From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 27 Mar 2013 15:50:42 +0000 (+0000)
Subject: DTLS 1.2 cached record support.
X-Git-Tag: master-post-reformat~1369
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=04fac50045929e7078cad4835478dd7f16b6d4bd

DTLS 1.2 cached record support.

Add DTLS1.2 support for cached records when computing handshake macs
instead of the MD5+SHA1 case for DTLS < 1.2 (this is a port of the
equivalent TLS 1.2 code to DTLS).
---

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index e7df252bf0..f18fb38a12 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -649,6 +649,24 @@ int dtls1_accept(SSL *s)
 				s->state=SSL3_ST_SR_FINISHED_A;
 				s->init_num = 0;
 				}
+			else if (SSL_USE_SIGALGS(s))
+				{
+				s->state=SSL3_ST_SR_CERT_VRFY_A;
+				s->init_num=0;
+				if (!s->session->peer)
+					break;
+				/* For sigalgs freeze the handshake buffer
+				 * at this point and digest cached records.
+				 */
+				if (!s->s3->handshake_buffer)
+					{
+					SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR);
+					return -1;
+					}
+				s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+				if (!ssl3_digest_cached_records(s))
+					return -1;
+				}
 			else
 				{
 				s->state=SSL3_ST_SR_CERT_VRFY_A;