diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 26 | 
1 files changed, 19 insertions, 7 deletions
| diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 301ceda7a5..a6a4c87ea6 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -150,6 +150,7 @@ int dtls1_accept(SSL *s) | |||
| 150 | unsigned long alg_k; | 150 | unsigned long alg_k; | 
| 151 | int ret= -1; | 151 | int ret= -1; | 
| 152 | int new_state,state,skip=0; | 152 | int new_state,state,skip=0; | 
| 153 | int listen; | ||
| 153 | 154 | ||
| 154 | RAND_add(&Time,sizeof(Time),0); | 155 | RAND_add(&Time,sizeof(Time),0); | 
| 155 | ERR_clear_error(); | 156 | ERR_clear_error(); | 
| @@ -159,11 +160,15 @@ int dtls1_accept(SSL *s) | |||
| 159 | cb=s->info_callback; | 160 | cb=s->info_callback; | 
| 160 | else if (s->ctx->info_callback != NULL) | 161 | else if (s->ctx->info_callback != NULL) | 
| 161 | cb=s->ctx->info_callback; | 162 | cb=s->ctx->info_callback; | 
| 163 | |||
| 164 | listen = s->d1->listen; | ||
| 162 | 165 | ||
| 163 | /* init things to blank */ | 166 | /* init things to blank */ | 
| 164 | s->in_handshake++; | 167 | s->in_handshake++; | 
| 165 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | 168 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | 
| 166 | 169 | ||
| 170 | s->d1->listen = listen; | ||
| 171 | |||
| 167 | if (s->cert == NULL) | 172 | if (s->cert == NULL) | 
| 168 | { | 173 | { | 
| 169 | SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); | 174 | SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); | 
| @@ -273,11 +278,23 @@ int dtls1_accept(SSL *s) | |||
| 273 | 278 | ||
| 274 | s->init_num=0; | 279 | s->init_num=0; | 
| 275 | 280 | ||
| 281 | /* Reflect ClientHello sequence to remain stateless while listening */ | ||
| 282 | if (listen) | ||
| 283 | { | ||
| 284 | memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); | ||
| 285 | } | ||
| 286 | |||
| 276 | /* If we're just listening, stop here */ | 287 | /* If we're just listening, stop here */ | 
| 277 | if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) | 288 | if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) | 
| 278 | { | 289 | { | 
| 279 | ret = 2; | 290 | ret = 2; | 
| 280 | s->d1->listen = 0; | 291 | s->d1->listen = 0; | 
| 292 | /* Set expected sequence numbers | ||
| 293 | * to continue the handshake. | ||
| 294 | */ | ||
| 295 | s->d1->handshake_read_seq = 2; | ||
| 296 | s->d1->handshake_write_seq = 1; | ||
| 297 | s->d1->next_handshake_write_seq = 1; | ||
| 281 | goto end; | 298 | goto end; | 
| 282 | } | 299 | } | 
| 283 | 300 | ||
| @@ -286,7 +303,6 @@ int dtls1_accept(SSL *s) | |||
| 286 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | 303 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | 
| 287 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | 304 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | 
| 288 | 305 | ||
| 289 | dtls1_start_timer(s); | ||
| 290 | ret = dtls1_send_hello_verify_request(s); | 306 | ret = dtls1_send_hello_verify_request(s); | 
| 291 | if ( ret <= 0) goto end; | 307 | if ( ret <= 0) goto end; | 
| 292 | s->state=SSL3_ST_SW_FLUSH; | 308 | s->state=SSL3_ST_SW_FLUSH; | 
| @@ -736,9 +752,6 @@ int dtls1_send_hello_verify_request(SSL *s) | |||
| 736 | /* number of bytes to write */ | 752 | /* number of bytes to write */ | 
| 737 | s->init_num=p-buf; | 753 | s->init_num=p-buf; | 
| 738 | s->init_off=0; | 754 | s->init_off=0; | 
| 739 | |||
| 740 | /* buffer the message to handle re-xmits */ | ||
| 741 | dtls1_buffer_message(s, 0); | ||
| 742 | } | 755 | } | 
| 743 | 756 | ||
| 744 | /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ | 757 | /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ | 
| @@ -1017,12 +1030,11 @@ int dtls1_send_server_key_exchange(SSL *s) | |||
| 1017 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | 1030 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | 
| 1018 | goto err; | 1031 | goto err; | 
| 1019 | } | 1032 | } | 
| 1020 | if (!EC_KEY_up_ref(ecdhp)) | 1033 | if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) | 
| 1021 | { | 1034 | { | 
| 1022 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | 1035 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); | 
| 1023 | goto err; | 1036 | goto err; | 
| 1024 | } | 1037 | } | 
| 1025 | ecdh = ecdhp; | ||
| 1026 | 1038 | ||
| 1027 | s->s3->tmp.ecdh=ecdh; | 1039 | s->s3->tmp.ecdh=ecdh; | 
| 1028 | if ((EC_KEY_get0_public_key(ecdh) == NULL) || | 1040 | if ((EC_KEY_get0_public_key(ecdh) == NULL) || | 
