2 files changed, 46 insertions, 2 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 1d50ac2388..289ef246a5 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.64 2015/09/12 15:08:54 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.65 2015/09/12 20:27:27 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -492,6 +492,27 @@ dtls1_accept(SSL *s)
                                 */
                                s->state = SSL3_ST_SR_FINISHED_A;
                                s->init_num = 0;
+                        } else if (SSL_USE_SIGALGS(s)) {
+                                s->state = SSL3_ST_SR_CERT_VRFY_A;
+                                s->init_num = 0;
+                                if (!s->session->peer)
+                                        break;
+                                /*
+                                 * For sigalgs freeze the handshake buffer
+                                 * at this point and digest cached records.
+                                 */
+                                if (!s->s3->handshake_buffer) {
+                                        SSLerr(SSL_F_SSL3_ACCEPT,
+                                            ERR_R_INTERNAL_ERROR);
+                                        ret = -1;
+                                        goto end;
+                                }
+                                s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+                                if (!ssl3_digest_cached_records(s)) {
+                                        ret = -1;
+                                        goto end;
+                                }
                        } else {
                                s->state = SSL3_ST_SR_CERT_VRFY_A;
                                s->init_num = 0;
@@ -663,6 +684,7 @@ end:
        if (cb != NULL)
                cb(s, SSL_CB_ACCEPT_EXIT, ret);
        return (ret);
 }
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 1d50ac2388..289ef246a5 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.64 2015/09/12 15:08:54 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.65 2015/09/12 20:27:27 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -492,6 +492,27 @@ dtls1_accept(SSL *s)
                                 */
                                s->state = SSL3_ST_SR_FINISHED_A;
                                s->init_num = 0;
+                        } else if (SSL_USE_SIGALGS(s)) {
+                                s->state = SSL3_ST_SR_CERT_VRFY_A;
+                                s->init_num = 0;
+                                if (!s->session->peer)
+                                        break;
+                                /*
+                                 * For sigalgs freeze the handshake buffer
+                                 * at this point and digest cached records.
+                                 */
+                                if (!s->s3->handshake_buffer) {
+                                        SSLerr(SSL_F_SSL3_ACCEPT,
+                                            ERR_R_INTERNAL_ERROR);
+                                        ret = -1;
+                                        goto end;
+                                }
+                                s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+                                if (!ssl3_digest_cached_records(s)) {
+                                        ret = -1;
+                                        goto end;
+                                }
                        } else {
                                s->state = SSL3_ST_SR_CERT_VRFY_A;
                                s->init_num = 0;
@@ -663,6 +684,7 @@ end:
        if (cb != NULL)
                cb(s, SSL_CB_ACCEPT_EXIT, ret);
        return (ret);
 }

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 1d50ac2388..289ef246a5 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.64 2015/09/12 15:08:54 jsing Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.65 2015/09/12 20:27:27 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -492,6 +492,27 @@ dtls1_accept(SSL *s)
492	*/	492	*/
493	s->state = SSL3_ST_SR_FINISHED_A;	493	s->state = SSL3_ST_SR_FINISHED_A;
494	s->init_num = 0;	494	s->init_num = 0;
		495	} else if (SSL_USE_SIGALGS(s)) {
		496	s->state = SSL3_ST_SR_CERT_VRFY_A;
		497	s->init_num = 0;
		498	if (!s->session->peer)
		499	break;
		500
		501	/*
		502	* For sigalgs freeze the handshake buffer
		503	* at this point and digest cached records.
		504	*/
		505	if (!s->s3->handshake_buffer) {
		506	SSLerr(SSL_F_SSL3_ACCEPT,
		507	ERR_R_INTERNAL_ERROR);
		508	ret = -1;
		509	goto end;
		510	}
		511	s->s3->flags \|= TLS1_FLAGS_KEEP_HANDSHAKE;
		512	if (!ssl3_digest_cached_records(s)) {
		513	ret = -1;
		514	goto end;
		515	}
495	} else {	516	} else {
496	s->state = SSL3_ST_SR_CERT_VRFY_A;	517	s->state = SSL3_ST_SR_CERT_VRFY_A;
497	s->init_num = 0;	518	s->init_num = 0;
@@ -663,6 +684,7 @@ end:
663		684
664	if (cb != NULL)	685	if (cb != NULL)
665	cb(s, SSL_CB_ACCEPT_EXIT, ret);	686	cb(s, SSL_CB_ACCEPT_EXIT, ret);
		687
666	return (ret);	688	return (ret);
667	}	689	}
668		690


diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index 1d50ac2388..289ef246a5 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.64 2015/09/12 15:08:54 jsing Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.65 2015/09/12 20:27:27 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -492,6 +492,27 @@ dtls1_accept(SSL *s)
492	*/	492	*/
493	s->state = SSL3_ST_SR_FINISHED_A;	493	s->state = SSL3_ST_SR_FINISHED_A;
494	s->init_num = 0;	494	s->init_num = 0;
		495	} else if (SSL_USE_SIGALGS(s)) {
		496	s->state = SSL3_ST_SR_CERT_VRFY_A;
		497	s->init_num = 0;
		498	if (!s->session->peer)
		499	break;
		500
		501	/*
		502	* For sigalgs freeze the handshake buffer
		503	* at this point and digest cached records.
		504	*/
		505	if (!s->s3->handshake_buffer) {
		506	SSLerr(SSL_F_SSL3_ACCEPT,
		507	ERR_R_INTERNAL_ERROR);
		508	ret = -1;
		509	goto end;
		510	}
		511	s->s3->flags \|= TLS1_FLAGS_KEEP_HANDSHAKE;
		512	if (!ssl3_digest_cached_records(s)) {
		513	ret = -1;
		514	goto end;
		515	}
495	} else {	516	} else {
496	s->state = SSL3_ST_SR_CERT_VRFY_A;	517	s->state = SSL3_ST_SR_CERT_VRFY_A;
497	s->init_num = 0;	518	s->init_num = 0;
@@ -663,6 +684,7 @@ end:
663		684
664	if (cb != NULL)	685	if (cb != NULL)
665	cb(s, SSL_CB_ACCEPT_EXIT, ret);	686	cb(s, SSL_CB_ACCEPT_EXIT, ret);
		687
666	return (ret);	688	return (ret);
667	}	689	}
668		690