;	623	goto end;
612	}	624	}
@@ -623,12 +635,10 @@ dtls1_accept(SSL *s)
623	if (ret <= 0)	635	if (ret <= 0)
624	goto end;	636	goto end;
625	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;	637	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
626	if (s->internal->hit) {	638	if (s->internal->hit)
627	S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;	639	S3I(s)->hs.next_state = SSL3_ST_SR_FINISHED_A;
628		640	else
629	} else {
630	S3I(s)->hs.next_state = SSL_ST_OK;	641	S3I(s)->hs.next_state = SSL_ST_OK;
631	}
632	s->internal->init_num = 0;	642	s->internal->init_num = 0;
633	break;	643	break;
634		644
@@ -641,8 +651,8 @@ dtls1_accept(SSL *s)
641		651
642	s->internal->init_num = 0;	652	s->internal->init_num = 0;
643		653
644	if (s->internal->renegotiate == 2) /* skipped if we just sent a HelloRequest */	654	/* Skipped if we just sent a HelloRequest. */
645	{	655	if (s->internal->renegotiate == 2) {
646	s->internal->renegotiate = 0;	656	s->internal->renegotiate = 0;
647	s->internal->new_session = 0;	657	s->internal->new_session = 0;
648		658
@@ -690,9 +700,7 @@ dtls1_accept(SSL *s)
690	}	700	}
691	end:	701	end:
692	/* BIO_flush(s->wbio); */	702	/* BIO_flush(s->wbio); */
693
694	s->internal->in_handshake--;	703	s->internal->in_handshake--;
695
696	if (cb != NULL)	704	if (cb != NULL)
697	cb(s, SSL_CB_ACCEPT_EXIT, ret);	705	cb(s, SSL_CB_ACCEPT_EXIT, ret);
698		706