1 files changed, 41 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 0f448a2d38..1e92640835 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.85 2020/09/24 18:12:00 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.86 2020/10/03 18:01:55 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -361,7 +361,7 @@ ssl3_accept(SSL *s)
                case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
                case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
-                        ret = dtls1_send_hello_verify_request(s);
+                        ret = ssl3_send_dtls_hello_verify_request(s);
                        if (ret <= 0)
                                goto end;
                        S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
@@ -1165,6 +1165,45 @@ err:
 }
 int
+ssl3_send_dtls_hello_verify_request(SSL *s)
+{
+        CBB cbb, verify, cookie;
+        memset(&cbb, 0, sizeof(cbb));
+        if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
+                if (s->ctx->internal->app_gen_cookie_cb == NULL ||
+                    s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie,
+                        &(D1I(s)->cookie_len)) == 0) {
+                        SSLerror(s, ERR_R_INTERNAL_ERROR);
+                        return 0;
+                }
+                if (!ssl3_handshake_msg_start(s, &cbb, &verify,
+                    DTLS1_MT_HELLO_VERIFY_REQUEST))
+                        goto err;
+                if (!CBB_add_u16(&verify, s->version))
+                        goto err;
+                if (!CBB_add_u8_length_prefixed(&verify, &cookie))
+                        goto err;
+                if (!CBB_add_bytes(&cookie, D1I(s)->cookie, D1I(s)->cookie_len))
+                        goto err;
+                if (!ssl3_handshake_msg_finish(s, &cbb))
+                        goto err;
+                S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
+        }
+        /* S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
+        return (ssl3_handshake_write(s));
+ err:
+        CBB_cleanup(&cbb);
+        return (-1);
+}
+int
 ssl3_send_server_hello(SSL *s)
 {
        CBB cbb, server_hello, session_id;

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 0f448a2d38..1e92640835 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.85 2020/09/24 18:12:00 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.86 2020/10/03 18:01:55 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -361,7 +361,7 @@ ssl3_accept(SSL *s)
361		361
362	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:	362	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
363	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:	363	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
364	ret = dtls1_send_hello_verify_request(s);	364	ret = ssl3_send_dtls_hello_verify_request(s);
365	if (ret <= 0)	365	if (ret <= 0)
366	goto end;	366	goto end;
367	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;	367	S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
@@ -1165,6 +1165,45 @@ err:
1165	}	1165	}
1166		1166
1167	int	1167	int
		1168	ssl3_send_dtls_hello_verify_request(SSL *s)
		1169	{
		1170	CBB cbb, verify, cookie;
		1171
		1172	memset(&cbb, 0, sizeof(cbb));
		1173
		1174	if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
		1175	if (s->ctx->internal->app_gen_cookie_cb == NULL \|\|
		1176	s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie,
		1177	&(D1I(s)->cookie_len)) == 0) {
		1178	SSLerror(s, ERR_R_INTERNAL_ERROR);
		1179	return 0;
		1180	}
		1181
		1182	if (!ssl3_handshake_msg_start(s, &cbb, &verify,
		1183	DTLS1_MT_HELLO_VERIFY_REQUEST))
		1184	goto err;
		1185	if (!CBB_add_u16(&verify, s->version))
		1186	goto err;
		1187	if (!CBB_add_u8_length_prefixed(&verify, &cookie))
		1188	goto err;
		1189	if (!CBB_add_bytes(&cookie, D1I(s)->cookie, D1I(s)->cookie_len))
		1190	goto err;
		1191	if (!ssl3_handshake_msg_finish(s, &cbb))
		1192	goto err;
		1193
		1194	S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
		1195	}
		1196
		1197	/* S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
		1198	return (ssl3_handshake_write(s));
		1199
		1200	err:
		1201	CBB_cleanup(&cbb);
		1202
		1203	return (-1);
		1204	}
		1205
		1206	int
1168	ssl3_send_server_hello(SSL *s)	1207	ssl3_send_server_hello(SSL *s)
1169	{	1208	{
1170	CBB cbb, server_hello, session_id;	1209	CBB cbb, server_hello, session_id;