From efc17286f86fd55496c28021fce475a0ffe1957a Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 27 Mar 2013 15:50:42 +0000
Subject: [PATCH] DTLS 1.2 cached record support.

Add DTLS1.2 support for cached records when computing handshake macs
instead of the MD5+SHA1 case for DTLS < 1.2 (this is a port of the
equivalent TLS 1.2 code to DTLS).
(cherry picked from commit 04fac50045929e7078cad4835478dd7f16b6d4bd)
---
 ssl/d1_srvr.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index b0f516880e..e8a829b354 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -650,6 +650,24 @@ int dtls1_accept(SSL *s)
 				s->state=SSL3_ST_SR_FINISHED_A;
 				s->init_num = 0;
 				}
+			else if (SSL_USE_SIGALGS(s))
+				{
+				s->state=SSL3_ST_SR_CERT_VRFY_A;
+				s->init_num=0;
+				if (!s->session->peer)
+					break;
+				/* For sigalgs freeze the handshake buffer
+				 * at this point and digest cached records.
+				 */
+				if (!s->s3->handshake_buffer)
+					{
+					SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR);
+					return -1;
+					}
+				s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+				if (!ssl3_digest_cached_records(s))
+					return -1;
+				}
 			else
 				{
 				s->state=SSL3_ST_SR_CERT_VRFY_A;
-- 
2.25.1