DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. From HEAD with a
authorAndy Polyakov <appro@openssl.org>
Sun, 30 Sep 2007 19:36:32 +0000 (19:36 +0000)
committerAndy Polyakov <appro@openssl.org>
Sun, 30 Sep 2007 19:36:32 +0000 (19:36 +0000)
twist: server allows for non-compliant Finished calculations in order to
enable interop with pre-0.9.8f.

ssl/d1_clnt.c
ssl/d1_srvr.c

index 8d2b9a6ea84e690b68959a08a29d6b40e1931814..5e59dc845ac0d50ef578e4b8338d7960dc989690 100644 (file)
@@ -214,8 +214,6 @@ int dtls1_connect(SSL *s)
 
                        /* don't push the buffering BIO quite yet */
 
-                       ssl3_init_finished_mac(s);
-
                        s->state=SSL3_ST_CW_CLNT_HELLO_A;
                        s->ctx->stats.sess_connect++;
                        s->init_num=0;
@@ -227,6 +225,10 @@ int dtls1_connect(SSL *s)
                case SSL3_ST_CW_CLNT_HELLO_B:
 
                        s->shutdown=0;
+
+                       /* every DTLS ClientHello resets Finished MAC */
+                       ssl3_init_finished_mac(s);
+
                        ret=dtls1_client_hello(s);
                        if (ret <= 0) goto end;
 
index 77431bbe18ad8c898c1bc04becdd984934a7c0a7..7ebba51b8e36184f144da10ac2add57a2a2e8f36 100644 (file)
@@ -285,6 +285,10 @@ int dtls1_accept(SSL *s)
                        s->d1->send_cookie = 0;
                        s->state=SSL3_ST_SW_FLUSH;
                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+
+                       /* HelloVerifyRequests resets Finished MAC */
+                       if (s->client_version != DTLS1_BAD_VER)
+                               ssl3_init_finished_mac(s);
                        break;
                        
                case SSL3_ST_SW_SRVR_HELLO_A: