From: Dr. Stephen Henson <steve@openssl.org>
Date: Sun, 3 Apr 2011 16:25:29 +0000 (+0000)
Subject: PR: 2458
X-Git-Tag: OpenSSL-fips-2_0-rc1~606
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=f74a0c0c934f4e60a3b4592be6d09f8b4912cb0e

PR: 2458
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.
---

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 2569bb7d67..c195159967 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -464,7 +464,10 @@ again:
 
 	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
 
-	s->d1->handshake_read_seq++;
+	/* Don't change sequence numbers while listening */
+	if (!s->d1->listen)
+		s->d1->handshake_read_seq++;
+
 	/* we just read a handshake message from the other side:
 	 * this means that we don't need to retransmit of the
 	 * buffered messages.  
@@ -813,9 +816,11 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 
 	/* 
 	 * if this is a future (or stale) message it gets buffered
-	 * (or dropped)--no further processing at this time 
+	 * (or dropped)--no further processing at this time
+	 * While listening, we accept seq 1 (ClientHello with cookie)
+	 * although we're still expecting seq 0 (ClientHello)
 	 */
-	if ( msg_hdr.seq != s->d1->handshake_read_seq)
+	if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
 		return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
 
 	len = msg_hdr.msg_len;
@@ -1322,7 +1327,8 @@ unsigned char *
 dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
 			unsigned long len, unsigned long frag_off, unsigned long frag_len)
 	{
-	if ( frag_off == 0)
+	/* Don't change sequence numbers while listening */
+	if (frag_off == 0 && !s->d1->listen)
 		{
 		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
 		s->d1->next_handshake_write_seq++;
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index ac4fbda3a6..f6d72f5fa6 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -278,6 +278,12 @@ int dtls1_accept(SSL *s)
 				{
 				ret = 2;
 				s->d1->listen = 0;
+				/* Set expected sequence numbers
+				 * to continue the handshake.
+				 */
+				s->d1->handshake_read_seq = 2;
+				s->d1->handshake_write_seq = 1;
+				s->d1->next_handshake_write_seq = 1;
 				goto end;
 				}
 			
@@ -737,9 +743,6 @@ int dtls1_send_hello_verify_request(SSL *s)
 		/* number of bytes to write */
 		s->init_num=p-buf;
 		s->init_off=0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
 		}
 
 	/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */