1 files changed, 167 insertions, 19 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 149983be30..29421da9aa 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -151,6 +151,10 @@ int dtls1_accept(SSL *s)
        int ret= -1;
        int new_state,state,skip=0;
        int listen;
+#ifndef OPENSSL_NO_SCTP
+        unsigned char sctpauthkey[64];
+        char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+#endif
        RAND_add(&Time,sizeof(Time),0);
        ERR_clear_error();
@@ -168,6 +172,13 @@ int dtls1_accept(SSL *s)
        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
        s->d1->listen = listen;
+#ifndef OPENSSL_NO_SCTP
+        /* Notify SCTP BIO socket to enter handshake
+         * mode and prevent stream identifier other
+         * than 0. Will be ignored if no SCTP is used.
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
+#endif
        if (s->cert == NULL)
                {
@@ -175,6 +186,19 @@ int dtls1_accept(SSL *s)
                return(-1);
                }
+#ifndef OPENSSL_NO_HEARTBEATS
+        /* If we're awaiting a HeartbeatResponse, pretend we
+         * already got and don't await it anymore, because
+         * Heartbeats don't make sense during handshakes anyway.
+         */
+        if (s->tlsext_hb_pending)
+                {
+                dtls1_stop_timer(s);
+                s->tlsext_hb_pending = 0;
+                s->tlsext_hb_seq++;
+                }
+#endif
        for (;;)
                {
                state=s->state;
@@ -182,7 +206,7 @@ int dtls1_accept(SSL *s)
                switch (s->state)
                        {
                case SSL_ST_RENEGOTIATE:
-                        s->new_session=1;
+                        s->renegotiate=1;
                        /* s->state=SSL_ST_ACCEPT; */
                case SSL_ST_BEFORE:
@@ -227,8 +251,12 @@ int dtls1_accept(SSL *s)
                                {
                                /* Ok, we now need to push on a buffering BIO so that
                                 * the output is sent in a way that TCP likes :-)
+                                 * ...but not with SCTP :-)
                                 */
-                                if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+#ifndef OPENSSL_NO_SCTP
+                                if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
+#endif
+                                        if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
                                ssl3_init_finished_mac(s);
                                s->state=SSL3_ST_SR_CLNT_HELLO_A;
@@ -313,25 +341,75 @@ int dtls1_accept(SSL *s)
                                ssl3_init_finished_mac(s);
                        break;
                        
+#ifndef OPENSSL_NO_SCTP
+                case DTLS1_SCTP_ST_SR_READ_SOCK:
+                        
+                        if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))                
+                                {
+                                s->s3->in_read_app_data=2;
+                                s->rwstate=SSL_READING;
+                                BIO_clear_retry_flags(SSL_get_rbio(s));
+                                BIO_set_retry_read(SSL_get_rbio(s));
+                                ret = -1;
+                                goto end;
+                                }
+                        
+                        s->state=SSL3_ST_SR_FINISHED_A;
+                        break;
+                        
+                case DTLS1_SCTP_ST_SW_WRITE_SOCK:
+                        ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+                        if (ret < 0) goto end;
+                        
+                        if (ret == 0)
+                                {
+                                if (s->d1->next_state != SSL_ST_OK)
+                                        {
+                                        s->s3->in_read_app_data=2;
+                                        s->rwstate=SSL_READING;
+                                        BIO_clear_retry_flags(SSL_get_rbio(s));
+                                        BIO_set_retry_read(SSL_get_rbio(s));
+                                        ret = -1;
+                                        goto end;
+                                        }
+                                }
+                        s->state=s->d1->next_state;
+                        break;
+#endif
                case SSL3_ST_SW_SRVR_HELLO_A:
                case SSL3_ST_SW_SRVR_HELLO_B:
-                        s->new_session = 2;
+                        s->renegotiate = 2;
                        dtls1_start_timer(s);
                        ret=dtls1_send_server_hello(s);
                        if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
                        if (s->hit)
                                {
+#ifndef OPENSSL_NO_SCTP
+                                /* Add new shared key for SCTP-Auth,
+                                 * will be ignored if no SCTP used.
+                                 */
+                                snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
+                                         DTLS1_SCTP_AUTH_LABEL);
+                                SSL_export_keying_material(s, sctpauthkey,
+                                                           sizeof(sctpauthkey), labelbuffer,
+                                                           sizeof(labelbuffer), NULL, 0, 0);
+                                
+                                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                         sizeof(sctpauthkey), sctpauthkey);
+#endif
+#ifndef OPENSSL_NO_TLSEXT
                                if (s->tlsext_ticket_expected)
                                        s->state=SSL3_ST_SW_SESSION_TICKET_A;
                                else
                                        s->state=SSL3_ST_SW_CHANGE_A;
-                                }
 #else
-                        if (s->hit)
+                                s->state=SSL3_ST_SW_CHANGE_A;
-                                        s->state=SSL3_ST_SW_CHANGE_A;
 #endif
+                                }
                        else
                                s->state=SSL3_ST_SW_CERT_A;
                        s->init_num=0;
@@ -441,6 +519,13 @@ int dtls1_accept(SSL *s)
                                skip=1;
                                s->s3->tmp.cert_request=0;
                                s->state=SSL3_ST_SW_SRVR_DONE_A;
+#ifndef OPENSSL_NO_SCTP
+                                if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                                        {
+                                        s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
+                                        s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
+                                        }
+#endif
                                }
                        else
                                {
@@ -450,9 +535,23 @@ int dtls1_accept(SSL *s)
                                if (ret <= 0) goto end;
 #ifndef NETSCAPE_HANG_BUG
                                s->state=SSL3_ST_SW_SRVR_DONE_A;
+#ifndef OPENSSL_NO_SCTP
+                                if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                                        {
+                                        s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
+                                        s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
+                                        }
+#endif
 #else
                                s->state=SSL3_ST_SW_FLUSH;
                                s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
+#ifndef OPENSSL_NO_SCTP
+                                if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                                        {
+                                        s->d1->next_state = s->s3->tmp.next_state;
+                                        s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
+                                        }
+#endif
 #endif
                                s->init_num=0;
                                }
@@ -472,6 +571,13 @@ int dtls1_accept(SSL *s)
                        s->rwstate=SSL_WRITING;
                        if (BIO_flush(s->wbio) <= 0)
                                {
+                                /* If the write error was fatal, stop trying */
+                                if (!BIO_should_retry(s->wbio))
+                                        {
+                                        s->rwstate=SSL_NOTHING;
+                                        s->state=s->s3->tmp.next_state;
+                                        }
+                                
                                ret= -1;
                                goto end;
                                }
@@ -485,15 +591,16 @@ int dtls1_accept(SSL *s)
                        ret = ssl3_check_client_hello(s);
                        if (ret <= 0)
                                goto end;
-                        dtls1_stop_timer(s);
                        if (ret == 2)
+                                {
+                                dtls1_stop_timer(s);
                                s->state = SSL3_ST_SR_CLNT_HELLO_C;
+                                }
                        else {
                                /* could be sent for a DH cert, even if we
                                 * have not asked for it :-) */
                                ret=ssl3_get_client_certificate(s);
                                if (ret <= 0) goto end;
-                                dtls1_stop_timer(s);
                                s->init_num=0;
                                s->state=SSL3_ST_SR_KEY_EXCH_A;
                        }
@@ -503,7 +610,21 @@ int dtls1_accept(SSL *s)
                case SSL3_ST_SR_KEY_EXCH_B:
                        ret=ssl3_get_client_key_exchange(s);
                        if (ret <= 0) goto end;
-                        dtls1_stop_timer(s);
+#ifndef OPENSSL_NO_SCTP
+                        /* Add new shared key for SCTP-Auth,
+                         * will be ignored if no SCTP used.
+                         */
+                        snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
+                                 DTLS1_SCTP_AUTH_LABEL);
+                        SSL_export_keying_material(s, sctpauthkey,
+                                                   sizeof(sctpauthkey), labelbuffer,
+                                                   sizeof(labelbuffer), NULL, 0, 0);
+                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                                 sizeof(sctpauthkey), sctpauthkey);
+#endif
                        s->state=SSL3_ST_SR_CERT_VRFY_A;
                        s->init_num=0;
@@ -540,9 +661,13 @@ int dtls1_accept(SSL *s)
                        /* we should decide if we expected this one */
                        ret=ssl3_get_cert_verify(s);
                        if (ret <= 0) goto end;
-                        dtls1_stop_timer(s);
+#ifndef OPENSSL_NO_SCTP
+                        if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-                        s->state=SSL3_ST_SR_FINISHED_A;
+                            state == SSL_ST_RENEGOTIATE)
+                                s->state=DTLS1_SCTP_ST_SR_READ_SOCK;
+                        else
+#endif                  
+                                s->state=SSL3_ST_SR_FINISHED_A;
                        s->init_num=0;
                        break;
@@ -594,6 +719,14 @@ int dtls1_accept(SSL *s)
                                SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
                        if (ret <= 0) goto end;
+#ifndef OPENSSL_NO_SCTP
+                        /* Change to new shared key of SCTP-Auth,
+                         * will be ignored if no SCTP used.
+                         */
+                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
                        s->state=SSL3_ST_SW_FINISHED_A;
                        s->init_num=0;
@@ -618,7 +751,16 @@ int dtls1_accept(SSL *s)
                        if (s->hit)
                                s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
                        else
+                                {
                                s->s3->tmp.next_state=SSL_ST_OK;
+#ifndef OPENSSL_NO_SCTP
+                                if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                                        {
+                                        s->d1->next_state = s->s3->tmp.next_state;
+                                        s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
+                                        }
+#endif
+                                }
                        s->init_num=0;
                        break;
@@ -636,11 +778,9 @@ int dtls1_accept(SSL *s)
                        s->init_num=0;
-                        if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
+                        if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
                                {
-                                /* actually not necessarily a 'new' session unless
+                                s->renegotiate=0;
-                                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-                                
                                s->new_session=0;
                                
                                ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
@@ -692,6 +832,14 @@ end:
        /* BIO_flush(s->wbio); */
        s->in_handshake--;
+#ifndef OPENSSL_NO_SCTP
+                /* Notify SCTP BIO socket to leave handshake
+                 * mode and prevent stream identifier other
+                 * than 0. Will be ignored if no SCTP is used.
+                 */
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
+#endif
        if (cb != NULL)
                cb(s,SSL_CB_ACCEPT_EXIT,ret);
        return(ret);
@@ -772,7 +920,7 @@ int dtls1_send_server_hello(SSL *s)
                p=s->s3->server_random;
                Time=(unsigned long)time(NULL);                 /* Time */
                l2n(Time,p);
-                RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+                RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
                /* Do the message type and length last */
                d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
@@ -1147,7 +1295,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
                        && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
                        {
-                        if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
+                        if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher, NULL))
                                == NULL)
                                {
                                al=SSL_AD_DECODE_ERROR;

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 149983be30..29421da9aa 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c
@@ -151,6 +151,10 @@ int dtls1_accept(SSL *s)
151	int ret= -1;	151	int ret= -1;
152	int new_state,state,skip=0;	152	int new_state,state,skip=0;
153	int listen;	153	int listen;
		154	#ifndef OPENSSL_NO_SCTP
		155	unsigned char sctpauthkey[64];
		156	char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
		157	#endif
154		158
155	RAND_add(&Time,sizeof(Time),0);	159	RAND_add(&Time,sizeof(Time),0);
156	ERR_clear_error();	160	ERR_clear_error();
@@ -168,6 +172,13 @@ int dtls1_accept(SSL *s)
168	if (!SSL_in_init(s) \|\| SSL_in_before(s)) SSL_clear(s);	172	if (!SSL_in_init(s) \|\| SSL_in_before(s)) SSL_clear(s);
169		173
170	s->d1->listen = listen;	174	s->d1->listen = listen;
		175	#ifndef OPENSSL_NO_SCTP
		176	/* Notify SCTP BIO socket to enter handshake
		177	* mode and prevent stream identifier other
		178	* than 0. Will be ignored if no SCTP is used.
		179	*/
		180	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
		181	#endif
171		182
172	if (s->cert == NULL)	183	if (s->cert == NULL)
173	{	184	{
@@ -175,6 +186,19 @@ int dtls1_accept(SSL *s)
175	return(-1);	186	return(-1);
176	}	187	}
177		188
		189	#ifndef OPENSSL_NO_HEARTBEATS
		190	/* If we're awaiting a HeartbeatResponse, pretend we
		191	* already got and don't await it anymore, because
		192	* Heartbeats don't make sense during handshakes anyway.
		193	*/
		194	if (s->tlsext_hb_pending)
		195	{
		196	dtls1_stop_timer(s);
		197	s->tlsext_hb_pending = 0;
		198	s->tlsext_hb_seq++;
		199	}
		200	#endif
		201
178	for (;;)	202	for (;;)
179	{	203	{
180	state=s->state;	204	state=s->state;
@@ -182,7 +206,7 @@ int dtls1_accept(SSL *s)
182	switch (s->state)	206	switch (s->state)
183	{	207	{
184	case SSL_ST_RENEGOTIATE:	208	case SSL_ST_RENEGOTIATE:
185	s->new_session=1;	209	s->renegotiate=1;
186	/* s->state=SSL_ST_ACCEPT; */	210	/* s->state=SSL_ST_ACCEPT; */
187		211
188	case SSL_ST_BEFORE:	212	case SSL_ST_BEFORE:
@@ -227,8 +251,12 @@ int dtls1_accept(SSL *s)
227	{	251	{
228	/* Ok, we now need to push on a buffering BIO so that	252	/* Ok, we now need to push on a buffering BIO so that
229	* the output is sent in a way that TCP likes :-)	253	* the output is sent in a way that TCP likes :-)
		254	* ...but not with SCTP :-)
230	*/	255	*/
231	if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }	256	#ifndef OPENSSL_NO_SCTP
		257	if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
		258	#endif
		259	if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
232		260
233	ssl3_init_finished_mac(s);	261	ssl3_init_finished_mac(s);
234	s->state=SSL3_ST_SR_CLNT_HELLO_A;	262	s->state=SSL3_ST_SR_CLNT_HELLO_A;
@@ -313,25 +341,75 @@ int dtls1_accept(SSL *s)
313	ssl3_init_finished_mac(s);	341	ssl3_init_finished_mac(s);
314	break;	342	break;
315		343
		344	#ifndef OPENSSL_NO_SCTP
		345	case DTLS1_SCTP_ST_SR_READ_SOCK:
		346
		347	if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
		348	{
		349	s->s3->in_read_app_data=2;
		350	s->rwstate=SSL_READING;
		351	BIO_clear_retry_flags(SSL_get_rbio(s));
		352	BIO_set_retry_read(SSL_get_rbio(s));
		353	ret = -1;
		354	goto end;
		355	}
		356
		357	s->state=SSL3_ST_SR_FINISHED_A;
		358	break;
		359
		360	case DTLS1_SCTP_ST_SW_WRITE_SOCK:
		361	ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
		362	if (ret < 0) goto end;
		363
		364	if (ret == 0)
		365	{
		366	if (s->d1->next_state != SSL_ST_OK)
		367	{
		368	s->s3->in_read_app_data=2;
		369	s->rwstate=SSL_READING;
		370	BIO_clear_retry_flags(SSL_get_rbio(s));
		371	BIO_set_retry_read(SSL_get_rbio(s));
		372	ret = -1;
		373	goto end;
		374	}
		375	}
		376
		377	s->state=s->d1->next_state;
		378	break;
		379	#endif
		380
316	case SSL3_ST_SW_SRVR_HELLO_A:	381	case SSL3_ST_SW_SRVR_HELLO_A:
317	case SSL3_ST_SW_SRVR_HELLO_B:	382	case SSL3_ST_SW_SRVR_HELLO_B:
318	s->new_session = 2;	383	s->renegotiate = 2;
319	dtls1_start_timer(s);	384	dtls1_start_timer(s);
320	ret=dtls1_send_server_hello(s);	385	ret=dtls1_send_server_hello(s);
321	if (ret <= 0) goto end;	386	if (ret <= 0) goto end;
322		387
323	#ifndef OPENSSL_NO_TLSEXT
324	if (s->hit)	388	if (s->hit)
325	{	389	{
		390	#ifndef OPENSSL_NO_SCTP
		391	/* Add new shared key for SCTP-Auth,
		392	* will be ignored if no SCTP used.
		393	*/
		394	snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
		395	DTLS1_SCTP_AUTH_LABEL);
		396
		397	SSL_export_keying_material(s, sctpauthkey,
		398	sizeof(sctpauthkey), labelbuffer,
		399	sizeof(labelbuffer), NULL, 0, 0);
		400
		401	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
		402	sizeof(sctpauthkey), sctpauthkey);
		403	#endif
		404	#ifndef OPENSSL_NO_TLSEXT
326	if (s->tlsext_ticket_expected)	405	if (s->tlsext_ticket_expected)
327	s->state=SSL3_ST_SW_SESSION_TICKET_A;	406	s->state=SSL3_ST_SW_SESSION_TICKET_A;
328	else	407	else
329	s->state=SSL3_ST_SW_CHANGE_A;	408	s->state=SSL3_ST_SW_CHANGE_A;
330	}
331	#else	409	#else
332	if (s->hit)	410	s->state=SSL3_ST_SW_CHANGE_A;
333	s->state=SSL3_ST_SW_CHANGE_A;
334	#endif	411	#endif
		412	}
335	else	413	else
336	s->state=SSL3_ST_SW_CERT_A;	414	s->state=SSL3_ST_SW_CERT_A;
337	s->init_num=0;	415	s->init_num=0;
@@ -441,6 +519,13 @@ int dtls1_accept(SSL *s)
441	skip=1;	519	skip=1;
442	s->s3->tmp.cert_request=0;	520	s->s3->tmp.cert_request=0;
443	s->state=SSL3_ST_SW_SRVR_DONE_A;	521	s->state=SSL3_ST_SW_SRVR_DONE_A;
		522	#ifndef OPENSSL_NO_SCTP
		523	if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
		524	{
		525	s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
		526	s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
		527	}
		528	#endif
444	}	529	}
445	else	530	else
446	{	531	{
@@ -450,9 +535,23 @@ int dtls1_accept(SSL *s)
450	if (ret <= 0) goto end;	535	if (ret <= 0) goto end;
451	#ifndef NETSCAPE_HANG_BUG	536	#ifndef NETSCAPE_HANG_BUG
452	s->state=SSL3_ST_SW_SRVR_DONE_A;	537	s->state=SSL3_ST_SW_SRVR_DONE_A;
		538	#ifndef OPENSSL_NO_SCTP
		539	if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
		540	{
		541	s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
		542	s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
		543	}
		544	#endif
453	#else	545	#else
454	s->state=SSL3_ST_SW_FLUSH;	546	s->state=SSL3_ST_SW_FLUSH;
455	s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;	547	s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
		548	#ifndef OPENSSL_NO_SCTP
		549	if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
		550	{
		551	s->d1->next_state = s->s3->tmp.next_state;
		552	s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
		553	}
		554	#endif
456	#endif	555	#endif
457	s->init_num=0;	556	s->init_num=0;
458	}	557	}
@@ -472,6 +571,13 @@ int dtls1_accept(SSL *s)
472	s->rwstate=SSL_WRITING;	571	s->rwstate=SSL_WRITING;
473	if (BIO_flush(s->wbio) <= 0)	572	if (BIO_flush(s->wbio) <= 0)
474	{	573	{
		574	/* If the write error was fatal, stop trying */
		575	if (!BIO_should_retry(s->wbio))
		576	{
		577	s->rwstate=SSL_NOTHING;
		578	s->state=s->s3->tmp.next_state;
		579	}
		580
475	ret= -1;	581	ret= -1;
476	goto end;	582	goto end;
477	}	583	}
@@ -485,15 +591,16 @@ int dtls1_accept(SSL *s)
485	ret = ssl3_check_client_hello(s);	591	ret = ssl3_check_client_hello(s);
486	if (ret <= 0)	592	if (ret <= 0)
487	goto end;	593	goto end;
488	dtls1_stop_timer(s);
489	if (ret == 2)	594	if (ret == 2)
		595	{
		596	dtls1_stop_timer(s);
490	s->state = SSL3_ST_SR_CLNT_HELLO_C;	597	s->state = SSL3_ST_SR_CLNT_HELLO_C;
		598	}
491	else {	599	else {
492	/* could be sent for a DH cert, even if we	600	/* could be sent for a DH cert, even if we
493	* have not asked for it :-) */	601	* have not asked for it :-) */
494	ret=ssl3_get_client_certificate(s);	602	ret=ssl3_get_client_certificate(s);
495	if (ret <= 0) goto end;	603	if (ret <= 0) goto end;
496	dtls1_stop_timer(s);
497	s->init_num=0;	604	s->init_num=0;
498	s->state=SSL3_ST_SR_KEY_EXCH_A;	605	s->state=SSL3_ST_SR_KEY_EXCH_A;
499	}	606	}
@@ -503,7 +610,21 @@ int dtls1_accept(SSL *s)
503	case SSL3_ST_SR_KEY_EXCH_B:	610	case SSL3_ST_SR_KEY_EXCH_B:
504	ret=ssl3_get_client_key_exchange(s);	611	ret=ssl3_get_client_key_exchange(s);
505	if (ret <= 0) goto end;	612	if (ret <= 0) goto end;
506	dtls1_stop_timer(s);	613	#ifndef OPENSSL_NO_SCTP
		614	/* Add new shared key for SCTP-Auth,
		615	* will be ignored if no SCTP used.
		616	*/
		617	snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
		618	DTLS1_SCTP_AUTH_LABEL);
		619
		620	SSL_export_keying_material(s, sctpauthkey,
		621	sizeof(sctpauthkey), labelbuffer,
		622	sizeof(labelbuffer), NULL, 0, 0);
		623
		624	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
		625	sizeof(sctpauthkey), sctpauthkey);
		626	#endif
		627
507	s->state=SSL3_ST_SR_CERT_VRFY_A;	628	s->state=SSL3_ST_SR_CERT_VRFY_A;
508	s->init_num=0;	629	s->init_num=0;
509		630
@@ -540,9 +661,13 @@ int dtls1_accept(SSL *s)
540	/* we should decide if we expected this one */	661	/* we should decide if we expected this one */
541	ret=ssl3_get_cert_verify(s);	662	ret=ssl3_get_cert_verify(s);
542	if (ret <= 0) goto end;	663	if (ret <= 0) goto end;
543	dtls1_stop_timer(s);	664	#ifndef OPENSSL_NO_SCTP
544		665	if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
545	s->state=SSL3_ST_SR_FINISHED_A;	666	state == SSL_ST_RENEGOTIATE)
		667	s->state=DTLS1_SCTP_ST_SR_READ_SOCK;
		668	else
		669	#endif
		670	s->state=SSL3_ST_SR_FINISHED_A;
546	s->init_num=0;	671	s->init_num=0;
547	break;	672	break;
548		673
@@ -594,6 +719,14 @@ int dtls1_accept(SSL *s)
594	SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);	719	SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
595		720
596	if (ret <= 0) goto end;	721	if (ret <= 0) goto end;
		722
		723	#ifndef OPENSSL_NO_SCTP
		724	/* Change to new shared key of SCTP-Auth,
		725	* will be ignored if no SCTP used.
		726	*/
		727	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
		728	#endif
		729
597	s->state=SSL3_ST_SW_FINISHED_A;	730	s->state=SSL3_ST_SW_FINISHED_A;
598	s->init_num=0;	731	s->init_num=0;
599		732
@@ -618,7 +751,16 @@ int dtls1_accept(SSL *s)
618	if (s->hit)	751	if (s->hit)
619	s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;	752	s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
620	else	753	else
		754	{
621	s->s3->tmp.next_state=SSL_ST_OK;	755	s->s3->tmp.next_state=SSL_ST_OK;
		756	#ifndef OPENSSL_NO_SCTP
		757	if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
		758	{
		759	s->d1->next_state = s->s3->tmp.next_state;
		760	s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
		761	}
		762	#endif
		763	}
622	s->init_num=0;	764	s->init_num=0;
623	break;	765	break;
624		766
@@ -636,11 +778,9 @@ int dtls1_accept(SSL *s)
636		778
637	s->init_num=0;	779	s->init_num=0;
638		780
639	if (s->new_session == 2) /* skipped if we just sent a HelloRequest */	781	if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
640	{	782	{
641	/* actually not necessarily a 'new' session unless	783	s->renegotiate=0;
642	* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
643
644	s->new_session=0;	784	s->new_session=0;
645		785
646	ssl_update_cache(s,SSL_SESS_CACHE_SERVER);	786	ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
@@ -692,6 +832,14 @@ end:
692	/* BIO_flush(s->wbio); */	832	/* BIO_flush(s->wbio); */
693		833
694	s->in_handshake--;	834	s->in_handshake--;
		835	#ifndef OPENSSL_NO_SCTP
		836	/* Notify SCTP BIO socket to leave handshake
		837	* mode and prevent stream identifier other
		838	* than 0. Will be ignored if no SCTP is used.
		839	*/
		840	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
		841	#endif
		842
695	if (cb != NULL)	843	if (cb != NULL)
696	cb(s,SSL_CB_ACCEPT_EXIT,ret);	844	cb(s,SSL_CB_ACCEPT_EXIT,ret);
697	return(ret);	845	return(ret);
@@ -772,7 +920,7 @@ int dtls1_send_server_hello(SSL *s)
772	p=s->s3->server_random;	920	p=s->s3->server_random;
773	Time=(unsigned long)time(NULL); /* Time */	921	Time=(unsigned long)time(NULL); /* Time */
774	l2n(Time,p);	922	l2n(Time,p);
775	RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));	923	RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
776	/* Do the message type and length last */	924	/* Do the message type and length last */
777	d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);	925	d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
778		926
@@ -1147,7 +1295,7 @@ int dtls1_send_server_key_exchange(SSL *s)
1147	if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)	1295	if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1148	&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))	1296	&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
1149	{	1297	{
1150	if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))	1298	if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher, NULL))
1151	== NULL)	1299	== NULL)
1152	{	1300	{
1153	al=SSL_AD_DECODE_ERROR;	1301	al=SSL_AD_DECODE_ERROR;