From 9204e7ef0d186ed5005794ae0d6b14ad42ba274d Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Tue, 13 Aug 2013 18:53:19 +0100 Subject: [PATCH] DTLS message_sequence number wrong in rehandshake ServerHello This fix ensures that * A HelloRequest is retransmitted if not responded by a ClientHello * The HelloRequest "consumes" the sequence number 0. The subsequent ServerHello uses the sequence number 1. * The client also expects the sequence number of the ServerHello to be 1 if a HelloRequest was received earlier. This patch fixes the RFC violation. Conflicts: ssl/d1_pkt.c (cherry picked from commit 6f87807e629ee10ec0006b39d8851af8c5ade67b) --- ssl/d1_pkt.c | 1 + ssl/d1_srvr.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 5bb3939bff..d12604e657 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -946,6 +946,7 @@ start: !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && !s->s3->renegotiate) { + s->d1->handshake_read_seq++; ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) { diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 2efaa19ddc..c0246c94ea 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -246,10 +246,11 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_HELLO_REQ_B: s->shutdown=0; + dtls1_clear_record_buffer(s); dtls1_start_timer(s); ret=dtls1_send_hello_request(s); if (ret <= 0) goto end; - s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; + s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; s->state=SSL3_ST_SW_FLUSH; s->init_num=0; -- 2.25.1