Don't send zero length session ID if stateless session resupmtion is
[openssl.git] / ssl / d1_pkt.c
index 8a047ae..2e35db8 100644 (file)
 #include <openssl/evp.h>
 #include <openssl/buffer.h>
 #include <openssl/pqueue.h>
+#include <openssl/rand.h>
 
 /* mod 128 saturating subtract of two 64-bit values in big-endian order */
 static int satsub64be(const unsigned char *v1,const unsigned char *v2)
@@ -426,7 +427,7 @@ printf("\n");
 
        if (!clear)
                {
-               mac_size=EVP_MD_size(s->read_hash);
+               mac_size=EVP_MD_CTX_size(s->read_hash);
 
                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
                        {
@@ -526,7 +527,7 @@ int dtls1_get_record(SSL *s)
        SSL3_RECORD *rr;
        SSL_SESSION *sess;
        unsigned char *p;
-       short version;
+       unsigned short version;
        DTLS1_BITMAP *bitmap;
        unsigned int is_next_epoch;
 
@@ -1014,47 +1015,36 @@ start:
                }
 
        if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
-        {
-        struct ccs_header_st ccs_hdr;
+               {
+               struct ccs_header_st ccs_hdr;
 
                dtls1_get_ccs_header(rr->data, &ccs_hdr);
 
-               if ( ccs_hdr.seq == s->d1->handshake_read_seq)
+               /* 'Change Cipher Spec' is just a single byte, so we know
+                * exactly what the record payload has to look like */
+               /* XDTLS: check that epoch is consistent */
+               if (    (rr->length != DTLS1_CCS_HEADER_LENGTH) || 
+                       (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
                        {
-                       /* 'Change Cipher Spec' is just a single byte, so we know
-                        * exactly what the record payload has to look like */
-                       /* XDTLS: check that epoch is consistent */
-                       if (    (rr->length != DTLS1_CCS_HEADER_LENGTH) || 
-                               (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
-                               {
-                               i=SSL_AD_ILLEGAL_PARAMETER;
-                               SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
-                               goto err;
-                               }
-                       
-                       rr->length=0;
-                       
-                       if (s->msg_callback)
-                               s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, 
-                                       rr->data, 1, s, s->msg_callback_arg);
-                       
-                       s->s3->change_cipher_spec=1;
-                       if (!ssl3_do_change_cipher_spec(s))
-                               goto err;
-                       
-                       /* do this whenever CCS is processed */
-                       dtls1_reset_seq_numbers(s, SSL3_CC_READ);
-                       
-                       /* handshake read seq is reset upon handshake completion */
-                       s->d1->handshake_read_seq++;
-                       
-                       goto start;
-                       }
-               else
-                       {
-                       rr->length = 0;
-                       goto start;
+                       i=SSL_AD_ILLEGAL_PARAMETER;
+                       SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
+                       goto err;
                        }
+
+               rr->length=0;
+
+               if (s->msg_callback)
+                       s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, 
+                               rr->data, 1, s, s->msg_callback_arg);
+
+               s->s3->change_cipher_spec=1;
+               if (!ssl3_do_change_cipher_spec(s))
+                       goto err;
+
+               /* do this whenever CCS is processed */
+               dtls1_reset_seq_numbers(s, SSL3_CC_READ);
+
+               goto start;
                }
 
        /* Unexpected handshake message (Client Hello, or protocol violation) */
@@ -1335,13 +1325,13 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 
        if (    (sess == NULL) ||
                (s->enc_write_ctx == NULL) ||
-               (s->write_hash == NULL))
+               (EVP_MD_CTX_md(s->write_hash) == NULL))
                clear=1;
 
        if (clear)
                mac_size=0;
        else
-               mac_size=EVP_MD_size(s->write_hash);
+               mac_size=EVP_MD_CTX_size(s->write_hash);
 
        /* DTLS implements explicit IV, so no need for empty fragments */
 #if 0
@@ -1438,8 +1428,14 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
 
 
        /* ssl3_enc can only have an error on read */
-       wr->length += bs;  /* bs != 0 in case of CBC.  The enc fn provides
-                                               * the randomness */ 
+       if (bs) /* bs != 0 in case of CBC */
+               {
+               RAND_pseudo_bytes(p,bs);
+               /* master IV and last CBC residue stand for
+                * the rest of randomness */
+               wr->length += bs;
+               }
+
        s->method->ssl3_enc->enc(s,1);
 
        /* record length after mac and block padding */