diff options
| author | jsing <> | 2015-09-12 20:27:27 +0000 |
|---|---|---|
| committer | jsing <> | 2015-09-12 20:27:27 +0000 |
| commit | d712224a647df19276e22915af780d1944b69a20 (patch) | |
| tree | d7515f63233fdc4b93a2156da8ab2c5cfa4b1b23 /src | |
| parent | 5fe63508fd9ea429800fda9e137e5773ccfe00ee (diff) | |
| download | openbsd-d712224a647df19276e22915af780d1944b69a20.tar.gz openbsd-d712224a647df19276e22915af780d1944b69a20.tar.bz2 openbsd-d712224a647df19276e22915af780d1944b69a20.zip | |
Sync handling of cached record digests with s3_srvr.c.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 24 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_srvr.c | 24 |
2 files changed, 46 insertions, 2 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 1d50ac2388..289ef246a5 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.64 2015/09/12 15:08:54 jsing Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.65 2015/09/12 20:27:27 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -492,6 +492,27 @@ dtls1_accept(SSL *s) | |||
| 492 | */ | 492 | */ |
| 493 | s->state = SSL3_ST_SR_FINISHED_A; | 493 | s->state = SSL3_ST_SR_FINISHED_A; |
| 494 | s->init_num = 0; | 494 | s->init_num = 0; |
| 495 | } else if (SSL_USE_SIGALGS(s)) { | ||
| 496 | s->state = SSL3_ST_SR_CERT_VRFY_A; | ||
| 497 | s->init_num = 0; | ||
| 498 | if (!s->session->peer) | ||
| 499 | break; | ||
| 500 | |||
| 501 | /* | ||
| 502 | * For sigalgs freeze the handshake buffer | ||
| 503 | * at this point and digest cached records. | ||
| 504 | */ | ||
| 505 | if (!s->s3->handshake_buffer) { | ||
| 506 | SSLerr(SSL_F_SSL3_ACCEPT, | ||
| 507 | ERR_R_INTERNAL_ERROR); | ||
| 508 | ret = -1; | ||
| 509 | goto end; | ||
| 510 | } | ||
| 511 | s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; | ||
| 512 | if (!ssl3_digest_cached_records(s)) { | ||
| 513 | ret = -1; | ||
| 514 | goto end; | ||
| 515 | } | ||
| 495 | } else { | 516 | } else { |
| 496 | s->state = SSL3_ST_SR_CERT_VRFY_A; | 517 | s->state = SSL3_ST_SR_CERT_VRFY_A; |
| 497 | s->init_num = 0; | 518 | s->init_num = 0; |
| @@ -663,6 +684,7 @@ end: | |||
| 663 | 684 | ||
| 664 | if (cb != NULL) | 685 | if (cb != NULL) |
| 665 | cb(s, SSL_CB_ACCEPT_EXIT, ret); | 686 | cb(s, SSL_CB_ACCEPT_EXIT, ret); |
| 687 | |||
| 666 | return (ret); | 688 | return (ret); |
| 667 | } | 689 | } |
| 668 | 690 | ||
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index 1d50ac2388..289ef246a5 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.64 2015/09/12 15:08:54 jsing Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.65 2015/09/12 20:27:27 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -492,6 +492,27 @@ dtls1_accept(SSL *s) | |||
| 492 | */ | 492 | */ |
| 493 | s->state = SSL3_ST_SR_FINISHED_A; | 493 | s->state = SSL3_ST_SR_FINISHED_A; |
| 494 | s->init_num = 0; | 494 | s->init_num = 0; |
| 495 | } else if (SSL_USE_SIGALGS(s)) { | ||
| 496 | s->state = SSL3_ST_SR_CERT_VRFY_A; | ||
| 497 | s->init_num = 0; | ||
| 498 | if (!s->session->peer) | ||
| 499 | break; | ||
| 500 | |||
| 501 | /* | ||
| 502 | * For sigalgs freeze the handshake buffer | ||
| 503 | * at this point and digest cached records. | ||
| 504 | */ | ||
| 505 | if (!s->s3->handshake_buffer) { | ||
| 506 | SSLerr(SSL_F_SSL3_ACCEPT, | ||
| 507 | ERR_R_INTERNAL_ERROR); | ||
| 508 | ret = -1; | ||
| 509 | goto end; | ||
| 510 | } | ||
| 511 | s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; | ||
| 512 | if (!ssl3_digest_cached_records(s)) { | ||
| 513 | ret = -1; | ||
| 514 | goto end; | ||
| 515 | } | ||
| 495 | } else { | 516 | } else { |
| 496 | s->state = SSL3_ST_SR_CERT_VRFY_A; | 517 | s->state = SSL3_ST_SR_CERT_VRFY_A; |
| 497 | s->init_num = 0; | 518 | s->init_num = 0; |
| @@ -663,6 +684,7 @@ end: | |||
| 663 | 684 | ||
| 664 | if (cb != NULL) | 685 | if (cb != NULL) |
| 665 | cb(s, SSL_CB_ACCEPT_EXIT, ret); | 686 | cb(s, SSL_CB_ACCEPT_EXIT, ret); |
| 687 | |||
| 666 | return (ret); | 688 | return (ret); |
| 667 | } | 689 | } |
| 668 | 690 | ||