diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 5b9af06aa5..1d1a0c77f0 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.124 2015/09/01 13:38:27 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.125 2015/09/02 17:59:15 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -584,7 +584,6 @@ end: | |||
| 584 | return (ret); | 584 | return (ret); |
| 585 | } | 585 | } |
| 586 | 586 | ||
| 587 | |||
| 588 | int | 587 | int |
| 589 | ssl3_client_hello(SSL *s) | 588 | ssl3_client_hello(SSL *s) |
| 590 | { | 589 | { |
| @@ -603,7 +602,13 @@ ssl3_client_hello(SSL *s) | |||
| 603 | } | 602 | } |
| 604 | /* else use the pre-loaded session */ | 603 | /* else use the pre-loaded session */ |
| 605 | 604 | ||
| 606 | arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); | 605 | /* |
| 606 | * If a DTLS ClientHello message is being resent after a | ||
| 607 | * HelloVerifyRequest, we must retain the original client | ||
| 608 | * random value. | ||
| 609 | */ | ||
| 610 | if (!SSL_IS_DTLS(s) || s->d1->send_cookie == 0) | ||
| 611 | arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); | ||
| 607 | 612 | ||
| 608 | d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO); | 613 | d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO); |
| 609 | 614 | ||
| @@ -660,6 +665,18 @@ ssl3_client_hello(SSL *s) | |||
| 660 | p += i; | 665 | p += i; |
| 661 | } | 666 | } |
| 662 | 667 | ||
| 668 | /* DTLS Cookie. */ | ||
| 669 | if (SSL_IS_DTLS(s)) { | ||
| 670 | if (s->d1->cookie_len > sizeof(s->d1->cookie)) { | ||
| 671 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, | ||
| 672 | ERR_R_INTERNAL_ERROR); | ||
| 673 | goto err; | ||
| 674 | } | ||
| 675 | *(p++) = s->d1->cookie_len; | ||
| 676 | memcpy(p, s->d1->cookie, s->d1->cookie_len); | ||
| 677 | p += s->d1->cookie_len; | ||
| 678 | } | ||
| 679 | |||
| 663 | /* Ciphers supported */ | 680 | /* Ciphers supported */ |
| 664 | i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]); | 681 | i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]); |
| 665 | if (i == 0) { | 682 | if (i == 0) { |
| @@ -683,9 +700,9 @@ ssl3_client_hello(SSL *s) | |||
| 683 | goto err; | 700 | goto err; |
| 684 | } | 701 | } |
| 685 | 702 | ||
| 686 | s->state = SSL3_ST_CW_CLNT_HELLO_B; | ||
| 687 | |||
| 688 | ssl3_handshake_msg_finish(s, p - d); | 703 | ssl3_handshake_msg_finish(s, p - d); |
| 704 | |||
| 705 | s->state = SSL3_ST_CW_CLNT_HELLO_B; | ||
| 689 | } | 706 | } |
| 690 | 707 | ||
| 691 | /* SSL3_ST_CW_CLNT_HELLO_B */ | 708 | /* SSL3_ST_CW_CLNT_HELLO_B */ |