X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fd1_srvr.c;h=663f11810387de479fc64c5c49f92067c0887d9d;hp=0eabf41d26c39359de96bcb07dc27b9699aaf207;hb=7e1b7485706c2b11091b5fa897fe496a2faa56cc;hpb=0f113f3ee4d629ef9a4a30911b22b224772085e5 diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 0eabf41d26..663f118103 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -184,8 +184,10 @@ int dtls1_accept(SSL *s) /* init things to blank */ s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) - SSL_clear(s); + if (!SSL_in_init(s) || SSL_in_before(s)) { + if (!SSL_clear(s)) + return -1; + } s->d1->listen = listen; #ifndef OPENSSL_NO_SCTP @@ -197,10 +199,6 @@ int dtls1_accept(SSL *s) s->in_handshake, NULL); #endif - if (s->cert == NULL) { - SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET); - return (-1); - } #ifndef OPENSSL_NO_HEARTBEATS /* * If we're awaiting a HeartbeatResponse, pretend we already got and @@ -332,8 +330,7 @@ int dtls1_accept(SSL *s) * listening */ if (listen) { - memcpy(s->s3->write_sequence, s->s3->read_sequence, - sizeof(s->s3->write_sequence)); + DTLS_RECORD_LAYER_resync_write(&s->rlayer); } /* If we're just listening, stop here */ @@ -486,13 +483,12 @@ int dtls1_accept(SSL *s) #ifndef OPENSSL_NO_PSK || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) #endif - || (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) + || (alg_k & SSL_kDHE) || (alg_k & SSL_kECDHE) || ((alg_k & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) - && EVP_PKEY_size(s->cert-> - pkeys + && EVP_PKEY_size(s->cert->pkeys [SSL_PKEY_RSA_ENC].privatekey) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) ) @@ -557,7 +553,6 @@ int dtls1_accept(SSL *s) ret = ssl3_send_certificate_request(s); if (ret <= 0) goto end; -#ifndef NETSCAPE_HANG_BUG s->state = SSL3_ST_SW_SRVR_DONE_A; # ifndef OPENSSL_NO_SCTP if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { @@ -565,16 +560,6 @@ int dtls1_accept(SSL *s) s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; } # endif -#else - s->state = SSL3_ST_SW_FLUSH; - s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; -# ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { - s->d1->next_state = s->s3->tmp.next_state; - s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK; - } -# endif -#endif s->init_num = 0; } break; @@ -656,17 +641,19 @@ int dtls1_accept(SSL *s) s->init_num = 0; if (!s->session->peer) break; - /* - * For sigalgs freeze the handshake buffer at this point and - * digest cached records. - */ if (!s->s3->handshake_buffer) { SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); return -1; } - s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) - return -1; + /* + * For sigalgs freeze the handshake buffer. If we support + * extms we've done this already. + */ + if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) { + s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; + if (!ssl3_digest_cached_records(s)) + return -1; + } } else { s->state = SSL3_ST_SR_CERT_VRFY_A; s->init_num = 0; @@ -841,11 +828,6 @@ int dtls1_accept(SSL *s) /* clean a few things up */ ssl3_cleanup_key_block(s); -#if 0 - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; -#endif - /* remove buffering on output */ ssl_free_wbio_buffer(s);