X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fd1_srvr.c;h=bb290b88e34dd6ac817d33e2406f5a0358d7890b;hb=9d396bee8e1247baae68f74cba25f0362f3aa181;hp=91cd73baf42ae7dc3b9123c6baaacbd67119e3c1;hpb=aab1ec3f36364c9fbd3a8b24779cd8fe6d5d57eb;p=oweals%2Fopenssl.git diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 91cd73baf4..bb290b88e3 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -247,6 +247,7 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_HELLO_REQ_B: s->shutdown=0; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_hello_request(s); if (ret <= 0) goto end; s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; @@ -267,6 +268,7 @@ int dtls1_accept(SSL *s) s->shutdown=0; ret=ssl3_get_client_hello(s); if (ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); s->new_session = 2; if ( s->d1->send_cookie) @@ -280,15 +282,21 @@ int dtls1_accept(SSL *s) case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret = dtls1_send_hello_verify_request(s); if ( ret <= 0) goto end; s->d1->send_cookie = 0; s->state=SSL3_ST_SW_FLUSH; s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; + + /* HelloVerifyRequests resets Finished MAC */ + if (s->client_version != DTLS1_BAD_VER) + ssl3_init_finished_mac(s); break; case SSL3_ST_SW_SRVR_HELLO_A: case SSL3_ST_SW_SRVR_HELLO_B: + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_server_hello(s); if (ret <= 0) goto end; @@ -304,6 +312,7 @@ int dtls1_accept(SSL *s) /* Check if it is anon DH */ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) { + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_server_certificate(s); if (ret <= 0) goto end; } @@ -345,6 +354,7 @@ int dtls1_accept(SSL *s) ) ) { + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_server_key_exchange(s); if (ret <= 0) goto end; } @@ -381,6 +391,7 @@ int dtls1_accept(SSL *s) else { s->s3->tmp.cert_request=1; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_certificate_request(s); if (ret <= 0) goto end; #ifndef NETSCAPE_HANG_BUG @@ -395,6 +406,7 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_SRVR_DONE_A: case SSL3_ST_SW_SRVR_DONE_B: + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 1, NULL); ret=dtls1_send_server_done(s); if (ret <= 0) goto end; s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; @@ -422,6 +434,7 @@ int dtls1_accept(SSL *s) ret = ssl3_check_client_hello(s); if (ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { @@ -429,6 +442,7 @@ int dtls1_accept(SSL *s) * have not asked for it :-) */ ret=ssl3_get_client_certificate(s); if (ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } @@ -438,6 +452,7 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_KEY_EXCH_B: ret=ssl3_get_client_key_exchange(s); if (ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); s->state=SSL3_ST_SR_CERT_VRFY_A; s->init_num=0; @@ -458,6 +473,7 @@ int dtls1_accept(SSL *s) /* we should decide if we expected this one */ ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); s->state=SSL3_ST_SR_FINISHED_A; s->init_num=0; @@ -468,6 +484,7 @@ int dtls1_accept(SSL *s) ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL); if (s->hit) s->state=SSL_ST_OK; else @@ -620,20 +637,24 @@ int dtls1_send_hello_verify_request(SSL *s) buf = (unsigned char *)s->init_buf->data; msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); - *(p++) = s->version >> 8; - *(p++) = s->version & 0xFF; + if (s->client_version == DTLS1_BAD_VER) + *(p++) = DTLS1_BAD_VER>>8, + *(p++) = DTLS1_BAD_VER&0xff; + else + *(p++) = s->version >> 8, + *(p++) = s->version & 0xFF; - *(p++) = (unsigned char) s->d1->cookie_len; - if ( s->ctx->app_gen_cookie_cb != NULL && - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &(s->d1->cookie_len)) == 0) - { + if (s->ctx->app_gen_cookie_cb != NULL && + s->ctx->app_gen_cookie_cb(s, s->d1->cookie, + &(s->d1->cookie_len)) == 0) + { SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR); - return 0; - } - /* else the cookie is assumed to have - * been initialized by the application */ + return 0; + } + /* else the cookie is assumed to have + * been initialized by the application */ + *(p++) = (unsigned char) s->d1->cookie_len; memcpy(p, s->d1->cookie, s->d1->cookie_len); p += s->d1->cookie_len; msg_len = p - msg; @@ -672,8 +693,12 @@ int dtls1_send_server_hello(SSL *s) /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); - *(p++)=s->version>>8; - *(p++)=s->version&0xff; + if (s->client_version == DTLS1_BAD_VER) + *(p++)=DTLS1_BAD_VER>>8, + *(p++)=DTLS1_BAD_VER&0xff; + else + *(p++)=s->version>>8, + *(p++)=s->version&0xff; /* Random stuff */ memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); @@ -720,7 +745,7 @@ int dtls1_send_server_hello(SSL *s) d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l); - s->state=SSL3_ST_CW_CLNT_HELLO_B; + s->state=SSL3_ST_SW_SRVR_HELLO_B; /* number of bytes to write */ s->init_num=p-buf; s->init_off=0; @@ -729,7 +754,7 @@ int dtls1_send_server_hello(SSL *s) dtls1_buffer_message(s, 0); } - /* SSL3_ST_CW_CLNT_HELLO_B */ + /* SSL3_ST_SW_SRVR_HELLO_B */ return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); } @@ -753,7 +778,7 @@ int dtls1_send_server_done(SSL *s) dtls1_buffer_message(s, 0); } - /* SSL3_ST_CW_CLNT_HELLO_B */ + /* SSL3_ST_SW_SRVR_DONE_B */ return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); }