Respect cookie length set by app_gen_cookie_cb.

[openssl.git] / ssl / d1_srvr.c

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 450524a5e91ee95ee8b9b961e3bdb7529b4aa841..940110500298962f8312244c18d0bef855aa9cd4 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -121,7 +121,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>
-#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -145,7 +144,7 @@ IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
 int dtls1_accept(SSL *s)
        {
        BUF_MEM *buf;
-       unsigned long l,Time=(unsigned long)time(NULL);
+       unsigned long Time=(unsigned long)time(NULL);
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
        long num1;
        unsigned long alg_k;
@@ -287,6 +286,9 @@ int dtls1_accept(SSL *s)
                        s->d1->send_cookie = 0;
                        s->state=SSL3_ST_SW_FLUSH;
                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+
+                       /* HelloVerifyRequest resets Finished MAC */
+                       ssl3_init_finished_mac(s);
                        break;
                        
                case SSL3_ST_SW_SRVR_HELLO_A:
@@ -446,10 +448,10 @@ int dtls1_accept(SSL *s)
                        /* We need to get hashes here so if there is
                         * a client cert, it can be verified */ 
                        s->method->ssl3_enc->cert_verify_mac(s,
-                               &(s->s3->finish_dgst1),
+                               NID_md5,
                                &(s->s3->tmp.cert_verify_md[0]));
                        s->method->ssl3_enc->cert_verify_mac(s,
-                               &(s->s3->finish_dgst2),
+                               NID_sha1,
                                &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
 
                        break;
@@ -625,17 +627,17 @@ int dtls1_send_hello_verify_request(SSL *s)
                *(p++) = s->version >> 8;
                *(p++) = s->version & 0xFF;
 
-               *(p++) = (unsigned char) s->d1->cookie_len;
-       if (s->ctx->app_gen_cookie_cb != NULL &&
-           s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
-               &(s->d1->cookie_len)) == 0)
-               {
-               SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
-               return 0;
-               }
-       /* else the cookie is assumed to have 
-        * been initialized by the application */
+               if (s->ctx->app_gen_cookie_cb != NULL &&
+                   s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 
+                       &(s->d1->cookie_len)) == 0)
+                       {
+                       SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
+                       return 0;
+                       }
+               /* else the cookie is assumed to have 
+                * been initialized by the application */
 
+               *(p++) = (unsigned char) s->d1->cookie_len;
                memcpy(p, s->d1->cookie, s->d1->cookie_len);
                p += s->d1->cookie_len;
                msg_len = p - msg;
@@ -1011,6 +1013,7 @@ int dtls1_send_certificate_request(SSL *s)
        STACK_OF(X509_NAME) *sk=NULL;
        X509_NAME *name;
        BUF_MEM *buf;
+       unsigned int msg_len;
 
        if (s->state == SSL3_ST_SW_CERT_REQ_A)
                {
@@ -1088,6 +1091,10 @@ int dtls1_send_certificate_request(SSL *s)
 #endif
 
                /* XDTLS:  set message header ? */
+               msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
+               dtls1_set_message_header(s, (void *)s->init_buf->data,
+                       SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
+
                /* buffer the message to handle re-xmits */
                dtls1_buffer_message(s, 0);