Remove incorrect code inadvertently introduced through commit 59669b6ab.

[openssl.git] / ssl / d1_srvr.c

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index e96ef64e288a08cc5bf0be1b5a8a83bd04f3ce92..084118375f78350b85f560ca1f35b07a3f1bc093 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -133,6 +133,8 @@ static const SSL_METHOD *dtls1_get_server_method(int ver)
        {
        if (ver == DTLS1_VERSION)
                return(DTLSv1_server_method());
+       else if (ver == DTLS1_2_VERSION)
+               return(DTLSv1_2_server_method());
        else
                return(NULL);
        }
@@ -144,6 +146,20 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
                        dtls1_get_server_method,
                        DTLSv1_enc_data)
 
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
+                       DTLSv1_2_server_method,
+                       dtls1_accept,
+                       ssl_undefined_function,
+                       dtls1_get_server_method,
+                       DTLSv1_2_enc_data)
+
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
+                       DTLS_server_method,
+                       dtls1_accept,
+                       ssl_undefined_function,
+                       dtls1_get_server_method,
+                       DTLSv1_2_enc_data)
+
 int dtls1_accept(SSL *s)
        {
        BUF_MEM *buf;
@@ -248,6 +264,9 @@ int dtls1_accept(SSL *s)
                                }
 
                        s->init_num=0;
+                       s->d1->change_cipher_spec_ok = 0;
+                       /* Should have been reset by ssl3_get_finished, too. */
+                       s->s3->change_cipher_spec = 0;
 
                        if (s->state != SSL_ST_RENEGOTIATE)
                                {
@@ -600,10 +619,11 @@ int dtls1_accept(SSL *s)
                                s->state = SSL3_ST_SR_CLNT_HELLO_C;
                                }
                        else {
-                               /* could be sent for a DH cert, even if we
-                                * have not asked for it :-) */
-                               ret=ssl3_get_client_certificate(s);
-                               if (ret <= 0) goto end;
+                               if (s->s3->tmp.cert_request)
+                                       {
+                                       ret=ssl3_get_client_certificate(s);
+                                       if (ret <= 0) goto end;
+                                       }
                                s->init_num=0;
                                s->state=SSL3_ST_SR_KEY_EXCH_A;
                        }
@@ -641,6 +661,24 @@ int dtls1_accept(SSL *s)
                                s->state=SSL3_ST_SR_FINISHED_A;
                                s->init_num = 0;
                                }
+                       else if (SSL_USE_SIGALGS(s))
+                               {
+                               s->state=SSL3_ST_SR_CERT_VRFY_A;
+                               s->init_num=0;
+                               if (!s->session->peer)
+                                       break;
+                               /* For sigalgs freeze the handshake buffer
+                                * at this point and digest cached records.
+                                */
+                               if (!s->s3->handshake_buffer)
+                                       {
+                                       SSLerr(SSL_F_DTLS1_ACCEPT,ERR_R_INTERNAL_ERROR);
+                                       return -1;
+                                       }
+                               s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+                               if (!ssl3_digest_cached_records(s))
+                                       return -1;
+                               }
                        else
                                {
                                s->state=SSL3_ST_SR_CERT_VRFY_A;
@@ -659,8 +697,14 @@ int dtls1_accept(SSL *s)
 
                case SSL3_ST_SR_CERT_VRFY_A:
                case SSL3_ST_SR_CERT_VRFY_B:
-
-                       s->d1->change_cipher_spec_ok = 1;
+                       /*
+                        * This *should* be the first time we enable CCS, but be
+                        * extra careful about surrounding code changes. We need
+                        * to set this here because we don't know if we're
+                        * expecting a CertificateVerify or not.
+                        */
+                       if (!s->s3->change_cipher_spec)
+                               s->d1->change_cipher_spec_ok = 1;
                        /* we should decide if we expected this one */
                        ret=ssl3_get_cert_verify(s);
                        if (ret <= 0) goto end;
@@ -676,7 +720,18 @@ int dtls1_accept(SSL *s)
 
                case SSL3_ST_SR_FINISHED_A:
                case SSL3_ST_SR_FINISHED_B:
-                       s->d1->change_cipher_spec_ok = 1;
+                       /*
+                        * Enable CCS for resumed handshakes.
+                        * In a full handshake, we end up here through
+                        * SSL3_ST_SR_CERT_VRFY_B, so change_cipher_spec_ok was
+                        * already set. Receiving a CCS clears the flag, so make
+                        * sure not to re-enable it to ban duplicates.
+                        * s->s3->change_cipher_spec is set when a CCS is
+                        * processed in d1_pkt.c, and remains set until
+                        * the client's Finished message is read.
+                        */
+                       if (!s->s3->change_cipher_spec)
+                               s->d1->change_cipher_spec_ok = 1;
                        ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
                                SSL3_ST_SR_FINISHED_B);
                        if (ret <= 0) goto end;
@@ -724,10 +779,13 @@ int dtls1_accept(SSL *s)
                        if (ret <= 0) goto end;
 
 #ifndef OPENSSL_NO_SCTP
-                       /* Change to new shared key of SCTP-Auth,
-                        * will be ignored if no SCTP used.
-                        */
-                       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                       if (!s->hit)
+                               {
+                               /* Change to new shared key of SCTP-Auth,
+                                * will be ignored if no SCTP used.
+                                */
+                               BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                               }
 #endif
 
                        s->state=SSL3_ST_SW_FINISHED_A;
@@ -752,7 +810,16 @@ int dtls1_accept(SSL *s)
                        if (ret <= 0) goto end;
                        s->state=SSL3_ST_SW_FLUSH;
                        if (s->hit)
+                               {
                                s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+
+#ifndef OPENSSL_NO_SCTP
+                               /* Change to new shared key of SCTP-Auth,
+                                * will be ignored if no SCTP used.
+                                */
+                               BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+                               }
                        else
                                {
                                s->s3->tmp.next_state=SSL_ST_OK;
@@ -858,8 +925,9 @@ int dtls1_send_hello_verify_request(SSL *s)
                buf = (unsigned char *)s->init_buf->data;
 
                msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
-               *(p++) = s->version >> 8;
-               *(p++) = s->version & 0xFF;
+               /* Always use DTLS 1.0 version: see RFC 6347 */
+               *(p++) = DTLS1_VERSION >> 8;
+               *(p++) = DTLS1_VERSION & 0xFF;
 
                if (s->ctx->app_gen_cookie_cb == NULL ||
                     s->ctx->app_gen_cookie_cb(s, s->d1->cookie,