X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fd1_srvr.c;h=0bbf8ae7f311b6f25ada781bad2d339973da9b0a;hb=7f065cfdbd6f18a81a3f54ba6b8d5045fb533c89;hp=ff27b4b4674704c475b4720d3c6ee506ae4aa04f;hpb=25b0e072dd8cd271860b083d053789e96e808472;p=oweals%2Fopenssl.git

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index ff27b4b467..0bbf8ae7f3 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -285,6 +285,10 @@ int dtls1_accept(SSL *s)
 			s->d1->send_cookie = 0;
 			s->state=SSL3_ST_SW_FLUSH;
 			s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+
+			/* HelloVerifyRequests resets Finished MAC */
+			if (s->client_version != DTLS1_BAD_VER)
+				ssl3_init_finished_mac(s);
 			break;
 			
 		case SSL3_ST_SW_SRVR_HELLO_A:
@@ -620,20 +624,24 @@ int dtls1_send_hello_verify_request(SSL *s)
 		buf = (unsigned char *)s->init_buf->data;
 
 		msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
-		*(p++) = s->version >> 8;
-		*(p++) = s->version & 0xFF;
+		if (s->client_version == DTLS1_BAD_VER)
+			*(p++) = DTLS1_BAD_VER>>8,
+			*(p++) = DTLS1_BAD_VER&0xff;
+		else
+			*(p++) = s->version >> 8,
+			*(p++) = s->version & 0xFF;
 
-		*(p++) = (unsigned char) s->d1->cookie_len;
-        if ( s->ctx->app_gen_cookie_cb != NULL &&
-            s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
-                &(s->d1->cookie_len)) == 0)
-            {
+		if (s->ctx->app_gen_cookie_cb != NULL &&
+		    s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
+		    &(s->d1->cookie_len)) == 0)
+			{
 			SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
-            return 0;
-            }
-        /* else the cookie is assumed to have 
-         * been initialized by the application */
+			return 0;
+			}
+		/* else the cookie is assumed to have 
+		 * been initialized by the application */
 
+		*(p++) = (unsigned char) s->d1->cookie_len;
 		memcpy(p, s->d1->cookie, s->d1->cookie_len);
 		p += s->d1->cookie_len;
 		msg_len = p - msg;
@@ -672,8 +680,12 @@ int dtls1_send_server_hello(SSL *s)
 		/* Do the message type and length last */
 		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
 
-		*(p++)=s->version>>8;
-		*(p++)=s->version&0xff;
+		if (s->client_version == DTLS1_BAD_VER)
+			*(p++)=DTLS1_BAD_VER>>8,
+			*(p++)=DTLS1_BAD_VER&0xff;
+		else
+			*(p++)=s->version>>8,
+			*(p++)=s->version&0xff;
 
 		/* Random stuff */
 		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
@@ -720,7 +732,7 @@ int dtls1_send_server_hello(SSL *s)
 
 		d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
 
-		s->state=SSL3_ST_CW_CLNT_HELLO_B;
+		s->state=SSL3_ST_SW_SRVR_HELLO_B;
 		/* number of bytes to write */
 		s->init_num=p-buf;
 		s->init_off=0;
@@ -729,7 +741,7 @@ int dtls1_send_server_hello(SSL *s)
 		dtls1_buffer_message(s, 0);
 		}
 
-	/* SSL3_ST_CW_CLNT_HELLO_B */
+	/* SSL3_ST_SW_SRVR_HELLO_B */
 	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
 	}
 
@@ -753,7 +765,7 @@ int dtls1_send_server_done(SSL *s)
 		dtls1_buffer_message(s, 0);
 		}
 
-	/* SSL3_ST_CW_CLNT_HELLO_B */
+	/* SSL3_ST_SW_SRVR_DONE_B */
 	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
 	}
 
@@ -1088,7 +1100,7 @@ int dtls1_send_certificate_request(SSL *s)
 
 		/* XDTLS:  set message header ? */
 		msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
-		dtls1_set_message_header(s, s->init_buf->data,
+		dtls1_set_message_header(s, (void *)s->init_buf->data,
 			SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
 
 		/* buffer the message to handle re-xmits */