X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fd1_srvr.c;h=c6f98a832be4252321e55594aa2e07a3201fee15;hb=8e3b2dbb31819b880886bfd275510c650ff264ea;hp=0fc40078f4fc8d13db4da21c643fcc168b22261d;hpb=7e69565fe680b8bf244a076f0b069f8937b6c7b8;p=oweals%2Fopenssl.git

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 0fc40078f4..c6f98a832b 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -287,6 +287,9 @@ int dtls1_accept(SSL *s)
 			s->d1->send_cookie = 0;
 			s->state=SSL3_ST_SW_FLUSH;
 			s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+
+			/* HelloVerifyRequest resets Finished MAC */
+			ssl3_init_finished_mac(s);
 			break;
 			
 		case SSL3_ST_SW_SRVR_HELLO_A:
@@ -446,10 +449,10 @@ int dtls1_accept(SSL *s)
 			/* We need to get hashes here so if there is
 			 * a client cert, it can be verified */ 
 			s->method->ssl3_enc->cert_verify_mac(s,
-				&(s->s3->finish_dgst1),
+				NID_md5,
 				&(s->s3->tmp.cert_verify_md[0]));
 			s->method->ssl3_enc->cert_verify_mac(s,
-				&(s->s3->finish_dgst2),
+				NID_sha1,
 				&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
 
 			break;
@@ -625,17 +628,17 @@ int dtls1_send_hello_verify_request(SSL *s)
 		*(p++) = s->version >> 8;
 		*(p++) = s->version & 0xFF;
 
-		*(p++) = (unsigned char) s->d1->cookie_len;
-	if (s->ctx->app_gen_cookie_cb != NULL &&
-	    s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
-		&(s->d1->cookie_len)) == 0)
-		{
-		SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
-		return 0;
-		}
-	/* else the cookie is assumed to have 
-	 * been initialized by the application */
+		if (s->ctx->app_gen_cookie_cb != NULL &&
+		    s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
+			&(s->d1->cookie_len)) == 0)
+			{
+			SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
+			return 0;
+			}
+		/* else the cookie is assumed to have 
+		 * been initialized by the application */
 
+		*(p++) = (unsigned char) s->d1->cookie_len;
 		memcpy(p, s->d1->cookie, s->d1->cookie_len);
 		p += s->d1->cookie_len;
 		msg_len = p - msg;
@@ -1011,6 +1014,7 @@ int dtls1_send_certificate_request(SSL *s)
 	STACK_OF(X509_NAME) *sk=NULL;
 	X509_NAME *name;
 	BUF_MEM *buf;
+	unsigned int msg_len;
 
 	if (s->state == SSL3_ST_SW_CERT_REQ_A)
 		{
@@ -1088,6 +1092,10 @@ int dtls1_send_certificate_request(SSL *s)
 #endif
 
 		/* XDTLS:  set message header ? */
+		msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
+		dtls1_set_message_header(s, (void *)s->init_buf->data,
+			SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
+
 		/* buffer the message to handle re-xmits */
 		dtls1_buffer_message(s, 0);