summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/d1_srvr.c')
-rw-r--r--src/lib/libssl/d1_srvr.c26
1 files changed, 7 insertions, 19 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index a6a4c87ea6..301ceda7a5 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -150,7 +150,6 @@ int dtls1_accept(SSL *s)
150 unsigned long alg_k; 150 unsigned long alg_k;
151 int ret= -1; 151 int ret= -1;
152 int new_state,state,skip=0; 152 int new_state,state,skip=0;
153 int listen;
154 153
155 RAND_add(&Time,sizeof(Time),0); 154 RAND_add(&Time,sizeof(Time),0);
156 ERR_clear_error(); 155 ERR_clear_error();
@@ -160,15 +159,11 @@ int dtls1_accept(SSL *s)
160 cb=s->info_callback; 159 cb=s->info_callback;
161 else if (s->ctx->info_callback != NULL) 160 else if (s->ctx->info_callback != NULL)
162 cb=s->ctx->info_callback; 161 cb=s->ctx->info_callback;
163
164 listen = s->d1->listen;
165 162
166 /* init things to blank */ 163 /* init things to blank */
167 s->in_handshake++; 164 s->in_handshake++;
168 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 165 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
169 166
170 s->d1->listen = listen;
171
172 if (s->cert == NULL) 167 if (s->cert == NULL)
173 { 168 {
174 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); 169 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
@@ -278,23 +273,11 @@ int dtls1_accept(SSL *s)
278 273
279 s->init_num=0; 274 s->init_num=0;
280 275
281 /* Reflect ClientHello sequence to remain stateless while listening */
282 if (listen)
283 {
284 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
285 }
286
287 /* If we're just listening, stop here */ 276 /* If we're just listening, stop here */
288 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) 277 if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
289 { 278 {
290 ret = 2; 279 ret = 2;
291 s->d1->listen = 0; 280 s->d1->listen = 0;
292 /* Set expected sequence numbers
293 * to continue the handshake.
294 */
295 s->d1->handshake_read_seq = 2;
296 s->d1->handshake_write_seq = 1;
297 s->d1->next_handshake_write_seq = 1;
298 goto end; 281 goto end;
299 } 282 }
300 283
@@ -303,6 +286,7 @@ int dtls1_accept(SSL *s)
303 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: 286 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
304 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: 287 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
305 288
289 dtls1_start_timer(s);
306 ret = dtls1_send_hello_verify_request(s); 290 ret = dtls1_send_hello_verify_request(s);
307 if ( ret <= 0) goto end; 291 if ( ret <= 0) goto end;
308 s->state=SSL3_ST_SW_FLUSH; 292 s->state=SSL3_ST_SW_FLUSH;
@@ -752,6 +736,9 @@ int dtls1_send_hello_verify_request(SSL *s)
752 /* number of bytes to write */ 736 /* number of bytes to write */
753 s->init_num=p-buf; 737 s->init_num=p-buf;
754 s->init_off=0; 738 s->init_off=0;
739
740 /* buffer the message to handle re-xmits */
741 dtls1_buffer_message(s, 0);
755 } 742 }
756 743
757 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ 744 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
@@ -1030,11 +1017,12 @@ int dtls1_send_server_key_exchange(SSL *s)
1030 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); 1017 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1031 goto err; 1018 goto err;
1032 } 1019 }
1033 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) 1020 if (!EC_KEY_up_ref(ecdhp))
1034 { 1021 {
1035 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); 1022 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1036 goto err; 1023 goto err;
1037 } 1024 }
1025 ecdh = ecdhp;
1038 1026
1039 s->s3->tmp.ecdh=ecdh; 1027 s->s3->tmp.ecdh=ecdh;
1040 if ((EC_KEY_get0_public_key(ecdh) == NULL) || 1028 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-17 17:19:14 +0000