Add modes/cts128.c, Ciphertext Stealing implementation.

[openssl.git] / ssl / d1_srvr.c

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index d299ba618fea23ed3e9c326abf79be36f484188b..1ded18df507d9db886232ed583b9cb26bcf31669 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -287,6 +287,9 @@ int dtls1_accept(SSL *s)
                        s->d1->send_cookie = 0;
                        s->state=SSL3_ST_SW_FLUSH;
                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+
+                       /* HelloVerifyRequest resets Finished MAC */
+                       ssl3_init_finished_mac(s);
                        break;
                        
                case SSL3_ST_SW_SRVR_HELLO_A:
@@ -625,17 +628,17 @@ int dtls1_send_hello_verify_request(SSL *s)
                *(p++) = s->version >> 8;
                *(p++) = s->version & 0xFF;
 
-               *(p++) = (unsigned char) s->d1->cookie_len;
-       if (s->ctx->app_gen_cookie_cb != NULL &&
-           s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
-               &(s->d1->cookie_len)) == 0)
-               {
-               SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
-               return 0;
-               }
-       /* else the cookie is assumed to have 
-        * been initialized by the application */
+               if (s->ctx->app_gen_cookie_cb != NULL &&
+                   s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
+                       &(s->d1->cookie_len)) == 0)
+                       {
+                       SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
+                       return 0;
+                       }
+               /* else the cookie is assumed to have 
+                * been initialized by the application */
 
+               *(p++) = (unsigned char) s->d1->cookie_len;
                memcpy(p, s->d1->cookie, s->d1->cookie_len);
                p += s->d1->cookie_len;
                msg_len = p - msg;
@@ -722,7 +725,7 @@ int dtls1_send_server_hello(SSL *s)
 
                d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
 
-               s->state=SSL3_ST_CW_CLNT_HELLO_B;
+               s->state=SSL3_ST_SW_SRVR_HELLO_B;
                /* number of bytes to write */
                s->init_num=p-buf;
                s->init_off=0;
@@ -731,7 +734,7 @@ int dtls1_send_server_hello(SSL *s)
                dtls1_buffer_message(s, 0);
                }
 
-       /* SSL3_ST_CW_CLNT_HELLO_B */
+       /* SSL3_ST_SW_SRVR_HELLO_B */
        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
        }
 
@@ -755,7 +758,7 @@ int dtls1_send_server_done(SSL *s)
                dtls1_buffer_message(s, 0);
                }
 
-       /* SSL3_ST_CW_CLNT_HELLO_B */
+       /* SSL3_ST_SW_SRVR_DONE_B */
        return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
        }