From 4c860910df4417f7229c4c864c726e4b187b65b2 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sun, 30 Sep 2007 19:36:32 +0000 Subject: [PATCH] DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. From HEAD with a twist: server allows for non-compliant Finished calculations in order to enable interop with pre-0.9.8f. --- ssl/d1_clnt.c | 6 ++++-- ssl/d1_srvr.c | 4 ++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 8d2b9a6ea8..5e59dc845a 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -214,8 +214,6 @@ int dtls1_connect(SSL *s) /* don't push the buffering BIO quite yet */ - ssl3_init_finished_mac(s); - s->state=SSL3_ST_CW_CLNT_HELLO_A; s->ctx->stats.sess_connect++; s->init_num=0; @@ -227,6 +225,10 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_CLNT_HELLO_B: s->shutdown=0; + + /* every DTLS ClientHello resets Finished MAC */ + ssl3_init_finished_mac(s); + ret=dtls1_client_hello(s); if (ret <= 0) goto end; diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 77431bbe18..7ebba51b8e 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -285,6 +285,10 @@ int dtls1_accept(SSL *s) s->d1->send_cookie = 0; s->state=SSL3_ST_SW_FLUSH; s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; + + /* HelloVerifyRequests resets Finished MAC */ + if (s->client_version != DTLS1_BAD_VER) + ssl3_init_finished_mac(s); break; case SSL3_ST_SW_SRVR_HELLO_A: -- 2.25.1