summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/d1_srvr.c')
-rw-r--r--src/lib/libssl/d1_srvr.c26
1 files changed, 19 insertions, 7 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 301ceda7a5..a6a4c87ea6 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -150,6 +150,7 @@ int dtls1_accept(SSL *s)
150 unsigned long alg_k; 150 unsigned long alg_k;
151 int ret= -1; 151 int ret= -1;
152 int new_state,state,skip=0; 152 int new_state,state,skip=0;
153 int listen;
153 154
154 RAND_add(&Time,sizeof(Time),0); 155 RAND_add(&Time,sizeof(Time),0);
155 ERR_clear_error(); 156 ERR_clear_error();
@@ -159,11 +160,15 @@ int dtls1_accept(SSL *s)
159 cb=s->info_callback; 160 cb=s->info_callback;
160 else if (s->ctx->info_callback != NULL) 161 else if (s->ctx->info_callback != NULL)
161 cb=s->ctx->info_callback; 162 cb=s->ctx->info_callback;
163
164 listen = s->d1->listen;
162 165
163 /* init things to blank */ 166 /* init things to blank */
164 s->in_handshake++; 167 s->in_handshake++;
165 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 168 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
166 169
170 s->d1->listen = listen;
171
167 if (s->cert == NULL) 172 if (s->cert == NULL)
168 { 173 {
169 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); 174 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
@@ -273,11 +278,23 @@ int dtls1_accept(SSL *s)
273 278
274 s->init_num=0; 279 s->init_num=0;
275 280
281 /* Reflect ClientHello sequence to remain stateless while listening */
282 if (listen)
283 {
284 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
285 }
286
276 /* If we're just listening, stop here */ 287 /* If we're just listening, stop here */
277 if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) 288 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
278 { 289 {
279 ret = 2; 290 ret = 2;
280 s->d1->listen = 0; 291 s->d1->listen = 0;
292 /* Set expected sequence numbers
293 * to continue the handshake.
294 */
295 s->d1->handshake_read_seq = 2;
296 s->d1->handshake_write_seq = 1;
297 s->d1->next_handshake_write_seq = 1;
281 goto end; 298 goto end;
282 } 299 }
283 300
@@ -286,7 +303,6 @@ int dtls1_accept(SSL *s)
286 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: 303 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
287 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: 304 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
288 305
289 dtls1_start_timer(s);
290 ret = dtls1_send_hello_verify_request(s); 306 ret = dtls1_send_hello_verify_request(s);
291 if ( ret <= 0) goto end; 307 if ( ret <= 0) goto end;
292 s->state=SSL3_ST_SW_FLUSH; 308 s->state=SSL3_ST_SW_FLUSH;
@@ -736,9 +752,6 @@ int dtls1_send_hello_verify_request(SSL *s)
736 /* number of bytes to write */ 752 /* number of bytes to write */
737 s->init_num=p-buf; 753 s->init_num=p-buf;
738 s->init_off=0; 754 s->init_off=0;
739
740 /* buffer the message to handle re-xmits */
741 dtls1_buffer_message(s, 0);
742 } 755 }
743 756
744 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ 757 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
@@ -1017,12 +1030,11 @@ int dtls1_send_server_key_exchange(SSL *s)
1017 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); 1030 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1018 goto err; 1031 goto err;
1019 } 1032 }
1020 if (!EC_KEY_up_ref(ecdhp)) 1033 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
1021 { 1034 {
1022 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); 1035 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1023 goto err; 1036 goto err;
1024 } 1037 }
1025 ecdh = ecdhp;
1026 1038
1027 s->s3->tmp.ecdh=ecdh; 1039 s->s3->tmp.ecdh=ecdh;
1028 if ((EC_KEY_get0_public_key(ecdh) == NULL) || 1040 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 11:51:12 +0000